fixes

• Various path related fixes. #200
• Reintroduce the import command to load external Frida scripts #196

other

Upgrade node dependencies for the agent, primarily bumping the frida-gum-types version to ^4. 613be5a

Code Changes Since v1.5.2

fixes

• Fix the iOS generic method return value override module. #193
• Fix agent loading on operating systems that don't use UTF-8 encoding by default. #191

Thanks goes to @aph3rson for the fixes in this release.

Code Changes Since v1.5.1

fixes

• Fix an agent error condition when iOS AFNetworking was not available. #189
• Small flow control and code simplification changes in the agent.
• Fix various typos.

Code Changes Since v1.5.0

new

• Completely rewritten Frida agent using TypeScript. All of the old hooks have been ported into this agent, replacing the old method of constantly loading and unloading Frida scripts with a single instance exposing methods via the Frida RPC.
• An API! Read more about that here.
• Support spawning Android applications when running on a rooted Android device.
• Job output is no longer a single, random colour, but instead contains a job ID and more useful colouring of the overall output.
• Include new SSL pinning disabling hooks.
• Add command fuzzy completion.
• Upgrade dependencies, most notably, prompt-toolkit to version 2.

fixes

• A crazy amount of hook specific bug fixes (no really). This is primarily thanks to the TypeScript agent port work together with the help of the frida-gum TypeScript type definitions.
• Vastly improved filesystem interactions for both Android and iOS, primarily when uploading/downloading files.
• Better error reporting when the Frida server (both in a Gadget mode and server mode) goes away/crashes.
• Improved data decoding for the iOS keychain dumping module.
• Added a check when using --skip-resources flag for the APK builder to not try and inject the Internet permission.
• Fix the directory separator when using on Windows.
• Improve error handling when dumping memory regions.

Code Changes Since v1.4.1

new

• Improved exception error reporting to the terminal to help debug errors.

fixes

• Android class watcher command will now correctly report invoked methods.
• Fix the memory dumping commands to support Frida 12.

Code Changes Since v1.4.0

new

• Add the ios nsurlcredentialstorage dump command to dump credentials stored using NSURLCredentialStorage.

fixes

• Improve class Objective-C selection for the ios hooking watch* commands.
• Add warnings about existing memory dumps before overriding an existing dump.
• Include frida-tools as dependency as required since Frida 12.
• Other small fixes.

Code Changes since v1.3.0

v1.3.0

This release updates the license for objection to GPL v3.

new

• Add support for multiple devices by specifying a target device serial with the new --serial flag.
• Add the ability to add new text kSecClassGenericPassword keychain entries.

fixes

• Small fixes to the iOS keychain dumper.
• Fix the update checker to improve support for Windows.

changes

This version simply pins the version of python-prompt-toolkit in use as a major update of the library is imminent. (thanks @jonathanslenders)

v1.2.8

changes

• The Android patcher defaulted to not decode resources by default. This has now been inverted, with the flags long name changed to --skip-resources to skip the decoding if needed.

v1.2.7

new

• Add --network-security-config / -N flag to the patchapk command. This flag will add a network security config to the APK as well as the required android:networkSecurityConfig tag to the AndroidManifest.xml's <application> tag. This helps for Android 7+ and the changes to CA certificates that were introduced.
• Add a hook on the verifyChain() method in the com.android.org.conscrypt.TrustManagerImpl class to suppress exceptions that could get thrown if a certificate with a non-trusted CA is presented. This hook is available in the android sslpinning disable command and should take preference over --network-security-config flag in the patchapk command.

fixes

• The patchapk command used to strip all .'s from the resultant APK's name. This should no longer happen.