hook


How does cycript / substrate work to hook into a process?


I am currently doing some research on techniques about hooking mobile applications and came across some frameworks like Xposed (Android), Frida (Android and iOS) and Cycript (iOS).
The documentation about Xposed and Frida is fairly good explaining how exactly they are doing it. Xposed states to manipulate the binary starting the Zygote process and loading an additional JAR file that assists in hooking the methods. Frida documentation explains that it uses ptrace (in Linux environments) to attach to a process, allocating and populating a bootstrapper that loads a thread to launch a .so file containing the frida agent, in a nutshell, if I understood it correctly.
I couldn't find useful documentation about the strategy that Cycript pursues. I know that it is built on top of Cydia Substrate that does the actual hooking. I couldn't find details about how exactly Substrate accomplishes this either.
I further understand that on iOS the objective-c runtime enables runtime manipulation as it is runtime-oriented.
Does anybody know how exactly Cycript / Cydia Substrate works to hook/inject into applications?
Thanks in advance.
It figured out that is apparently working by adding the DYLD_INSERT_LIBRARIES into the program's launchd manifest and thereby every time the application is started it loads the malicious payload by loading the dynamic library.
Still, are there other techniques how to perform runtime hooking / manipulations on Android and iOS?

Related Links

Xbox 360, PPC function Hook crashes when i call a function in the hook. PowerPC
How to use hook in WHMCS only on specific page?
When to do Nashorn over Java Hooks?
Best way to configure Gerrit repo server-side hooks
How to hook protocol,such as DiskIO and BlockIO,in UEFI?
ClearCase.ClearTool returns No view context available error
OrientDB - Duplicate a record into a read-only class
Custom Page in cPanel
Domain validation with hooks
How to insert module into product page in prestashop
WebDriver.io: Is there a way to excute steps before or after certain `it` blocks
Prestashop | Remove transplant restrictions
Android app : java / JNI call hooking strategies
using hook updateQuantity on prestashop 1.4
How can I add a column to the line items table in /admin/commerce/orders/[order-number]/edit
How to post a Zapier trigger to the REST Hook Subscribe URL?

Categories

HOME
debugging
plone
smarty
view
iterator
getelementsbytagname
spring-cloud-stream
tizen-web-app
v8
echarts
multiple-records
slurm
u-sql
try-catch
emulator
reverse-proxy
xlsxwriter
one-hot-encoding
facebook-instant-articles
accessor
dcevm
kvc
restful-authentication
sparse-matrix
bootstrap-material-design
xacml
opentype
saas
gitignore
instant-messaging
phonegap
android-kernel
simplexml
dartium
mesos-chronos
android-tabhost
quadratic-programming
google-closure
android-mediaprojection
no-www
cubic-spline
filepicker
jquery-validate
hendrix
rdfs
np-complete
flutterwave
dwscript
orthogonal
specrun
google-cdn
yt-project
mathematica-frontend
impresspages
fputcsv
pickadate
thredds
collapse
cyclomatic-complexity
libressl
iis-arr
dukescript
embedded-code
browser-bugs
cakephp-3.1
event-bubbling
operation
composite
angular-local-storage
web-controls
system.reflection
python-green
modalpopup
operator-precedence
flask-cors
xojo
ivyde
xsockets.net
sitemesh
enterprisedb
ocunit
dmoz
gdata-api
word-processor
armcc
subscript
xmlspy
file-comparison
yui-datatable
celltable
mysql-error-1005
visitor-statistic
zend-translate
mirah
avatar
mediarss
zune

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App