• Stars
    star
    374
  • Rank 114,346 (Top 3 %)
  • Language
    C
  • License
    GNU Affero Genera...
  • Created about 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cycript fork powered by Frida.

frida-cycript

This is a fork of [Cycript] 1 in which we replaced its runtime with a brand new runtime called [Mjรธlner] 3 powered by [Frida] 4. This enables frida-cycript to run on all the platforms and architectures maintained by [frida-core] 8.

Motivation

[Cycript] 1 is an awesome interactive console for exploring and modifying running applications on iOS, Mac, and Android. It was created by [@saurik] 2 and essentially consists of four parts:

  1. Its readline-based user interface;
  2. Compiler that takes cylang as input and produces plain JavaScript as output;
  3. A runtime that executes the plain JavaScript on JavaScriptCore, providing a set of APIs expected by the compiled scripts, plus some facilities for injecting itself into remote processes;
  4. A couple of "user-space" modules written in cylang.

We didn't touch any other aspects of Cycript or did so with minimal changes.

We went out of our way to avoid touching the compiler, and also left the user interface mostly untouched, only adding extra CLI switches for things like device selection. We did, however, mostly rewrite the Cydia Substrate module so existing scripts relying on this will get the portability and [performance boost] 5 offered by Frida's instrumentation core.

We will be maintaining this fork and intend to stay in sync with user interface and language improvements made upstream.

FAQ

What are some advantages of this fork?

WE believe the main advantage is portability, but also think you should consider:

  • Ability to attach to sandboxed apps on Mac, without touching /usr or modifying the system in any way;
  • Instead of crashing the process if you make a mistake and access a bad pointer, you will get a JavaScript exception;
  • Frida's function hooking is able to hook many functions not supported by Cydia Substrate.

What are some disadvantages?

Our runtime doesn't yet support all the features that upstream's runtime does, but we are working hard to close this gap. Please file issues if something you rely on isn't working as expected.

Is Windows support planned?

Yes. You should already be able to do this by running frida-server on Windows and connecting to it with Cycript on your UNIX system. (We didn't try this yet so please tell us if and how it works for you.)

How does this benefit existing Frida-users building their own tools?

We have improved [frida-compile] 7 to support cylang by integrating the Cycript compiler. Sources with a .cy extension get compiled transparently, and this "just works" as long as [our runtime] 3 is also included in the compiled agent.

Status

Please see [our test-suite] 6 to get an overview of what we currently support.

Building

macOS

Install Meson and Ninja:

pip3 install meson
brew install ninja

Clone this repo:

git clone --recurse-submodules https://github.com/nowsecure/frida-cycript.git

Generate the build system:

meson build --buildtype minsize --strip

Build:

ninja -C build

Run Cycript:

./build/src/cycript

Run the test-suite:

cd test && npm install && npm run test

To build the Node.js bindings:

meson build --buildtype minsize --strip --default-library static -D enable_engine=false -D enable_console=false
ninja -C build
cd bindings/node/cylang/
npm install

Windows

Install Meson and Ninja, and clone this repo, similar to above.

To build the Node.js bindings from a MSVS Native Tools Command Prompt for VS 2017:

meson build --buildtype minsize --strip --default-library static -D enable_engine=false -D enable_console=false -D b_vscrt=mt
ninja -C build
cd bindings\node\cylang
npm install

Then to run the test-suite:

npm run test

Contributing

Clone and link mojlner repository:

# build first (@see: above)
cd src
git clone [email protected]:nowsecure/mjolner.git ~/dev/mjolner
npm link ~/dev/mjolner/
npm run watch
...

More Repositories

1

r2frida

Radare2 and Frida better together.
TypeScript
1,159
star
2

fsmon

monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux
C
881
star
3

secure-mobile-development

A Collection of Secure Mobile Development Best Practices
CSS
552
star
4

node-applesign

NodeJS module and commandline utility for re-signing iOS applications (IPA files).
JavaScript
420
star
5

android-forensics

Open source Android Forensics app and framework
Java
360
star
6

owasp-password-strength-test

OWASP Password Strength Test for Node.js
JavaScript
237
star
7

frida-trace

Trace APIs declaratively through Frida.
JavaScript
217
star
8

airspy

AirSpy - Frida-based tool for exploring and tracking the evolution of Apple's AirDrop protocol implementation on i/macOS, from the server's perspective. Released during BH USA 2019 Training https://www.nowsecure.com/event/advanced-frida-and-radare-a-hackers-delight/
TypeScript
143
star
9

samsung-ime-rce-poc

Samsung Remote Code Execution as System User
Python
121
star
10

cybertruckchallenge19

Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).
Java
95
star
11

dirtycow

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability
C
92
star
12

r2lldb

radare2-lldb integration
Python
62
star
13

mobile-incident-response

Mobile Incident Response Book
CSS
59
star
14

frida-uikit

Inspect and manipulate UIKit-based GUIs through Frida.
JavaScript
52
star
15

frida-uiwebview

Inspect and manipulate UIWebView-hosted GUIs through Frida.
JavaScript
46
star
16

nscrypto-cpp

A C++11 library providing simple API for public-key encryption
C
46
star
17

frida-fs

Create a stream from a filesystem resource.
TypeScript
45
star
18

frida-screenshot

Grab screenshots using Frida.
TypeScript
40
star
19

android-rce-multidex-and-zip-files

PoC code for android RCE with multidex and ZIP files
Python
40
star
20

r2frida-book

The radare2 + frida book for Mobile Application assessment
CSS
39
star
21

ipa-extract-info

Extract the Info.plist from an IPA
JavaScript
37
star
22

nowsecure-action

The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language
TypeScript
37
star
23

mjolner

Cycript backend powered by Frida.
JavaScript
25
star
24

frida-remote-stream

Create an outbound stream over a message transport.
TypeScript
18
star
25

frida-panic

Easy crash-reporting for Frida-based applications.
JavaScript
17
star
26

datagrid-gtk3

MVC framework for working with the Gtk3 TreeView widget
Python
16
star
27

androguard

Fork of https://github.com/androguard/androguard w/ bug fixes tests
Python
13
star
28

node-nscrypto

Node.js bindings for nscrypto-cpp
C++
11
star
29

mobile-security-report

The NowSecure Mobile Security Report
CSS
10
star
30

frida-memory-stream

Create a stream from one or more memory regions.
TypeScript
10
star
31

node-macho-entitlements

NodeJS library to extract the entitlements from MACH-O or FAT-MACH-O binaries
JavaScript
10
star
32

node-fatmacho

fat mach-o file-format parsers
JavaScript
9
star
33

nowsecure-sbom-action

Generate a Mobile SBOM for an application and submit to the Dependency submission API
9
star
34

disk-buffer

Disk buffer as a writable stream
JavaScript
8
star
35

nsq-bundle

JavaScript
8
star
36

macho-is-encrypted

Check if your Mach-O bin is encrypted
JavaScript
6
star
37

epf-parser

Parse iTunes Enterprise Partner Feeds.
JavaScript
6
star
38

nowsecure-platform-cli

CLI tool for starting Nowsecure auto security assessments for Android and iOS mobile app
JavaScript
5
star
39

level-throttle

A key-based throttling mechanism for levelup-compliant data stores.
JavaScript
5
star
40

iojs-cydia

Builder for the io.js packages for Cydia
Makefile
4
star
41

interval-to-ltgt

Convert an interval string to a levelup style ltgt object
JavaScript
4
star
42

macho-ts

TypeScript
4
star
43

goidevice

Golang bindings for the libimobiledevice library.
Go
4
star
44

apt-packages-diff

Rust
3
star
45

gitlabci

Dockerfile
3
star
46

auto-gitlab-plugin

Dockerfile
3
star
47

ipa-extract-exec

Extract the executable from an IPA file along with helpful meta data.
JavaScript
3
star
48

auto-jenkins-plugin

NowSecure Auto Security Test Jenkins Plugin
Java
2
star
49

cybertruckchallenge22

Android security workshop material taught during the CyberTruck Challenge 2022 (Michigan USA).
Java
2
star
50

NowSecure-Android-Root-Detection-Test-App

Test app for NowSecure Root Detection Bypass tutorial
2
star
51

auto-azure-extension

Azure DevOps Extension for NowSecure Auto Security Test
TypeScript
2
star
52

test-apks

2
star
53

Exploiting-Android-WebViews-with-Frida

Kotlin
1
star
54

auto-circleci-plugin

NowSecure Auto Security Test CircleCI Plugin
Java
1
star
55

bitrise-step-nowsecure-auto-analysis

Shell
1
star