diff --git a/SUMMARY.md b/SUMMARY.md
index 4e04f9119..cebc590e1 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -313,13 +313,13 @@
* [Webview Attacks](mobile-pentesting/android-app-pentesting/webview-attacks.md)
* [iOS Pentesting Checklist](mobile-pentesting/ios-pentesting-checklist.md)
* [iOS Pentesting](mobile-pentesting/ios-pentesting/README.md)
- * [Basic iOS Testing Operations](mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md)
- * [Burp Suite Configuration for iOS](mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md)
- * [Extracting Entitlements From Compiled Application](mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md)
- * [Frida Configuration in iOS](mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md)
* [iOS App Extensions](mobile-pentesting/ios-pentesting/ios-app-extensions.md)
* [iOS Basics](mobile-pentesting/ios-pentesting/ios-basics.md)
+ * [iOS Basic Testing Operations](mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md)
+ * [iOS Burp Suite Configuration](mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md)
* [iOS Custom URI Handlers / Deeplinks / Custom Schemes](mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md)
+ * [iOS Extracting Entitlements From Compiled Application](mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md)
+ * [iOS Frida Configuration](mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md)
* [iOS Hooking With Objection](mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md)
* [iOS Protocol Handlers](mobile-pentesting/ios-pentesting/ios-protocol-handlers.md)
* [iOS Serialisation and Encoding](mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md)
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
index b0d4b8fe6..e01ff80cf 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
@@ -165,6 +165,16 @@ LC 01: LC_SEGMENT_64 Mem: 0x100000000-0x100028000 __TEXT
You can find further information about the [**information stored in these section in this blog post**](https://knight.sc/reverse%20engineering/2019/07/17/swift-metadata.html).
+Moreover, **Swift binaries might have symbols** (for example libraries need to store symbols so its functions can be called). The **symbols usually have the info about the function name** and attr in a ugly way, so they are very useful and there are "**demanglers"** that can get the original name:
+
+```bash
+# Ghidra plugin
+https://github.com/ghidraninja/ghidra_scripts/blob/master/swift_demangler.py
+
+# Swift cli
+swift demangle
+```
+
### Packed binaries
* Check for high entropy
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
index eb3c2d832..4b7e0de35 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
@@ -39,6 +39,10 @@ The ARM64 calling convention specifies that the **first eight parameters** to a
When reading a function in assembly, look for the **function prologue and epilogue**. The **prologue** usually involves **saving the frame pointer (`x29`)**, **setting** up a **new frame pointer**, and a**llocating stack space**. The **epilogue** usually involves **restoring the saved frame pointer** and **returning** from the function.
+### Calling Convention in Swift
+
+Swift have its own **calling convention** that can be found in [**https://github.com/apple/swift/blob/main/docs/ABI/CallConvSummary.rst#arm64**](https://github.com/apple/swift/blob/main/docs/ABI/CallConvSummary.rst#arm64)
+
### **Common Instructions**
ARM64 instructions generally have the **format `opcode dst, src1, src2`**, where **`opcode`** is the **operation** to be performed (such as `add`, `sub`, `mov`, etc.), **`dst`** is the **destination** register where the result will be stored, and **`src1`** and **`src2`** are the **source** registers. Immediate values can also be used in place of source registers.
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
index 85543c1e9..6e76bfd9b 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
@@ -38,6 +38,10 @@ The x64 calling convention varies between operating systems. For instance:
If the function has more than six inputs, the **rest will be passed on the stack**. **RSP**, the stack pointer, has to be **16 bytes aligned**, which means that the address it points to must be divisible by 16 before any call happens. This means that normally we would need to ensure that RSP is properly aligned in our shellcode before we make a function call. However, in practice, system calls work many times even if this requirement is not met.
+### Calling Convention in Swift
+
+Swift have its own **calling convention** that can be found in [**https://github.com/apple/swift/blob/main/docs/ABI/CallConvSummary.rst#x86-64**](https://github.com/apple/swift/blob/main/docs/ABI/CallConvSummary.rst#x86-64)
+
### **Common Instructions**
x64 instructions have a rich set, maintaining compatibility with earlier x86 instructions and introducing new ones.
diff --git a/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md b/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md
index db66cf624..09a5b4b72 100644
--- a/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md
+++ b/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md
@@ -12,7 +12,7 @@
-
+
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
@@ -208,7 +208,7 @@ Java.choose("com.example.a11x256.frida_test.my_activity" , {
});
```
-
+
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
diff --git a/mobile-pentesting/ios-pentesting/README.md b/mobile-pentesting/ios-pentesting/README.md
index df64ea8d9..72e066750 100644
--- a/mobile-pentesting/ios-pentesting/README.md
+++ b/mobile-pentesting/ios-pentesting/README.md
@@ -230,6 +230,19 @@ DocumentDirectory /var/mobile/Containers/Data/Application/8C8E7EB0-BC9B-435B-8E
LibraryDirectory /var/mobile/Containers/Data/Application/8C8E7EB0-BC9B-435B-8EF8-8F5560EB0693/Library
```
+You could also search for the app name inside **`/private/var/containers`**:
+
+```bash
+find /private/var/containers -name "Progname*"
+```
+
+Or using **`ps`** and **`lsof`**:
+
+```bash
+ps -ef | grep -i
+lsof -p | grep -i "/containers" | head -n 1
+```
+
As you can see, apps have two main locations:
* The **Bundle** **directory** (`/var/containers/Bundle/Application/3ADAF47D-A734-49FA-B274-FBCA66589E67/`).
diff --git a/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md b/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md
index d29004979..174d27b6a 100644
--- a/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md
+++ b/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md
@@ -1,4 +1,4 @@
-# Basic iOS Testing Operations
+# iOS Basic Testing Operations
@@ -347,6 +347,14 @@ flexdump list #List apps
flexdump dump Twitter.app #Create .ipa file from app
```
+#### bagbak
+
+Yet another frida based App decryptor. Requires jailbroken iOS device and [frida.re](https://www.frida.re/)
+
+```bash
+bagbak --raw Chrome
+```
+
#### r2flutch
[**r2flutch**](https://github.com/as0ler/r2flutch) is a tool that uses **radare** and **frida** to **decrypt** and **dump ios apps>**
diff --git a/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md b/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
index 7752aacb0..d5730bd4a 100644
--- a/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
+++ b/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
@@ -1,4 +1,4 @@
-# Frida Configuration in iOS
+# iOS Frida Configuration
@@ -14,16 +14,101 @@
## Installing Frida
-Go to **Cydia** app and add Frida’s repository by going to **Manage -> Sources -> Edit -> Add** and enter [**https://build.frida.re** ](https://build.frida.re). It will add a new source in the source list. Go to the **frida** **source**, now you should **install** the **Frida** package.
+Go to **Cydia/Sileo** app in your Jailbroken device and add Frida’s repository by going to **Manage -> Sources -> Edit -> Add** and enter [**https://build.frida.re** ](https://build.frida.re). It will add a new source in the source list. Go to the F**rida** **source**, now you should **install** the **Frida** package.
-After installed, you can use in your PC the command `frida-ls-devices` and check that the device appears (your PC needs to be able to access it). Execute also `frida-ps -Uia` to check the running processes of the phone.
+If you are using **Corellium** you will need to download the Frida release from [https://github.com/frida/frida/releases](https://github.com/frida/frida/releases) (`frida-gadget-[yourversion]-ios-universal.dylib.gz`) and unpack and copy to the dylib location Frida asks for, e.g.: `/Users/[youruser]/.cache/frida/gadget-ios.dylib`
+
+After installed, you can use in your PC the command **`frida-ls-devices`** and check that the device appears (your PC needs to be able to access it).\
+Execute also **`frida-ps -Uia`** to check the running processes of the phone.
## Frida without Jailbroken device & without patching the app
Check this blog post about how to use Frida in non-jailbroken devices without patching the app: [https://mrbypass.medium.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07](https://mrbypass.medium.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07)
+## Frida Client Installation
+
+Install **frida tools**:
+
+```bash
+pip install frida-tools
+pip install frida
+```
+
+With the Frida server installed and the device running and connected, **check** if the client is **working**:
+
+```bash
+frida-ls-devices # List devices
+frida-ps -Uia # Get running processes
+```
+
+## Frida Trace
+
+```bash
+# Trace all methods of all classes
+frida-trace -U -m "*[* *]"
+
+# Trace all methods with the word "authentication" from classes that start with "NE"
+frida-trace -U -m "*[NE* *authentication*]"
+```
+
+### Get all classes and methods
+
+* Get **all** available **classes** (filter by string)
+
+{% code title="/tmp/script.js" %}
+```javascript
+// frida -U -l /tmp/script.js
+
+var filterClass = "filterstring";
+
+if (ObjC.available) {
+ for (var className in ObjC.classes) {
+ if (ObjC.classes.hasOwnProperty(className)) {
+ if (!filterClass || className.includes(filterClass)) {
+ console.log(className);
+ }
+ }
+ }
+} else {
+ console.log("Objective-C runtime is not available.");
+}
+```
+{% endcode %}
+
+* Get **all** **methods** of a **class** (filter by string)
+
+{% code title="/tmp/script.js" %}
+```javascript
+// frida -U -l /tmp/script.js
+
+var specificClass = "YourClassName";
+var filterMethod = "filtermethod";
+
+if (ObjC.available) {
+ if (ObjC.classes.hasOwnProperty(specificClass)) {
+ var methods = ObjC.classes[specificClass].$ownMethods;
+ for (var i = 0; i < methods.length; i++) {
+ if (!filterMethod || methods[i].includes(filterClass)) {
+ console.log(specificClass + ': ' + methods[i]);
+ }
+ }
+ } else {
+ console.log("Class not found.");
+ }
+} else {
+ console.log("Objective-C runtime is not available.");
+}
+```
+{% endcode %}
+
+## Frida Android Tutorials
+
+{% content-ref url="../android-app-pentesting/frida-tutorial/" %}
+[frida-tutorial](../android-app-pentesting/frida-tutorial/)
+{% endcontent-ref %}
+
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
