{"id":13410877,"url":"https://github.com/hot3eed/xpcspy","last_synced_at":"2025-03-14T16:33:08.320Z","repository":{"id":40591941,"uuid":"310089268","full_name":"hot3eed/xpcspy","owner":"hot3eed","description":"Bidirectional XPC message interception and more. Powered by Frida","archived":false,"fork":false,"pushed_at":"2022-11-09T15:31:26.000Z","size":464,"stargazers_count":381,"open_issues_count":2,"forks_count":48,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-10-01T12:18:58.278Z","etag":null,"topics":["frida","ios","macos","xnu","xpc"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hot3eed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-04T18:46:00.000Z","updated_at":"2024-09-02T16:42:12.000Z","dependencies_parsed_at":"2023-01-22T21:31:27.106Z","dependency_job_id":null,"html_url":"https://github.com/hot3eed/xpcspy","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hot3eed%2Fxpcspy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hot3eed%2Fxpcspy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hot3eed%2Fxpcspy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hot3eed%2Fxpcspy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hot3eed","download_url":"https://codeload.github.com/hot3eed/xpcspy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242988043,"owners_count":20217538,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["frida","ios","macos","xnu","xpc"],"created_at":"2024-07-30T20:01:09.964Z","updated_at":"2025-03-14T16:33:07.897Z","avatar_url":"https://github.com/hot3eed.png","language":"TypeScript","readme":"# xpcspy - Bidirectional XPC message interception and more\n\n## Features:\n* Bidirectional XPC message interception.\n* iOS and macOS support.\n* `bplist00`, and the infamous `bplist15` [deserialization].\n* Filter by message direction (incoming or outgoing) and service name.\n* More to come?\n\n\n## Showcase\n```\nUsage: xpcspy [options] target\n\nOptions:\n  --version             show program's version number and exit\n  -h, --help            show this help message and exit\n  -D ID, --device=ID    connect to device with the given ID\n  -U, --usb             connect to USB device\n  -R, --remote          connect to remote frida-server\n  -H HOST, --host=HOST  connect to remote frida-server on HOST\n  -f FILE, --file=FILE  spawn FILE\n  -F, --attach-frontmost\n                        attach to frontmost application\n  -n NAME, --attach-name=NAME\n                        attach to NAME\n  -p PID, --attach-pid=PID\n                        attach to PID\n  --stdio=inherit|pipe  stdio behavior when spawning (defaults to “inherit”)\n  --aux=option          set aux option when spawning, such as “uid=(int)42”\n                        (supported types are: string, bool, int)\n  --runtime=qjs|v8      script runtime to use\n  --debug               enable the Node.js compatible script debugger\n  --squelch-crash       if enabled, will not dump crash report to console\n  -O FILE, --options-file=FILE\n                        text file containing additional command line options\n  -t FILTER, --filter=FILTER\n                        Filter by message direction and service name. 'i'\n                        denotes incoming and 'o' denotes outgoing. Service\n                        name can include the wildcard character '*'. For\n                        exmaple 'i:com.apple.*' or 'o:com.apple.apsd'.\n  -r, --parse           Parse XPC dictionary keys that include `bplist` data.\n                        Currently `bplist00` and `bplist16` are officially\n                        supported, while `bplist15` and `bplist17` support is\n                        still experimental..\n  -d, --print-date      Print a current timestamp before every XPC message\n```\n![screenshot_1.png](assets/screenshot_1.png)\n\n\n## Installation\n`pip3 install xpcspy`\n\n\n## TODO:\n* Deserialize data within the parsed `bplist`s recursively.\n* Improve script loading performance, kinda slow for some reason.\n* Add an option to get the address, perhaps ASLR adjusted, for the XPC event handler, by spawning the process and hooking `xpc_connection_set_event_handler`.\n* Add fancy colors.\n* More pretty printing?\n\n\n## FAQ \n* Why are you reinventing the [wheel]?\n    * I'm not; XPoCe doesn't intercept incoming messages, and doesn't support `bplist00` or `bplist15`. \n    `\n\n## License\n[Apache License 2.0](LICENSE)\n\n[wheel]: http://newosxbook.com/tools/XPoCe2.html\n[deserialization]: http://newosxbook.com/bonus/bplist.pdf\n","funding_links":[],"categories":["TypeScript","Инструменты анализа"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhot3eed%2Fxpcspy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhot3eed%2Fxpcspy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhot3eed%2Fxpcspy/lists"}