by Or Levy
Objection Tutotrial by hacktricks
Installation
pip3 install objection
Run
1. run frida-server on device
2. objection --gadget <app> explore (start objection)
Commands
Path information
env
disable SSL Pinning
android sslpinning disable
disable root detection
android root disable
Simulate a rooted Android environment
android root simulate
Exec Command
android shell_exec whoami
Screenshot
android ui screenshot /tmp/screenshot
List activities
android hooking list activities
List services
android hooking list services
List receivers
android hooking list receivers
Getting current activity
android hooking get current_activity
Search Classes
android hooking search classes <package.name>
Search Methods of a Class
android hooking search methods <package.name <activity.name>
Hooking Commands
try to dump all possible information each time the function is called
android hooking watch class_method <package>.<activity>.<function> --dump-args --dump-backtrace --dump-return
try to dump all possible information each time the class is called
android hooking watch class <package>.<activity> --dump-args --dump-backtrace --dump-return
Changing boolean return value of a function
android hooking set return_value <package>.<activity>.<function> <true/false>
allow users to view materials while the app is minimized
android ui FLAG_SECURE false
Keystore/Intents
android keystore list
android intent launch_service
android intent launch_activity <package>.<activity> (launch an activity
can be exploit if android:exported="true")
Memory
memory list modules (process in the memory)
memory list exports <process> (export a process)
memory search 4141 –string (search string in the memory)
memory write <address> <string> --string (write to the memory process)
SQLite
sqlite (interact with sqlite db)