On this post, I will show you how you can run Fridump against an iOS application. The device is connected on our workstation over USB, hence the use of the -u flag is mandatory.
A reminder of all the flags available for Fridump is:
As first example, I will illustrate how we can dump the memory of the Mobile Safari application on an iOS device.
We will first run frida-ps -U to retrieve the names of all processes currently running on the device.
Mobile Safari is named “Safari” and is running with Process ID 7763.
We will then run Fridump without any extra flags, as follows:
- fridump.py -u Safari
All files are now stored on the default “dump” directory.
For the next example, I will be using the Damn Vulnerable iOS Application (DVIA). On one of the areas of the application, we are requested to find some specific values stored in the memory of the device. The main way of doing this is through Cycript, so now we will demonstrate a separate way.
We are opening the application on the page where the variables are loaded in memory.
We run Fridump against the app as follows:
- fridump -u -s -r DVIA
We are running using the –read-only mode, as a simple run using the read & write permissions didn’t find the secret values. As a result, you can see that we have several instances of “Memory violation errors”, however this is something to be expected when running on this mode.
We have also used the -s flag, which will create a strings.txt file in the output directory, along with all the memory dump files.
Opening the strings.txt file, we can search for any secret values or keys that may be present in the application.
To make the process shorter, as without a target this could take quite a few hours, we already know that the values for this challenge are Username = Bobby, Password = P2ssw0rd. Both of this values are present inside our file.
This concludes the examples of Fridump on an iOS application. If you need more information regarding how to use Fridump, give a look to the original introduction post here.
For the examples of Fridump running against Android applications, you can visit here.