This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
howto:iosfrida [2017/10/21 20:50] czokie |
howto:iosfrida [2017/12/17 20:47] czokie |
||
---|---|---|---|
Line 62: | Line 62: | ||
Download this file to ~/Documents | Download this file to ~/Documents | ||
- | < | + | < |
{ | { | ||
" | " | ||
Line 73: | Line 73: | ||
</ | </ | ||
+ | Or, if you're ready to do some on-board hooking without any external comms, use this instead | ||
+ | <code java FridaGadget.config> | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | and create Tweak.js in the same directory with your required hooks. | ||
===== 2. Generate (or renew) signing credentials ===== | ===== 2. Generate (or renew) signing credentials ===== | ||
Line 89: | Line 102: | ||
It goes without saying you will need an IPA file to play with. Below, it is assumed you have downloaded your IPA file and saved it to " | It goes without saying you will need an IPA file to play with. Below, it is assumed you have downloaded your IPA file and saved it to " | ||
- | NB: This MUST be a decrypted Go4 app. these are available to download here [[howto:iosmod|IOSMOD]] | + | NB: This MUST be a decrypted Go4 app. these are available to [[howto:firmware# |
===== 4. Application Modification & Signing ===== | ===== 4. Application Modification & Signing ===== | ||
Line 95: | Line 108: | ||
rm -rf Payload | rm -rf Payload | ||
mkdir -p " | mkdir -p " | ||
- | cp FridaGadget.config " | + | cp FridaGadget.config |
zip -r "DJI GO 4.ipa" Payload | zip -r "DJI GO 4.ipa" Payload | ||
objection patchipa -s "DJI GO 4.ipa" --codesign-signature <your signature> | objection patchipa -s "DJI GO 4.ipa" --codesign-signature <your signature> | ||
Line 121: | Line 134: | ||
After launch is complete, you can disconnect the USB cable. Make sure you promptly launch Frida if you have it in " | After launch is complete, you can disconnect the USB cable. Make sure you promptly launch Frida if you have it in " | ||
==== 6.3 Launch in Springboard ==== | ==== 6.3 Launch in Springboard ==== | ||
- | Ideally, we want to be able to launch | + | We can now launch |
===== 7. Launch objection ===== | ===== 7. Launch objection ===== | ||
Line 243: | Line 256: | ||
==== 9.4. First Standalone Patch ==== | ==== 9.4. First Standalone Patch ==== | ||
Good news. We accomplished this. Jezzab has packaged an earlier js file into an app, and launched in standalone mode. However, as per above notes - we had a limitation. We needed to launch with debug mode, otherwise we got code signing violations. Two things are needed to fix this... | Good news. We accomplished this. Jezzab has packaged an earlier js file into an app, and launched in standalone mode. However, as per above notes - we had a limitation. We needed to launch with debug mode, otherwise we got code signing violations. Two things are needed to fix this... | ||
- | | + | |
- | | + | |
+ | * The above change is now in Frida... To implement this, we need the following frida configuration | ||
+ | |||
+ | <code java> | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | * One more thing... The on_change config item. This is another mod that oleavr made to Frida - In IOS, we can upload a .js file to user space via iTunes or ifunbox etc. When frida loads up, it will look first in the documents location for a JS file. If found, it will use it. If not found, it will look for one in the app from build time. The advantage of this is that we can update the JS without a complete app rebuild. | ||
==== 9.4. Add more Standalone Patches ==== | ==== 9.4. Add more Standalone Patches ==== | ||
Create more hooks and package with a frida tweak' | Create more hooks and package with a frida tweak' | ||
Line 311: | Line 337: | ||
This option will allow us to have a frida modified IPA that will run on our device, launched by springboard with no special debug startup sequences required. | This option will allow us to have a frida modified IPA that will run on our device, launched by springboard with no special debug startup sequences required. | ||
- | ===== 11. Credits ===== | + | ===== 11. Error Codes ===== |
+ | If you get an error during install, [[http:// | ||
+ | |||
+ | ===== 12. Credits ===== | ||
oleavr from Frida has been awesome through this process. Some of our needs were not readily possible in the existing Frida code. He has made changes throughout the process to the Frida-gadget which have been enormously helpful. In addition, he has provided guidance and coaching as we came up to speed with using Frida... so thanks oleavr. | oleavr from Frida has been awesome through this process. Some of our needs were not readily possible in the existing Frida code. He has made changes throughout the process to the Frida-gadget which have been enormously helpful. In addition, he has provided guidance and coaching as we came up to speed with using Frida... so thanks oleavr. |