IPC and fsmon on iOS #55
Comments
|
I think the best way to snitch into the IPC communications on iOS, is using Frida and hooking XPC apis. there are public tools around to do that already, so maybe that will work for you https://github.com/hot3eed/xpcspy |
|
Besides pancake's point, why not just hook the contacts-writing APIs as called by Telegram? |
|
@hot3eed Yes, I can, but I must find a general approach. For my project I must capture all artifacts produced by an app on iOS after an action. So not only those produced by the app under inspection, but also those produced by another process invoked by this app. I will try to understand your agent to find useful XPC APIs. |
|
Hi @trufae! I made some progress (maybe). Using DaemonDisabler I disabled So is it possible that fsmon didn't notice it? Kind regards, Lorenzo. |
|
Sorry to insist, but can anyone help me? |
Hi!
First of all I think that fsmon is a great tool.
I compiled it on iPad Mini 2 with iOS 12.5.5 and jailbroken with odysseyra1n. I tested fsmon with Telegram
sudo fsmon -P Telegram /. However, if I add a new contact from Telegram I can't capture writing on Contacts app because fsmon monitors only Telegram, but not ABDatabaseDoctor process. To workaround this problem I can usesudo fsmon /. However, with this command I capture noise from other process.I know that apps on iOS can communicate with IPC. So can I use fsmon or other tool/project (e.g. Frida) to monitor an app (e.g. Telegram) and its IPC?
Thanks in advance.
Kind regards, Lorenzo.
The text was updated successfully, but these errors were encountered: