#TodayILearned
  • Intro
  • Mobile
    • ADB
    • Bundletool
    • Frida
    • Objection
    • Apktool
    • Patching Smali
    • jadx
    • Xamarin
    • Emulator
    • Correlium
  • Network
    • Bettercap
  • Red Team
    • Unicorn
    • Macros
    • Defense Evasion
      • Load shellcode from memory using Golang
      • Hershell
    • Initial Compromise
      • Password Spraying
  • Web
    • Burp
    • IIS
  • Pentest
    • Metasploit
    • sqlmap
    • Hashcat
  • Miscellaneous
  • Recon
  • Docker
    • GitHub
    • Pulling from an insecure registry
    • Exploring a Docker image
  • Recon
    • Aquatone
    • Censys
    • MassDNS
    • S3 buckets enumeration with ffuf
    • Shodan
  • Flutter
    • Privilege Escalation
  • SSTI
Powered by GitBook
On this page
  • Update
  • Patching an APK
  • Explore APK
  • Disable SSL Pinning
  • Early Instrumentation
  • List activities
  • List classes
  • Simple hooks for each Class method
  • Launch Activity
  • Hook return_value
  • Making a patch permanent

Was this helpful?

  1. Mobile

Objection

PreviousFridaNextApktool

Last updated 5 years ago

Was this helpful?

Update

pip3 install -U objection

Patching an APK

objection patchapk --source app-release.apk

You might need to use the flag --skip-resources if there is an error while rebuilding the APK.

Explore APK

First you will need to (either you patched the APK to run Frida when starting or you previously started the Frida's server).

objection -g com.package.package explore

Disable SSL Pinning

android sslpinning disable

Early Instrumentation

objection explore --startup-command 'android sslpinning disable'
objection explore --startup-script ssl-pinning.js

List activities

android hooking list activities com.package.package

List classes

android hooking list classes

Simple hooks for each Class method

android hooking generate simple <class name>

Launch Activity

android intent launch_activity com.package.package.class.NameActivity

Hook return_value

android hooking set return_value com.package.package.paywall.PayWallStorageImpl.retrievePayWallIsOp
en true

Making a patch permanent

objection patchapk -s UnCrackable-Level1.apk -c gadget -l root.js
gadget
{
  "interaction": {
    "type": "script",
    "path": "libfrida-gadget.script.so"
  }
}
root.js
Java.perform(function() {
    var c = Java.use("sg.vantagepoint.a.c");
    c.a.implementation = function(v) { return false; }
    c.b.implementation = function(v) { return false; }
    c.c.implementation = function(v) { return false; }
})

start the Frida server