frida-ios-hook
โ View on GitHubAI Summary: Frida iOS Hook is a Python-based tool designed for dynamic analysis and function hooking of iOS applications through Frida. Its primary use case involves tracing classes and functions, modifying method return values, and providing a suite of commands for process manipulation, memory dumping, and API interception. Notable features include support for both spawn and attach modes, an interactive CLI, and extensive options for script execution and device management.
README
Frida iOS hook
๐ A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.
๐ For Android platform: frida-android-hook
๐ For Intercept Api was encrypted on iOS application: frida-ios-intercept-api
Env OS Support
| OS | Supported | Noted |
|---|---|---|
| MacOS | :white_check_mark: | Stable |
| Linux | :white_check_mark: | Stable |
| Windows | :white_check_mark: | Unstable |
Compatible with
| iOS | Frida | Frida-tools | Supported | Stable Version |
|---|---|---|---|---|
| 16.7.11 | 16.7.14 | 13.7.1 | :white_check_mark: | |
| 16.7.11 | 16.1.4 | 12.2.1 | :white_check_mark: | :white_check_mark: |
Note: Using stable versions to fix the ObjC not defined issue present in frida 17.0.1.
Feature
Running with python3.x. Support both spawn & attach script to process. All options from ./ioshook -h:
| Category | Option | Description |
|---|---|---|
| General | -h, --help | Show help message and exit |
--cli | Launch iOSHook interactive CLI | |
-p, --package PACKAGE | Bundle identifier of target app (spawn) | |
-n, --name NAME | Display name of target app (attach) | |
--pid PID | Process ID of target app (attach) | |
-s, --script SCRIPT.JS | Path to Frida JavaScript hooking script | |
-c, --check-version | Check for iOSHook updates | |
-u, --update | Update iOSHook to latest version | |
| Quick Method | -m, --method METHOD | app-static, bypass-jb, bypass-ssl, i-url-req, i-crypto (use -n or -p as required) |
| Information | --list-devices | List all connected Frida devices |
--list-apps | List all installed applications on device | |
--list-scripts | List all available Frida scripts | |
--logcat | Show system log of device (idevicesyslog) | |
--conf | Open and edit hook.conf file | |
--shell, --ssh | Open SSH shell to device (default: USB via iproxy) | |
--ssh-port-forward LOCAL:DEVICE | Forward port from local to device (ssh -R) | |
--network HOST:PORT | Connect via network SSH (default port 22) | |
--local | Connect via USB using iproxy | |
| Dump decrypt IPA | -d, --dump-app | Dump and decrypt application IPA file |
-o, --output OUTPUT_IPA | Output filename for decrypted IPA (without .ipa) | |
--dump-output-dir DIR | Output directory for dumped IPA (default: workspaces/dumps) | |
| Dump memory | --dump-memory OPTS | Dump memory of running application (e.g. --string, --read-only) |
| HexByte Scan IPA | --hexbyte-scan MODE | Mode: help, scan, patch, json |
--file FILE.IPA | IPA file to scan/patch | |
--pattern PATTERN | Hex pattern to search (e.g. E103??AA????E0) | |
--address ADDRESS | Address for patch (format: address,bytes,distance) | |
--task TASK.json | JSON task file for hexbyte scan | |
| reFlutter | --reflutter FLUTTER.IPA | Path to Flutter IPA for reFlutter analysis |
๐ ChangeLog
Install
[+] Latest version
https://github.com/noobpk/frida-ios-hook/releases
[+] Develop version
git clone -b dev https://github.com/noobpk/frida-ios-hook
Environment
[+] Python >= v3.0 (Recommend to use pyenv or virtualenv)
1. cd frida-ios-hook/
2. python3 -m venv py-env
3. source py-env/bin/active
Build
1. pip3 install -r requirements.txt
3. python3 setup.py
4. cd frida-ios-hook
5. ./ioshook -h (--help)
Usage
If you run the script but it doesn’t work, you can try the following:
frida -U -f package -l script.js
๐บ Demo Feature
| Title | Link |
|---|---|
| Frida iOS Hook | Basic Usage | Install - List devices - List apps - List scripts - Logcat - Shell | https://youtu.be/xSndHgTdv4w |
| Frida iOS Hook | Basic Usage | Dump Decrypt IPA - Dump Memory App - Hexbyte-Scan IPA | https://youtu.be/AUsJ9_gnWAI |
| Frida iOS Hook | Basic Usage | App Static - Bypass Jailbreak - Bypass SSL - Intercept URL + Crypto | https://youtu.be/nWhKDSzArf8 |
| Frida iOS Hook | Advance Usage | Memory Dump - Radare2 - Iaito | https://youtu.be/nUqE4EYWiEc |
Disclaimer
Because I am not a developer, so my coding skills might not be the best. Therefore, if this tool have any issue or not working for you, create an issue and i will try to fix it. Any suggestions for new feature and discussions are welcome!