Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/NorthwaveSecurity/fridax
Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
https://github.com/NorthwaveSecurity/fridax
ahead-of-time android aot arguments frida functions intercept ios jit just-in-time modify mono variables xamarin
Last synced: 28 days ago
JSON representation
Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- Host: GitHub
- URL: https://github.com/NorthwaveSecurity/fridax
- Owner: NorthwaveSecurity
- License: mit
- Created: 2020-03-06T09:38:46.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-04-04T09:36:16.000Z (over 1 year ago)
- Last Synced: 2024-08-04T01:15:35.313Z (4 months ago)
- Topics: ahead-of-time, android, aot, arguments, frida, functions, intercept, ios, jit, just-in-time, modify, mono, variables, xamarin
- Language: JavaScript
- Homepage:
- Size: 1.21 MB
- Stars: 157
- Watchers: 7
- Forks: 21
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-ios-security - Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications. (Tools / Dynamic Analysis Tools)
- awesome-apple-security - Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications. (Tools / Dynamic Analysis Tools)
- awesome-hacking-lists - NorthwaveSecurity/fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications. (JavaScript)
README
Fridax is a Node package for dealing with Xamarin applications while using the Frida API.
Goal
•
Installation
•
Usage
•
Examples
•
Issues
•
License
Built with ❤ by the Northwave Red Team
## Goal
In the Northwave Red Team we conduct security penetration tests on, among other things, mobile applications. During almost every mobile application penetration test we want to modify the behaviour of the application in such a way that it bypasses certain checks (e.g. a PIN code check).
Frida is a toolkit that allows us to do exactly that. It is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Using Frida you can, for example, inject and modify code of iOS and Android applications on runtime. However, if the application that is being pentested is a Xamarin application, it becomes more difficult to modify code on runtime, since Xamarin applications are basically wrappers that run a .NET binary.
**Fridax to the rescue!** Fridax allows you to easily modify the .NET binary inside a Xamarin application on runtime. We've included some example scripts that e.g. modify constructor and function arguments.
Happy hacking!
## Installation
Clone this Git repository.
```bash
git clone [email protected]:NorthwaveNL/fridax.git
```Use the package manager [npm](https://www.npmjs.com/) to install the dependencies for Fridax.
```bash
cd fridax
npm install
```## Usage
Please check the [known issues](#issues) before your start.
1. Connect your device (make sure it can be listed).
- `frida-ls-devices`
2. Copy an example script to the scripts folder.
- `cp examples/modify_class_function_argument.js scripts/modify_class_function_argument.js`
3. Adjust some of the config variables in the script (that you copied) to your needs.
- Update `settingClassName`, `settingMethodName` and `settingMethodArgCount`
4. Start the application on your device and run your script!
- `./fridax.js inject --scripts scripts/modify_class_function_argument.js`**All options**
```bash
./fridax.jsCommands:
./fridax.js inject [scripts] Inject the given scripts list.Options:
--version Show version number [boolean]
-h, --help Show help [boolean]
--device The address of the remote Frida device to connect to (or the string "usb") [default: "usb"]Examples:
./fridax.js inject --scripts scripts/modify_function_argument.js scripts/intercept_password.js scripts/sql_injection.js
```## Examples
Example scripts can be found in `./examples`. Place an example script in the `./scripts` folder to try it out. Using the example scripts, all of the variables/functions in the example class below can be read/intercepted.
```csharp
namespace CompanyName.ProjectName {class Settings {
// Static int can be read
public static readonly int secret1 = 1234;// Static bool can be read
public static readonly bool secret2 = false;// Static object can be read
public static readonly ObfuscatedString secret3 = ObfuscatedString("yGVhqI5yzbgYUnCP+ZukDw==");// Static string can be read
public static readonly string secret4 = "SecretValue";// Constructor can be intercepted and arguments can be modified
Settings(string a, string b, string c) {}
// Function can be intercepted and argument can be modified
GetElement(string id) {}
}
}
```
For example, to read the `public static readonly bool secret2` you can run the command below after copying `./examples/read_static_bool_from_class.js` to `./scripts/read_static_bool_from_class.js`. You also need to edit the `Company.ProjectName.Settings` class name and `secret2` variable name in that file to your needs. You can find out which names you need by using [dnSpy](https://github.com/0xd4d/dnSpy) on the Mono binary in the IPA/APK.```bash
./fridax.js inject --scripts scripts/read_static_bool_from_class.js
```
## IssuesIssues or new features can be reported via the [GitHub issue tracker](https://github.com/NorthwaveNL/fridax/issues). Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.
**Known issues**
* Xamarin app needs to be running before you start this script (see [this issue](https://github.com/freehuntx/frida-mono-api/issues/4) for more information).
* You get the error `Export not found: mono_aot_get_method`. This is due to your application being JIT-compiled. Please use the example scripts that are prefixed with `jit_` instead of `aot_` (AOT-compiled). See [issue #3](https://github.com/NorthwaveNL/fridax/issues/3) for more information.## License
Fridax is open-sourced software licensed under the [MIT license](https://github.com/NorthwaveNL/fridax/blob/develop/LICENSE.md).