/FRAPL

FRAPL Framework

Primary LanguagePython

Fried Apple Framework (FRAPL)

FRAPL is a reverse engineering framework created to simplify dynamic instrumentation with Frida.

The core of FRAPL is FridaLink - TCP/JSON based protocol and IDA plugin for establishing a bridge between Frida client and IDA Pro. It brings runtime information to IDA disassembly and allows monitoring dynamic changes by controlling Frida directly from IDA.

FRAPL requires just three simple steps to actually start reverse engineering. Without a single line of code.

This is a new way of combining static and dynamic analysis.

__FridaLink Overall View__ ![FRAPL](./Resources/screenshots/frapl_overall_view.png?raw=true "FRAPL") You can find old FridaLink User Manual [here](./Resources/documents/FridaLinkUserManual_160412.pdf)

Publications

Ruxcon 12 (October 2016)

   Presentation

   [Slides](./Publications/2016 Ruxon 12/Ruxcon_12_FRAPL.pdf)

   iOS Demo
   macOS Demo

Design and Structure

FRAPL

  • iOS/* - iOS specific FRAPL headers (classes, helpers, UI)
  • macOS/* - macOS specific FRAPL headers (classes, helpers, UI)
  • FrAClientCore.js - Node.js Frida client core
    • Client script (with include() command support)
    • Executing server script on target
    • Frida RPC client/server message handling (client side)
    • FridaLink message handling (from Frida server and from/to IDA)
    • Shortcut handling
  • FrAServerCore.js - JS Frida server core
    • Frida RPC client/server message handling (server side)
  • FrAHelperLib.js - JS code to communicate with FRAPL Helper Library
  • FrAFridaLink.js - JS Frida server functions for FridaLink
  • FrACommon.js - Node.js/JS code to share between Frida client and server
  • FrAGCD.js - JS code to add Grand Central Dispatch support to Frida server
  • FrAdlfcn.js - JS code to add dl* funtions support from libdyld.dylib
  • FrAUtils.js - Node.js/JS utility functions to share between Frida client and server
    • Algorithms
    • Output formatting
    • Dumpers (like memory and ObjC)
    • Other helper functions

FridaLink

  • FridaLink/ - FridaLink Source Code
  • FridaLink.py - IDA Pro script (will be a plugin eventually) to implement FridaLink server

Misc

  • package.json - nmp package description to install all dependencies
  • create_project.sh - Script for generating minimal scripts for FRAPL and FridaLink
  • README.md - this readme file

Architecture

Architecture

Getting Started

Prerequisites

To install required nmp modules run following command in FRAPL folder:
$ nmp install

FridaLink

FridaLink setup is as simple as 1-2-3 and requires just three steps to attach to app and actually start reverse engineering your target. Without a single line of code.

  1. In IDA press ALT+F7 and load FridaLink.py
  2. In terminal run $ ./create_project.sh -f ~/Projects/TargetApp ; cd ~/Projects/TargetApp to create project
  3. In terminal to attach to target and establish FridaLink run
    $ node ./client.js -c theme.json -l -n TargetApp server.js for macOS target
    $ node ./client.js -c theme.json -l -r -p $(frida-ps -U | grep TargetApp | awk '{print $1}') ./server.js for iOS target

Setup connection to your iDevice over USB

  • Get jailbroken device and serial cable
  • Install usbmuxd - brew install usbmuxd
  • Grab usbmux.py script here
  • Grab tcprelay.py script here
  • Drop these files into your path someplace and make executable.
  • Now connect your device and run the following command. tcprelay.py -t 22:4222