hook


How does cycript / substrate work to hook into a process?


I am currently doing some research on techniques about hooking mobile applications and came across some frameworks like Xposed (Android), Frida (Android and iOS) and Cycript (iOS).
The documentation about Xposed and Frida is fairly good explaining how exactly they are doing it. Xposed states to manipulate the binary starting the Zygote process and loading an additional JAR file that assists in hooking the methods. Frida documentation explains that it uses ptrace (in Linux environments) to attach to a process, allocating and populating a bootstrapper that loads a thread to launch a .so file containing the frida agent, in a nutshell, if I understood it correctly.
I couldn't find useful documentation about the strategy that Cycript pursues. I know that it is built on top of Cydia Substrate that does the actual hooking. I couldn't find details about how exactly Substrate accomplishes this either.
I further understand that on iOS the objective-c runtime enables runtime manipulation as it is runtime-oriented.
Does anybody know how exactly Cycript / Cydia Substrate works to hook/inject into applications?
Thanks in advance.
It figured out that is apparently working by adding the DYLD_INSERT_LIBRARIES into the program's launchd manifest and thereby every time the application is started it loads the malicious payload by loading the dynamic library.
Still, are there other techniques how to perform runtime hooking / manipulations on Android and iOS?

Related Links

WooCommerce custom price using get_price() function
Win7/8 DWM Draw hooking
Context path not working in liferay Hook
Creating additional validation steps for user registrarion in Liferay
Webappclass loader unable to load superclass in a hook?
What are the differences between LD_PRELOAD and strace?
Liferay Document Library: execute method on document download
GetMessage(WM_CHAR) override? Making sure all other Window Hooks activate
TYPO3: Hook after creating or editing page
Liferay Hook customization
capistrano after hooks not firing
Custom Metadatafield in Document and Web content in Liferay
MS Detours 3.0 on Win 7 x64?
How to hook an API function
IPB - Hook into usercpForms_core.php
Is it possible to enable hooks in Trac Wiki?

Categories

HOME
maven
compiler-construction
xamarin
fluentd
mockito
plone
jgroups
azure-media-services
mouse
webrequest
iggrid
gorm
kentor-authservices
spring-xd
rascal
moonmail
dosgi
highlight.js
propel
alpine
visual-composer
amazonsellercentral
functional-testing
accessor
hammerspoon
trading
angular2-aot
react-css-modules
phpfox
tooltipster
rst2pdf
r-raster
react-chartjs
siesta-swift
karaf
grails-3.1
rotational-matrices
mmenu
wpf-controls
bitbucket-pipelines
retina-display
android-browser
abstract-class
service-discovery
sharefile
android-fingerprint-api
ncalc
google-closure
glew
node-gyp
botbuilder
nomethoderror
netcdf4
flashair
acoustics
chain-builder
revapi
hendrix
mu
git-diff
forever
pdfclown
migradoc
medium.com
url-pattern
google-web-starter-kit
jwplayer7
pagedlist
rvest
itextpdf
wapiti
system.management
separator
cannon.js
ruby-2.2
riak-cs
oberon
inmobi
website-monitoring
modalpopup
nstableviewcell
relocation
javafx-webengine
codeigniter-routing
qcodo
wordpress-theme-customize
code-access-security
kgdb
android-2.2-froyo
cloud-connect
oam
xsockets.net
spring-io
blending
odata4j
shellexecute
rabl
django-nonrel
lcs
enterprisedb
chuck
dice
multipage
errai
spring-portlet-mvc
work-stealing
pydot
f#-powerpack
floating
datareader
lang
nsviewanimation
castle-monorail
swing-app-framework

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App