Intercept all cryptography-related functions on iOS with Frida Api.
Intercept all cryptography-related functions on iOS with Frida Api.
AES
DES
,3DES
CAST
(What it's?)RC2
,RC4
Blowfish
SHA1
,SHA224
,SHA256
,SHA384
,SHA512
MD2
,MD4
,MD5
HMAC
PBKDF
frida -U --codeshare Humenger/frida-ios-cipher -f "xxx.xxx.xxx" --no-pause
frida -U --codeshare Humenger/frida-ios-cipher -n "app name"
Configuration at the beginning of the script.
//config
const CIPHER_CONFIG={
"enable":true,//global enable
"highlighting": true,//syntax highlighting
"crypto":{
"enable":true,//crypto enable
"maxDataLength":240,//Maximum length of single data printout
"printStack":false,
"aes":true,
"des":true,
"3des":true,
"cast":true,
"rc4":true,
"rc2":true,
"blowfish":true,
"filter": []
},
"hash":{
"enable":true,//hash enable
"maxInputDataLength":240,
"printStack":false,
"md2":true,
"md4":true,
"md5":true,
"sha1":true,
"sha224":true,
"sha256":true,
"sha384":true,
"sha512": true,
"filter": []
},
"hmac":{
"enable":true,//hmac enable
"maxInputDataLength":240,
"printStack":false,
"sha1":true,
"md5":true,
"sha224":true,
"sha256":true,
"sha384":true,
"sha512":true,
"filter": []
},
"pbkdf":{
"enable":true,
"printStack":false,
"filter": []
}
}
Because printing the stack may lead to program execution exceptions, printStack is off by default, and you can turn it on by yourself if you need to.
npm install
npm run build
Of course there are a couple of functions that don't do interceptions, as shown below:
CCCryptorStatus
CCCryptorCreateFromData(CCOperation op, CCAlgorithm alg,
CCOptions options, const void *key, size_t keyLength, const void *iv,
const void *data, size_t dataLength, CCCryptorRef *cryptorRef,
size_t *dataUsed);