• Stars
    star
    149
  • Rank 248,619 (Top 5 %)
  • Language
    Swift
  • License
    GNU General Publi...
  • Created about 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Command Line Tool for interacting with MachO binaries on OSX/iOS

inject

inject is a tool which interfaces with MachO binaries in order to insert load commands. Below is its help.

❯ ./inject -h
OVERVIEW: inject v3.0.0

inject is a tool which interfaces with MachO binaries in order to insert load commands.

USAGE: inject <file-path> [--dylib <dylib>] [--cmd <cmd>] [--ipa] [--strip] [--aslr] [--remove] [--weak <weak>]

ARGUMENTS:
  <file-path>             The machO/ipa to inject.

OPTIONS:
  -d, --dylib <dylib>     The dylib to inject, please give me path.
  -c, --cmd <cmd>         Specify which type of load command to use in INSTALL. Can be reexport for LC_REEXPORT_DYLIB, weak for LC_LOAD_WEAK_DYLIB, upward for LC_LOAD_UPWARD_DYLIB, or load for LC_LOAD_DYLIB. (default: LC_LOAD_DYLIB)
  -i, --ipa               If inject into ipa, please set this flag. Default false mean is machO file path.
  -s, --strip             Removes a code signature load command from the given binary.
  -a, --aslr              Removes an ASLR flag from the macho header if it exists. This may render some executables unusable.
  -r, --remove            Removes any LC_LOAD commands which point to a given payload from the target binary. This may render some executables unusable.
  -w, --weak <weak>       Used with the STRIP command to weakly remove the signature. Without this, the code signature is replaced with null bytes on the binary and it's LOAD command is removed. (default: true)
  --version               Show the version.
  -h, --help              Show help information.

Build

build with xcode

open Package.swift
command + B

build with bash

❯ chmod +x build-macOS_x86.sh
❯ ./build-macOS_x86.sh

Test

Test for mac machO

❯ chmod +x test-mac-inject.sh
❯ ./test-mac-inject.sh
==========Build Start==========
[0/0] Build complete!
build in 1 seconds
==========Build Finish==========

==========Test Start==========
Backup machO file ./inject_back
Inject @executable_path/testMac/libtestinject.dylib Finish
==========Test Result==========
inject:
	/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1311.0.0)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1853.0.0)
	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1853.0.0)
	@rpath/libswiftCore.dylib (compatibility version 1.0.0, current version 1300.0.29)
	@rpath/libswiftCoreFoundation.dylib (compatibility version 1.0.0, current version 14.0.0, weak)
	@rpath/libswiftCoreGraphics.dylib (compatibility version 1.0.0, current version 2.0.0, weak)
	@rpath/libswiftDarwin.dylib (compatibility version 1.0.0, current version 0.0.0)
	@rpath/libswiftDispatch.dylib (compatibility version 1.0.0, current version 9.0.0, weak)
	@rpath/libswiftFoundation.dylib (compatibility version 1.0.0, current version 69.0.0)
	@rpath/libswiftIOKit.dylib (compatibility version 1.0.0, current version 1.0.0, weak)
	@rpath/libswiftObjectiveC.dylib (compatibility version 1.0.0, current version 3.0.0, weak)
	@rpath/libswiftXPC.dylib (compatibility version 1.0.0, current version 1.1.0, weak)
	@executable_path/testMac/libtestinject.dylib (compatibility version 0.0.0, current version 0.0.0)
==========Test Finish==========

==========Clean Start==========
==========Clean Finish==========

Test for iOS IPA

❯ chmod +x test-ios-inject.sh
❯ ./test-ios-inject.sh
==========Build Start==========
[0/0] Build complete!
build in 0 seconds
==========Build Finish==========

==========Test Start==========
Inject @executable_path/Inject/injectiOSFramework.framework/injectiOSFramework Finish
Inject @executable_path/testiOS/injectiOSFramework.framework finish, new IPA file is testiOS/app.ipa
Inject @executable_path/Inject/libinjectiOS.dylib Finish
Inject @executable_path/testiOS/libinjectiOS.dylib finish, new IPA file is testiOS/app.ipa
==========Test Result==========
Payload/TestLock.app/TestLock:
	/System/Library/Frameworks/Foundation.framework/Foundation (compatibility version 300.0.0, current version 1854.0.0)
	/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1311.0.0)
	/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version 150.0.0, current version 1854.0.0)
	/System/Library/Frameworks/UIKit.framework/UIKit (compatibility version 1.0.0, current version 5067.3.107)
	@executable_path/Inject/injectiOSFramework.framework/injectiOSFramework (compatibility version 0.0.0, current version 0.0.0)
	@executable_path/Inject/libinjectiOS.dylib (compatibility version 0.0.0, current version 0.0.0)
==========Test Finish==========

==========Clean Start==========
==========Clean Finish==========

Use

Inject dylib for mac exec:

❯ ./inject testExec -d @executable_path/testMac/libtestinject.dylib

Remove dylib for mac exec:

❯ ./inject testExec -d @executable_path/testMac/libtestinject.dylib --remove

Inject dylib for ipa:

❯ ./inject testiOS/app.ipa -d  @executable_path/testiOS/libinjectiOS.dylib --ipa

Inject Framework for ipa:

❯ ./inject testiOS/app.ipa -d  @executable_path/testiOS/injectiOSFramework.framework/injectiOSFramework --ipa

OR end with .framework

❯ ./inject testiOS/app.ipa -d  @executable_path/testiOS/injectiOSFramework.framework --ipa

Use As Framework

Use Injection.framework, See ViewController.swift

Use as Swift Package

Package.swift:

// swift-tools-version: 5.7
// The swift-tools-version declares the minimum version of Swift required to build this package.

import PackageDescription

let package = Package(
    name: "Test",
    products: [
        .executable(
            name: "Test",
            targets: ["Test"]),
    ],
    dependencies: [
         .package(url: "https://github.com/paradiseduo/inject", from: "1.0.0"),
    ],
    targets: [
        .target(
            name: "Test",
            dependencies: [.product(name: "Injection", package: "inject"),]),
        .testTarget(
            name: "TestTests",
            dependencies: ["Test"]),
    ]
)

Example:

import injection

Inject.injectMachO(machoPath: "", cmdType: LC_Type.LOAD_DYLIB, backup: false, injectPath: "") { result in
    
}

Other

You should resign new .IPA file to run. Just use codesign:

❯ security find-identity -v -p codesigning
1) xxxxx "Apple Development: xxx xx (xxxxxxxxxx)"
     1 valid identities found
❯ codesign -f -s "xxxxx" Payload/app.app
Payload/app.app: replacing existing signature
❯ codesign -f -s "xxxxx" Payload/app.app/Inject/libxxxxx.dylib
Payload/app.app/Inject/libxxxxx.dylib: replacing existing signature

License

This software is released under the GPL-3.0 license.

Stargazers over time

Stargazers over time

More Repositories

1

ShadowsocksX-NG-R8

ShadowsocksX-NG-R for MacOS, ShadowsocksR
Swift
1,372
star
2

appdecrypt

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled (macOS 11.3 or below)
Swift
732
star
3

ApplicationScanner

An open source application scanning tool
Python
448
star
4

ClashXR

A rule based custom proxy with GUI for Mac base on clash.
Swift
446
star
5

IPAPatch

Patch iOS Apps, The Easy Way, Without Jailbreak.
Objective-C
375
star
6

tcping

tcping command, written with Objective-C, on macOS,tcping for mac,ping over a tcp connection
Objective-C
297
star
7

resymbol

A reverse engineering tool to restore stripped symbol table and dump Objective-C class or Swift types for machO file.
Swift
190
star
8

Trojan

GUI for trojan client on macOS, trojan for mac, written by Swift
Swift
171
star
9

dsdump

An improved nm + Objective-C & Swift class-dump
Python
129
star
10

GTA5-NativeTrainer

GTA5 Epic最新版修改器(汉化版)
33
star
11

AntiFrida

What is Frida,Why is Frida, How about Frida
JavaScript
31
star
12

Frida-Class-Dump

ios application class-dump use frida
Swift
30
star
13

Kcptun

GUI for kcptun client on macOS, kcptun for mac, written by Swift
Swift
26
star
14

Converter

Convert an IPA (iOS) to mac App (M1)
Swift
25
star
15

subweb

Utility to convert between various subscription format
HTML
24
star
16

Anti-Disassembly-On-Arm64

Objective-C
18
star
17

fridahook

常用测试脚本
JavaScript
17
star
18

TTNetworkManager

SSL pinning that TikTok/抖音
JavaScript
15
star
19

YSDTool

10
star
20

ClassView

一款适用于iOS的隐私合规检测工具
Swift
9
star
21

ida-swift-demangle

A tool to demangle Swift function names in IDA.
Python
5
star
22

dsc_extractor

dsc_extractor
C
5
star
23

FreeNovelDownload

听说你想下载免费小说?
Go
5
star
24

LetMeCode

LeetCode练习,每日一道,强身健体
Go
3
star
25

paradiseduo

3
star
26

Konverter

Konverter can help you quickly convert URL encode(decode), uppercase and lowercase, md5, sha256, Base64 encode(decode), Unicode encode(decode), Hex encode(decode), SSR encode(decode), SS encode(decode),HTML encode(decode) on macOS
Objective-C
3
star
27

mobileprovision

Quick search connect device in which mobileprovision
Python
3
star
28

EW

2
star
29

force

使用golang编写的服务弱口令检测
Go
2
star
30

PlistReader

An application can read other application's plist file.
Objective-C
2
star
31

AppleReview

A python tool to help apple review your code and ipa
Python
2
star
32

ImageHub

Shell
2
star
33

Tiktok

Tiktok是一个AST扫描器,用于发现敏感函数调用链,方便通过静态扫描的方式提前做隐私合规水位预警
Swift
2
star
34

QRcode

Mac QR Code scan application
C++
1
star
35

paradiseduo.github.io

HTML
1
star
36

RzUpdater

fix RzUpdater crash
1
star
37

puzzle

Objective-C
1
star