GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nowsecure → Airspy

nowsecure / Airspy

Licence: mit
AirSpy - Frida-based tool for exploring and tracking the evolution of Apple's AirDrop protocol implementation on i/macOS, from the server's perspective. Released during BH USA 2019 Training https://www.nowsecure.com/event/advanced-frida-and-radare-a-hackers-delight/

Programming Languages

typescript
32286 projects

Labels

iosfridadynamic-analysis

Projects that are alternatives of or similar to Airspy

R2frida Wiki
This repo aims at providing practical examples on how to use r2frida
Stars: ✭ 168 (+44.83%)
Mutual labels:  frida, dynamic-analysis
Mjolner
Cycript backend powered by Frida.
Stars: ✭ 11 (-90.52%)
Mutual labels:  frida, dynamic-analysis
Frida Snippets
Hand-crafted Frida examples
Stars: ✭ 1,081 (+831.9%)
Mutual labels:  frida, dynamic-analysis
Awesome Frida
Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
Stars: ✭ 2,025 (+1645.69%)
Mutual labels:  frida, dynamic-analysis
allsafe
Intentionally vulnerable Android application.
Stars: ✭ 135 (+16.38%)
Mutual labels:  dynamic-analysis, frida
Medusa
Binary instrumentation framework based on FRIDA
Stars: ✭ 258 (+122.41%)
Mutual labels:  frida, dynamic-analysis
R2frida
Radare2 and Frida better together.
Stars: ✭ 610 (+425.86%)
Mutual labels:  frida, dynamic-analysis
Ios debugger challenge
A playground for run-time iOS app inspection
Stars: ✭ 39 (-66.38%)
Mutual labels:  frida
Iostrace
alternative strace for iOS device(64bit) on frida
Stars: ✭ 84 (-27.59%)
Mutual labels:  frida
House
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Stars: ✭ 910 (+684.48%)
Mutual labels:  frida
Dwarf
Full featured multi arch/os debugger built on top of PyQt5 and frida
Stars: ✭ 916 (+689.66%)
Mutual labels:  frida
Kieker
Kieker's main repository
Stars: ✭ 42 (-63.79%)
Mutual labels:  dynamic-analysis
Jeb2frida
Automated Frida hook generation with JEB
Stars: ✭ 95 (-18.1%)
Mutual labels:  frida
Phantom Evasion
Python antivirus evasion tool
Stars: ✭ 997 (+759.48%)
Mutual labels:  dynamic-analysis
Bap
Binary Analysis Platform
Stars: ✭ 1,385 (+1093.97%)
Mutual labels:  dynamic-analysis
Pathgrind
Path based Dynamic Analysis
Stars: ✭ 109 (-6.03%)
Mutual labels:  dynamic-analysis
Fridahooker
由于工作原因接触纯App安全比较少了所以项目处于咕咕咕状态 // Android Frida GUI Manager; Android 图形化Frida管理器
Stars: ✭ 101 (-12.93%)
Mutual labels:  frida
Rms Runtime Mobile Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+929.31%)
Mutual labels:  frida
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+8703.45%)
Mutual labels:  dynamic-analysis
Xpcspy
Bidirectional XPC message interception and more. Powered by Frida
Stars: ✭ 101 (-12.93%)
Mutual labels:  frida
View All Similar Projects ➔

AirSpy

Tool for exploring Apple's AirDrop protocol implementation on i/macOS, from the server's perspective.

Dumps requests and responses along with a linear code coverage trace of the code processing each request.

Building

$ git clone https://github.com/nowsecure/airspy.git
$ cd airspy/
$ npm install

Running

To spy on the implementation:

# On a local macOS system:
$ node dist/bin/airspy.js

# Or on a USB-connected iOS device:
$ node dist/bin/airspy.js -U

Then pop open the AirDrop UI on a nearby i/macOS device. This should result in data being captured and written to out/$serial/events.log, where $serial is a zero-based number incrementing with each run. Each request/response also gets written out to separate files for easy inspection and diffing.

It is also possible to replay an events.log from a previous run, which will re-generate the other output files:

$ node dist/bin/airspy.js -r out/0/events.log

This is also useful if you want to tweak the parsing of the requests to generate better or additional output artifacts. (PRs welcome!)

Sample output directory:

$ ls -1 out/0/
001-post-discover-coverage-modules.log
001-post-discover-coverage-symbols.log
001-post-discover-request-body.plist
001-post-discover-request-head.txt
001-post-discover-response-body.plist
001-post-discover-response-head.txt
002-post-ask-coverage-modules.log
002-post-ask-coverage-symbols.log
002-post-ask-request-body.plist
002-post-ask-request-head.txt
002-post-ask-response-body.plist
002-post-ask-response-head.txt
003-post-upload-request-head.txt
003-post-upload-response-head.txt
events.log
$

Then you may want to compare the code coverage traces for two requests.

For example to compare the modules involved, and in which order:

$ diff -u 001-post-discover-coverage-modules.log 002-post-ask-coverage-modules.log

And to compare the basic blocks involved, and in which order:

$ diff -u 001-post-discover-coverage-symbols.log 002-post-ask-coverage-symbols.log

One example is that by looking at where execution first diverges, you immediately know where the implementation decides what kind of request it's dealing with, so you can inspect that code with r2. Or, you might want to use it to guide a fuzzer.

Development workflow

To continuously recompile on change, keep this running in a terminal:

$ npm run build-app:watch

Plus another terminal with:

$ npm run build-agent:watch

And use an editor like Visual Studio Code for code completion and instant type-checking feedback.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].