v1.2.6

fixes

• Fix method matching in the Android class watcher when the method signature contains a throw statement.

other

• Add warnings about running objection on older mobile operating systems. These include Android 4 and lower and iOS 8 and lower.

v1.2.5

fixes

• Fix the Android root simulation Frida script to return values for the methods called.
• Improve the Android APK patcher by adding the -r flag to apktool by default to skip resource decoding.

v1.2.4

new

• Add new --gadget-version flag to the mobile patchers to specify the version of the Frida gadget to use.

v1.2.3

new

• Add the android hooking watch class command to watch all methods within a class.
• Add the --json flag to the ios cookies get command to output cookies as a JSON structure.

fixes

• Fix a bug in the ios ui screenshot command that caused screenshots to fail to write to disk.
• Conditionally check for the code cache dir in the env command to improve Android 4x compatibility.

v1.2.2

new

• Add the zipalign command to the Android APK patcher.

fixes

• Reduce warnings generated by jarsigner by adding the -tsa flag.
• Fix the iOS SSL pinning bypass command by removing the SecTrustEvaluate hook as this was breaking other SSL related calls.

v1.2.1

new

• Add the --quiet flag to the Android and iOS sslpinning disable commands to reduce terminal output during usage.
• Improve the iOS SSL pinning by hooking more functions such as SecTrustEvaluate, -[AFSecurityPolicy setSSLPinningMode:] and -[AFSecurityPolicy setAllowInvalidCertificates:].

fixes

• Add the --ignore-ios10-tls-helper flag to the ios sslpinning disable command as there were some cases where tls_helper_create_peer_trust would break TLS connections in general.

v1.2.0

new

• Add the --enable-debug flag for the Android patcher that will set the android:debuggable property in the resultant AndroidManifest.xml file to true after patching an APK.
• Add the --file-commands / -c flag to the explore command to read objection commands from a file and run them on start up.
• Add the commands history, commands save and commands clear commands to work with the current sessions command history. Saved commands can be loaded using the previously mentioned -c flag.
• Refactor the iOS and Android class method watcher commands to now have flags to toggle the dumping of arguments (--dump-args), stack traces (--dump-backtrace) and return values (--dump-return) to the screen. The older dump_args commands for both platforms have been removed in favour of the new flags.
• Add the ability to tab complete flags.
• Allow for multiple startup commands to be added when starting the REPL by using more than one -s flag.
• Added command arguments to the output of the jobs list command to make it easier to distinguish commands of the same type.

fixes

• Improve the error handling when starting the objection REPL.
• Improve command argument validation, especially in commands where flags are used.

This release only contains minor bug fixes and typo corrections. Test coverage is also up to 77% now! 🤖

v1.1.14

fixes

• Fix the android method watching and argument dumping hooks so that they return the values intended by the method call.
• Correctly interpret the --host and --port flags for network based Frida connections.
• Fix the Writable / Readable output in filesystem listings that were incorrectly displayed.

v1.1.13

new

• Tests! Check out travis for the build status.

fixes

• Catch Frida timeouts when issuing the reconnect command within the REPL.
• Fix the path to the keystore used by jarsigner in the APK patcher.

v1.1.12

fixes

• Fix a bug introduced in 1.1.11 with the --skip-cleanup flag and the iOS IPA patcher.
• Fix the exception message thrown when the Android frida-gadget download URL could not be determined.

other

• Move the code used to patch mobile applications from a large single file into its own module at objection.utils.patchers.

v1.1.11

new

• Added the --hook-debug flag on the explore command which will now dump compiled hooks and their responses.
• Added a --skip-cleanup flag to the package patchers which will cause the patcher to not delete temporary files created.
• Added the --pause flag to the patchapk command to allow for manual Android resource fixes when apktool fails to repackage patches apks.
• Add Android SSL pinning bypass logic for applications built using Appcelerator Titanium

fixes

• Fix a syntax typo in the iOS keychain dumpers ACL parsing logic.
• Fix the Android APK patcher to rather append than override an existing class initialiser when adding a loadLibrary call for a frida-gadget.

other

• Remove the duplicate calls to JSON.stringify() in hook send() calls.
• Various other typo fixes and improvements.

v1.1.10

improvements

• Add the .png extension if its omitted for android ui screenshot.
• Handle errors when unloading jobs from devices that may have already disconnected.

v1.1.9

new

• Added a background version checker. A background process is launched on startup to compare the local version number with the github reported version number to notify you of any updates if available.

fixes

• Stop the iOS IPA patcher if a valid .mobileprovision file could not be found.
• Fix the iOS ios sslpinning disable command to support iOS versions older than iOS 10.

v1.1.8

new

• Add --include-backtrace flag for android hooking watch class_method.

fixes

• Fix quotes breaking the Frida script used for the android hooking set return_value command when an overloaded method is specified.

v1.1.7

new

• Add ability to specify a PID with the --gadget argument. (Only applies when running with a jailbroken/rooted device).

v1.1.6

new

• Added android intent launch_service command

v1.1.5

new

• new android ui FLAG_SECURE command to toggle the flag on activities.
• new objection run subcommand to single run objection commands without the REPL.

fixes

• iOS file listing optimizations.

v1.1.4

Add HTTPOnly flag in ios cookies get command output.

v1.1.3

Fix an IPA naming bug when patching iOS applications.