From 832628a1a47c8a794fbaf6b69b77d3641eed8fe3 Mon Sep 17 00:00:00 2001
From: Kenneth Endfinger <kaendfinger@gmail.com>
Date: Sat, 12 Oct 2019 22:10:03 -0500
Subject: [PATCH] Add a targeted Frida script which tries to attach to
 AssetCache on spawn.

---
 tools/frida-ssl-pin-targeted.py | 73 +++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 tools/frida-ssl-pin-targeted.py

diff --git a/tools/frida-ssl-pin-targeted.py b/tools/frida-ssl-pin-targeted.py
new file mode 100644
index 0000000..8346488
--- /dev/null
+++ b/tools/frida-ssl-pin-targeted.py
@@ -0,0 +1,73 @@
+# Modified script, originally from: https://raw.githubusercontent.com/frida/frida-python/master/examples/child_gating.py
+
+# -*- coding: utf-8 -*-
+from __future__ import print_function
+
+import threading
+
+import frida
+from frida_tools.application import Reactor
+
+
+class Application(object):
+    def __init__(self):
+        self._stop_requested = threading.Event()
+        self._reactor = Reactor(run_until_return=lambda reactor: self._stop_requested.wait())
+
+        self._device = frida.get_local_device()
+        self._sessions = set()
+
+        self._device.on("child-added", lambda child: self._reactor.schedule(lambda: self._on_child_added(child)))
+        self._device.on("child-removed", lambda child: self._reactor.schedule(lambda: self._on_child_removed(child)))
+        self._device.on("output", lambda pid, fd, data: self._reactor.schedule(lambda: self._on_output(pid, fd, data)))
+
+    def run(self):
+        self._reactor.schedule(lambda: self._start())
+        self._reactor.run()
+
+    def _start(self):
+        self._instrument(1)
+
+    def _stop_if_idle(self):
+        if len(self._sessions) == 0:
+            self._stop_requested.set()
+
+    def _instrument(self, pid):
+        print("✔ attach(pid={})".format(pid))
+        session = self._device.attach(pid)
+        session.on("detached", lambda reason: self._reactor.schedule(lambda: self._on_detached(pid, session, reason)))
+        print("✔ enable_child_gating()")
+        session.enable_child_gating()
+        print("✔ create_script()")
+        script = session.create_script(open('frida-ssl-pin.js', 'r').read())
+        script.on("message", lambda message, data: self._reactor.schedule(lambda: self._on_message(pid, message)))
+        print("✔ load()")
+        script.load()
+        print("✔ resume(pid={})".format(pid))
+        self._device.resume(pid)
+        self._sessions.add(session)
+
+    def _on_child_added(self, child):
+        if child.path != '/usr/libexec/AssetCache':
+            return
+        print("⚡ child_added: {}".format(child))
+        self._instrument(child.pid)
+
+    def _on_child_removed(self, child):
+        print("⚡ child_removed: {}".format(child))
+
+    def _on_output(self, pid, fd, data):
+        print("⚡ output: pid={}, fd={}, data={}".format(pid, fd, repr(data)))
+
+    def _on_detached(self, pid, session, reason):
+        print("⚡ detached: pid={}, reason='{}'".format(pid, reason))
+        self._sessions.remove(session)
+        self._reactor.schedule(self._stop_if_idle, delay=0.5)
+
+    def _on_message(self, pid, message):
+        print("⚡ message: pid={}, payload={}".format(pid, message["payload"]))
+
+
+app = Application()
+app.run()
+