From 87a46b133ee86a1dc4be1665b81a63dcc3a9dc70 Mon Sep 17 00:00:00 2001
From: iddoeldor <iddo.eldor.work@gmail.com>
Date: Sun, 20 Jan 2019 21:18:35 +0200
Subject: [PATCH] hooking objc_msgSend

---
 README.md | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/README.md b/README.md
index 9c44ce7..9773638 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@
 * [`Extract cookies`](#extract-cookies)
 * [`Describe class members`](#describe-class-members)
 * [`Class hierarchy`](#class-hierarchy) 
+* [`Hook refelaction`](#hook-refelaction)
 
 </details>
 
@@ -1207,6 +1208,46 @@ TODO
 
 <br>[⬆ Back to top](#table-of-contents)
 
+#### Hook refelaction 
+Hooking `objc_msgSend`
+
+```py
+import frida, sys
+
+f = open('/tmp/log', 'w')    
+
+def on_message(msg, _data):
+    f.write(msg['payload']+'\n')
+
+frida_script = """
+  Interceptor.attach(Module.findExportByName('/usr/lib/libobjc.A.dylib', 'objc_msgSend'), {
+    onEnter: function(args) {
+     var m = Memory.readCString(args[1]);
+     if (m != 'length' && !m.startsWith('_fastC'))
+        send(m);
+    }
+  });
+"""
+device = frida.get_usb_device()
+pid = device.spawn(["com.example"])
+session = device.attach(pid)
+script = session.create_script(frida_script)
+script.on('message', on_message)
+script.load()
+device.resume(pid)
+sys.stdin.read()
+```
+```sh
+$ sort /tmp/log | uniq -c | sort -n
+```
+
+<details>
+<summary>Output example</summary>
+TODO	
+</details>
+
+<br>[⬆ Back to top](#table-of-contents)
+
 
 
 #### TODOs