Ios

The below C program will serve as our example, it contains a JWT in the binary that can be trivially found using strings, however lets try a different approach! #include <stdlib.h> #include <stdio.h> int main(){ char *jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"; puts(jwt); return 0; } We may not always be fortunate enough, that the JWT is embedded directly in the binary. Normally they are served by various different APIs on authentication. If you’d like to check whether or not a particular application has any JWT’s in memory, you could use something like the below. ...

Child gating refers to the process by which the same hooks applied to a parent process, are reapplied to any children spawned by the parent. Child gating should be useful in any scenario where your target is spawning multiple other binaries, for example a root detection technique may involve spawning the which binary and checking for su; This can be bypassed by: ...

Precut corners and other tidbits all about Frida. Android Hook an overloaded Java function Java.perform(function() { var str = Java.use('java.lang.String'), objectClass = 'java.lang.Object'; str.equals.overload(objectClass).implementation = function(obj) { var response = str.equals.overload(objectClass).call(this, obj); if (obj) { if (obj.toString().length > 5) { console.log('what was I doing here') } } return response; } }); Hook two functions that have the same parameters and name, but different return types Say we have the following decompiled Java class: ...