Frida: How to call methods in Frida Gadget (JavaScript API iOS)?

Created on 22 Jul 2018  路  5Comments  路  Source: frida/frida

i have class [ClassName] and method [- setSomething].

How can i call with JS API withount Interceptor this method?

Most helpful comment

You have to get an instance of the object first, either:

  • allocating it and calling its constructor, for example var instance = ObjC.classes.ClassName.alloc().init();
  • getting an existing instance using ObjC.choose, like - if you know there's only one instance already created somewhere on the heap - you can to something like var instance = ObjC.chooseSync(ObjC.classes.ClassName)[0];
  • getting an existing instance from a singleton you know holds the instance in a property, for example var instance = ObjC.classes.MySingleton.getInstance().myInterestingInstance();

and then call the method on the instance:

instance.setSomething();

or, if the method signature takes an argument, like - setSomething:, you can also pass the argument (just remember to put a _ instead of ObjC's :):

instance.setSomething_(argument);

btw, you can find few examples of this here: https://www.frida.re/docs/examples/ios/

All 5 comments

You have to get an instance of the object first, either:

  • allocating it and calling its constructor, for example var instance = ObjC.classes.ClassName.alloc().init();
  • getting an existing instance using ObjC.choose, like - if you know there's only one instance already created somewhere on the heap - you can to something like var instance = ObjC.chooseSync(ObjC.classes.ClassName)[0];
  • getting an existing instance from a singleton you know holds the instance in a property, for example var instance = ObjC.classes.MySingleton.getInstance().myInterestingInstance();

and then call the method on the instance:

instance.setSomething();

or, if the method signature takes an argument, like - setSomething:, you can also pass the argument (just remember to put a _ instead of ObjC's :):

instance.setSomething_(argument);

btw, you can find few examples of this here: https://www.frida.re/docs/examples/ios/

Thank you!

How can i enumerate arguments of method?

If you mean enumerating their type and get the number of them, I think getting the argumentTypes (and maybe returnType) properties of a method is the best approximation of what you're asking, examples from the CLI:

ObjC.classes.UIView['- addSubview:'].argumentTypes
[
    "pointer",
    "pointer",
    "pointer"
]

ObjC.classes.UIView['- addSubview:'].returnType
"void"

You can also get the low level encoding of types, like this, FWIW:

ObjC.classes.UIView['- addSubview:'].types
"v24@0:8@16"

Thank you for explanation!

Hi, I have some questions.
When the function has two or more arguments, how can I call this function by JavaScript.
And how can I pass nil as argument?

plz, Thanks.

Was this page helpful?
0 / 5 - 0 ratings