-
-
Save Manouchehri/1a0b154270723ca586ee012c9cc99828 to your computer and use it in GitHub Desktop.
frida script for modify device info in Any iOS App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (ObjC.available) { | |
| try { | |
| // list methods | |
| // ObjC.classes.XXXClassName.$ownMethods.forEach(function (m) { | |
| // console.log('method: ' + m); | |
| // }) | |
| // watch method callstack | |
| // if (1) { | |
| // // -[NSTimeZone secondFromGMT] | |
| // var watchedMethod = ObjC.classes.NSTimeZone["- secondsFromGMT"]; | |
| // Interceptor.attach(watchedMethod.implementation, { | |
| // onEnter: function (args) { | |
| // // 方法执行前调用 | |
| // // As this is an ObjectiveC method, the arguments are as follows: | |
| // // 0. 'self' | |
| // // 1. The selector (openURL:) | |
| // // 2. The first argument to the openURL selector | |
| // // var myNSURL = new ObjC.Object(args[2]); | |
| // console.log(Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n\t')); | |
| // }, | |
| // onLeave: function (retval) { | |
| // console.log("Return value-> " + retval); | |
| // } | |
| // }); | |
| // } | |
| // hook method | |
| var hookFuncRet = function (clsName, method, retValue, backtrace, log) { | |
| if (typeof(log) === 'undefined') log = true; | |
| if (typeof(backtrace) === 'undefined') backtrace = false; | |
| var cls = eval("ObjC.classes." + clsName); | |
| Interceptor.attach(cls[method].implementation, { | |
| onEnter: function (args) { | |
| // 方法执行前调用 | |
| // As this is an ObjectiveC method, the arguments are as follows: | |
| // 0. 'self' | |
| // 1. The selector (openURL:) | |
| // 2. The first argument to the openURL selector | |
| // var myNSURL = new ObjC.Object(args[2]); | |
| // Convert it to a JS string | |
| // var myJSURL = myNSURL.absoluteString().toString(); | |
| if (backtrace) { | |
| console.log(Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n\t')); | |
| } | |
| }, | |
| onLeave: function (retval) { | |
| var origin = ObjC.Object(retval).toString(); | |
| if (typeof(retValue) === 'string') { | |
| const newValue = ObjC.classes.NSString.stringWithString_(retValue); | |
| retval.replace(newValue); | |
| } else if (typeof(retValue) === 'function') { | |
| const newValue = retValue(); | |
| retval.replace(newValue); | |
| } | |
| if (log) { | |
| console.log(clsName + ' [' + method + '] ' + origin + " => " + ObjC.Object(retval).toString()); | |
| } | |
| } | |
| }); | |
| } | |
| // fake sim card | |
| // https://zh.wikipedia.org/wiki/%E7%A7%BB%E5%8A%A8%E8%AE%BE%E5%A4%87%E7%BD%91%E7%BB%9C%E4%BB%A3%E7%A0%81 | |
| if (true) { | |
| hookFuncRet("CTCarrier", "- carrierName", "NTT DoCoMo Hokuriku"); | |
| hookFuncRet("CTCarrier", "- mobileCountryCode", "440"); // MCC | |
| hookFuncRet("CTCarrier", "- mobileNetworkCode", "03"); // MNC | |
| hookFuncRet("CTCarrier", "- isoCountryCode", "JP"); // https://zh.wikipedia.org/wiki/ISO_3166-1 | |
| } | |
| // fake locate | |
| if (true) { | |
| const localeId = 'ja-JP'; | |
| hookFuncRet("NSLocale", "+ currentLocale", function () { | |
| return ObjC.classes.NSLocale.localeWithLocaleIdentifier_(localeId); | |
| }, false, false); | |
| hookFuncRet("NSLocale", "+ systemLocale", function () { | |
| return ObjC.classes.NSLocale.localeWithLocaleIdentifier_(localeId); | |
| }, false, false); | |
| hookFuncRet("NSLocale", "+ preferredLanguages", function (origin) { | |
| const nsstr = ObjC.classes.NSString.stringWithString_(localeId); | |
| const array = ObjC.classes.NSArray.arrayWithObject_(nsstr); | |
| return array; | |
| }, false, false); | |
| } | |
| // fake timezone | |
| if (true) { | |
| const timezoneName = 'Asia/Tokyo'; | |
| hookFuncRet("NSTimeZone", "+ defaultTimeZone", function (origin) { | |
| const nsstr = ObjC.classes.NSString.stringWithString_(timezoneName); | |
| return ObjC.classes.NSTimeZone.timeZoneWithName_(nsstr); | |
| }, false, false); | |
| hookFuncRet("NSTimeZone", "+ systemTimeZone", function (origin) { | |
| const nsstr = ObjC.classes.NSString.stringWithString_(timezoneName); | |
| return ObjC.classes.NSTimeZone.timeZoneWithName_(nsstr); | |
| }, false, false); | |
| hookFuncRet("NSTimeZone", "+ localTimeZone", function (origin) { | |
| const nsstr = ObjC.classes.NSString.stringWithString_(timezoneName); | |
| return ObjC.classes.NSTimeZone.timeZoneWithName_(nsstr); | |
| }, false, false); | |
| } | |
| } catch (error) { | |
| console.log("[!] Exception: " + error.message); | |
| } | |
| } | |
| else { | |
| console.log("Objective-C Runtime is not available!"); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment