Project: iOS DataProtection

Try this code out now by running 

$ frida --codeshare ay-kay/ios-dataprotection -f YOUR_BINARY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/*
* iOS Data Protection
*
* getDataProtectionKeysForAllPaths() - List iOS file data protection classes (NSFileProtectionKey) of an app
*
*/
function listDirectoryContentsAtPath(path) {
var fileManager = ObjC.classes.NSFileManager.defaultManager();
var enumerator = fileManager.enumeratorAtPath_(path);
var file;
var paths = [];
while ((file = enumerator.nextObject()) !== null) {
paths.push(path + '/' + file);
}
return paths;
}
function listHomeDirectoryContents() {
var homePath = ObjC.classes.NSProcessInfo.processInfo().environment().objectForKey_("HOME").toString();
var paths = listDirectoryContentsAtPath(homePath);
return paths;
}
function getDataProtectionKeyForPath(path) {
var fileManager = ObjC.classes.NSFileManager.defaultManager();
var urlPath = ObjC.classes.NSURL.fileURLWithPath_(path);
var fileProtectionKey = ObjC.Object(ptr(fileManager.attributesOfItemAtPath_error_(urlPath.path(), NULL)));
return fileProtectionKey.valueForKey_("NSFileProtectionKey").UTF8String();
}
function getDataProtectionKeysForAllPaths() {
var fileManager = ObjC.classes.NSFileManager.defaultManager();
var dict = [];
var paths = listHomeDirectoryContents();
var isDir = Memory.alloc(Process.pointerSize);
Memory.writePointer(isDir, NULL);
for (var i = 0; i < paths.length; i++) {
fileManager.fileExistsAtPath_isDirectory_(paths[i], isDir);
if (Memory.readPointer(isDir) == 0) {
dict.push({
path: paths[i],
fileProtectionKey: getDataProtectionKeyForPath(paths[i])
});
}
}
return dict;
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Fingerprint: e20320740b1d83135453541ddda834347599973d9075addcebeb38a56a4215ec