Example showing how to use Frida for standalone injection of a custom payload. The payload is a .dylib that uses Gum, Frida's low-level instrumentation library, to hook open() and print the arguments on stderr every time it's called. The payload could be any shared library as long as it exports a function with the name that you specify when calling inject_library_file_sync(). In our example we named it example_agent_main. This function will also be passed a string of data, which you can use for application-specific purposes.

Note that only the build system is iOS-specific, so this example is easily portable to all other OSes supported by Frida.

• Xcode
• Jailbroken iOS device

$ make

This will build the injector, the payload, and an example program you can inject the payload into to easily observe the results.

Next copy the bin/ directory onto your iOS device someplace outside the sandbox, e.g. /usr/local/ios-inject-example/. (Technically only the inject binary needs to be located outside the sandbox.)

In one terminal SSH to your device and launch the victim binary:

$ ./victim
Victim running with PID 1303

Then in another terminal change directory to where the inject binary is and run it:

$ ./inject 1303
$

You should now see a message printed by the victim process every time open() is called.