Comment on page
Objection
Objection is a framework built on top of Frida by SensePost and can be found on GitHub.
Installing Objection is easy and here is an exerpt from the official SensePost/Objection GitHub page:
Installation is simply a matter ofpip3 install objection
. This will give you theobjection
command. You can update an existingobjection
installation withpip3 install --upgrade objection
.
Hooking methods is an easy way to determine whether the class or method is being called. It can also provide easy access to manipulate the return values or the functionality of the method or class.
List all classes
ios hooking list classes
Listing all methods
ios hooking list class_methods
Search for classes
ios hooking search classes example_class
Search for methods in class
ios hooking list class_methods example_class
Watching a method
ios hooking watch class example_class
Overwriting return values
ios hooking set return_value "*[LoginValidate isLoginValidated]" true
----
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # ios hooking set return_value "*[LoginValidate isLoginValidated]" true
(agent) Found selector at 0x104e4238c as +[LoginValidate isLoginValidated]
(agent) Registering job z04v8rh682n. Type: set-method-return for: *[LoginValidate isLoginValidated]
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # (agent) [8crjffqm67y] Called: [LoginValidate isLoginValidated] (Kind: class) (Super: NSObject)
(agent) [z04v8rh682n] *[LoginValidate isLoginValidated] Return value was: 0x0, overriding to 0x1
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] #
ios monitor crypto
...
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : a27a47abad534580
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
)
(agent) [874535] [CCKeyDerivationPBKDF] (
algorithm : kCCPBKDF2
password : @daloq3as$qweasdlasasjdnj
saltBytes : bda84205d53b8cc3
prf : kCCPRFHmacAlgSHA1
rounds : 10000
derivedKey : 69a1d4f08f3a667511c963e0dd77174afa5e9a22b12939fe489e6db0efa4333d
)
(agent) [874535] [CCCryptorCreate] (
op : kCCDecrypt
alg : kCCAlgorithmAES128
options : kCCOptionPKCS7Padding
keyLength : 32
key : e3ae68203b0018b1d85565fe15a6e6ece38f1f436c60c19eb02b0ecb649a8bee
iv : 360695187db3eab33612d9ac73bcc01f
)
Using
objection
you can bypass the biometric lock screen by using the following command:ios ui biometrics_bypass
Last modified 2yr ago