objection v1.9.6 released: runtime mobile exploration
objection Runtime Mobile Exploration
introduction – objection Runtime Mobile Exploration
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
The project’s name quite literally explains the approach as well, whereby runtime specific objects are injected into a running process and executed using Frida.
Note This is not some form of jailbreak/root bypass. By using objection, you are still limited by all of the restrictions imposed by the applicable sandbox you are facing.
features – objection Runtime Mobile Exploration
Supporting both iOS and Android and having new features and improvements added regularly as the tool is used in real-world scenarios, the following is a short list of only a few key features:
For all supported platforms, objection allows you to:
- Patch iOS and Android applications, embedding a Frida gadget that can be used with
objectionor just Frida itself.
- Interact with the filesystem, listing entries as well as upload & download files where permitted.
- Perform various memory-related tasks, such as listing loaded modules and their respective exports.
- Attempt to bypass and simulate jailbroken or rooted environments.
- Discover loaded classes and list their respective methods.
- Perform common SSL pinning bypasses.
- Dynamically dump arguments from methods called as you use the target application.
- Interact with SQLite databases inline without the need to download the targeted database and use an external tool.
- Execute custom Frida scripts.
iOS-specific features in objection include the ability to:
- Dump the iOS keychain, and export it to a file.
- Dump data from common storage such as NSUserDefaults and the shared NSHTTPCookieStorage.
- Dump various formats of information in human-readable forms.
- Bypass certain forms of TouchID restrictions.
- Watch for method executions by targeting all methods in a class, or just a single method.
- Monitor the iOS pasteboard.
- Dump encoded .plist files in a human-readable format without relying on external parsers.
Android specific features in objection include the ability to:
- List the applications Activities, Services, and Broadcast Receivers.
- Start arbitrary Activities available in the target application.
- Watch a class method, reporting execution as it happens.
pwdcommand will now do the same as
pwd print, fixing #395 (b550b94)
- Plugins can now extend the HTTP API by returning a Flask Blueprint in the
http_apimethod of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the
-aflag to the
- Add new hooks to the iOS jailbreak bypass module for calls to
-[UIApplication canOpenURL:]. Thanks @haxxinen (#390)
- Major update checker refactor. The update checker will now only fire once a day, and will store version information in
~/.objection/version_info. This commit also fixed #386 (bca9776)
Copyright (C) 2018