Install Frida iPhone 5S

Frida Installation Guide

After jailbreaking your device using the unc0ver JB, you need to access Cydia and install the right Frida server for this iOS version. In this case, I installed the Frida For A12 + devices.
After that, the version 14.2.13 was installed in your iPhone.
At this moment, we need to install the right version also on the Linux machine.
1
pip uninstall frida #for removing other versions
2
pip install frida==14.2.13
3
frida --version
Copied!
frida
PyPI
If you execute your frida and got an error, you are on the right way ;D
1
frida-ps -U
2
Failed to enumerate processes: this feature requires an iOS Developer Disk Image
3
to be mounted; run Xcode briefly or use ideviceimagemounter to mount
4
one manually
Copied!
So, you need to find the right iOS Developer Disk Image on this repository. In my case, the version: 11.0
Releases · xushuduo/Xcode-iOS-Developer-Disk-Image
GitHub
Once downloaded, unzip it and go to its directory. Unlock the device and run the following command:
1
ideviceimagemounter DeveloperDiskImage.dmg DeveloperDiskimage.dmg.signature
Copied!
After that, run it again:
1
frida-ps -U
2
PID Name
3
---- --------------------------------------------------------
4
889 AppleIDAuthAgent
5
715 BlueTool
6
926 CallHistorySyncHelper
7
624 CloudKeychainProxy
8
1000 CommCenter
9
1067 ContainerMetadataExtractor
10
1064 ContextService
11
1031 Cydia
12
732 IMDPersistenceAgent
13
1066 LocalStorageFileProvider
14
1075 MTLCompilerService
15
1602 MTLCompilerService
16
1074 MTLCompilerService
17
1603 MTLCompilerService
18
1389 MobileCal
19
771 MobileGestaltHelper
20
1024 MobileMail
21
1001 MobileStorageMounter
22
1260 OTATaskingAgent
23
(...)
Copied!
You got it
😎

Spawn app with Frida

First, using Cydia you need to install ipainstaller ;)
This app will be used to get the applications' full path via SSH.
1
iphone:~ root# ipainstaller -l
2
com.electrateam.chimera
3
com.xxx.xxxx.xxxxxx
4
science.xnu.undecimus
5
iphone:~ root#
Copied!
Now, you can spawn the target app using the following command:
1
frida -U -f 'com.xxxx.xxxx.xxxx'
2
frida -U -f 'com.xxxx.xxxx.xxxxx' -l frida.js
Copied!

Bonus

After starting the hook with frida (frida.js) you can get some errors like these:
1
need Gadget to attach on jailed iOS; its default location is: /Users/imac/.cache/frida/gadget-ios.dylib
Copied!
So, you need to download the ios universal gadget from frida releases page on GitHub. You need to download the same version according to your Frida version. Then, you need to follow the next steps:
1
wget https://github.com/frida/frida/releases/download/14.2.13/frida-gadget-14.2.13-ios-universal.dylib.gz
2
gunzip frida-gadget-14.2.13-ios-universal.dylib.gz
3
mkdir -p ~/.cache/frida
4
cp frida-gadget-14.2.13-ios-universal.dylib ~/.cache/frida/gadget-ios.dylib
5
6
--- execute again frida with the hook file like a baws ----
7
frida -U -f 'com.xxxx.xxxx.xxxxx' -l frida.js
Copied!

Reference

Frida - iPhone SE 2 (2020)
Mobexler - Mobile Application Penetration Testing Platform

Complete guide

    1.
    Start Cydia and navigate to the Sources Page.
    2.
    Click Edit in the top right corner, then Add in the top left.
    3.
    Enter https://build.frida.re aand click Add Source.
    4.
    Click on build.frida.re in your list of sources and click All Packages.
    5.
    Install the corresponding package for your device.
    6.
    Reboot
I chose Frida for A12+ devices on my iPhone SE 2`. If you don't know what your device is, you can check the following list:
    Frida for 32-bit devices:
      Devices released on/before September 2012 (iPhone 5 and older)
    Frida for pre-A12 devices:
      Devices released between September 2013 and September 2017 (iPhone 5S to iPhone 8/X)
    Frida for A12+ devices:
      Devices released after September 2018 (iPhone XS/XR and newer)
I won't go through how to install Frida on your workstation, but it needs to be done. You can find instructions here.
If you haven't done so already, you will need to make sure that the device is connected via USB and unlocked. Then run the following command:
1
idevicepair pair
Copied!
You will be prompted with ERROR: Please accept the trust dialog on the screen of device <UDID>, then attempt to pair again.
Click the Trust button on the dialog on your iPhone and run the previous command again. You should now see SUCCESS: Paired with device <UDID>
You can test that everything is working by running the following command:
1
frida-ps -U
Copied!
If you recieve the message Failed to enumerate processes: this feature requires an iOS Developer Disk Image to be mounted; run Xcode briefly or use ideviceimagemounter to mount one manually
, you will need to download the Developer Disk Image from this GitHub Repository. It needs to match the iOS version on your device, so since I'm using iOS 13.5, I would download this Disk Image.
Once downloaded, unzip it and go to its directory. Unlock the device and run the following command:
1
ideviceimagemounter DeveloperDiskImage.dmg DeveloperDiskimage.dmg.signature
Copied!
If you're getting mount_image returned -3, you may be fine. Try frida-ps -U again. I spent way too long trying to figure out why it wasn't working, when it really was.
You should see output similar to:
1
PID Name
2
--- --------------------------------------------------------
3
569 Cydia
4
957 Settings
5
546 Siri Search
6
451 ACCHWComponentAuthService
7
439 AppleCredentialManagerDaemon
8
561 AssetCacheLocatorService
9
472 BlueTool
10
518 CAReportingService
11
552 CMFSyncAgent
12
494 CloudKeychainProxy
13
448 CommCenter
14
463 CommCenterMobileHelper
15
555 ContainerMetadataExtractor
16
...
Copied!
Frida - iPhone SE 2 (2020)
Last modified 3mo ago