User Tools

Site Tools

Trace:
howto:fridahooklibrary

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
howto:fridahooklibrary [2017/10/19 11:47]
czokie created 		howto:fridahooklibrary [2017/11/06 22:41]
czokie [PrettyWoman]
Line 8: Line 8:
 Our work at the moment is focussed on IOS. As a general rule of thumb, we should where possible use the "swizzle" method of hooking. In the near future, this type of hook method will be able to be run on a modified app launched from Springboard. This is pending a patch from the author, but we know that this is a requirement. Not sure yet what standards if any are required for Android to ensure any protection is not tripped up. Our work at the moment is focussed on IOS. As a general rule of thumb, we should where possible use the "swizzle" method of hooking. In the near future, this type of hook method will be able to be run on a modified app launched from Springboard. This is pending a patch from the author, but we know that this is a requirement. Not sure yet what standards if any are required for Android to ensure any protection is not tripped up.
  
 +===== Configuration =====
 +The config below can be used for stand-alone hooks, allowing you to open DJI GO 4 from springboard.
 +<code java FridaGadget.config>
 +{
 +  "interaction": {
 +    "type": "script",
 +    "path": "Tweak.js",
 +    "on_change": "reload"
 +  },
 +  "code_signing": "required"
 +}
 +</code>
 ===== Template hook ===== ===== Template hook =====
  
Line 16: Line 28:
 We'll dig into this more later when/if we need to access parameter data etc. We'll dig into this more later when/if we need to access parameter data etc.
  
-So. For now, our template hook is +====== PrettyWoman ====== 
 +As part of this workI looked at how to "standardise" our hooks, since they all appeared to be based on a couple of patterns. Below, you will find source and a CSV file for "PrettyWoman". This app name was picked by Jezzab because "PrettyWoman - She was a hooker"
 + 
 +Anyway. Naming conventions aside. How does it work? There is a shell script that parses a CSV file that contains configuration information for a list of hooks that will be created in the output. 
 + 
 + 
 + 
 + 
 + 
 + 
  
 ====== Hooks ====== ====== Hooks ======
Line 22: Line 44:
  
 <code javascript DJITermsNotificationController.shouldShowTerms.js> <code javascript DJITermsNotificationController.shouldShowTerms.js>
 +'use strict';
 if (ObjC.available) { if (ObjC.available) {
 +
   var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;   var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;
-  +
   var shouldShowTerms = DJITermsNotificationController['- shouldShowTerms'];   var shouldShowTerms = DJITermsNotificationController['- shouldShowTerms'];
   var shouldShowTermsImpl = shouldShowTerms.implementation;   var shouldShowTermsImpl = shouldShowTerms.implementation;
   shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {   shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {
     var originalResult = shouldShowTermsImpl(handle, selector);     var originalResult = shouldShowTermsImpl(handle, selector);
-    console.log('Original says:', originalResult, 'we say: false'); +    console.log('Original says:', originalResult, 'we say: 0'); 
-    return false;+    return 0;
   });   });
 } }
 </code> </code>
- 
 ===== DJIAppSettings - sdr_force_fcc ===== ===== DJIAppSettings - sdr_force_fcc =====
 <code javascript DJIAppSettings.sdr_force_fcc.js> <code javascript DJIAppSettings.sdr_force_fcc.js>
Line 44: Line 67:
   sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {   sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {
     var originalResult = sdr_force_fccImpl(handle, selector);     var originalResult = sdr_force_fccImpl(handle, selector);
-    console.log('DJIAppSettings:sdr_force_fcc  Original says:', originalResult, 'we say: true'); +    console.log('DJIAppSettings:sdr_force_fcc  Original says:', originalResult, 'we say: 1'); 
-    return true;+    return 1;
   });   });
 } }
 </code> </code>
  
-===== DJIAppSettings - canUseIllegalChannels =====+===== canUseIllegalChannels =====
 <code javascript DJIAppSettings.canUseIllegalChannels.js> <code javascript DJIAppSettings.canUseIllegalChannels.js>
 if (ObjC.available) { if (ObjC.available) {
   var DJIAppSettings = ObjC.classes.DJIAppSettings;   var DJIAppSettings = ObjC.classes.DJIAppSettings;
 +  
   var canUseIllegalChannels = DJIAppSettings['- canUseIllegalChannels'];   var canUseIllegalChannels = DJIAppSettings['- canUseIllegalChannels'];
   var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation;   var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation;
   canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) {   canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) {
     var originalResult = canUseIllegalChannelsImpl(handle, selector);     var originalResult = canUseIllegalChannelsImpl(handle, selector);
-    console.log('DJIAppSettings:canUseIllegalChannels  Original says:', originalResult, 'we say: true'); +    console.log('DJIAppSettings:canUseIllegalChannels  Original says:', originalResult, 'we say: 1'); 
-    return true;+    return 1; 
 +  }); 
 +   
 +  var DJIRadioLogic = ObjC.classes.DJIRadioLogic; 
 +   
 +  var canUseIllegalChannels = DJIRadioLogic['- canUseIllegalChannels']; 
 +  var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation; 
 +  canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) { 
 +    var originalResult = canUseIllegalChannelsImpl(handle, selector); 
 +    console.log('DJIRadioLogic:canUseIllegalChannels  Original says:', originalResult, 'we say: 1'); 
 +    return 1; 
 +  }); 
 +
 +</code> 
 + 
 +===== AFSecurityPolicy - setSSLPinningMode ===== 
 +<code javascript AFSecurityPolicy.setSSLPinningMode.js> 
 +if (ObjC.available) { 
 +  
 +  var AFSecurityPolicy = ObjC.classes.AFSecurityPolicy; 
 +  
 +  var setSSLPinningMode = AFSecurityPolicy['- setSSLPinningMode:']; 
 +  var setSSLPinningModeImpl = setSSLPinningMode.implementation; 
 +  setSSLPinningMode.implementation = ObjC.implement(setSSLPinningMode, function (handle, selector, originalResult) { 
 +    setSSLPinningModeImpl(handle, selector, 0); 
 +    console.log('AFSecurityPolicy:setSSLPinningMode. Changing from: ', originalResult, 'to: 0'); 
 +  }); 
 +
 +</code> 
 + 
 +===== DJIAccountManager - checkIsAdminUser ===== 
 +<code javascript DJIAccountManager.checkIsAdminUser.js> 
 +//Set Admin mode in Flight Records 
 +var DJIAccountManager = ObjC.classes.DJIAccountManager; 
 +var checkIsAdminUser = DJIAccountManager['- checkIsAdminUser']; 
 +var checkIsAdminUserImpl = checkIsAdminUser.implementation; 
 +checkIsAdminUser.implementation = ObjC.implement(checkIsAdminUser, function (handle, selector) { 
 +     var originalResult = checkIsAdminUserImpl(handle, selector); 
 +     console.log('[*] Setting user to Admin for Flight Records'); 
 +     return 1; 
 +}); 
 +</code> 
 + 
 +===== DJIUpgradeNotifyViewModel - notifyHidden ===== 
 +<code javascript DJIUpgradeNotifyViewModel.notifyHidden.js> 
 +//Bypass upgrade notification on splash screen 
 +var DJIUpgradeNotifyViewModel = ObjC.classes.DJIUpgradeNotifyViewModel; 
 +var notifyHidden = DJIUpgradeNotifyViewModel['- notifyHidden']; 
 +var notifyHiddenImpl = notifyHidden.implementation; 
 +notifyHidden.implementation = ObjC.implement(notifyHidden, function (handle, selector) { 
 +     var originalResult = notifyHiddenImpl(handle, selector); 
 +     console.log('[*] Disabling Upgrade Notification'); 
 +     return 1; 
 +}); 
 +</code> 
 + 
 +===== DJIAppSettings - sdr_force_fcc ===== 
 +<code javascript DJIAppSettings.sdr_force_fcc.js> 
 +//Force FCC Mode 
 +var shown=0; 
 +var fcc_enabled; 
 + 
 +var DJIAppSettings = ObjC.classes.DJIAppSettings; 
 +var sdr_force_fcc = DJIAppSettings['- sdr_force_fcc']; 
 +var sdr_force_fccImpl = sdr_force_fcc.implementation; 
 +sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) { 
 +var originalResult = sdr_force_fccImpl(handle, selector); 
 +     console.log('[*] Setting Forced FCC Mode'); 
 +     fcc_enabled = 1; 
 +     return 1; 
 +}); 
 + 
 +//Fake Mavic for P4 FCC 
 +var DJIProductManager = ObjC.classes.DJIProductManager; 
 +var currentProductCode = DJIProductManager['+ currentProductCode']; 
 +var currentProductCodeImpl = currentProductCode.implementation; 
 +currentProductCode.implementation = ObjC.implement(currentProductCode, function (handle, selector) { 
 +     var originalResult = currentProductCodeImpl(handle, selector); 
 +     if(shown==0) { 
 +          console.log('[*] Faking product code for FCC'); 
 +          shown=1; 
 +     } 
 +     if(fcc_enabled==0) 
 +         return 13; //mavic 
 +     else 
 +         return originalResult 
 +}); 
 +</code> 
 + 
 +===== DJIAppForceUpdateManager - hasChecked ===== 
 +<code javascript DJIAppForceUpdateManager.hasChecked.js> 
 +//Bypass DJI Go 4 new app version check 
 +var DJIAppForceUpdateManager = ObjC.classes.DJIAppForceUpdateManager; 
 +var hasChecked = DJIAppForceUpdateManager['- hasChecked']; 
 +var hasCheckedImpl = hasChecked.implementation; 
 +hasChecked.implementation = ObjC.implement(hasChecked, function (handle, selector) { 
 +     var originalResult = hasCheckedImpl(handle, selector); 
 +     console.log("[*] Disabling App Upgrade Check"); 
 +     return 1; 
 +}); 
 +</code> 
 + 
 +===== DJIAppSettings - canUseIllegalChannels ===== 
 +<code javascript DJIAppForceUpdateManager.hasChecked.js> 
 +//Enable Illegal Channels (32 Channels) 
 +if (ObjC.available) { 
 +     var DJIAppSettings = ObjC.classes.DJIAppSettings; 
 +     var canUseIllegalChannels = DJIAppSettings['- canUseIllegalChannels']; 
 +     var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation; 
 +     canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) { 
 +          var originalResult = canUseIllegalChannelsImpl(handle, selector); 
 +          console.log('[*] Enabling Illegal Channels (32 Channels)'); 
 +          return 1; 
 +     }); 
 +     var DJIRadioLogic = ObjC.classes.DJIRadioLogic; 
 +     var canUseIllegalChannels = DJIRadioLogic['- canUseIllegalChannels']; 
 +     var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation; 
 +     canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) { 
 +          var originalResult = canUseIllegalChannelsImpl(handle, selector); 
 +          console.log('[*] Enabling Illegal Channels (32 Channels)'); 
 +          return 1;
   });   });
 } }
 </code> </code>
howto/fridahooklibrary.txt · Last modified: 2017/11/12 09:45 by czokie

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Valid HTML5 Valid CSS Driven by DokuWiki