📲
📲
📲
📲
iOS Pentesting
Search…
iOS Pentesting / Hacking
About
About This Book
Basics
Jailbreaking
Installing Tools
Generating Strong Certificates (Burp)
File System
Property List (PList) Files
NSUserDefaults
Keychain Data
NSURLCache
Application Snapshots
Apple System Logs (ASL)
Google Buckets
Reverse Engineering
Ghidra
Databases
Core Data Framework Database
Couchbase lite DB
FireBase (Google)
Bypassing Restrictions
Bypassing SSL/Certificate Pinning
Bypassing Jailbreak
Local Authentication (Biometrics)
Breaking Crypto
Weak Cryptography
Frida
Objection
Frida
Frida Trace (frida-trace)
Powered By GitBook
Objection
Objection is a framework built on top of Frida by SensePost and can be found on GitHub.

Installing Objection is easy and here is an exerpt from the official SensePost/Objection GitHub page:
Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

Hooking methods is an easy way to determine whether the class or method is being called. It can also provide easy access to manipulate the return values or the functionality of the method or class.
List all classes
ios hooking list classes
Listing all methods
ios hooking list class_methods
Search for classes
ios hooking search classes example_class
Search for methods in class
ios hooking list class_methods example_class
Watching a method
ios hooking watch class example_class
Overwriting return values
ios hooking set return_value "*[LoginValidate isLoginValidated]" true
​
----
​
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # ios hooking set return_value "*[LoginValidate isLoginValidated]" true
(agent) Found selector at 0x104e4238c as +[LoginValidate isLoginValidated]
(agent) Registering job z04v8rh682n. Type: set-method-return for: *[LoginValidate isLoginValidated]
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # (agent) [8crjffqm67y] Called: [LoginValidate isLoginValidated] (Kind: class) (Super: NSObject)
(agent) [z04v8rh682n] *[LoginValidate isLoginValidated] Return value was: 0x0, overriding to 0x1
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] #

ios monitor crypto
​
...
​
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : a27a47abad534580
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
)
(agent) [874535] [CCKeyDerivationPBKDF] (
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : bda84205d53b8cc3
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : 69a1d4f08f3a667511c963e0dd77174afa5e9a22b12939fe489e6db0efa4333d
)
(agent) [874535] [CCCryptorCreate] (
op : kCCDecrypt
alg : kCCAlgorithmAES128
options : kCCOptionPKCS7Padding
keyLength : 32
key : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
iv : 360695187db3eab33612d9ac73bcc01f
)
​

Using objection you can bypass the biometric lock screen by using the following command:
ios ui biometrics_bypass
Breaking Crypto - Previous
Weak Cryptography
Next - Frida
Frida
Last modified 1yr ago
Copy link
On this page
Installing Objection
Method Hooking with Objection
Monitor Crypto Functions
Bypass Biometric Scanner