1.12.2

This release simply drops the minimum required python version from 3.14 to 3.10.

Full Changelog: 1.12.1...1.12.2

Ofc the CI didnt work. Maybe this time.

Full Changelog: 1.12.0...1.12.1

1.12.0

The, wow, finally, a release release! 😂

Honestly, there has been so much that has changed, and it's hard to thank and attribute to everyone that has contributed. To that end, thank you for your contributions! Your best bet to know whats changed will be to check out the full change log here: 1.11.0...1.12.0

Below are the PR's that were merged, and hopefully this is the start of better maintenance overall.

What's Changed

• Added Command Android>Keystore>ListDetails by @p0w1 in #452
• Implement JailMonkey bypass by @NickstaDB in #455
• Inject loadLibrary at beginning of existing clinit by @bennofs in #460
• Update jailbreak.ts by @MantisSTS in #482
• Update --help description for version command by @jackall3n in #490
• Removed references to v8 and fixed console command help by @CDuPlooy in #501
• Adding support for bypassing RootBeer library. in #463
• Feat ios pattern hooking by @CDuPlooy in #510
• Feat android pattern hooking by @CDuPlooy in #511
• Fix mem dump by @CDuPlooy in #520
• Added --uid flag by @CDuPlooy in #526
• Bump terser from 5.10.0 to 5.14.2 in /agent by @dependabot[bot] in #559
• Fix biometry access constraints by @legik in #610
• Fix some typo by @apkunpacker in #603
• fix(agent): getBroadcastReceivers handle null by @Ha0ris in #591
• Fix typos by @Exaphis in #614
• Added option to skip APK signing by @w1gs in #635
• Adding functionalities: 'update' and 'remove' item from ios keychain. by @gastontoth in #584
• Added --watch and friends to notify by @CDuPlooy in #581
• (feat) Added memory replace command. by @IPMegladon in #656
• Support for apktool d --only-main-classes by @AltayAkkus in #660
• (chore) Bumping of dependencies. by @IPMegladon in #681
• Bump codeql workflow to v3 by @IPMegladon in #723
• Added Detection and Analysis of Android Implicit Intents by @lehasaS in #714
• Bugfixes and minor http server feature. by @IPMegladon in #698
• (fix) Fix filesystem cat command missing parameter. by @IPMegladon in #725
• Added optional backtrace for implicit intent analyzer by @CDuPlooy in #731
• Job handler update. by @IPMegladon in #705
• Concurrency control foor apktool by @CDuPlooy in #730
• (fix) Added patch_stdout to REPL for #706. by @IPMegladon in #732
• (fix) frida v17 changes, webserver disabled. by @IPMegladon in #734
• QoL fixes by @IPMegladon in #743
• (fix) Hotfix update of frida-java-bridge by @IPMegladon in #771
• fix: correct ObjC reference in Frida 17.x compatibility layer by @0xBl4nk in #763

New Contributors

• @p0w1 made their first contribution in #452
• @bennofs made their first contribution in #460
• @MantisSTS made their first contribution in #482
• @jackall3n made their first contribution in #490
• @CDuPlooy made their first contribution in #501
• @dependabot[bot] made their first contribution in #559
• @legik made their first contribution in #610
• @apkunpacker made their first contribution in #603
• @Ha0ris made their first contribution in #591
• @Exaphis made their first contribution in #614
• @w1gs made their first contribution in #635
• @gastontoth made their first contribution in #584
• @IPMegladon made their first contribution in #656
• @AltayAkkus made their first contribution in #660
• @lehasaS made their first contribution in #714
• @0xBl4nk made their first contribution in #763

1.11.0

notes

This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision file automatically, but if you need to set it to something else, you can use the new -b flag on the patchipa command.

fixes

• Correctly parse apktool versions, even if build from source. (554c6c6) (via #449) (thanks @No-Cellist-7780)
• Improve support for patching iOS applications using a free developer account. (bb33bce)

other

• Bump agent dependencies (23ba6b0)
• Formatting fixes (7724481)

Code Diff Since v1.10.1

1.10.2

fixes

• Don't crash the agent if no matches were found when using the memory search command (24582bb)
• Handle keychain entries that have the kSecAttrSynchronizable flag set (8560d75) (thanks @jpstotz)

other

• Bump agent dependencies (1af959f)

Code Diff Since v1.10.0

1.10.1

fixes

• Fix import check for objc_release indicating that ARC is enabled (3b8cc59)

Code Diff Since v1.10.0

1.10.0

new

• Add the android hooking list class_loaders command to list the available class loaders (b0710ed)
• Add the objection signapk command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner to apksigner (available in the Kali repo) (724019a) (via #375) (thanks @mtschirs)
• Add wildcard class name support for Android method hooking (0dee9d6) (via #383) (thanks @bet4it)
• Add the ability to specify an already decoded AndroidManifest to the patchapk command such that --skip-resources could still be used under certain conditions (9370002) (via #407) (thanks @agreenbhm)
• Improve the iOS biometrics bypass hook by also hooking evaluateAccessControl. (2977c8a) (via #411) (thanks @jnovak-praetorian)
• Add a new ios monitor crypto command to monitor CommonCrypto usage in real time. (746d08d) (via #430) (thanks @gagnonca)
• Add a new android proxy set command to set the proxy server used by a specific Android app and not the whole OS. (91d1311) (via #439) (thanks @GOAT-FARM3R)
• Add a new android deoptimize command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (a343591)

fixes

• Improve error handling when the remote Frida version does not match the local version (6b7baf8)
• Silence errors that may have occurred while checking for updates (925d2bc)
• Improve the sqlite connect command to also download SQLite specific temp files if they are available (772154f) (via #392) (thanks @mame82)
• Revert an older JSON.stringify patch to properly display hooked arguments for Android hooks again (675a88f) (via #414) (thanks @ido77778)

other

• Update agent dependencies (7a727a0)
• Update agent dependencies (618c087)
• Target es2020 for the agent. This makes Frida 14+ a requirement for QuickJS (1e79aa3)
• Major Frida agent dependency bump to latest versions (d5642c3)
• Reduce the length of generated job ids (dc104f8)
• Add warnings about loaded classes when hooking (8abb553) (via #403) (thanks @TheDauntless)

Code Diff Since v1.9.6

1.9.6

new

• The pwd command will now do the same as pwd print, fixing #395 (b550b94)
• Plugins can now extend the HTTP API by returning a Flask Blueprint in the http_api method of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the -a flag to the explore command. (a2d988b)
• Add new hooks to the iOS jailbreak bypass module for calls to fopen and -[UIApplication canOpenURL:]. Thanks @haxxinen (#390)

fixes

• Major update checker refactor. The update checker will now only fire once a day, and will store version information in ~/.objection/version_info. This commit also fixed #386 (bca9776)

other

• Bump agent dependencies (4fd2818)
• Bump lodash version (9e99a01)
• Bump agent dependencies (76848d8)

Code Diff Since v1.9.5

1.9.5

fixes

• Fix exceptions thrown when version checking. Thanks @MarshalX (#382)
• Refactor (and fix) Android Heap interaction features to better survive future Frida upgrades :D (e460445)

other

• Bump agent dependencies (45dd99a)
• Bump agent dependencies (9605949)
• Bump agent dependencies (10c7f57)
• Bump @types/frida-gum (a3c3ba8)
• Bump frida-objc-bridge version (c897944)

Code Diff Since v1.9.4

1.9.4

fixes

• Fix path for embedding scripts on Android platforms (1db2da7)

Code Diff Since v1.9.3