mlviewer icon indicating copy to clipboard operation
mlviewer copied to clipboard

Published 20 hours ago verified publisher icon hackcatml

Metadata

Mobile app memory view & edit PyQt6 program

mlviewer

An iOS, Android application memory view & edit PyQt6 application powered by Frida
It's a program running some useful frida scripts with ui to help mobile app analysis

Prerequisite

python > 3.8.0
Running frida-server on your device

Usage

Two ways to run
1. Python Virtual Environment (recommended)

# Git clone
git clone https://github.com/hackcatml/mlviewer
cd mlviewer

# Run
.\mlviewer_wincon.bat (for Windows)
./mlviewer_macos.sh (for macOS)

2. Current Python Environment

# Git clone
git clone https://github.com/hackcatml/mlviewer
cd mlviewer

# Install requirements
pip install -r requirements.txt

# Install capstoen
pip install capstone
pip install --pre --no-binary capstone capstone (for m1, m2 macOS)

# Run
python main.py

Update

git pull origin main

Example

  • Attach, move to an offset from the image base address, patch hex code
    화면 기록 2023-06-21 오후 11 56 29

  • Hex to Arm convert (needs internet connection)
    Drag some hex bytes, mouse right button, click "Hex to Arm"
    화면 기록 2023-06-22 오전 12 06 56

  • Watch arguments, regs on address
    Select address, mouse right button, click "Set Watch Func" or "Set Watch Regs"
    You can monitor arguments with the read option during a function's onEnter or onLeave
    Select args, mouse right button, choose options(ex. select 'args0', check 'onLeave', 'readUtf8String' will log args0.readUtf8String() at onLeave)
    화면 기록 2023-07-02 오후 10 22 58

  • Other examples
    so file dump, memory scan, etc
    https://hackcatml.tistory.com/174

Credits

dump-ios-module
dump-so
frida-il2cpp-bridge
https://armconverter.com
capstone
frida-dexdump
bindiff

Metadata

20
Stars
6
Forks
Watchers

Owner

verified publisher icon hackcatml

Metadata

Mobile app memory view & edit PyQt6 program

Back