📲
📲
📲
📲
iOS Pentesting
Search…
⌃K

Objection

Objection is a framework built on top of Frida by SensePost and can be found on GitHub.

Installing Objection

Installing Objection is easy and here is an exerpt from the official SensePost/Objection GitHub page:
Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

Method Hooking with Objection

Hooking methods is an easy way to determine whether the class or method is being called. It can also provide easy access to manipulate the return values or the functionality of the method or class.
List all classes
ios hooking list classes
Listing all methods
ios hooking list class_methods
Search for classes
ios hooking search classes example_class
Search for methods in class
ios hooking list class_methods example_class
Watching a method
ios hooking watch class example_class
Overwriting return values
ios hooking set return_value "*[LoginValidate isLoginValidated]" true
----
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # ios hooking set return_value "*[LoginValidate isLoginValidated]" true
(agent) Found selector at 0x104e4238c as +[LoginValidate isLoginValidated]
(agent) Registering job z04v8rh682n. Type: set-method-return for: *[LoginValidate isLoginValidated]
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # (agent) [8crjffqm67y] Called: [LoginValidate isLoginValidated] (Kind: class) (Super: NSObject)
(agent) [z04v8rh682n] *[LoginValidate isLoginValidated] Return value was: 0x0, overriding to 0x1
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] #

Monitor Crypto Functions

ios monitor crypto
...
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : a27a47abad534580
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
)
(agent) [874535] [CCKeyDerivationPBKDF] (
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : bda84205d53b8cc3
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : 69a1d4f08f3a667511c963e0dd77174afa5e9a22b12939fe489e6db0efa4333d
)
(agent) [874535] [CCCryptorCreate] (
op : kCCDecrypt
alg : kCCAlgorithmAES128
options : kCCOptionPKCS7Padding
keyLength : 32
key : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
iv : 360695187db3eab33612d9ac73bcc01f
)

Bypass Biometric Scanner

Using objection you can bypass the biometric lock screen by using the following command:
ios ui biometrics_bypass
Breaking Crypto - Previous
Weak Cryptography
Next - Frida
Frida
Last modified 1yr ago