So for some reason I am able to cast a ObjC object to string but I can't read the bytearray. If I try to execute the following calls, frida cli will freeze indefinitely
Here's my script
var foo = 0x0
Interceptor.attach(
ObjC.classes['AClass']['- AMethod:'].implementation,
{
onEnter: function (args) {
foo = ObjC.Object(args[2])
}
})
and here's my interactive shell
[Remote::com.some.app ]-> foo.$className
"__NSTaggedDate"
[Remote::com.some.app ]-> foo.toString()
"2023-03-06 12:00:55 +0000"
[Remote::com.some.app ]-> foo.handle
"0x8311b5766c5e4001"
[Remote::com.some.app ]-> ptr(foo.handle).readByteArray(1) <--- the cli has hanged now
<nothing will be returned here> ^c^d also won't work
Your main problem is that a handle is a 64 bit value but it is not a pointer to a valid memory region as you already found out.
You can see this by the very high value of the handle - iOS processes to my knowledge do never use memory in that region.
A handle is more like a key specifying an object in a dictionary (which you don't have access to) or like an primary key/id column in a database. In the end you just have to remember that a handle is an identifier, not not a pointer you can read from.
If you want to get the raw data of __NSTaggedDate you should check it's methods which one is suitable. As __NSTaggedDate has the super class NSDate I would try e.g. timeIntervalSince1970. It returns an double value.