objection - runtime mobile exploration
3 likes1,992 views
This document summarizes a presentation about Objection, a Python framework that bundles Frida scripts to enable runtime mobile exploration on iOS and Android without needing a jailbroken or rooted device. It includes demos of using Objection to bypass jailbreak detection, extract data from NSUserDefaults, explore the filesystem, bypass SSL pinning, and monitor class methods. Objection aims to make Frida easier to use on mobile by compiling scripts and bundling common functionality.
![0xcon 2017
@implementation JailbreakDetection
+(BOOL) isJailbroken {
NSFileManager *fm = [NSFileManager defaultManager];
if ([fm fileExistsAtPath:@"/bin/bash"]) {
return YES;
}
return NO;
}
@end](https://image.slidesharecdn.com/objectionruntimemobileexploration-171114072829/85/objection-runtime-mobile-exploration-10-320.jpg)
objection - runtime mobile exploration
- 1. 0xcon 2017 📱objection RUNTIME MOBILE EXPLORATION
- 3. 0xcon 2017
- 4. 0xcon 2017
- 6. 0xcon 2017 - Ole André Vadla Ravnås (@oleavr) - dynamic instrumentation toolkit - injects chrome v8 (or duktape) into process - instrumentation done using JavaScript - basically magic (no really.) frida
- 7. 0xcon 2017 ‘embedded mode’ (recently added fully autonomous mode)
- 8. 0xcon 2017 demo(native function hooking)
- 10. 0xcon 2017 @implementation JailbreakDetection +(BOOL) isJailbroken { NSFileManager *fm = [NSFileManager defaultManager]; if ([fm fileExistsAtPath:@"/bin/bash"]) { return YES; } return NO; } @end
- 11. 0xcon 2017 var JailbreakDetection = ObjC.classes.JailbreakDetection; Interceptor.attach( JailbreakDetection.isJailbroken.implementation, { onEnter: function (args) { // }, onLeave: function (retval) { retval.replace(0x0); } });
- 12. 0xcon 2017 demo(jailbreak detection simulation/bypass)
- 13. 0xcon 2017 lets… inject arbitrary code
- 15. 0xcon 2017 📱objection bundled it up, and called it… (object)inject(ion)
- 16. 0xcon 2017 - python3, installable with pip3 - bundles ios and android hooks - ’compiles’ hooks with Jinja2 - can import arbitrary Frida scripts - do not need a jailbroken / rooted device internals
- 18. 0xcon 2017 demo(exploring the filesystem)
- 19. 0xcon 2017 demo(ssl pinning bypass)
- 20. 0xcon 2017 demo(class method monitoring)
- 21. 0xcon 2017 - dump process/module memory - interact with iOS keychain - bypass touchid* - monitor iOS pasteboard - extract iOS binary cookies and lots more!