CalvinBackup/AppleCache
1
0
Fork 0
mirror of https://github.com/azenla/AppleCache.git synced 2026-02-12 16:32:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mention targeted Frida script.

Browse Source
This commit is contained in:
Kenneth Endfinger
2019-10-12 22:12:56 -05:00
parent 832628a1a4
commit e061145dcb
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -38,3 +38,8 @@ The work here was done by using [Charles Proxy](https://www.charlesproxy.com/) a
The `tools/frida-ssl-pin.js` file is a Frida script that can attach to any macOS process and disable all SSL verification and SSL certificate pinning. This has allowed me to deeply examine the requests going to Apple's servers. This script is likely useful
for many other use cases. If anyone else uses it, I'd love to hear about how it was used (I'm a super huge nerd and am quite interested in reverse engineering).
Note that SIP will need to be disabled in order to correctly use it.
I also have a modified Frida Python script which targets `AssetCache` directly.
Since `AssetCache` is spawned by launchd, you can attach Frida to launchd, and wait
spawn `AssetCache` via the service.

2
tools/frida-ssl-pin-targeted.py
View File

@@ -48,8 +48,6 @@ class Application(object):
self._sessions.add(session)
def _on_child_added(self, child):
if child.path != '/usr/libexec/AssetCache':
return
print("⚡ child_added: {}".format(child))
self._instrument(child.pid)