Frida Ios Cipher Save

Intercept all cryptography-related functions on iOS with Frida Api.

Project README

Frida-iOS-Cipher

GitHub Workflow Status (with event)

Introduction

Intercept all cryptography-related functions on iOS with Frida Api.

Support Algorithm

  • AES
  • DES,3DES
  • CAST(What it's?)
  • RC2,RC4
  • Blowfish
  • SHA1,SHA224,SHA256,SHA384,SHA512
  • MD2,MD4,MD5
  • HMAC
  • PBKDF

Preview

image

Instructions for use

  • You can customize the functions you want to intercept printing by turning them on (they are all turned on by default).
  • Print data limit (default maximum 240 bytes for a single piece of data, where there is no limit for key, hash and digest results)
  • and stack information (off by default)
  • Doesn't differentiate between OC or Swift, the api calls for encryption are the same for both languages

Simple to use

  • Spawn mode
frida -U --codeshare Humenger/frida-ios-cipher -f "xxx.xxx.xxx" --no-pause
  • Attach mode
frida -U --codeshare Humenger/frida-ios-cipher -n "app name"

Config

Configuration at the beginning of the script.

//config
const CIPHER_CONFIG={
    "enable":true,//global enable
    "highlighting": true,//syntax highlighting
    "crypto":{
        "enable":true,//crypto enable
        "maxDataLength":240,//Maximum length of single data printout
        "printStack":false,
        "aes":true,
        "des":true,
        "3des":true,
        "cast":true,
        "rc4":true,
        "rc2":true,
        "blowfish":true,
        "filter": []
    },
    "hash":{
        "enable":true,//hash enable
        "maxInputDataLength":240,
        "printStack":false,
        "md2":true,
        "md4":true,
        "md5":true,
        "sha1":true,
        "sha224":true,
        "sha256":true,
        "sha384":true,
        "sha512": true,
        "filter": []
    },
    "hmac":{
        "enable":true,//hmac enable
        "maxInputDataLength":240,
        "printStack":false,
        "sha1":true,
        "md5":true,
        "sha224":true,
        "sha256":true,
        "sha384":true,
        "sha512":true,
        "filter": []
    },
    "pbkdf":{
        "enable":true,
        "printStack":false,
        "filter": []
    }
}

Because printing the stack may lead to program execution exceptions, printStack is off by default, and you can turn it on by yourself if you need to.

Build

npm install 
npm run build

Replenishment

Of course there are a couple of functions that don't do interceptions, as shown below:

CCCryptorStatus
     CCCryptorCreateFromData(CCOperation op, CCAlgorithm alg,
         CCOptions options, const void *key, size_t keyLength, const void *iv,
         const void *data, size_t dataLength, CCCryptorRef *cryptorRef,
         size_t *dataUsed);
  • This function also calls CCCryptorCreate internally, so it doesn't do interceptions
  • Similarly CCCryptorCreateFromDataWithMode
  • There are also a couple of CCDigest functions that are too cold to be added later if encountered
  • There are also a couple of random functions as well as UUIDs, which seem to be strictly within the scope of cryptography, to which I'll add later on
  • As for asymmetric encryption, I can't seem to find an official implementation at the moment

Consultation

Contact us

Knowledge Planet | Discord

Open Source Agenda is not affiliated with "Frida Ios Cipher" Project. README Source: jitcor/frida-ios-cipher
Stars
124
Open Issues
1
Last Commit
5 months ago
Repository
jitcor/frida-ios-cipher
License
MIT
Tags
Cccrypt Cipher Frida Hmac Ios Md5 Sha1

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?