├── .gitignore ├── image └── fridpa.JPG ├── welcome.txt ├── README.md └── fridpa.sh /.gitignore: -------------------------------------------------------------------------------- 1 | FridaGadget.dylib 2 | -------------------------------------------------------------------------------- /image/fridpa.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanprathan/Fridpa/HEAD/image/fridpa.JPG -------------------------------------------------------------------------------- /welcome.txt: -------------------------------------------------------------------------------- 1 | 2 | `hhhhhhhhhhhhho yh+ yo 3 | `MMh++++++++++: yy+ yo 4 | `MMo -ooo+my 5 | `MMo yh+ oyh/ yh+ +M dy .+yhdddyo- 6 | `MMo NMmmNh mMy +M dy `yMNy+/:/sNMh` 7 | `MMo NMMs` NMy +M dy yMm. .NMs 8 | `MMo NMh NMy /M dy `NMo yMN 9 | `MMo NMs NMy -N+``:Ny `MM+ sMM 10 | `MMo NMy NMy \+oo+o/ ++- `hMM 11 | `MMNNNNNNNNm NMy NMy ./yNMMM 12 | `MMh+++++++: NMy NMy -+ymMms:yMM 13 | `MMo NMy NMy ./:ooo: `omMms:` yMM 14 | `MMo NMy NMy /M+` -mo -mMh- yMM 15 | `MMo NMy NMy /M dh yMm sMM 16 | `MMo NMy NMy /M dh dMy sMM 17 | `MMo NMy NMy /M dh dMy sMM 18 | `MMo NMy NMy /M dh yMm `dMM 19 | `MMo NMy NMy /M/ooo -NMy MMM 20 | `MMo NMy NMy yo -mMMh/``.:sNNM 21 | `MMo NMy NMy yo `odNNNNmy/mMN 22 | 23 | github.com/tanprathan 24 | __ ___ ___ 25 | |\ | __ | __ _ | / __ / __ _ 26 | | \ | | | | | | | | | | | |\ | | __ | | | |\ | 27 | | \| |__| \_| |__|\ | | \___ |__|\ | \| \___| |__|\ | | \| 28 | 29 | [1] The (IPA)Builder 30 | [2] The Connector 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Fridpa 2 | ![image](https://raw.githubusercontent.com/tanprathan/Fridpa/master/image/fridpa.JPG) 3 | 4 | An automated wrapper script for unpacking, patching (Insert the load command into binary), re-signing and deploying apps on non-jailbroken device. Once the process is completed, the apps will launch in debugging mode with lldb attached and ready for hooking using Frida. Fridpa has 2 modules which are: "The (IPA)Builder" and "The Connector" 5 | * `The (IPA)Builder` : This module uses for unpacking, patching, re-signing and deploying the app with debugging mode. 6 | * `The Connector` : This module uses for connecting to patched app without re-installing. 7 | 8 | ### Program Dependencies 9 | * optool (https://github.com/alexzielenski/optool) 10 | * ios-deploy (https://github.com/phonegap/ios-deploy) 11 | 12 | ### Usage 13 | * Ensure that your mobile provision profile is ready and locate on Fridpa directory. Please follow the instruction to create mobile provision profile at https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/ (Configure the environment). 14 | * Ensure that your iOS application package (.ipa file) is located on Fridpa directory. 15 | * Once the `The (IPA)Builder` module is selected, the Fridpa will reqest the signing identity (e.g. F0B35CBA1F2DA06F49F3ADB0C93E14FFFAE3B85B) in order to perform re-signing the app. (Please select the identity which match with provision profile). 16 | * For first deployment, provision profile must be trusted on iDevice which can be set in "Settings->General->Profiles&Device Management->Developer App", then press enter to confirm the setting. 17 | * Re-installation will be conducted automatically and run the app with debugging mode. Now, the app will wait Frida client for connecting to the app. 18 | 19 | ### Contribution 20 | Your contributions and suggestions are welcome. 21 | 22 | ### License 23 | 24 | [![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](http://creativecommons.org/licenses/by/4.0/) 25 | 26 | This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/) 27 | -------------------------------------------------------------------------------- /fridpa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # An automated wrapper script for unpacking, patching, signing and deploying 3 | # apps on non-jailbroken device. Once the process is completed, the apps will 4 | # launch in debugging mode with lldb attached and ready for hooking using Frida 5 | # 6 | # Developed by @tanprathan 7 | 8 | export PATH=$PATH:/usr/libexec 9 | DYLIB=${pwd}/FridaGadget.dylib 10 | 11 | 12 | 13 | function patch() { 14 | # Clear Payload folder 15 | rm -rf Payload* 16 | 17 | # Download Frida DYLIB if not found 18 | if [ ! -f $DYLIB ]; then 19 | echo "FridaGadget.dylib not found" 20 | echo "Download from the internet" 21 | curl -O https://build.frida.re/frida/ios/lib/FridaGadget.dylib 22 | fi 23 | 24 | # Obtaining Certificate Identity from Developer profile: 25 | echo "" && echo -e "***** Listing Signing Identity *****" 26 | security find-identity -p codesigning -v 27 | echo "" && echo -n "Enter your Identity (Same as mobileprovision) then press [ENTER]: " 28 | read SID 29 | 30 | # Unpacking and Identifying Application Name: 31 | echo "" && echo -n "Ensure the IPA and embedded.mobileprovision file are on the current directory [ENTER]" 32 | read OK 33 | APPPACKAGE="$(find *.ipa)" 34 | unzip ${APPPACKAGE} >/dev/null 35 | APPNAME="$(ls Payload)" 36 | 37 | # Copying Frida to Application folder and Inserting load command 38 | cp FridaGadget.dylib "Payload/${APPNAME}/" 39 | echo "" && echo -e "***** Inserting load command into Binary *****" 40 | APPBINARY=${APPNAME%.*} 41 | ./optool install -c load -p "@executable_path/FridaGadget.dylib" -t "Payload/${APPNAME}/${APPBINARY}" 42 | 43 | # Obtaining entitlements and Bundle ID: 44 | security cms -D -i embedded.mobileprovision >profile.plist 45 | PlistBuddy -x -c 'Print :Entitlements' profile.plist >entitlements.plist 46 | 47 | ENT=$(egrep -a -A 2 application-identifier embedded.mobileprovision | grep string | sed -e 's///' -e 's/<\/string>//' -e 's/ //' | tr -d '\t') 48 | BUNDLEID=${ENT#*.} 49 | 50 | # Signing the Application package: 51 | cp embedded.mobileprovision "Payload/${APPNAME}/embedded.mobileprovision" 52 | 53 | PlistBuddy -c "Set :CFBundleIdentifier ${BUNDLEID}" "Payload/${APPNAME}/Info.plist" 54 | 55 | rm -rf Payload/${APPNAME}/_CodeSignature 56 | echo "" && echo -e "***** Re-signing Binary *****" 57 | codesign --force --sign ${SID} "Payload/${APPNAME}/FridaGadget.dylib" 58 | codesign --force --sign ${SID} --entitlements entitlements.plist "Payload/${APPNAME}/${APPBINARY}" 59 | 60 | # Clear entitlements file 61 | rm entitlements.plist 62 | rm profile.plist 63 | 64 | # Deploying application with debuggable mode: 65 | echo "" && echo -e "***** Deploying Application on iDevice *****" 66 | ios-deploy --bundle "Payload/${APPNAME}/" 67 | echo "" && echo -n "Trust Developer profile on Device Settings and press [ENTER]" 68 | read OK 69 | echo "" && echo -e "***** Deploying Application with Frida Server *****" 70 | ios-deploy --noinstall --debug --bundle "Payload/${APPNAME}/" 71 | exit 0 72 | } 73 | 74 | function deploy() { 75 | APPNAME="$(ls Payload)" 76 | echo "" && echo -e "***** Deploying Application with Frida Server *****" 77 | ios-deploy --noinstall --debug --bundle "Payload/${APPNAME}/" 78 | exit 0 79 | } 80 | 81 | # Providing option for Fridpa 82 | cat welcome.txt 83 | echo "" && echo -n "Enter your Option for Fridpa and press [ENTER]: " 84 | read option 85 | 86 | case ${option} in 87 | 1) patch ;; 88 | 2) deploy ;; 89 | *) 90 | echo "" 91 | echo "++++++++++++++++++++++++++++++" 92 | echo "+ +" 93 | echo "+ Noob Spotted, Go away !! +" 94 | echo "+ +" 95 | echo "++++++++++++++++++++++++++++++" 96 | echo "" 97 | exit 1 98 | ;; 99 | esac 100 | 101 | sleep 10 102 | --------------------------------------------------------------------------------