Releases: sensepost/objection
Releases · sensepost/objection
1.11.0
notes
This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision file automatically, but if you need to set it to something else, you can use the new -b flag on the patchipa command.
fixes
- Correctly parse
apktoolversions, even if build from source. (554c6c6) (via #449) (thanks @No-Cellist-7780) - Improve support for patching iOS applications using a free developer account. (bb33bce)
other
Code Diff Since v1.10.1
1.10.2
1.10.1
1.10.0
new
- Add the
android hooking list class_loaderscommand to list the available class loaders (b0710ed) - Add the
objection signapkcommand to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used fromjarsignertoapksigner(available in the Kali repo) (724019a) (via #375) (thanks @mtschirs) - Add wildcard class name support for Android method hooking (0dee9d6) (via #383) (thanks @bet4it)
- Add the ability to specify an already decoded
AndroidManifestto thepatchapkcommand such that--skip-resourcescould still be used under certain conditions (9370002) (via #407) (thanks @agreenbhm) - Improve the iOS biometrics bypass hook by also hooking
evaluateAccessControl. (2977c8a) (via #411) (thanks @jnovak-praetorian) - Add a new
ios monitor cryptocommand to monitorCommonCryptousage in real time. (746d08d) (via #430) (thanks @gagnonca) - Add a new
android proxy setcommand to set the proxy server used by a specific Android app and not the whole OS. (91d1311) (via #439) (thanks @GOAT-FARM3R) - Add a new
android deoptimizecommand to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (a343591)
fixes
- Improve error handling when the remote Frida version does not match the local version (6b7baf8)
- Silence errors that may have occurred while checking for updates (925d2bc)
- Improve the
sqlite connectcommand to also download SQLite specific temp files if they are available (772154f) (via #392) (thanks @mame82) - Revert an older
JSON.stringifypatch to properly display hooked arguments for Android hooks again (675a88f) (via #414) (thanks @ido77778)
other
- Update agent dependencies (7a727a0)
- Update agent dependencies (618c087)
- Target
es2020for the agent. This makes Frida 14+ a requirement for QuickJS (1e79aa3) - Major Frida agent dependency bump to latest versions (d5642c3)
- Reduce the length of generated job ids (dc104f8)
- Add warnings about loaded classes when hooking (8abb553) (via #403) (thanks @TheDauntless)
Code Diff Since v1.9.6
1.9.6
new
- The
pwdcommand will now do the same aspwd print, fixing #395 (b550b94) - Plugins can now extend the HTTP API by returning a Flask Blueprint in the
http_apimethod of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the-aflag to theexplorecommand. (a2d988b) - Add new hooks to the iOS jailbreak bypass module for calls to
fopenand-[UIApplication canOpenURL:]. Thanks @haxxinen (#390)
fixes
- Major update checker refactor. The update checker will now only fire once a day, and will store version information in
~/.objection/version_info. This commit also fixed #386 (bca9776)
other
Code Diff Since v1.9.5
1.9.5
fixes
- Fix exceptions thrown when version checking. Thanks @MarshalX (#382)
- Refactor (and fix) Android Heap interaction features to better survive future Frida upgrades :D (e460445)
other
- Bump agent dependencies (45dd99a)
- Bump agent dependencies (9605949)
- Bump agent dependencies (10c7f57)
- Bump
@types/frida-gum(a3c3ba8) - Bump frida-objc-bridge version (c897944)
Code Diff Since v1.9.4
1.9.4
1.9.3
fixes
- Improve error handling when the
--skip-resourcesflag is used. Thanks @mtschirs (#374) - Exclude leanback activities (AndroidTV) from launchable activity detection in the Android patcher. Thanks @mtschirs (#374)
- Ensure that ObjC API's are not called if they are not needed. Fixes #377 (8e53e4b)
other
- Bump agent dependencies (4f3ee36)
- Disable compression in agent builds. This was messing with line numbers in the generated source map (ac94e70)
Code Diff Since v1.9.2
1.9.2
new
- Expose the
pingcommand to the CLI to check if the agent is alive and responds. (fee42b3)
fixes
- Fix a typo in the
android hooking generate simplecommand. Thanks @Techbrunch (#360) - Add missing quotes to the
ios hooking watch method commandhelp file (a5a1edb) - Improve error reporting when hooking iOS selectors (0a206c8)
- Improve Windows
apktoolversion detection, again (46f8d0c)
other
- Bump agent dependencies (a69fffc)
Code Diff Since v1.9.1
1.9.1
new
- Extend support for embedding a gadget configuration and script added in version 1.9.0 to iOS IPA's. Thanks @interference-security (#349)
- Automatically toggle
extractNativeLibstofalsein Android manifests (with a flag to leave the value untouched). Thanks @StingraySA (#353) - Refactor the
ios keychain addcommand. The--keyflag has been removed in favour of the--accountand--serviceflags, allowing for more granular setting of attributes for a keychain item. (4dadfc4)
fixes
- Improve
apktoolversion parsing on Windows (79aa7ed) - Fix command line overload parsing for the
android watch class_methodcommand (f08cc24) - Improve shell command argument. Thanks @dvalter (#355)
other
- Bump agent dependencies (cf204a0)