📱 objection - runtime mobile exploration
This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision
file automatically, but if you need to set it to something else, you can use the new -b
flag on the patchipa
command.
apktool
versions, even if build from source. (https://github.com/sensepost/objection/commit/554c6c660b2e68627ff845301cdd664836eef9ee) (via #449) (thanks @No-Cellist-7780)memory search
command (https://github.com/sensepost/objection/commit/24582bb9fd1c83155436d6d0b8719cfecbd68028)kSecAttrSynchronizable
flag set (https://github.com/sensepost/objection/commit/8560d7586310145568b4b4f1dfa71c84e3b005a8) (thanks @jpstotz)objc_release
indicating that ARC is enabled (https://github.com/sensepost/objection/commit/3b8cc593162a1f8aba0b83843105d1e9958e880c)android hooking list class_loaders
command to list the available class loaders (https://github.com/sensepost/objection/commit/b0710ed221ceaf73bc380800d2d7c7dcc1944a14)objection signapk
command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner
to apksigner
(available in the Kali repo) (https://github.com/sensepost/objection/commit/724019a486d410b0b5d83e6d765158b1972b26a8) (via #375) (thanks @mtschirs)AndroidManifest
to the patchapk
command such that --skip-resources
could still be used under certain conditions (https://github.com/sensepost/objection/commit/93700023499e471b43585957c079fdef8b21496b) (via #407) (thanks @agreenbhm)evaluateAccessControl
. (https://github.com/sensepost/objection/commit/2977c8a03a1111c352606352d9b68c12a5e4f7df) (via #411) (thanks @jnovak-praetorian)ios monitor crypto
command to monitor CommonCrypto
usage in real time. (https://github.com/sensepost/objection/commit/746d08d6bfa5d314c5efe89ff3335135b8dea139) (via #430) (thanks @gagnonca)android proxy set
command to set the proxy server used by a specific Android app and not the whole OS. (https://github.com/sensepost/objection/commit/91d131174a3141176a0e6e3c783be72651cb88c3) (via #439) (thanks @GOAT-FARM3R)android deoptimize
command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (https://github.com/sensepost/objection/commit/a34359165fff68fa219473e83208f8ee0816b9a0)sqlite connect
command to also download SQLite specific temp files if they are available (https://github.com/sensepost/objection/commit/772154f12e146fa6f79f41d0d54e4a5994b3227f) (via #392) (thanks @mame82)JSON.stringify
patch to properly display hooked arguments for Android hooks again (https://github.com/sensepost/objection/commit/675a88f174acb8619abced5c6058717e7d326d3b) (via #414) (thanks @ido77778)es2020
for the agent. This makes Frida 14+ a requirement for QuickJS (https://github.com/sensepost/objection/commit/1e79aa336f10a80c8e474257e037b6abfd47e51f)pwd
command will now do the same as pwd print
, fixing #395 (https://github.com/sensepost/objection/commit/b550b9449ec8c5048b232bf0cf1323210b711b2b)http_api
method of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the -a
flag to the explore
command. (https://github.com/sensepost/objection/commit/a2d988bf8114e27101b27aec461705038e0bb87c)fopen
and -[UIApplication canOpenURL:]
. Thanks @haxxinen (#390)~/.objection/version_info
. This commit also fixed #386 (https://github.com/sensepost/objection/commit/bca97762497783e8cc5929b4dd4c32427316d4c9)@types/frida-gum
(https://github.com/sensepost/objection/commit/a3c3ba8d222484f880506cd0be24b25223321fa6)--skip-resources
flag is used. Thanks @mtschirs (#374)ping
command to the CLI to check if the agent is alive and responds. (https://github.com/sensepost/objection/commit/fee42b3947a9c7d3e22b10305e1c8b130d923821)android hooking generate simple
command. Thanks @Techbrunch (#360)ios hooking watch method command
help file (https://github.com/sensepost/objection/commit/a5a1edb4bda424f25c5529f31313d4d706afef54)apktool
version detection, again (https://github.com/sensepost/objection/commit/46f8d0cc12fb425005e332947a6c9d197a8af243)extractNativeLibs
to false
in Android manifests (with a flag to leave the value untouched). Thanks @StingraySA (#353)ios keychain add
command. The --key
flag has been removed in favour of the --account
and --service
flags, allowing for more granular setting of attributes for a keychain item. (https://github.com/sensepost/objection/commit/4dadfc497864ff8d0eeff6b4d4468a1645558a95)apktool
version parsing on Windows (https://github.com/sensepost/objection/commit/79aa7ed881789e5c9458e6a09573bbc848c02441)android watch class_method
command (https://github.com/sensepost/objection/commit/f08cc24cd9bde142c754876690877f5cc5071b84)