raptor-frida17-ios-enum
4 views
2d6fad8e...
Description
Collection of functions to enumerate ObjC classes and methods on iOS (Frida 17 API).
How to Use
Download the script and run it with Frida CLI:
Download ScriptThen run with Frida:
frida -U -f YOUR_PACKAGE_NAME -l raptor-frida17-ios-enum.js
Replace YOUR_PACKAGE_NAME with the target app's package name.
Source Code
JavaScript
/*
* raptor_frida_ios_enum.js - ObjC class and method enumerator
* Copyright (c) 2017-2025 Marco Ivaldi <raptor@0xdeadbeef.info>
*
* "For all is like an ocean, all flows and connects;
* touch it in one place and it echoes at the other end of the world."
* -- Fyodor Dostoevsky, The Brothers Karamazov
*
* Frida.re JS code to enumerate ObjC classes and methods declared in an
* iOS app. See https://www.frida.re/ and https://codeshare.frida.re/ for
* further information on this world-class dynamic instrumentation toolkit.
*
* Example usage:
* $ pipx install frida-tools
* $ frida -U -f com.target.app -l raptor_frida_ios_enum.js
*
* Tested with:
* Frida 17.3.2 on macOS 15.6.1 with iPhone 8 (iOS 16.5 + https://palera.in/)
*
* Get the latest version at:
* https://github.com/0xdea/frida-scripts/
*/
// Enumerate all ObjC classes
function enumAllClasses() {
var allClasses = [];
for (var aClass in ObjC.classes) {
if (ObjC.classes.hasOwnProperty(aClass)) {
allClasses.push(aClass);
}
}
return allClasses;
}
// Find all ObjC classes that match a pattern
function findClasses(pattern) {
var allClasses = enumAllClasses();
var foundClasses = [];
allClasses.forEach(function(aClass) {
if (aClass.match(pattern)) {
foundClasses.push(aClass);
}
});
return foundClasses;
}
// Enumerate all methods declared in an ObjC class
function enumMethods(targetClass) {
var ownMethods = ObjC.classes[targetClass].$ownMethods;
return ownMethods;
}
// Enumerate all methods declared in all ObjC classes
function enumAllMethods() {
var allClasses = enumAllClasses();
var allMethods = {};
allClasses.forEach(function(aClass) {
enumMethods(aClass).forEach(function(method) {
if (!allMethods[aClass]) allMethods[aClass] = [];
allMethods[aClass].push(method);
});
});
return allMethods;
}
// Find all ObjC methods that match a pattern
function findMethods(pattern) {
var allMethods = enumAllMethods();
var foundMethods = {};
for (var aClass in allMethods) {
allMethods[aClass].forEach(function(method) {
if (method.match(pattern)) {
if (!foundMethods[aClass]) foundMethods[aClass] = [];
foundMethods[aClass].push(method);
}
});
}
return foundMethods;
}
// Usage examples
if (ObjC.available) {
// Enumerate all classes
/*
var a = enumAllClasses();
a.forEach(function(s) {
console.log(s);
});
*/
// Find classes that match a pattern
/*
var a = findClasses(/password/i);
a.forEach(function(s) {
console.log(s);
});
*/
// Enumerate all methods in a class
/*
var a = enumMethods("PasswordManager")
a.forEach(function(s) {
console.log(s);
});
*/
// Enumerate all available methods
// TODO: understand why this doesn't work in script, but works in REPL
/*
var d = enumAllMethods();
for (k in d) {
console.log(k);
d[k].forEach(function(s) {
console.log("\t" + s);
});
}
*/
// Find methods that match a pattern
// TODO: understand why this doesn't work in script, but works in REPL
/*
var d = findMethods(/password/i);
for (k in d) {
console.log(k);
d[k].forEach(function(s) {
console.log("\t" + s);
});
}
*/
} else {
send("error: Objective-C Runtime is not available!");
}
Comments