📱 objection - runtime mobile exploration
GPL-3.0 License
Bot releases are hidden (Show)
This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision
file automatically, but if you need to set it to something else, you can use the new -b
flag on the patchipa
command.
apktool
versions, even if build from source. (https://github.com/sensepost/objection/commit/554c6c660b2e68627ff845301cdd664836eef9ee) (via #449) (thanks @No-Cellist-7780)Published by leonjza over 3 years ago
memory search
command (https://github.com/sensepost/objection/commit/24582bb9fd1c83155436d6d0b8719cfecbd68028)kSecAttrSynchronizable
flag set (https://github.com/sensepost/objection/commit/8560d7586310145568b4b4f1dfa71c84e3b005a8) (thanks @jpstotz)Published by leonjza over 3 years ago
objc_release
indicating that ARC is enabled (https://github.com/sensepost/objection/commit/3b8cc593162a1f8aba0b83843105d1e9958e880c)Published by leonjza over 3 years ago
android hooking list class_loaders
command to list the available class loaders (https://github.com/sensepost/objection/commit/b0710ed221ceaf73bc380800d2d7c7dcc1944a14)objection signapk
command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner
to apksigner
(available in the Kali repo) (https://github.com/sensepost/objection/commit/724019a486d410b0b5d83e6d765158b1972b26a8) (via #375) (thanks @mtschirs)AndroidManifest
to the patchapk
command such that --skip-resources
could still be used under certain conditions (https://github.com/sensepost/objection/commit/93700023499e471b43585957c079fdef8b21496b) (via #407) (thanks @agreenbhm)evaluateAccessControl
. (https://github.com/sensepost/objection/commit/2977c8a03a1111c352606352d9b68c12a5e4f7df) (via #411) (thanks @jnovak-praetorian)ios monitor crypto
command to monitor CommonCrypto
usage in real time. (https://github.com/sensepost/objection/commit/746d08d6bfa5d314c5efe89ff3335135b8dea139) (via #430) (thanks @gagnonca)android proxy set
command to set the proxy server used by a specific Android app and not the whole OS. (https://github.com/sensepost/objection/commit/91d131174a3141176a0e6e3c783be72651cb88c3) (via #439) (thanks @GOAT-FARM3R)android deoptimize
command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (https://github.com/sensepost/objection/commit/a34359165fff68fa219473e83208f8ee0816b9a0)sqlite connect
command to also download SQLite specific temp files if they are available (https://github.com/sensepost/objection/commit/772154f12e146fa6f79f41d0d54e4a5994b3227f) (via #392) (thanks @mame82)JSON.stringify
patch to properly display hooked arguments for Android hooks again (https://github.com/sensepost/objection/commit/675a88f174acb8619abced5c6058717e7d326d3b) (via #414) (thanks @ido77778)es2020
for the agent. This makes Frida 14+ a requirement for QuickJS (https://github.com/sensepost/objection/commit/1e79aa336f10a80c8e474257e037b6abfd47e51f)Published by leonjza about 4 years ago
pwd
command will now do the same as pwd print
, fixing #395 (https://github.com/sensepost/objection/commit/b550b9449ec8c5048b232bf0cf1323210b711b2b)http_api
method of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the -a
flag to the explore
command. (https://github.com/sensepost/objection/commit/a2d988bf8114e27101b27aec461705038e0bb87c)fopen
and -[UIApplication canOpenURL:]
. Thanks @haxxinen (#390)~/.objection/version_info
. This commit also fixed #386 (https://github.com/sensepost/objection/commit/bca97762497783e8cc5929b4dd4c32427316d4c9)Published by leonjza over 4 years ago
@types/frida-gum
(https://github.com/sensepost/objection/commit/a3c3ba8d222484f880506cd0be24b25223321fa6)Published by leonjza over 4 years ago
Published by leonjza over 4 years ago
--skip-resources
flag is used. Thanks @mtschirs (#374)Published by leonjza over 4 years ago
ping
command to the CLI to check if the agent is alive and responds. (https://github.com/sensepost/objection/commit/fee42b3947a9c7d3e22b10305e1c8b130d923821)android hooking generate simple
command. Thanks @Techbrunch (#360)ios hooking watch method command
help file (https://github.com/sensepost/objection/commit/a5a1edb4bda424f25c5529f31313d4d706afef54)apktool
version detection, again (https://github.com/sensepost/objection/commit/46f8d0cc12fb425005e332947a6c9d197a8af243)Published by leonjza over 4 years ago
extractNativeLibs
to false
in Android manifests (with a flag to leave the value untouched). Thanks @StingraySA (#353)ios keychain add
command. The --key
flag has been removed in favour of the --account
and --service
flags, allowing for more granular setting of attributes for a keychain item. (https://github.com/sensepost/objection/commit/4dadfc497864ff8d0eeff6b4d4468a1645558a95)apktool
version parsing on Windows (https://github.com/sensepost/objection/commit/79aa7ed881789e5c9458e6a09573bbc848c02441)android watch class_method
command (https://github.com/sensepost/objection/commit/f08cc24cd9bde142c754876690877f5cc5071b84)Published by leonjza over 4 years ago
--inline
flag to the ios heap execute js
command, allowing for inline JavaScript evaluation on iOS heap objects. (https://github.com/sensepost/objection/commit/956056aab6d18bbc37105902996102f02a492a67)--unzip-unicode
flag to the iOS IPA patcher to treat the IPA name as unicode. Thanks @Fabiano1107 (#309)[object, object]
for the argument. Thanks @arielmiki (#334).dex
files generated by Java.registerClass()
. An example patch to recompile the Android frida-server with the name frida
renamed to freeda
can be seen here. (https://github.com/sensepost/objection/commit/d1035e566cef7e4e4c139258ee6d112adafa09af)android keystore watch
command. This command will report usages of the java.security.KeyStore
class, revealing the password used when accessing items. (https://github.com/sensepost/objection/commit/0513b2d780092eedc95390db51c27c895606f241)android hooking set return_value
crashing when no optional overload is set. Thanks @root-intruder (#307)jarsigner
on Linux. Thanks @RomainL972 (#327)apktool
version 2.4.1 and up, as well as by automatically running the empty-framework-dir
command before patching. Information about upgrading apktool
can be found in the wiki here. (https://github.com/sensepost/objection/commit/46288b5c7b708837bf15e03e44f3d45fa24f148f)Published by leonjza over 4 years ago
Published by leonjza almost 5 years ago
Published by leonjza almost 5 years ago
Published by leonjza almost 5 years ago
Published by leonjza about 5 years ago
aapt2
with apktool
and better error handling. (thanks @dnet via #282, #283 and #284)ios keychain dump_raw
command and should be used in conjunction with the original dump
command to make sure no parsing errors have occurred.file cat
command that will perform cat
-like activities, added for convenience. Only ASCII printable characters in the target file will be echoed to screen. For any other processing, files should still be downloaded and processed locally.simple
and class
version. The version you choose will depend on your use case, so feel free to experiment!sqlite connect database.sqlite
command will now automatically drop you into a litecli REPL. If you want to make changed to the target database, add the --sync
flag. This way, once you quit
from the litecli REPL, the modified database will be synchronized back to the device.@types/frida-gum
to version 14.Published by leonjza about 5 years ago
Published by leonjza about 5 years ago
P
. Lower case was conflicting with the --pause
/ -p
flag.Published by leonjza about 5 years ago
Published by leonjza about 5 years ago