Tool is introduced
Object is a mobile runtime exploit tool powered by Frida that helps researchers access mobile applications and evaluate their security without jailbreaking or root operations.
Note that this tool does not involve jailbreaking or root bypass, these security restrictions and sandbox limitations can be greatly reduced by using obedience.
Function is introduced
The tool supports iOS and Android, and many new utilities have been added based on real-world security scenarios. Listed below are some of the core features of the tool.
Object offers the following core features for all supported platforms:
1. Fix iOS and Android apps to embed Frida utilities.
Interact with the file system, enumerate entries and uploaded/downloaded files.
3. Perform various memory-related tasks, such as listing loaded modules and related output.
4. Try bypassing or emulating jailbreak /root.
5. Find the loaded class and list the corresponding methods.
6. Perform common SSL binding bypass.
Export parameters dynamically from method calls for the target application.
8. Interact with the inline SQLite database without downloading other databases or using external tools.
9. Execute the custom Frida script.
IOS special features:
1. Export the iOS key string and store it in a file.
2. Export data from common stores such as NSUserDefaults and shared NSHTTPCookieStorage.
3. Export information in a readable form.
4. Bypass the TouchID limit.
5. Monitor all method execution in the class.
6. Monitor iOS clipboard.
7. Export the encoded. Plist file to a readable form without the need for external parsing tools.
Android special features:
Enumerate the application’s activities, services, and broadcast receivers.
2. Start any activity in the target application.
Monitor class methods and report execution activities.
Tool Operation Screenshot
The following screenshots show the main features of the object files. The device has an iPad running iOS V10.2.1 and a Samsung Galaxy S5 running Android 6. Both devices have the application running.
The file system of the iOS application’s main bundle:
Android application Bundle file system:
The iOS keystring exported by the current application and written to the keychester. json file:
Inline SQLite query tool:
IOS application SSL binding bypass:
Android application SSL binding bypass:
Current stored iOS sharedHTTPCookieStorage API:
Tool Usage Demo
Demo video
Tool demand
To put these into files, we use the Python 3 interpreter and install all dependent components using the PIP command. For the target mobile application, iOS needs to use the decrypted IPA, Android only needs the normal APK file. If we need to analyze the source code for our iOS application, we also need to load Fridagadge.dylib in our Xcode project.
Tools installation
To complete the object installation, run the following command:
pip3 install objectionCopy the codeTool drive
License Agreement
Obedience to the GNU General Public V3 open Source license.
The project address
Objection:https://github.com/sensepost/objection
* Reference source: SensePost, FB Xiaobian Alpha_h4ck compiled, please note from FreeBuf.COM
Good recommendation
