Frida-Memory-Dump
준비
-
탈옥된 아이폰
- Cydia에서 NewTerm 설치
- Cydia에서 Frida 설치 (Cydia/APT URL: http://build.frida.re/) *설치 후 자동 실행됨
-
Mac
-
python3 설치
-
$ python3 –version # python3 설치 : https://www.python.org/downloads/mac-osx/ 에 접속하여 최신 버전 다운로드 및 설치1
2
3
4
5
6
2. pip 설치
1. ```
$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
$ sudo python get-pip.py
-
-
Frida 설치
-
$ pip install frida $ install frida-tools1
2
3
4
5
6
# do Dump
### 디바이스 목록
-
-
$ frida-ls-devices
1 |
Id Type Name
local local Local System
afce666ff913e4e8f2b23c909cb44112ee6d8696 usb iPhone
tcp remote Local TCP
1 |
|
$ frida-ps -U | grep ‘frida’
1 |
77 frida-server
1 |
|
$ frida-ps -U | grep ‘LightComics’
1 |
1031 LightComics
1 |
|
$ cd ~/Documents/FridaDump/
$ git clone https://github.com/Nightbringer21/fridump.git
$ cd fridump
$ python fridump.py -U -r --max-size 1048576000 LightComics
1 |
optional arguments:
-h, --help show this help message and exit
-o dir, --out dir provide full output directory path. (def: ‘dump’)
-U, --usb device connected over usb
-v, --verbose verbose
-r, --read-only dump read-only parts of memory. More data, more errors
-s, --strings run strings on all dump files. Saved in output dir.
–max-size bytes maximum size of dump file in bytes (def: 20971520
1 |
|
cd ~/Documents/FridaDump/fridump/dump/
grep -q “SEARCH_KEYWORD” *.data; [ $? -eq 0 ] && echo “OOPS” || echo “GOOD, NOT FOUND”
grep -l “SEARCH_KEYWORD” *.data; [ $? -eq 0 ] && echo “OOPS” || echo “GOOD, NOT FOUND”
1 |
|
-
$ wget https://github.com/frida/frida/releases/download/12.8.7/frida-core-devkit-12.8.7-ios-arm64.tar.xz1
2
3
3. ```
$ unxz frida-core-devkit-12.8.7-ios-arm64.tar.xz -
$ cp frida-core-devkit-12.8.7-ios-arm64.tar frida-server1
2
3
5. ```
$ chmod 775 frida-server -
$ ./frida-server &