cryptoshark icon indicating copy to clipboard operation
cryptoshark copied to clipboard

Published 20 hours ago verified publisher icon frida

Implement delete cache button

Open siarsky opened this issue 3 years ago • 0 comments

Cryptoshark caches data (at least on Mac), so that if you restart the cryptoshark, already scanned functions/injected code are stored. This is a nice feature, but in the case a patched binary should be traced again, Cryptoshark still displays old data - and the GUI has no "Clear cache" button or information were cached data are stored so that they can be deleted manually.

I tried:

  1. deletion of /Users/user/Library/Caches/Cryptoshark/qmlcache/*.qmlc files, but after restart of Cryptoshark the files got restored magically again
  2. analyze cryptoshark access to files (Active Monitor => View => Inspect Process => Open files) Nothing useful found
  3. searching for a line from an instrumentation: grep -iR "corefoundation_1bb450" * 2>/dev/null brought at last: Binary file /Users/user/Desktop/AppName.db3 matches

So in order to get rid of all Cryptoshark cached data on Mac just use: rm /Users/user/Desktop/*.db3 or search for *.db3 on Windows/Linux.

REQUIREMENT Please introduce an "Clear cache" button or add information in GUI were the sqlite DB3 files are stored.

siarsky avatar Mar 19 '21 17:03 siarsky