{"id":23443182,"url":"https://github.com/xpko/frida-ios-cipher","last_synced_at":"2025-04-04T06:09:07.426Z","repository":{"id":183935908,"uuid":"671031715","full_name":"xpko/frida-ios-cipher","owner":"xpko","description":"Intercept all cryptography-related functions on iOS with Frida Api.","archived":false,"fork":false,"pushed_at":"2024-10-25T06:23:25.000Z","size":257,"stargazers_count":206,"open_issues_count":3,"forks_count":47,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-12-17T22:34:27.353Z","etag":null,"topics":["cccrypt","cipher","frida","hmac","ios","md5","sha1"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xpko.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-26T11:39:42.000Z","updated_at":"2024-12-17T09:32:26.000Z","dependencies_parsed_at":"2023-09-06T09:15:10.733Z","dependency_job_id":"3c08870d-7daf-47da-8435-69b5c571d39b","html_url":"https://github.com/xpko/frida-ios-cipher","commit_stats":null,"previous_names":["humenger/frida-ios-cipher","jitcor/frida-ios-cipher","xpko/frida-ios-cipher"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xpko%2Ffrida-ios-cipher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xpko%2Ffrida-ios-cipher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xpko%2Ffrida-ios-cipher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xpko%2Ffrida-ios-cipher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xpko","download_url":"https://codeload.github.com/xpko/frida-ios-cipher/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247128751,"owners_count":20888235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cccrypt","cipher","frida","hmac","ios","md5","sha1"],"created_at":"2024-12-23T18:09:49.421Z","updated_at":"2025-04-04T06:09:07.401Z","avatar_url":"https://github.com/xpko.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Frida-iOS-Cipher\n![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/Humenger/frida-ios-cipher/.github%2Fworkflows%2Fbuild.yml)\n## Introduction\nIntercept all cryptography-related functions on iOS with Frida Api.\n## Support Algorithm\n* [x] `AES`\n* [x] `DES`,`3DES`\n* [x] `CAST`(What it's?)\n* [x] `RC2`,`RC4`\n* [x] `Blowfish`\n* [x] `SHA1`,`SHA224`,`SHA256`,`SHA384`,`SHA512`\n* [x] `MD2`,`MD4`,`MD5`\n* [x] `HMAC`\n* [x] `PBKDF`\n* [x] `KEYCHAIN`\n* [ ] `RSA`\n* [ ] `ECDH`\n* [ ] `ECDSA`\n## Preview\n![image](./res/ios_cipher_preview.png)\n## Instructions for use\n* You can customize the functions you want to intercept printing by turning them on (they are all turned on by default).\n* Print data limit (default maximum 240 bytes for a single piece of data, where there is no limit for key, hash and digest results)\n* and stack information (off by default)\n* Doesn't differentiate between OC or Swift, the api calls for encryption are the same for both languages\n\n## Simple to use\n\n* Spawn mode\n\n```bash\nfrida -U --codeshare Humenger/frida-ios-cipher -f \"xxx.xxx.xxx\" --no-pause\n```\n\n* Attach mode\n\n```bash\nfrida -U --codeshare Humenger/frida-ios-cipher -n \"app name\"\n```\n## Config\n\u003e Configuration at the beginning of the [script](./agent/index.ts).\n```js\n//config\nconst CIPHER_CONFIG={\n    \"enable\":true,//global enable\n    \"highlighting\": true,//syntax highlighting\n    \"crypto\":{\n        \"enable\":true,//crypto enable\n        \"maxDataLength\":240,//Maximum length of single data printout\n        \"printStack\":false,\n        \"aes\":true,\n        \"des\":true,\n        \"3des\":true,\n        \"cast\":true,\n        \"rc4\":true,\n        \"rc2\":true,\n        \"blowfish\":true,\n        \"filter\": []\n    },\n    \"hash\":{\n        \"enable\":true,//hash enable\n        \"maxInputDataLength\":240,\n        \"printStack\":false,\n        \"md2\":true,\n        \"md4\":true,\n        \"md5\":true,\n        \"sha1\":true,\n        \"sha224\":true,\n        \"sha256\":true,\n        \"sha384\":true,\n        \"sha512\": true,\n        \"filter\": []\n    },\n    \"hmac\":{\n        \"enable\":true,//hmac enable\n        \"maxInputDataLength\":240,\n        \"printStack\":false,\n        \"sha1\":true,\n        \"md5\":true,\n        \"sha224\":true,\n        \"sha256\":true,\n        \"sha384\":true,\n        \"sha512\":true,\n        \"filter\": []\n    },\n    \"pbkdf\":{\n        \"enable\":true,\n        \"printStack\":false,\n        \"filter\": []\n    },\n    \"keychain\": {\n        \"enable\": true,\n        \"maxDataLength\": 240,\n        \"printStack\": false,\n        \"realtimeIntercept\": true,//true: dump keychain and intercept api ; false: only dump\n        \"filter\": []\n    }\n}\n\n```\n\u003e Because printing the stack may lead to program execution exceptions, printStack is off by default, and you can turn it on by yourself if you need to.\n\n## Build\n```bash\nnpm install \nnpm run build\n```\n## development environment\nMacOS Sonoma 14.6.1  \nFrida 15.1.2    \niPad 14.4.2  \n## Replenishment\nOf course there are a couple of functions that don't do interceptions, as shown below:\n```c\nCCCryptorStatus\n     CCCryptorCreateFromData(CCOperation op, CCAlgorithm alg,\n         CCOptions options, const void *key, size_t keyLength, const void *iv,\n         const void *data, size_t dataLength, CCCryptorRef *cryptorRef,\n         size_t *dataUsed);\n```\n* This function also calls CCCryptorCreate internally, so it doesn't do interceptions\n* Similarly CCCryptorCreateFromDataWithMode\n* There are also a couple of CCDigest functions that are too cold to be added later if encountered\n* There are also a couple of random functions as well as UUIDs, which seem to be strictly within the scope of cryptography, to which I'll add later on\n* As for asymmetric encryption, I can't seem to find an official implementation at the moment\n## Consultation\n * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h\n * https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/CC_MD5.3cc.html#//apple_ref/doc/man/3cc/CC_MD5\n * https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/CC_SHA.3cc.html#//apple_ref/doc/man/3cc/CC_SHA\n * https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/CCCryptor.3cc.html#//apple_ref/doc/man/3cc/CCCryptor\n * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-55010/CommonCrypto/CommonKeyDerivation.h.auto.html\n * https://www.cnblogs.com/cocoajin/p/6150203.html\n * https://frida.re/docs/javascript-api/\n * https://codeshare.frida.re/@xperylab/cccrypt-dump/\n * https://github.com/federicodotta/Brida\n * https://github.com/sensepost/objection/blob/master/agent/src/ios/crypto.ts\n * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60118.200.6/lib/CommonCryptor.c.auto.html\n * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60026/CommonCrypto/CommonCryptor.h.auto.html\n * https://www.jianshu.com/p/8896ed432dff\n * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60118.200.6/lib/\n * https://blog.csdn.net/q187543/article/details/103920969\n* https://github.com/ptoomey3/Keychain-Dumper/blob/master/main.m\n* https://github.com/seemoo-lab/apple-continuity-tools/blob/565f2a95d8c3a958ffb430a5022a2df923eb5c1b/keychain_access/frida_scripts/hook_SecItemCopyMatching.js\n* https://codeshare.frida.re/@Shapa7276/ios-keychain-update/\n* https://github.com/FSecureLABS/needle/blob/master/needle/modules/storage/data/keychain_dump_frida.py\n\n## Technical Support\n\u003ca href=\"https://t.me/shluer\"\u003eTelegram\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxpko%2Ffrida-ios-cipher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxpko%2Ffrida-ios-cipher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxpko%2Ffrida-ios-cipher/lists"}