1.11.0

notes

This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision file automatically, but if you need to set it to something else, you can use the new -b flag on the patchipa command.

fixes

• Correctly parse apktool versions, even if build from source. (554c6c6) (via #449) (thanks @No-Cellist-7780)
• Improve support for patching iOS applications using a free developer account. (bb33bce)

other

• Bump agent dependencies (23ba6b0)
• Formatting fixes (7724481)

Code Diff Since v1.10.1

1.10.2

fixes

• Don't crash the agent if no matches were found when using the memory search command (24582bb)
• Handle keychain entries that have the kSecAttrSynchronizable flag set (8560d75) (thanks @jpstotz)

other

• Bump agent dependencies (1af959f)

Code Diff Since v1.10.0

1.10.1

fixes

• Fix import check for objc_release indicating that ARC is enabled (3b8cc59)

Code Diff Since v1.10.0

1.10.0

new

• Add the android hooking list class_loaders command to list the available class loaders (b0710ed)
• Add the objection signapk command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner to apksigner (available in the Kali repo) (724019a) (via #375) (thanks @mtschirs)
• Add wildcard class name support for Android method hooking (0dee9d6) (via #383) (thanks @bet4it)
• Add the ability to specify an already decoded AndroidManifest to the patchapk command such that --skip-resources could still be used under certain conditions (9370002) (via #407) (thanks @agreenbhm)
• Improve the iOS biometrics bypass hook by also hooking evaluateAccessControl. (2977c8a) (via #411) (thanks @jnovak-praetorian)
• Add a new ios monitor crypto command to monitor CommonCrypto usage in real time. (746d08d) (via #430) (thanks @gagnonca)
• Add a new android proxy set command to set the proxy server used by a specific Android app and not the whole OS. (91d1311) (via #439) (thanks @GOAT-FARM3R)
• Add a new android deoptimize command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (a343591)

fixes

• Improve error handling when the remote Frida version does not match the local version (6b7baf8)
• Silence errors that may have occurred while checking for updates (925d2bc)
• Improve the sqlite connect command to also download SQLite specific temp files if they are available (772154f) (via #392) (thanks @mame82)
• Revert an older JSON.stringify patch to properly display hooked arguments for Android hooks again (675a88f) (via #414) (thanks @ido77778)

other

• Update agent dependencies (7a727a0)
• Update agent dependencies (618c087)
• Target es2020 for the agent. This makes Frida 14+ a requirement for QuickJS (1e79aa3)
• Major Frida agent dependency bump to latest versions (d5642c3)
• Reduce the length of generated job ids (dc104f8)
• Add warnings about loaded classes when hooking (8abb553) (via #403) (thanks @TheDauntless)

Code Diff Since v1.9.6

1.9.6

new

• The pwd command will now do the same as pwd print, fixing #395 (b550b94)
• Plugins can now extend the HTTP API by returning a Flask Blueprint in the http_api method of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the -a flag to the explore command. (a2d988b)
• Add new hooks to the iOS jailbreak bypass module for calls to fopen and -[UIApplication canOpenURL:]. Thanks @haxxinen (#390)

fixes

• Major update checker refactor. The update checker will now only fire once a day, and will store version information in ~/.objection/version_info. This commit also fixed #386 (bca9776)

other

• Bump agent dependencies (4fd2818)
• Bump lodash version (9e99a01)
• Bump agent dependencies (76848d8)

Code Diff Since v1.9.5

1.9.5

fixes

• Fix exceptions thrown when version checking. Thanks @MarshalX (#382)
• Refactor (and fix) Android Heap interaction features to better survive future Frida upgrades :D (e460445)

other

• Bump agent dependencies (45dd99a)
• Bump agent dependencies (9605949)
• Bump agent dependencies (10c7f57)
• Bump @types/frida-gum (a3c3ba8)
• Bump frida-objc-bridge version (c897944)

Code Diff Since v1.9.4

1.9.4

fixes

• Fix path for embedding scripts on Android platforms (1db2da7)

Code Diff Since v1.9.3

1.9.3

fixes

• Improve error handling when the --skip-resources flag is used. Thanks @mtschirs (#374)
• Exclude leanback activities (AndroidTV) from launchable activity detection in the Android patcher. Thanks @mtschirs (#374)
• Ensure that ObjC API's are not called if they are not needed. Fixes #377 (8e53e4b)

other

• Bump agent dependencies (4f3ee36)
• Disable compression in agent builds. This was messing with line numbers in the generated source map (ac94e70)

Code Diff Since v1.9.2

1.9.2

new

• Expose the ping command to the CLI to check if the agent is alive and responds. (fee42b3)

fixes

• Fix a typo in the android hooking generate simple command. Thanks @Techbrunch (#360)
• Add missing quotes to the ios hooking watch method command help file (a5a1edb)
• Improve error reporting when hooking iOS selectors (0a206c8)
• Improve Windows apktool version detection, again (46f8d0c)

other

• Bump agent dependencies (a69fffc)

Code Diff Since v1.9.1

1.9.1

new

• Extend support for embedding a gadget configuration and script added in version 1.9.0 to iOS IPA's. Thanks @interference-security (#349)
• Automatically toggle extractNativeLibs to false in Android manifests (with a flag to leave the value untouched). Thanks @StingraySA (#353)
• Refactor the ios keychain add command. The --key flag has been removed in favour of the --account and --service flags, allowing for more granular setting of attributes for a keychain item. (4dadfc4)

fixes

• Improve apktool version parsing on Windows (79aa7ed)
• Fix command line overload parsing for the android watch class_method command (f08cc24)
• Improve shell command argument. Thanks @dvalter (#355)

other

• Bump agent dependencies (cf204a0)

Code Changes Since v1.9.0