Tracing arbitrary Methods and Function calls on Android and iOS

I have published two new Frida instrumentation scripts to facilitate reverse engineering of mobile apps. They can be found on GitHub.

Let’s take raptor_frida_ios_trace.js for a ride against our favorite target Signal. First of all, we must edit the script to tell Frida what to trace:

Then, with Frida properly set up on both our iOS device and workstation, we just run the following:

And here’s the resulting trace after sending a text message:

On Android, we must use the raptor_frida_android_trace.js script, but the procedure remains the same. This time we target WhatsApp. First, we edit the script:

Then, with Frida properly set up on both our Android device and workstation, we run the following:

The result will look like this:

That’s it! Both scripts have the capability to trace methods (as briefly shown in the previous examples) and functions, such as open() and CCCrypt(). There’s definitely still room for improvement, so PRs are welcome. Happy hacking!