Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • Frida Installation Guide
  • Spawn app with Frida
  • Bonus
  • Reference
  • Complete guide
  • Installation
  • Smoke Test

Was this helpful?

  1. Mobile
  2. Reverse iOS ipa

Install Frida iPhone 5S

PreviousJailbreakNextFrida instrumentation

Last updated 3 years ago

Was this helpful?

Frida Installation Guide

After jailbreaking your device using the unc0ver JB, you need to access Cydia and install the right Frida server for this iOS version. In this case, I installed the Frida For A12 + devices.

After that, the version 14.2.13 was installed in your iPhone.

At this moment, we need to install the right version also on the Linux machine.

pip uninstall frida #for removing other versions
pip install frida==14.2.13
frida --version

If you execute your frida and got an error, you are on the right way ;D

frida-ps -U
Failed to enumerate processes: this feature requires an iOS Developer Disk Image
to be mounted; run Xcode briefly or use ideviceimagemounter to mount
one manually

So, you need to find the right iOS Developer Disk Image on this repository. In my case, the version: 11.0

Once downloaded, unzip it and go to its directory. Unlock the device and run the following command:

ideviceimagemounter DeveloperDiskImage.dmg DeveloperDiskimage.dmg.signature

After that, run it again:

frida-ps -U                                     
 PID  Name
----  --------------------------------------------------------
 889  AppleIDAuthAgent
 715  BlueTool
 926  CallHistorySyncHelper
 624  CloudKeychainProxy
1000  CommCenter
1067  ContainerMetadataExtractor
1064  ContextService
1031  Cydia
 732  IMDPersistenceAgent
1066  LocalStorageFileProvider
1075  MTLCompilerService
1602  MTLCompilerService
1074  MTLCompilerService
1603  MTLCompilerService
1389  MobileCal
 771  MobileGestaltHelper
1024  MobileMail
1001  MobileStorageMounter
1260  OTATaskingAgent
(...)

Spawn app with Frida

First, using Cydia you need to install ipainstaller ;)

This app will be used to get the applications' full path via SSH.

iphone:~ root# ipainstaller -l
com.electrateam.chimera
com.xxx.xxxx.xxxxxx
science.xnu.undecimus
iphone:~ root#

Now, you can spawn the target app using the following command:

frida -U -f 'com.xxxx.xxxx.xxxx'
frida -U -f 'com.xxxx.xxxx.xxxxx' -l frida.js

Bonus

After starting the hook with frida (frida.js) you can get some errors like these:

need Gadget to attach on jailed iOS; its default location is: /Users/imac/.cache/frida/gadget-ios.dylib

So, you need to download the ios universal gadget from frida releases page on GitHub. You need to download the same version according to your Frida version. Then, you need to follow the next steps:

wget https://github.com/frida/frida/releases/download/14.2.13/frida-gadget-14.2.13-ios-universal.dylib.gz
gunzip frida-gadget-14.2.13-ios-universal.dylib.gz
mkdir -p ~/.cache/frida
cp frida-gadget-14.2.13-ios-universal.dylib ~/.cache/frida/gadget-ios.dylib

--- execute again frida with the hook file like a baws ----
frida -U -f 'com.xxxx.xxxx.xxxxx' -l frida.js

Reference

Complete guide

  1. Start Cydia and navigate to the Sources Page.

  2. Click Edit in the top right corner, then Add in the top left.

  3. Enter https://build.frida.re aand click Add Source.

  4. Click on build.frida.re in your list of sources and click All Packages.

  5. Install the corresponding package for your device.

  6. Reboot

I chose Frida for A12+ devices on my iPhone SE 2`. If you don't know what your device is, you can check the following list:

  • Frida for 32-bit devices:

    • Devices released on/before September 2012 (iPhone 5 and older)

  • Frida for pre-A12 devices:

    • Devices released between September 2013 and September 2017 (iPhone 5S to iPhone 8/X)

  • Frida for A12+ devices:

    • Devices released after September 2018 (iPhone XS/XR and newer)

If you haven't done so already, you will need to make sure that the device is connected via USB and unlocked. Then run the following command:

idevicepair pair

You will be prompted with ERROR: Please accept the trust dialog on the screen of device <UDID>, then attempt to pair again.

Click the Trust button on the dialog on your iPhone and run the previous command again. You should now see SUCCESS: Paired with device <UDID>

You can test that everything is working by running the following command:

frida-ps -U

If you recieve the message Failed to enumerate processes: this feature requires an iOS Developer Disk Image to be mounted; run Xcode briefly or use ideviceimagemounter to mount one manually

Once downloaded, unzip it and go to its directory. Unlock the device and run the following command:

ideviceimagemounter DeveloperDiskImage.dmg DeveloperDiskimage.dmg.signature

If you're getting mount_image returned -3, you may be fine. Try frida-ps -U again. I spent way too long trying to figure out why it wasn't working, when it really was.

You should see output similar to:

PID  Name
---  --------------------------------------------------------
569  Cydia
957  Settings
546  Siri Search
451  ACCHWComponentAuthService
439  AppleCredentialManagerDaemon
561  AssetCacheLocatorService
472  BlueTool
518  CAReportingService
552  CMFSyncAgent
494  CloudKeychainProxy
448  CommCenter
463  CommCenterMobileHelper
555  ContainerMetadataExtractor
...

You got it

I won't go through how to install Frida on your workstation, but it needs to be done. You can find instructions .

, you will need to download the Developer Disk Image from . It needs to match the iOS version on your device, so since I'm using iOS 13.5, I would download Disk Image.

😎
Installation
Smoke Test
here
this GitHub Repository
this
LogofridaPyPI
LogoReleases · xushuduo/Xcode-iOS-Developer-Disk-ImageGitHub
LogoFrida - iPhone SE 2 (2020)
LogoFrida - iPhone SE 2 (2020)
LogoMobexler - Mobile Application Penetration Testing Platform