# Resources

## Recommended Toolkits and Scripts

The [Raptor scripts](https://github.com/0xdea/frida-scripts) by 0xdea ([Marco Ivaldi](https://0xdeadbeef.info/)) are an excellent starting point for a base script. The 'trace' line of scripts provide prebuilt method hooking functions which greatly simplify the hooking process. There are both Android and iOS variants available. If you browse to the bottom of any of these scripts, you will see some commented out examples of how to use these scripts, included here for quick reference:

{% tabs %}
{% tab title=" android\_trace.js" %}

```
// usage examples
setTimeout(function() { // avoid java.lang.ClassNotFoundException

	Java.perform(function() {

		// trace("com.target.utils.CryptoUtils.decrypt");
		// trace("com.target.utils.CryptoUtils");
		// trace("CryptoUtils");
		// trace(/crypto/i);
		// trace("exports:*!open*");

	});   
}, 0
```

{% endtab %}

{% tab title=" android\_enum.js" %}

```
// usage examples
setTimeout(function() { // avoid java.lang.ClassNotFoundException

	Java.perform(function() {

		// enumerate all classes
		/*
		var a = enumAllClasses();
		a.forEach(function(s) { 
			console.log(s); 
		});
		*/

		// find classes that match a pattern
		/*
		var a = findClasses(/password/i);
		a.forEach(function(s) { 
			console.log(s); 
		});
		*/

		// enumerate all methods in a class
		/*
		var a = enumMethods("com.target.app.PasswordManager")
		a.forEach(function(s) { 
			console.log(s); 
		});
		*/

	});
}, 0);
```

{% endtab %}

{% tab title="ios\_trace.js" %}

```
// usage examples
if (ObjC.available) {

	// trace("-[CredManager setPassword:]");
	// trace("*[CredManager *]");
	// trace("*[* *Password:*]");
	// trace("exports:libSystem.B.dylib!CCCrypt");
	// trace("exports:libSystem.B.dylib!open");
	// trace("exports:*!open*");
	
} else {
 	send("error: Objective-C Runtime is not available!");
}
```

{% endtab %}

{% tab title="ios\_enum.js" %}

```
// usage examples
if (ObjC.available) {

	// enumerate all classes
	/*
	var a = enumAllClasses();
	a.forEach(function(s) { 
		console.log(s); 
	});
	*/

	// find classes that match a pattern
	/*
	var a = findClasses(/password/i);
	a.forEach(function(s) { 
		console.log(s); 
	});
	*/

	// enumerate all methods in a class
	/*
	var a = enumMethods("PasswordManager")
	a.forEach(function(s) { 
		console.log(s); 
	});
	*/

	// enumerate all methods
	/*
	var d = enumAllMethods();
	for (k in d) {
		console.log(k);
		d[k].forEach(function(s) {
			console.log("\t" + s);
		});
	}
	*/

	// find methods that match a pattern
	/*
	var d = findMethods(/password/i);
	for (k in d) {
		console.log(k);
		d[k].forEach(function(s) {
			console.log("\t" + s);
		});
	}
	*/

} else {
 	send("error: Objective-C Runtime is not available!");
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
Once one of these scripts is [loaded into a REPL session](https://summit-labs.frida.ninja/frida-tool-reference/frida#loading-a-script-locally), you can access the`trace` methods directly from the REPL. Alternatively, you may add them directly to the raptor script. Remember, making changes to a script while it is loaded will cause Frida to reload that script.
{% endhint %}

#### frida-awesome

Another great resource for scripts is "[frida-awesome](https://github.com/dweinstein/awesome-frida)", a repo maintained by [David Weinstein](https://twitter.com/insitusec) at NowSecure containing a large number of links that include:  talks, papers, videos, blog posts,

{% embed url="<https://github.com/dweinstein/awesome-frida>" %}

## Root Android device

* Install [**TWRP** ](https://twrp.me/)**f**rom Google Play Store

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MekwicxpKprjl0Vknm-%2F-Mel60QF36xSWi7Mtinu%2Fimage.png?alt=media\&token=f8111ae0-3943-4539-92ab-6250c0e4928b)

* Download [magisk](https://github.com/topjohnwu/Magisk/releases/tag/v23.0) APK
* Rename .apk to .zip
* adb.exe push magisk.zip to /sdcard
* Activate Developer settings, (i): enable: Advanced reboot; (ii) disable update recovery with system updates. After that, select reboot mode, and the TWRP app starts.
* Restart Android device "recovery mood"
* Install magisk via TWRP

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-Meqa46cbGc_Iglsv3gC%2F-MeqaOJnFDG3I_qHIANB%2Fimage.png?alt=media\&token=906f32d8-9814-45ec-8b6f-ab3ee894e259)

* Open Magisk and update it if necessary

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-Meqa46cbGc_Iglsv3gC%2F-MeqbFgHpwZhVasO_1iA%2Fimage.png?alt=media\&token=2ce8b95a-db98-4274-9081-7902efcc7048)

* Use Root Checker or Super#SU app to check if the device is rooted!

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-Meqa46cbGc_Iglsv3gC%2F-Meqbn3pNOVCHNFXigWY%2Fimage.png?alt=media\&token=40973ca4-8b16-4ac3-9645-cb48e35a8cd6)

**Bonus**: Install lineage OS ;)

{% embed url="<https://download.lineageos.org/>" %}

## iOS

{% embed url="<https://canijailbreak.com/>" %}

{% embed url="<https://checkra.in/>" %}

## Others

{% embed url="<https://mobile-security.gitbook.io/mobile-security-testing-guide/>" %}

{% embed url="<https://summit-labs.frida.ninja/frida-tool-reference/frida#loading-a-script-locally>" %}