Releases: sensepost/objection
Releases · sensepost/objection
v1.5.3
008e327
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
fixes
other
Upgrade node dependencies for the agent, primarily bumping the frida-gum-types version to ^4. 613be5a
Code Changes Since v1.5.2
v.1.5.2 - Bug fixes
805bf86
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
fixes
- Fix the iOS generic method return value override module. #193
- Fix agent loading on operating systems that don't use UTF-8 encoding by default. #191
Thanks goes to @aph3rson for the fixes in this release.
Code Changes Since v1.5.1
v1.5.1
d000679
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
fixes
- Fix an agent error condition when iOS AFNetworking was not available. #189
- Small flow control and code simplification changes in the agent.
- Fix various typos.
Code Changes Since v1.5.0
v1.5.0 - TypeScript agent, API and more!
ee7b75a
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
new
- Completely rewritten Frida agent using TypeScript. All of the old hooks have been ported into this agent, replacing the old method of constantly loading and unloading Frida scripts with a single instance exposing methods via the Frida RPC.
- An API! Read more about that here.
- Support spawning Android applications when running on a rooted Android device.
- Job output is no longer a single, random colour, but instead contains a job ID and more useful colouring of the overall output.
- Include new SSL pinning disabling hooks.
- Add command fuzzy completion.
- Upgrade dependencies, most notably, prompt-toolkit to version 2.
fixes
- A crazy amount of hook specific bug fixes (no really). This is primarily thanks to the TypeScript agent port work together with the help of the frida-gum TypeScript type definitions.
- Vastly improved filesystem interactions for both Android and iOS, primarily when uploading/downloading files.
- Better error reporting when the Frida server (both in a Gadget mode and server mode) goes away/crashes.
- Improved data decoding for the iOS keychain dumping module.
- Added a check when using
--skip-resourcesflag for the APK builder to not try and inject the Internet permission. - Fix the directory separator when using on Windows.
- Improve error handling when dumping memory regions.
Code Changes Since v1.4.1
v1.4.1
f8e78d8
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
new
- Improved exception error reporting to the terminal to help debug errors.
fixes
- Android class watcher command will now correctly report invoked methods.
- Fix the memory dumping commands to support Frida 12.
Code Changes Since v1.4.0
v1.4.0
ff86ff3
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
new
- Add the
ios nsurlcredentialstorage dumpcommand to dump credentials stored using NSURLCredentialStorage.
fixes
- Improve class Objective-C selection for the
ios hooking watch*commands. - Add warnings about existing memory dumps before overriding an existing dump.
- Include
frida-toolsas dependency as required since Frida 12. - Other small fixes.
Code Changes since v1.3.0
v1.3.0
e7f0a22
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
v1.3.0
This release updates the license for objection to GPL v3.
new
- Add support for multiple devices by specifying a target device serial with the new
--serialflag. - Add the ability to add new text
kSecClassGenericPasswordkeychain entries.
fixes
- Small fixes to the iOS keychain dumper.
- Fix the update checker to improve support for Windows.
v1.2.9
8cfb8b6
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
changes
This version simply pins the version of python-prompt-toolkit in use as a major update of the library is imminent. (thanks @jonathanslenders)
v1.2.8
8a31633
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
v1.2.8
changes
- The Android patcher defaulted to not decode resources by default. This has now been inverted, with the flags long name changed to
--skip-resourcesto skip the decoding if needed.
v1.2.7
58786c4
This commit was signed with the committer’s verified signature.
The key has expired.
leonjza
Leon Jacobs
v1.2.7
new
- Add
--network-security-config/-Nflag to thepatchapkcommand. This flag will add a network security config to the APK as well as the requiredandroid:networkSecurityConfigtag to theAndroidManifest.xml's<application>tag. This helps for Android 7+ and the changes to CA certificates that were introduced. - Add a hook on the
verifyChain()method in thecom.android.org.conscrypt.TrustManagerImplclass to suppress exceptions that could get thrown if a certificate with a non-trusted CA is presented. This hook is available in theandroid sslpinning disablecommand and should take preference over--network-security-configflag in thepatchapkcommand.
fixes
- The
patchapkcommand used to strip all.'s from the resultant APK's name. This should no longer happen.