Fridump – iOS Examples

On this post, I will show you how you can run Fridump against an iOS application. The device is connected on our workstation over USB, hence the use of the -u flag is mandatory.

A reminder of all the flags available for Fridump is:

main

As first example, I will illustrate how we can dump the memory of the Mobile Safari application on an iOS device.

We will first run frida-ps -U to retrieve the names of all processes currently running on the device.

frida-ps

Mobile Safari is named “Safari” and is running with Process ID 7763.

We will then run Fridump without any extra flags, as follows:

  • fridump.py -u Safari

fridump Safari

All files are now stored on the default “dump” directory.

For the next example, I will be using the Damn Vulnerable iOS Application (DVIA). On one of the areas of the application, we are requested to find some specific values stored in the memory of the device. The main way of doing this is through Cycript, so now we will demonstrate a separate way.

We are opening the application on the page where the variables are loaded in memory.

DViA

We run Fridump against the app as follows:

  • fridump -u -s -r DVIA

We are running using the –read-only mode, as a simple run using the read & write permissions didn’t find the secret values. As a result, you can see that we have several instances of “Memory violation errors”, however this is something to be expected when running on this mode.

fridump DVIA

We have also used the -s flag, which will create a strings.txt file in the output directory, along with all the memory dump files.

dump files

Opening the strings.txt file, we can search for any secret values or keys that  may be present in the application.

To make the process shorter, as without a target this could take quite a few hours, we already know that the values for this challenge are Username = Bobby, Password = P2ssw0rd. Both of this values are present inside our file.

strings

This concludes the examples of Fridump on an iOS application. If you need more information regarding how to use Fridump, give a look to the original introduction post here.

For the examples of Fridump running against Android applications, you can visit here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha: * Time limit is exhausted. Please reload the CAPTCHA.