Objection

Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing.

The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage systems, such as keychains and SQLite databases, while allowing for the interception of cryptographic operations.

The toolkit covers a broad range of analysis capabilities, including process memory manipulation, heap object inspection, and container filesystem exploration. It also includes monitoring tools for tracing method arguments, analyzing application intents, and configuring application-specific network proxies.

Instrumentation is achieved by injecting a JavaScript engine into a running process or embedding a binary gadget into the application to enable analysis on devices without root or jailbreak access.

Features

Mobile Runtime Exploration Toolkits - Frida enables interaction with the memory and state of iOS and Android applications through a command-line interface.

Dynamic Binary Instrumentation - Provides dynamic binary instrumentation by injecting a JavaScript engine to intercept function calls and modify memory in real time.

Mobile Security - Provides a comprehensive toolkit for analyzing mobile applications, intercepting traffic, and bypassing SSL pinning.

Heap Inspection Tools - Traverses and alters objects stored in the application memory heap during active execution.

Mobile Security Tools - Ships a suite of tools to bypass SSL pinning, biometric authentication, and root detection in mobile binaries.

Memory Content Manipulation - Lists loaded modules, dumps memory regions, and replaces memory contents at runtime.

Process Memory Access - Provides direct read and write access to the memory space of running application processes to alter object states.

Binary Instrumentation - Implements binary instrumentation by embedding shared libraries into application binaries to enable analysis on non-rooted devices.

Class Metadata Inspection - Enables the discovery of loaded classes and available methods to analyze the internal structure of running applications.

Certificate Pinning Bypasses - Intercepts network traffic by disabling certificate validation mechanisms within applications at runtime.

Keychain Extraction - Dumps and modifies sensitive items stored within a device's secure keystore.

Detection Evasions - Simulates non-rooted environments to evade detection libraries and analyze apps that block execution on modified devices.

Runtime Memory Manipulation - Frida modifies memory contents and dumps regions to change or analyze runtime behavior.

Security Auditing - Enables the extraction and analysis of sensitive credentials from keychains, SQLite databases, and local storage.

Biometric Bypasses - Circumvents fingerprint and facial recognition checks to test the effectiveness of application authentication.

Custom Scripting Engines - Provides a runtime engine for executing custom JavaScript scripts to extend the toolkit's exploration capabilities.

Runtime Memory Explorers - Provides a command-line interface for scanning and inspecting heap-allocated objects and memory in live mobile processes.

Runtime Language Instrumentation - Modifies application behavior and traces method calls in real time using a dynamic runtime engine.

Local Storage Inspectors - Dumps and inspects data from common storage locations such as cookies, property lists, and user defaults.

Local Database Browsers - Interacts with and explores SQLite databases directly on the device without requiring external exports.

Android Component Manipulation - Provides capabilities to list and start arbitrary Android activities, services, and broadcast receivers to trigger application functions.

Cryptographic Interception - Monitors encryption operations and keystore usage to reveal passwords and cryptographic details.

Biometric Bypasses - Circumvents fingerprint or facial recognition restrictions to gain access to protected application areas.

Credential Extraction Utilities - Provides utilities to recover sensitive authentication secrets and credentials from the device's secure storage system.

Malware Analysis - Inspects memory, heap objects, and internal filesystems to reverse engineer and analyze mobile malware behavior.

Pattern-Based Hooking - Allows matching and instrumenting multiple methods dynamically using predefined patterns to modify application behavior.

Root Detection Evasion - Simulates a non-rooted environment to evade detection libraries and security checks.

Binary Patching Utilities - Embeds instrumentation gadgets into binaries to enable analysis without requiring root or jailbreak access.

Cross-Platform Abstractions - Standardizes interactions with iOS and Android internals through a unified set of high-level exploration commands.

Extensible Plugin Architectures - Supports sideloading external scripts through a modular architecture to introduce specialized tools into the runtime environment.

Application Sandbox Inspection - Explores and interacts with the internal files and directories of an isolated application storage area.

Filesystem Management Utilities - Provides utilities to list directory entries and transfer files between a host and target device storage.

Runtime Argument Tracing - Dumps arguments from active methods in real-time as the application executes them.

Method Hooking - Intercepts and redirects function calls at runtime by injecting code into memory using predefined signatures.

Reverse Engineering - Explores mobile applications at runtime.

sensepostobjection

Features

Star history