Skip to content

Releases: sensepost/objection

1.12.5

Choose a tag to compare

@IPMegladon IPMegladon released this 02 Jun 09:35
2da035a

What's Changed

  • Fix AttributeError in warn_about_older_operating_systems when device_state not yet set by @uceka in #788
  • (feat) Add local connection option for iOS simulator. by @IPMegladon in #795
  • (chore) Bump frida bridge versions to fix #800.

Full Changelog: 1.12.4...1.12.5

1.12.4

Choose a tag to compare

@IPMegladon IPMegladon released this 25 Mar 12:36
dd939c5

What's Changed

  • Implement reconnect command thanks to @3rm-z and @panguin6010. I also added a reconnect_spawn command which will try to respawn the process (still some caveats on iOS with this). | #791
    • Also fixed an issue where objection attaches to pid 0 when not finding the process running.
  • (fix) Claude updated the helpfiles. by @IPMegladon in #785
  • (fix) agent android error handling by @IPMegladon in #792
    • should fix some issues with android sslpinning disable.

Full Changelog: 1.12.3...1.12.4

1.12.3

Choose a tag to compare

@IPMegladon IPMegladon released this 27 Jan 13:34
b36eef4

What's Changed

  • Fix error on missing method name for android sslpinning disable by @TheDauntless in #772

Full Changelog: 1.12.2...1.12.3

1.12.2

Choose a tag to compare

@leonjza leonjza released this 21 Nov 11:47
50e0473

This release simply drops the minimum required python version from 3.14 to 3.10.

Full Changelog: 1.12.1...1.12.2

Ofc the CI didnt work. Maybe this time.

Choose a tag to compare

@leonjza leonjza released this 21 Nov 11:05
88ffd5b

Full Changelog: 1.12.0...1.12.1

1.12.0

Choose a tag to compare

@leonjza leonjza released this 21 Nov 11:00
7c07387

The, wow, finally, a release release! 😂

Honestly, there has been so much that has changed, and it's hard to thank and attribute to everyone that has contributed. To that end, thank you for your contributions! Your best bet to know whats changed will be to check out the full change log here: 1.11.0...1.12.0

Below are the PR's that were merged, and hopefully this is the start of better maintenance overall.

What's Changed

New Contributors

1.11.0

Choose a tag to compare

@leonjza leonjza released this 06 Apr 08:33
e7eb1d9

notes

This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision file automatically, but if you need to set it to something else, you can use the new -b flag on the patchipa command.

fixes

  • Correctly parse apktool versions, even if build from source. (554c6c6) (via #449) (thanks @No-Cellist-7780)
  • Improve support for patching iOS applications using a free developer account. (bb33bce)

other

Code Diff Since v1.10.1

1.10.2

Choose a tag to compare

@leonjza leonjza released this 30 Mar 04:22
831e81b

fixes

  • Don't crash the agent if no matches were found when using the memory search command (24582bb)
  • Handle keychain entries that have the kSecAttrSynchronizable flag set (8560d75) (thanks @jpstotz)

other

  • Bump agent dependencies (1af959f)

Code Diff Since v1.10.0

1.10.1

Choose a tag to compare

@leonjza leonjza released this 02 Mar 08:16
89f6353

fixes

  • Fix import check for objc_release indicating that ARC is enabled (3b8cc59)

Code Diff Since v1.10.0

1.10.0

Choose a tag to compare

@leonjza leonjza released this 24 Feb 15:33
1fae0a7

new

  • Add the android hooking list class_loaders command to list the available class loaders (b0710ed)
  • Add the objection signapk command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner to apksigner (available in the Kali repo) (724019a) (via #375) (thanks @mtschirs)
  • Add wildcard class name support for Android method hooking (0dee9d6) (via #383) (thanks @bet4it)
  • Add the ability to specify an already decoded AndroidManifest to the patchapk command such that --skip-resources could still be used under certain conditions (9370002) (via #407) (thanks @agreenbhm)
  • Improve the iOS biometrics bypass hook by also hooking evaluateAccessControl. (2977c8a) (via #411) (thanks @jnovak-praetorian)
  • Add a new ios monitor crypto command to monitor CommonCrypto usage in real time. (746d08d) (via #430) (thanks @gagnonca)
  • Add a new android proxy set command to set the proxy server used by a specific Android app and not the whole OS. (91d1311) (via #439) (thanks @GOAT-FARM3R)
  • Add a new android deoptimize command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (a343591)

fixes

  • Improve error handling when the remote Frida version does not match the local version (6b7baf8)
  • Silence errors that may have occurred while checking for updates (925d2bc)
  • Improve the sqlite connect command to also download SQLite specific temp files if they are available (772154f) (via #392) (thanks @mame82)
  • Revert an older JSON.stringify patch to properly display hooked arguments for Android hooks again (675a88f) (via #414) (thanks @ido77778)

other

  • Update agent dependencies (7a727a0)
  • Update agent dependencies (618c087)
  • Target es2020 for the agent. This makes Frida 14+ a requirement for QuickJS (1e79aa3)
  • Major Frida agent dependency bump to latest versions (d5642c3)
  • Reduce the length of generated job ids (dc104f8)
  • Add warnings about loaded classes when hooking (8abb553) (via #403) (thanks @TheDauntless)

Code Diff Since v1.9.6