fixes

Change the iOS patcher shorthand flag used when specifying a provisioning profile to an upper case P. Lower case was conflicting with the --pause / -p flag.

Code Changes Since v1.7.3

@clviper

new

Add an Android Cordova SSL pinning bypass for applications that make use of SSLCertificateChecker-PhoneGap-Plugin. Thanks @clviper.

other

Bump agent dependencies.

Code Changes Since v1.7.2

fixes

Escape APK package names causing parsing errors for the Android patcher.
Stop the iOS IPA patcher if a valid provisioning profile was not found.

other

Bump agent dependencies.

Code Changes Since v1.7.1

new

Add the ability to pause iOS IPA patching to allow for manual changes before repackaging and code signing. This is done by adding a --pause flag to the patchipa command.

Code Changes Since v1.7.0

new

Add new iOS and Android heap interaction methods. These new commands allow you to performs various tasks under the <target> heap command context.
Add a small JavaScript editor for simple scripts using the evaluate command.
Add an iOS binary protections enumeration module.
Add an on device HTTP server.

fixes

Fix Android Activity launching
Complete the iOS file delete feature.
Fix duplicate entries created when adding the Android debuggable flag or a Network Security Config.
Fix iOS keychain data hex string conversions.

other

Upgrade frida-compile to v9.

Code Changes Since v1.6.6

fixes

Fix ascii art 💥
Improve iOS SSL pinning bypass stability.
Improve internal jobs cleanup logic.

other

Cleanup agent TSConfig and replace frida-gum-types with @types/frida-gum.

Code Changes Since v1.6.5

new

The iOS keychain dumper will now add a key called dataHex when dumping entries with the --json flag. This key is a hex string of the raw data from the keychain.
The iOS keychain dumper has a new --smart flag to trigger automatic decoding of data fields. Without this flag (the default), entries are UTF8 encoded.

fixes

Improve the iOS keychain dumper's reliability.

other

Bump agent dependencies

Code Changes Since v1.6.4

@aph3rson

new

Add the ability to enumerate an iOS apps' included frameworks observable by NSBundle. This is available as the new ios bundles list_frameworks command.
Add a new --target-class flag to the Android patcher to inject a loadLibrary call for a Frida gadget in any arbitrary class' constructor (for example, to run before an applications onCreate()). The default is still to use the apps main launchable activity.
Add a new SSL Pinning bypass hook for iOS Cordova applications making use of this plugin. Thanks @aph3rson.

fixes

Improve application stability for the Android patcher when injecting a loadLibrary call into an existing class constructor by correctly incrementing the .locals count.

other

Bump agent dependencies

Code Changes Since v1.6.3

@aph3rson

new

Add the ability to enumerate the currently active Android activity. This can be done with the new android hooking get current_activity command.
Add a new R class helper to the agent for Android hooks.

fixes

Fix networked Frida connections. The the --host and --network flags will work again as intended.
Fix spawning on iOS (using a jailbroken environment) (thanks @aph3rson)

Code Changes Since v1.6.2

@AV-IO

new

Add the ability to save modules and module exports as json.

fixes

Improve error handling when downloading Frida gadgets.

thanks

This release contains commits primarily contributed by @AV-IO 🎉

Releases: sensepost/objection

1.7.4

fixes

Uh oh!

1.7.3

new

other

Uh oh!

v1.7.2

fixes

other

Uh oh!

v1.7.1

new

Uh oh!

v1.7.0 - DEF CON 27

new

fixes

other

Uh oh!

v1.6.6

fixes

other

Uh oh!

v1.6.5 – Keychain dumper improvements

new

fixes

other

Uh oh!

v1.6.4

new

fixes

other

Uh oh!

v1.6.3

new

fixes

Uh oh!

v1.6.2

new

fixes

thanks

Uh oh!