📲
📲
📲
📲
iOS Pentesting
Search…
iOS Pentesting / Hacking
About
About This Book
Basics
Jailbreaking
Installing Tools
Generating Strong Certificates (Burp)
File System
Property List (PList) Files
NSUserDefaults
Keychain Data
NSURLCache
Application Snapshots
Apple System Logs (ASL)
Google Buckets
Reverse Engineering
Ghidra
Databases
Core Data Framework Database
Couchbase lite DB
FireBase (Google)
Bypassing Restrictions
Bypassing SSL/Certificate Pinning
Bypassing Jailbreak
Local Authentication (Biometrics)
Breaking Crypto
Weak Cryptography
Frida
Objection
Frida
Frida Trace (frida-trace)
Powered By GitBook
Objection
Objection is a framework built on top of Frida by SensePost and can be found on GitHub.

Installing Objection

Installing Objection is easy and here is an exerpt from the official SensePost/Objection GitHub page:
Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

Method Hooking with Objection

Hooking methods is an easy way to determine whether the class or method is being called. It can also provide easy access to manipulate the return values or the functionality of the method or class.
List all classes
1
ios hooking list classes
Copied!
Listing all methods
1
ios hooking list class_methods
Copied!
Search for classes
1
ios hooking search classes example_class
Copied!
Search for methods in class
1
ios hooking list class_methods example_class
Copied!
Watching a method
1
ios hooking watch class example_class
Copied!
Overwriting return values
1
ios hooking set return_value "*[LoginValidate isLoginValidated]" true
2
​
3
----
4
​
5
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # ios hooking set return_value "*[LoginValidate isLoginValidated]" true
6
(agent) Found selector at 0x104e4238c as +[LoginValidate isLoginValidated]
7
(agent) Registering job z04v8rh682n. Type: set-method-return for: *[LoginValidate isLoginValidated]
8
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # (agent) [8crjffqm67y] Called: [LoginValidate isLoginValidated] (Kind: class) (Super: NSObject)
9
(agent) [z04v8rh682n] *[LoginValidate isLoginValidated] Return value was: 0x0, overriding to 0x1
10
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] #
Copied!

Monitor Crypto Functions

1
ios monitor crypto
2
​
3
...
4
​
5
algorithm : kCCPBKDF2
6
password : @daloq3as$qweasdlasasjdnj
7
saltBytes : a27a47abad534580
8
prf : kCCPRFHmacAlgSHA1
9
rounds : 10000
10
derivedKey : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
11
)
12
(agent) [874535] [CCKeyDerivationPBKDF] (
13
algorithm : kCCPBKDF2
14
password : @daloq3as$qweasdlasasjdnj
15
saltBytes : bda84205d53b8cc3
16
prf : kCCPRFHmacAlgSHA1
17
rounds : 10000
18
derivedKey : 69a1d4f08f3a667511c963e0dd77174afa5e9a22b12939fe489e6db0efa4333d
19
)
20
(agent) [874535] [CCCryptorCreate] (
21
op : kCCDecrypt
22
alg : kCCAlgorithmAES128
23
options : kCCOptionPKCS7Padding
24
keyLength : 32
25
key : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
26
iv : 360695187db3eab33612d9ac73bcc01f
27
)
28
​
Copied!

Bypass Biometric Scanner

Using objection you can bypass the biometric lock screen by using the following command:
1
ios ui biometrics_bypass
Copied!
Breaking Crypto - Previous
Weak Cryptography
Next - Frida
Frida
Last modified 8mo ago
Copy link
Contents
Installing Objection
Method Hooking with Objection
Monitor Crypto Functions
Bypass Biometric Scanner