📱Objection - runtime mobile exploration

Overview

📱 objection - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

Twitter PyPi Black Hat Arsenal Black Hat Arsenal

objection

  • Supports both iOS and Android.
  • Inspect and interact with container file systems.
  • Bypass SSL pinning.
  • Dump keychains.
  • Perform memory related tasks, such as dumping & patching.
  • Explore and manipulate objects on the heap.
  • And much, much more...

Screenshots are available in the wiki.

installation

Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

For more detailed update and installation instructions, please refer to the wiki page here.

license

objection is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

Comments
  • frida.ProcessNotFoundError: unable to find process with name 'Gadget'

    frida.ProcessNotFoundError: unable to find process with name 'Gadget'

    Hi there,

    I just installed frida and objection to try some iOS debugging. Unfortunately I only receive errors about closed connection and missing gadget. I tried to google it and read all the docs but havent found anything. So hopefully I dont ask a stupid RTFM question.

    I have

    • a jailbroken iPad with iOS 9.3.3
    • connected through USB cable
    • frida is installed through Cydia and the frida-server is running
    • objection is installed through pip

    frida is capable to list the device

    frida-ls-devices 
    Id                                        Type    Name        
    ----------------------------------------  ------  ------------
    local                                     local   Local System
    581759c322bf                    tether  iOS Device  
    tcp                                       remote  Local TCP  
    
    

    Process listening seems to work also:

    frida-ps -Uai
    PID  Name           Identifier                     
    ---  -------------  -------------------------------
    994  Cydia          com.saurik.Cydia               
    993  Kalender       com.apple.mobilecal            
    290  Mail           com.apple.mobilemail           
    941  Nachrichten    com.apple.MobileSMS            
      -  App Store      com.apple.AppStore             
    ...
    

    When I try objection explore, for a dedicated process/gadget, I receive the following error:

    objection -g "com.apple.Preferences" explore
    Error: unable to find process with name 'com.apple.Preferences'
    
    

    Even though the process exists.

    When I run objection device_type I receive another issue:

    objection device_type
    Traceback (most recent call last):
      File "/root/virtual-python3/bin/objection", line 11, in <module>
        sys.exit(cli())
      File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 722, in __call__
        return self.main(*args, **kwargs)
      File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 697, in main
        rv = self.invoke(ctx)
      File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 895, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 535, in invoke
        return callback(*args, **kwargs)
      File "/root/virtual-python3/lib/python3.6/site-packages/objection/console/cli.py", line 164, in device_type
        device_name, system_name, model, system_version = get_device_info()
      File "/root/virtual-python3/lib/python3.6/site-packages/objection/commands/device.py", line 20, in get_device_info
        runner.run(hook=hook)
      File "/root/virtual-python3/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 346, in run
        session = self.get_session()
      File "/root/virtual-python3/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 281, in get_session
        return frida.get_usb_device(5).attach(state_connection.gadget_name)
      File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 97, in attach
        return Session(self._impl.attach(self._pid_of(target)))
      File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 115, in _pid_of
        return self.get_process(target).pid
      File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 73, in get_process
        raise _frida.ProcessNotFoundError("unable to find process with name '%s'" % process_name)
    frida.ProcessNotFoundError: unable to find process with name 'Gadget'
    
    🐛bug help wanted 
    opened by HachimanSec 35
  • Unable to install the patched ipa file into iOS device - AMDeviceSecureInstallApplication (ios_deploy)

    Unable to install the patched ipa file into iOS device - AMDeviceSecureInstallApplication (ios_deploy)

    Unable to install the patched ipa file into iOS device

    OS: MAC Catalina 10.15.5 (installed in VirtualBox) iOS Device connected : iPhone 11 (Non-Jailbroken Phone)

    Logged-in using new Apple developer ID in Xcode tool and i have created Apple Development Certificates.

    I created the new project in Xcode, build succeeded and installed successfully in iOS Device. But it fails when i try to install patched ipa to iOS device using ios-deploy tool.

    I followed the steps mentioned in this link: https://github.com/sensepost/objection/wiki/Patching-iOS-Applications

    objection patchipa --source ~/Downloads/DamnVulnerableiOSApp.ipa --codesign-signature DB788065444E6695A883E4EECE97AC215DFECD8B

    Using latest Github gadget version: 12.11.17 Patcher will be using Gadget version: 12.11.17 No provision file specified, searching for one... Found provision file /Users/babugan/Library/Developer/Xcode/DerivedData/KMBTestt-estfvctxwdlbtzemjgmxlnbzvyyu/Build/Products/Debug-iphoneos/KMBTestt.app/embedded.mobileprovision expiring in 6 days, 7:49:46.062156 Found provision file /Users/babugan/Library/Developer/Xcode/DerivedData/KMBTest-bqdaayrmrlxrnlgkpesneuvtulmr/Build/Products/Debug-iphoneos/KMBTest.app/embedded.mobileprovision expiring in 6 days, 12:42:25.062156 Found a valid provisioning profile Working with app: DamnVulnerableIOSApp.app Bundle identifier is: com.highaltitudehacks.dvia Creating Frameworks directory for FridaGadget... Codesigning 1 .dylib's with signature DB788065444E6695A883E4EECE97AC215DFECD8B Code signing: FridaGadget.dylib Creating new archive with patched contents... Codesigning patched IPA... Cannot find entitlements in binary. Using defaults

    Copying final ipa from /var/folders/yl/rcc7qwfd7vlf3cpb29njhxsm0000gn/T/DamnVulnerableiOSApp-frida-codesigned.ipa to current directory... Cleaning up temp files...

    unzip DamnVulnerableiOSApp-frida-codesigned.ipa

    Archive: DamnVulnerableiOSApp-frida-codesigned.ipa creating: Payload/DamnVulnerableIOSApp.app/ creating: Payload/DamnVulnerableIOSApp.app/_CodeSignature/ inflating: Payload/DamnVulnerableIOSApp.app/_CodeSignature/CodeResources
    inflating: Payload/DamnVulnerableIOSApp.app/main-bg.png
    inflating: Payload/DamnVulnerableIOSApp.app/card-bg.png
    extracting: Payload/DamnVulnerableIOSApp.app/menuIcon.png
    creating: Payload/DamnVulnerableIOSApp.app/en.lproj/ inflating: Payload/DamnVulnerableIOSApp.app/en.lproj/InfoPlist.strings
    inflating: Payload/DamnVulnerableIOSApp.app/640_960_SplashScn.png
    inflating: Payload/DamnVulnerableIOSApp.app/152x152.png
    ....

    codesign -v --verbose DamnVulnerableIOSApp.app DamnVulnerableIOSApp.app: valid on disk DamnVulnerableIOSApp.app: satisfies its Designated Requirement

    ios-deploy --bundle DamnVulnerableIOSApp.app -d -v -W
    [....] Waiting for iOS device to be connected Handling device type: 1 Already found device? 0 Hardware Model: N104AP Device Name: Cloud Keybank iPhone 11 ID:151 Model Name: iPhone 11 SDK Name: iphoneos Architecture Name: arm64e Product Version: 13.5.1 Build Version: 17F80 [....] Using 00008030-000E21DA3AF0802E (N104AP, iPhone 11, iphoneos, arm64e) a.k.a. 'Cloud iPhone 11 ID:151'. ------ Install phase ------ [ 0%] Found 00008030-000E21DA3AF0802E (N104AP, iPhone 11, iphoneos, arm64e) a.k.a. 'Cloud iPhone 11 ID:151' connected through USB, beginning install [ 5%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/META-INF/ to device [ 5%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/META-INF/com.apple.ZipMetadata.plist to device [ 5%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/_CodeSignature/ to device [ 5%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/_CodeSignature/CodeResources to device [ 5%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/main-bg.png to device [ 6%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/card-bg.png to device [ 6%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/menuIcon.png to device [ 6%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/en.lproj/ to device [ 6%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/en.lproj/InfoPlist.strings to device [ 6%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/640_960_SplashScn.png to device [ 7%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/152x152.png to device [ 7%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/640x1136_SplashScn.png to device [ 7%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/120x120.png to device [ 8%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 8%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/slider-bg.png to device [ 8%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 8%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 8%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 9%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 9%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Base.lproj/ to device [ 9%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Base.lproj/Main.storyboardc/ to device [ 9%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Base.lproj/Main.storyboardc/g9c-Ju-vFC-view-IFp-rO-8Ad.nib to device [ 10%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Base.lproj/Main.storyboardc/cLD-LZ-seZ-view-4QP-f7-Xbj.nib to device [ 10%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Base.lproj/Main.storyboardc/UIViewController-5xJ-MS-CJp.nib to device ... [ 49%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/Info.plist to device [ 49%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/[email protected] to device [ 49%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/57x57.png to device [ 49%] Copying /Users/babugan/Downloads/Payload/DamnVulnerableIOSApp.app/PkgInfo to device [ 52%] CreatingStagingDirectory [ 57%] ExtractingPackage [ 60%] InspectingPackage [ 60%] TakingInstallLock [ 65%] PreflightingApplication [ 65%] InstallingEmbeddedProfile [ 70%] VerifyingApplication 2020-09-24 04:06:05.229 ios-deploy[2865:916828] [ !! ] Error 0xe8008001: An unknown error has occurred. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)

    Not sure the reason for this error from ios_deploy tool.

    Similarly when check for other pathed ipa file, codesign -v --verbose KMB_QV2.app KMB_QV2.app: code object is not signed at all In architecture: arm64

    Need your help to resolve this issue.

    dependency apps 
    opened by ganesh2183 20
  • Error occured while extracting the APK.

    Error occured while extracting the APK.

    root@xxx:~# objection patchapk -s com.mimikko.mimikkoui_1.8.6_29.apk --architecture arm64-v8a
    Using latest Github gadget version: 10.6.54
    Patcher will be using Gadget version: 10.6.54
    Unpacking com.mimikko.mimikkoui_1.8.6_29.apk
    An error may have occured while extracting the APK.
    Exception in thread "main" java.lang.NullPointerException
    	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1792)
    	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
    	at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
    	at brut.androlib.res.AndrolibResources.getFrameworkApk(AndrolibResources.java:570)
    	at brut.androlib.res.AndrolibResources.loadFrameworkPkg(AndrolibResources.java:112)
    	at brut.androlib.res.data.ResTable.getPackage(ResTable.java:82)
    	at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:65)
    	at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:61)
    	at brut.androlib.res.decoder.ResAttrDecoder.decode(ResAttrDecoder.java:39)
    	at brut.androlib.res.decoder.AXmlResourceParser.getAttributeValue(AXmlResourceParser.java:369)
    	at org.xmlpull.v1.wrapper.classic.XmlPullParserDelegate.getAttributeValue(XmlPullParserDelegate.java:69)
    	at brut.androlib.res.decoder.XmlPullStreamDecoder$1.parseManifest(XmlPullStreamDecoder.java:97)
    	at brut.androlib.res.decoder.XmlPullStreamDecoder$1.event(XmlPullStreamDecoder.java:65)
    	at brut.androlib.res.decoder.XmlPullStreamDecoder.decode(XmlPullStreamDecoder.java:141)
    	at brut.androlib.res.decoder.XmlPullStreamDecoder.decodeManifest(XmlPullStreamDecoder.java:153)
    	at brut.androlib.res.decoder.ResFileDecoder.decodeManifest(ResFileDecoder.java:140)
    	at brut.androlib.res.AndrolibResources.decodeManifestWithResources(AndrolibResources.java:199)
    	at brut.androlib.Androlib.decodeManifestWithResources(Androlib.java:140)
    	at brut.androlib.ApkDecoder.decode(ApkDecoder.java:100)
    	at brut.apktool.Main.cmdDecode(Main.java:165)
    	at brut.apktool.Main.main(Main.java:81)
    
    App already has android.permission.INTERNET
    Smali not found in smali directory. This might be a multidex APK. Searching...
    Traceback (most recent call last):
      File "/usr/local/bin/objection", line 11, in <module>
        sys.exit(cli())
      File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 722, in __call__
        return self.main(*args, **kwargs)
      File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 697, in main
        rv = self.invoke(ctx)
      File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1066, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 895, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 535, in invoke
        return callback(*args, **kwargs)
      File "/usr/local/lib/python3.5/dist-packages/objection/console/cli.py", line 219, in patchapk
        patch_android_apk(**locals())
      File "/usr/local/lib/python3.5/dist-packages/objection/commands/mobile_packages.py", line 155, in patch_android_apk
        patcher.inject_load_library()
      File "/usr/local/lib/python3.5/dist-packages/objection/utils/patchers/android.py", line 496, in inject_load_library
        raise Exception('Unable to find smali to patch!')
    Exception: Unable to find smali to patch!
    Cleaning up temp files...
    Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/tmpqavggvwl.apktemp.objection.apk
    

    I am not sure what happened to this app. Do you need this apk?

    dependency apktool 
    opened by iusearch 20
  • [bug] A Frida agent exception has occurred cannot read property 'address' of undefined

    [bug] A Frida agent exception has occurred cannot read property 'address' of undefined

    Describe the bug When i try to watch any method of a class i ran into this error after that i updated my Frida and objection framework to see if the issue gets resolved but still getting the same error.

    WARNING: Ignoring this template and not completing the fields could result in your issue simply being closed.

    To Reproduce Steps to reproduce the behavior:

    1. Run command 'ios hooking set return_value "-[FIRGetAccountInfoResponseUser emailVerified:]" true'

    2. ios hooking watch method "-[FIRSecureTokenRequest APIKey:]" --dump-args

    Both Commands result into same error. Expected behavior A clear and concise description of what you expected to happen.

    Evidence / Logs / Screenshots Any output from objection, such as stack traces or errors that occurred. Be sure to run objection with the --debug flag so that errors from the agent are verbose enough to debug. For example: Getting this error when trying to dump arguments of a method call

    A Frida agent exception has occurred.
    TypeError: cannot read property 'address' of undefined
    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:56618)
    at /script1.js:10272
    at frida/runtime/message-dispatcher.js:15
    at o (frida/runtime/message-dispatcher.js:25)
    
    Python stack trace: Traceback (most recent call last):
    File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/objection/console/repl.py", line 371, in start_repl
    self.run_command(document)
    File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/objection/console/repl.py", line 185, in run_command
    exec_method(arguments)
    File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/objection/commands/ios/hooking.py", line 234, in watch_class_method
    api.ios_hooking_watch_method(selector,
    File "/Users/osamamahmood/Library/Python/3.8/lib/python/site-packages/frida/core.py", line 401, in method
    return script._rpc_request('call', js_name, args, **kwargs)
    File "/Users/osamamahmood/Library/Python/3.8/lib/python/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
    File "/Users/osamamahmood/Library/Python/3.8/lib/python/site-packages/frida/core.py", line 333, in _rpc_request
    raise result[2]
    frida.core.RPCException: TypeError: cannot read property 'address' of undefined
    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:56618)
    at /script1.js:10272
    at frida/runtime/message-dispatcher.js:15
    at o (frida/runtime/message-dispatcher.js:25)
    

    Environment (please complete the following information):

    • Device: iPhone X
    • OS: iOS 13.4
    • Frida Version 12.8.20
    • Objection Version 1..9.1
    apps 
    opened by OsamaMahmood 17
  • How to patch in multi-apk/app bundle scenario? Part 2

    How to patch in multi-apk/app bundle scenario? Part 2

    This is a follow up to https://github.com/sensepost/objection/issues/340 which was closed, and I considered reopening, but this is a separate issue seemingly so I thought a new bug report would be better.

    Still trying to get objection working as per the docs.

    My versions

    objection version
    objection: 1.9.0
    
    apktool --version
    2.4.1
    
    javac -version
    javac 1.8.0_172
    
    java -version
    openjdk version "1.8.0_172"
    OpenJDK Runtime Environment (Zulu 8.30.0.1-macosx) (build 1.8.0_172-b01)
    OpenJDK 64-Bit Server VM (Zulu 8.30.0.1-macosx) (build 25.172-b01, mixed mode)
    
    adb --version
    Android Debug Bridge version 1.0.41
    Version 29.0.6-6198805
    Installed as /Users/coltonidle/Development/Android/SDK/platform-tools/adb
    

    As per the docs I got the path then:

    adb shell pm path com.ubercab
    
    package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/base.apk
    package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.arm64_v8a.apk
    package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.xxhdpi.apk
    
    then
    
    adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/base.apk
    adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.arm64_v8a.apk
    adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.xxhdpi.apk
    

    then I tried running objection patchapk --source base.apk but it failed, so I then tried objection patchapk -D --source base.apk(I found that in a random github issue, not sure exactly why it works) and that seemed to work. I now have 4 apks (1 of them is the base.objection.apk)

    I then follow your previous instructions of calling adb install-multiple.

    adb install-multiple base.objection.apk split_config.arm64_v8a.apk split_config.xxhdpi.apk 
    adb: failed to finalize session
    Failure [INSTALL_FAILED_INVALID_APK: /data/app/vmdl248531366.tmp/split_config.arm64_v8a.apk signatures are inconsistent]
    

    So it seems as though the signatures are different now because base.objection.apk is patched (not sure if that's intended, first time using objection/apktool).

    Not sure what to do next. I did try to patch the other split_config apks, via something like objection patchapk -D --source split_config.arm64_v8a.apk but that failed with

    No architecture specified. Determining it using `adb`...
    Detected target device architecture as: arm64-v8a
    Using latest Github gadget version: 12.8.19
    Patcher will be using Gadget version: 12.8.19
    Detected apktool version as: 2.4.1
    Running apktool empty-framework-dir...
    I: Removing 1.apk framework file...
    Unpacking split_config.arm64_v8a.apk
    Cannot patch an APK for Internet permission when --skip-resources is set, remove this and try again.
    Traceback (most recent call last):
      File "/usr/local/bin/objection", line 8, in <module>
        sys.exit(cli())
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 829, in __call__
        return self.main(*args, **kwargs)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 782, in main
        rv = self.invoke(ctx)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 610, in invoke
        return callback(*args, **kwargs)
      File "/usr/local/lib/python3.7/site-packages/objection/console/cli.py", line 358, in patchapk
        patch_android_apk(**locals())
      File "/usr/local/lib/python3.7/site-packages/objection/commands/mobile_packages.py", line 181, in patch_android_apk
        patcher.inject_internet_permission(skip_resources=skip_resources)
      File "/usr/local/lib/python3.7/site-packages/objection/utils/patchers/android.py", line 427, in inject_internet_permission
        raise Exception('Cannot --skip-resources with no Internet permission')
    Exception: Cannot --skip-resources with no Internet permission
    Cleaning up temp files...
    Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmpkaqm5qfm.apktemp.objection.apk'
    

    Then I tried objection patchapk --source split_config.arm64_v8a.apk and got

    No architecture specified. Determining it using `adb`...
    Detected target device architecture as: arm64-v8a
    Using latest Github gadget version: 12.8.19
    Patcher will be using Gadget version: 12.8.19
    Detected apktool version as: 2.4.1
    Running apktool empty-framework-dir...
    Unpacking split_config.arm64_v8a.apk
    Injecting permission: android.permission.INTERNET
    Writing new Android manifest...
    Target class not specified, searching for launchable activity instead...
    Unable to determine the launchable activity using aapt, trying to manually parse the AndroidManifest for activity aliases...
    Unable to determine the launchable activity for this app.
    Traceback (most recent call last):
      File "/usr/local/bin/objection", line 8, in <module>
        sys.exit(cli())
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 829, in __call__
        return self.main(*args, **kwargs)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 782, in main
        rv = self.invoke(ctx)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/usr/local/lib/python3.7/site-packages/click/core.py", line 610, in invoke
        return callback(*args, **kwargs)
      File "/usr/local/lib/python3.7/site-packages/objection/console/cli.py", line 358, in patchapk
        patch_android_apk(**locals())
      File "/usr/local/lib/python3.7/site-packages/objection/commands/mobile_packages.py", line 189, in patch_android_apk
        patcher.inject_load_library(target_class=target_class)
      File "/usr/local/lib/python3.7/site-packages/objection/utils/patchers/android.py", line 750, in inject_load_library
        target_class if target_class else self._get_launchable_activity())
      File "/usr/local/lib/python3.7/site-packages/objection/utils/patchers/android.py", line 362, in _get_launchable_activity
        raise Exception('Unable to determine launchable activity')
    Exception: Unable to determine launchable activity
    Cleaning up temp files...
    Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmph_za7zx1.apktemp.objection.apk'
    
    apps 
    opened by ColtonIdle 16
  • Not able to download file from Android app

    Not able to download file from Android app

    Hi,

    I'm currently testing objection together with the MSTG-Hacking-Playground app and I'm not able to download files.

    Here's the APK:

    https://github.com/OWASP/MSTG-Hacking-Playground/blob/master/Android/OMTG-Android-App/app/app-arm-debug.apk

    First of all: patching ...

    $ objection patchapk --source app-arm-debug.apk
    No architecture specified. Determining it using `adb`...
    Detected target device architecture as: arm64-v8a
    Using latest Github gadget version: 11.0.12
    Patcher will be using Gadget version: 11.0.12
    Unpacking app-arm-debug.apk
    App already has android.permission.INTERNET
    Reading smali from: /var/folders/4g/4rvg_s1d44v_x_6h4qmt5wwr0000gn/T/tmpp_4vlngt.apktemp/smali/sg/vp/owasp_mobile/OMTG_Android/MyActivity.smali
    Injecting loadLibrary call at line: 10
    Writing patched smali back to: /var/folders/4g/4rvg_s1d44v_x_6h4qmt5wwr0000gn/T/tmpp_4vlngt.apktemp/smali/sg/vp/owasp_mobile/OMTG_Android/MyActivity.smali
    Creating library path: /var/folders/4g/4rvg_s1d44v_x_6h4qmt5wwr0000gn/T/tmpp_4vlngt.apktemp/lib/arm64-v8a
    Copying Frida gadget to libs path...
    Rebuilding the APK with the frida-gadget loaded...
    Built new APK with injected loadLibrary and frida-gadget
    Signing new APK.
    Signed the new APK
    Performing zipalign
    Zipaling completed
    Copying final apk from /var/folders/4g/4rvg_s1d44v_x_6h4qmt5wwr0000gn/T/tmpp_4vlngt.apktemp.aligned.objection.apk to app-arm-debug.objection.apk in current directory...
    Cleaning up temp files...
    

    All OK so I install it to my OnePlus on Android 8.1.0. As you can see here, the file is first not there but it appears after clicking "OMTG_DATAST_001_InternalStorage". When trying to download it it throws an error.

    $ objection explore
    ...g.vp.owasp_mobile.omtg_android on (OnePlus: 8.1.0) [usb] # file download /data/user/0/sg.vp.owasp_mobile.omtg_android/files/test_file
    Downloading /data/user/0/sg.vp.owasp_mobile.omtg_android/files/test_file to test_file
    Unable to download file. File is not readable
    ...g.vp.owasp_mobile.omtg_android on (OnePlus: 8.1.0) [usb] # ls
    Type    Last Modified    Read    Write    Hidden    Size    Name
    ------  ---------------  ------  -------  --------  ------  ------
    
    Readable: Yes  Writable: Yes
    ...g.vp.owasp_mobile.omtg_android on (OnePlus: 8.1.0) [usb] # ls
    Type    Last Modified            Read    Write    Hidden    Size    Name
    ------  -----------------------  ------  -------  --------  ------  ---------
    File    2018-06-15 18:58:01 GMT  True    True     False     41.0 B  test_file
    
    Readable: Yes  Writable: Yes
    ...g.vp.owasp_mobile.omtg_android on (OnePlus: 8.1.0) [usb] # file download /data/user/0/sg.vp.owasp_mobile.omtg_android/files/test_file
    Downloading /data/user/0/sg.vp.owasp_mobile.omtg_android/files/test_file to test_file
    
    
    An exception occurred while processing the command. If this looks like a code related error, please file a bug report!
    Error: Error: VM::GetEnv failed: -2
        at e (frida/node_modules/frida-java/lib/result.js:7)
        at frida/node_modules/frida-java/lib/vm.js:71
        at a (frida/node_modules/frida-java/lib/class-factory.js:2743)
        at o (java.js:4544)
        at stringify (native)
        at frida/runtime/core.js:50
        at c (frida/runtime/message-dispatcher.js:71)
        at e (frida/runtime/message-dispatcher.js:55)
        at t (frida/runtime/message-dispatcher.js:24)
    

    I've tested it in the emulator on Android: 5.1.1 and the corresponding APK but got the same results.

    Could you please take a look at it? Thank you so much!

    🐛bug apps 
    opened by cpholguera 16
  • Frida server is not launching

    Frida server is not launching

    I am on a non rooted device and patched an apk with objection. The app successfully patched and installed ok, however, when I run the app, it continues to load without stopping on a blank screen as frida server runs.

    Steps to reproduce the behavior:

    1. Patch apk with objection
    2. Install patched apk
    3. Run application and app continues to splash screen without being called.

    Expected behavior: Launch app, app sits on blank screen, app awaits 'objection explore' command and continues as normal.

    Error: Unable to connect to the frida server: unable to connect to remote frida-server: Unexpected lack of content trying to read a line

    Environment:

    • Device: Galaxy S8
    • OS: Android 9
    • Frida Version latest
    • Objection Version latest

    If this has already been solved, Id appreciate if you can link me there! If the app is just not possible to be used with objection then my bad.

    ❔question 
    opened by karmakittenx 14
  • Error when patching ipa

    Error when patching ipa

    Exception:

    Using latest Github gadget version: 12.7.11
    Patcher will be using Gadget version: 12.7.11
    No provision file specified, searching for one...
    Found provision file /Users/Shehan/Library/Developer/Xcode/DerivedData/LowValueTransactions-dvqkwtuxcwydepdlwzqshjujxaiu/Build/Products/Debug-iphoneos/BOC QA UAT.app/embedded.mobileprovision expiring in 350 days, 15:52:45.716225
    Found a valid provisioning profile
    Working with app: BOC QA UAT.app
    Bundle identifier is: com.bankofceylon.smartpayepic
    Codesigning 13 .dylib's with signature 8728AA80DEEBA760DA935CD793D96D7FEEB88887
    Code signing: libswiftCoreImage.dylib
    Code signing: libswiftObjectiveC.dylib
    Code signing: libswiftCore.dylib
    Code signing: libswiftCoreGraphics.dylib
    Code signing: libswiftUIKit.dylib
    Code signing: libswiftMetal.dylib
    Code signing: libswiftDispatch.dylib
    Code signing: libswiftos.dylib
    Code signing: libswiftCoreFoundation.dylib
    Code signing: FridaGadget.dylib
    Code signing: libswiftDarwin.dylib
    Code signing: libswiftQuartzCore.dylib
    Code signing: libswiftFoundation.dylib
    Creating new archive with patched contents...
    Codesigning patched IPA...
    **Cannot find entitlements in binary. Using defaults**
    **{ Error: EEXIST: file already exists, mkdir '/tmp'
        at Object.fs.mkdirSync (fs.js:885:18)
        at Object.zip (/usr/local/lib/node_modules/applesign/lib/tools.js:149:6)
        at <anonymous> errno: -17, code: 'EEXIST', syscall: 'mkdir', path: '/tmp' }**
    
    Copying final ipa from /tmp/LowValueTransactions-frida-codesigned.ipa to current directory...
    Traceback (most recent call last):
      File "/Library/Frameworks/Python.framework/Versions/3.7/bin/objection", line 11, in <module>
        load_entry_point('objection==1.8.0', 'console_scripts', 'objection')()
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/click/core.py", line 764, in __call__
        return self.main(*args, **kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/click/core.py", line 717, in main
        rv = self.invoke(ctx)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/click/core.py", line 956, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/click/core.py", line 555, in invoke
        return callback(*args, **kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/objection/console/cli.py", line 309, in patchipa
        patch_ios_ipa(**locals())
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/objection/commands/mobile_packages.py", line 85, in patch_ios_ipa
        os.path.join(os.path.abspath('.'), os.path.basename(patcher.get_patched_ipa_path())))
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/shutil.py", line 120, in copyfile
        with open(src, 'rb') as fsrc:
    FileNotFoundError: [Errno 2] No such file or directory: '/tmp/LowValueTransactions-frida-codesigned.ipa'
    Cleaning up temp files...
    Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/LowValueTransactions-frida-codesigned.ipa'
    
    🐛bug dependency 
    opened by ShehanMadushanka 14
  • Failed to load the Frida native extension: DLL load failed: The specified module could not be found.

    Failed to load the Frida native extension: DLL load failed: The specified module could not be found.

    objection patchapk -s .\myapp.apk
    
    ***
    Failed to load the Frida native extension: DLL load failed: The specified module could not be found.
    Please ensure that the extension was compiled for Python 3.x.
    ***
    
    Traceback (most recent call last):
      File "C:\Program Files\Python37\Scripts\objection-script.py", line 11, in <module>
        load_entry_point('objection==1.3.0', 'console_scripts', 'objection')()
      File "c:\program files\python37\lib\site-packages\pkg_resources\__init__.py", line 480, in load_entry_point
        return get_distribution(dist).load_entry_point(group, name)
      File "c:\program files\python37\lib\site-packages\pkg_resources\__init__.py", line 2693, in load_entry_point
        return ep.load()
      File "c:\program files\python37\lib\site-packages\pkg_resources\__init__.py", line 2324, in load
        return self.resolve()
      File "c:\program files\python37\lib\site-packages\pkg_resources\__init__.py", line 2330, in resolve
        module = __import__(self.module_name, fromlist=['__name__'], level=0)
      File "c:\program files\python37\lib\site-packages\objection\console\cli.py", line 2, in <module>
        import frida
      File "c:\program files\python37\lib\site-packages\frida\__init__.py", line 26, in <module>
        raise ex
      File "c:\program files\python37\lib\site-packages\frida\__init__.py", line 6, in <module>
        import _frida
    ImportError: DLL load failed: The specified module could not be found.
    

    Windows 10 1803, Python 3.7.0b5 x64

    frida windows 
    opened by megapro17 14
  • objection run issue

    objection run issue

    installed objection tools on mac by "pip3 install -U objection"

    while accessing the tool "objection --help" it showing some error message as below python 3.6 was installed

    (virtual-python3) ymac:objection apple$ objection --help


    Failed to load the Frida native extension: dlopen(/Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so, 2): Symbol not found: ___strlcpy_chk Referenced from: /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so Expected in: /usr/lib/libSystem.B.dylib in /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so Please ensure that the extension was compiled for Python 3.x.


    Traceback (most recent call last): File "/Users/apple/virtual-python3/bin/objection", line 7, in from objection.console.cli import cli File "/Users/apple/virtual-python3/lib/python3.6/site-packages/objection/console/cli.py", line 2, in import frida File "/Users/apple/virtual-python3/lib/python3.6/site-packages/frida/init.py", line 26, in raise ex File "/Users/apple/virtual-python3/lib/python3.6/site-packages/frida/init.py", line 6, in import _frida ImportError: dlopen(/Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so, 2): Symbol not found: ___strlcpy_chk Referenced from: /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so Expected in: /usr/lib/libSystem.B.dylib in /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so

    help wanted 
    opened by naveen12 14
  • added unicode support during the IPA extraction

    added unicode support during the IPA extraction

    Dear All, I'm a security anlyst of QuantumLeap-Deloitte and during an activity I had some problems extracting a IPA file containing Chinese characters, so I thought to add a support for the unicode encoding.

    opened by Fabiano1107 13
  • Issue in using Objection with corellium iOS device

    Issue in using Objection with corellium iOS device

    I am using corellium's virtual device for testing an application. I am using USBFlux and is able to connect to the device using the command frida-ps -Ua. However, when I use the command: objection -g 1292 explore. I get the following output

    Using USB device `iPhone`
    Unable to connect to the frida server: unable to communicate with remote frida-server; please ensure that major 
    versions match and that the remote Frida has the feature you are trying to use
    

    I even tried using this command: objection --network --host 10.11.1.2 -g 1292 explore. I still get the above error.

    Frida version on my mac and the corellium device is 16.0.1

    I am struggling with the above issue for quite some time. Please help me out.

    freshissue 
    opened by ubaidahmedIN 1
  • An unexpected internal exception has occurred. If this looks like a code related error, please file a bug report!

    An unexpected internal exception has occurred. If this looks like a code related error, please file a bug report!

    ...e.android. on (samsung: 7.1.2) [usb] # frida
    An unexpected internal exception has occurred. If this looks like a code related error, please file a bug report!
    'filename'
    
    Python stack trace: Traceback (most recent call last):
      File "G:\python\Lib\site-packages\objection\console\repl.py", line 371, in start_repl
        self.run_command(document)
      File "G:\python\Lib\site-packages\objection\console\repl.py", line 185, in run_command
        exec_method(arguments)
      File "G:\python\Lib\site-packages\objection\commands\frida_commands.py", line 38, in frida_environment
        ('Script Filename', frida_env['filename']),
                            ~~~~~~~~~^^^^^^^^^^^^
    KeyError: 'filename'
    

    image

    freshissue 
    opened by zicohip 0
  • [bug] The patched app contains an app extension with an illegal bundle identifier

    [bug] The patched app contains an app extension with an illegal bundle identifier

    Describe the bug After patching an IPA and installing using the ios-deploy, get this error. Installation tried through both ios-deploy and using the xcode device management Error 0xe800009e: This app contains an app extension with an illegal bundle identifier. App extension bundle identifiers must have a prefix consisting of their containing application's bundle identifier followed by a '.'. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)

    To Reproduce Steps to reproduce the behavior:

    1. Run command 'objection patchipa --source <app.ipa> --codesign-signature < certID >'
    2. Run command 'unzip < patched >.ipa'
    3. Run command 'ios-deploy --bundle Payload/<your.app> -W -d'

    Expected behavior Should be able to install the patched app into a device

    Evidence / Logs / Screenshots

    objection patchipa --source ~/Downloads/com.dummy.appname-59266-prerelease.ipa --codesign-signature 9524D78A8185778D1B3EBABA560B5FE115344E28
    Using latest Github gadget version: 16.0.8
    Patcher will be using Gadget version: 16.0.8
    No provision file specified, searching for one...
    Found provision file /Users/user/Library/Developer/Xcode/DerivedData/app1-fjudncfhvclytrbveytxrghhrlit/Build/Products/Debug-iphoneos/app1.app/embedded.mobileprovision expiring in 7 days, 4:08:00.397419
    Found a valid provisioning profile
    Mobile provision bundle identifier is: com.dummy.test.app1
    Working with app: your test.app
    Bundle identifier is: com.dummy.appname-dogfood
    Codesigning 2 .dylib's with signature 9524D78A8185778D1B3EBABA560B5FE115344E28
    Code signing: libswift_Concurrency.dylib
    Code signing: FridaGadget.dylib
    Creating new archive with patched contents...
    Codesigning patched IPA...
    [
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/IntentExtension.appex/IntentExtension',
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/IntentExtensionUI.appex/IntentExtensionUI',
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/NotificationContentExtension.appex/NotificationContentExtension',
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension',
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/ShareExtension.appex/ShareExtension',
      '/var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/PlugIns/WidgetsExtension.appex/WidgetsExtension'
    ]
    Cannot resolve rpath for: @rpath/libswiftCore.dylib from /var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/Frameworks/libswift_Concurrency.dylib
    Warning: Cannot resolve dependency library: /var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida.ipa.5cd7b461-3de2-4cf5-9b98-947682a8bbee/Payload/your test.app/Frameworks/libswift_Concurrency.dylib
    Warning: missing file: @rpath/libswiftCore.dylib
    
    Copying final ipa from /var/folders/_n/2g909kj527l11wck90h06c4r0000gq/T/com.dummy.appname-59266-prerelease-frida-codesigned.ipa to current directory...
    Cleaning up temp files...
    

    Environment (please complete the following information):

    • Device: [iPhoneXR]
    • OS: [iOS 14.4.1]
    • Frida Version [16.0.8]
    • Objection Version [1.11.0]

    Additional context Application should have some extensions defined in it? Sorry I'm not a iOS developer, so I'm not sure of the lingo

    freshissue 
    opened by arjun-govindaraju 0
  • Unable to find aapt. Install it with: apt install aapt (Kali Linux) before continuing (Windows 11)

    Unable to find aapt. Install it with: apt install aapt (Kali Linux) before continuing (Windows 11)

    tried this command on my windows 11 command prompt: objection patchapk --source injuredandroid_pulled.apk. then after some few minute it displayed: Unable to find aapt. Install it with: apt install aapt (Kali Linux) before continuing, so please how do i fix this am trying to patch an app for my emulator pixel 3a x86

    freshissue 
    opened by Th3Samaritan 1
  • [bug] (agent.js) Unhandled null value in getBroadcastReceivers

    [bug] (agent.js) Unhandled null value in getBroadcastReceivers

    Describe the bug

    Unhandled null value in getBroadcastReceivers (agent/src/android/hooking.ts).

    To Reproduce

    Steps to reproduce the behavior:

    1. Run command objection -n com.foo.bar -d start
    2. Run command android hooking list receivers

    Expected behavior

    The resulting exception should be properly handled, or the value should be checked to avoid the TypeError.

    Evidence / Logs / Screenshots

    # android hooking list receivers
    
    A Frida agent exception has occurred.
    TypeError: cannot read property 'map' of null
        at <anonymous> (src/android/hooking.ts:487)
        at <anonymous> (src/android/lib/libjava.ts:9)
        at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
        at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:250)
        at <anonymous> (frida/node_modules/frida-java-bridge/index.js:225)
        at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
        at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)
        at perform (frida/node_modules/frida-java-bridge/index.js:204)
        at <anonymous> (src/android/lib/libjava.ts:13)
        at Promise (native)
        at wrapJavaPerform (src/android/lib/libjava.ts:14)
        at getBroadcastReceivers (src/android/hooking.ts:493)
        at androidHookingListBroadcastReceivers (src/rpc/android.ts:54)
        at apply (native)
        at <anonymous> (frida/runtime/message-dispatcher.js:13)
        at c (frida/runtime/message-dispatcher.js:23)
    
    context.getPackageManager()
              .getPackageInfo(context.getPackageName(), GET_RECEIVERS).receivers.value // <= null
    

    Environment

    • Device: SM-G780G
    • OS: Android 12
    • Frida: 16.0.2
    • Objection: 1.11.0

    Additional context

    The target app statically registers a broadcast receiver in the manifest, then dynamically disables it through package manager at run time.

    freshissue 
    opened by Ha0ris 0
Releases(1.11.0)
  • 1.11.0(Apr 6, 2021)

    notes

    This release has a significant change in how iOS applications are patched. Most importantly, after some help over at nowsecure/node-applesign#113, we realised we needed to set the bundle id and add the entitlement cloning flag. By default objection will now parse the bundleid from your .mobileprovision file automatically, but if you need to set it to something else, you can use the new -b flag on the patchipa command.

    fixes

    • Correctly parse apktool versions, even if build from source. (https://github.com/sensepost/objection/commit/554c6c660b2e68627ff845301cdd664836eef9ee) (via #449) (thanks @No-Cellist-7780)
    • Improve support for patching iOS applications using a free developer account. (https://github.com/sensepost/objection/commit/bb33bce3ca9c36482951081e3d3721645f963124)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/23ba6b09dab9ef6c4d2e18812e17b8b92e97197a)
    • Formatting fixes (https://github.com/sensepost/objection/commit/7724481889cb8873f3bf94ad63f8c8ab23ad7618)

    Code Diff Since v1.10.1

    Source code(tar.gz)
    Source code(zip)
  • 1.10.2(Mar 30, 2021)

    fixes

    • Don't crash the agent if no matches were found when using the memory search command (https://github.com/sensepost/objection/commit/24582bb9fd1c83155436d6d0b8719cfecbd68028)
    • Handle keychain entries that have the kSecAttrSynchronizable flag set (https://github.com/sensepost/objection/commit/8560d7586310145568b4b4f1dfa71c84e3b005a8) (thanks @jpstotz)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/1af959f49478ac679fd78ae8d87389745bf32f0d)

    Code Diff Since v1.10.0

    Source code(tar.gz)
    Source code(zip)
  • 1.10.1(Mar 2, 2021)

  • 1.10.0(Feb 24, 2021)

    new

    • Add the android hooking list class_loaders command to list the available class loaders (https://github.com/sensepost/objection/commit/b0710ed221ceaf73bc380800d2d7c7dcc1944a14)
    • Add the objection signapk command to sign multiple apk's using the objection certificate. NOTE: This commit also changes the internal signer used from jarsigner to apksigner (available in the Kali repo) (https://github.com/sensepost/objection/commit/724019a486d410b0b5d83e6d765158b1972b26a8) (via #375) (thanks @mtschirs)
    • Add wildcard class name support for Android method hooking (https://github.com/sensepost/objection/commit/0dee9d68638a2b32dfdcba45526012ce532d7a1f) (via #383) (thanks @bet4it)
    • Add the ability to specify an already decoded AndroidManifest to the patchapk command such that --skip-resources could still be used under certain conditions (https://github.com/sensepost/objection/commit/93700023499e471b43585957c079fdef8b21496b) (via #407) (thanks @agreenbhm)
    • Improve the iOS biometrics bypass hook by also hooking evaluateAccessControl. (https://github.com/sensepost/objection/commit/2977c8a03a1111c352606352d9b68c12a5e4f7df) (via #411) (thanks @jnovak-praetorian)
    • Add a new ios monitor crypto command to monitor CommonCrypto usage in real time. (https://github.com/sensepost/objection/commit/746d08d6bfa5d314c5efe89ff3335135b8dea139) (via #430) (thanks @gagnonca)
    • Add a new android proxy set command to set the proxy server used by a specific Android app and not the whole OS. (https://github.com/sensepost/objection/commit/91d131174a3141176a0e6e3c783be72651cb88c3) (via #439) (thanks @GOAT-FARM3R)
    • Add a new android deoptimize command to disable all optimizations, forcing the android VM to execute via the interpreter. This could help with some missed hooks (https://github.com/sensepost/objection/commit/a34359165fff68fa219473e83208f8ee0816b9a0)

    fixes

    • Improve error handling when the remote Frida version does not match the local version (https://github.com/sensepost/objection/commit/6b7baf8b0610643b701bcbf00e6f1b1e9edae113)
    • Silence errors that may have occurred while checking for updates (https://github.com/sensepost/objection/commit/925d2bc83e04e8bcb196e46894ca7acbe9b33bb8)
    • Improve the sqlite connect command to also download SQLite specific temp files if they are available (https://github.com/sensepost/objection/commit/772154f12e146fa6f79f41d0d54e4a5994b3227f) (via #392) (thanks @mame82)
    • Revert an older JSON.stringify patch to properly display hooked arguments for Android hooks again (https://github.com/sensepost/objection/commit/675a88f174acb8619abced5c6058717e7d326d3b) (via #414) (thanks @ido77778)

    other

    • Update agent dependencies (https://github.com/sensepost/objection/commit/7a727a08f0779d2d5dc7713579965781a6f9f653)
    • Update agent dependencies (https://github.com/sensepost/objection/commit/618c08759a52241a8d2336c681bcccfbf97e07ba)
    • Target es2020 for the agent. This makes Frida 14+ a requirement for QuickJS (https://github.com/sensepost/objection/commit/1e79aa336f10a80c8e474257e037b6abfd47e51f)
    • Major Frida agent dependency bump to latest versions (https://github.com/sensepost/objection/commit/d5642c3fa13284e8b71138cb707253cbdccc78e3)
    • Reduce the length of generated job ids (https://github.com/sensepost/objection/commit/dc104f8e80687d875bb958aebb640d51434fb9b8)
    • Add warnings about loaded classes when hooking (https://github.com/sensepost/objection/commit/8abb553a1d7cc78384e127d7d24799ec177b001a) (via #403) (thanks @TheDauntless)

    Code Diff Since v1.9.6

    Source code(tar.gz)
    Source code(zip)
  • 1.9.6(Aug 13, 2020)

    new

    • The pwd command will now do the same as pwd print, fixing #395 (https://github.com/sensepost/objection/commit/b550b9449ec8c5048b232bf0cf1323210b711b2b)
    • Plugins can now extend the HTTP API by returning a Flask Blueprint in the http_api method of the plugin itself. An example plugin that does this is included here, and will be exposed when specifying the -a flag to the explore command. (https://github.com/sensepost/objection/commit/a2d988bf8114e27101b27aec461705038e0bb87c)
    • Add new hooks to the iOS jailbreak bypass module for calls to fopen and -[UIApplication canOpenURL:]. Thanks @haxxinen (#390)

    fixes

    • Major update checker refactor. The update checker will now only fire once a day, and will store version information in ~/.objection/version_info. This commit also fixed #386 (https://github.com/sensepost/objection/commit/bca97762497783e8cc5929b4dd4c32427316d4c9)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/4fd28182f7171ca820c11794965a89b81506d6d0)
    • Bump lodash version (https://github.com/sensepost/objection/commit/9e99a012ccc176a76c1b50ef5febe675226f81de)
    • Bump agent dependencies (https://github.com/sensepost/objection/commit/76848d803d262fbd6a7764440d1d6018e1db3af9)

    Code Diff Since v1.9.5

    Source code(tar.gz)
    Source code(zip)
  • 1.9.5(Jun 29, 2020)

    fixes

    • Fix exceptions thrown when version checking. Thanks @MarshalX (#382)
    • Refactor (and fix) Android Heap interaction features to better survive future Frida upgrades :D (https://github.com/sensepost/objection/commit/e46044509a407e115d1e01dc149b381d016475ed)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/45dd99a75750e397dffb63817e83a881d5704a6c)
    • Bump agent dependencies (https://github.com/sensepost/objection/commit/9605949dca750c1e4eb04179d83eac7c8ae1ad83)
    • Bump agent dependencies (https://github.com/sensepost/objection/commit/10c7f57794ab5c6464eecbcb8ee1b921c4d6c7a2)
    • Bump @types/frida-gum (https://github.com/sensepost/objection/commit/a3c3ba8d222484f880506cd0be24b25223321fa6)
    • Bump frida-objc-bridge version (https://github.com/sensepost/objection/commit/c897944f12883e63faa87fe4cc805ab8ceb55dc6)

    Code Diff Since v1.9.4

    Source code(tar.gz)
    Source code(zip)
  • 1.9.4(May 27, 2020)

  • 1.9.3(May 26, 2020)

    fixes

    • Improve error handling when the --skip-resources flag is used. Thanks @mtschirs (#374)
    • Exclude leanback activities (AndroidTV) from launchable activity detection in the Android patcher. Thanks @mtschirs (#374)
    • Ensure that ObjC API's are not called if they are not needed. Fixes #377 (https://github.com/sensepost/objection/commit/8e53e4bce4b3ff67d23dde83db973edc3d82aa2c)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/4f3ee36e3c3bfff9b39eba06eb918376c4ffbfa8)
    • Disable compression in agent builds. This was messing with line numbers in the generated source map (https://github.com/sensepost/objection/commit/ac94e705f75daa4ad7c4d694a5630e17ddc1780a)

    Code Diff Since v1.9.2

    Source code(tar.gz)
    Source code(zip)
  • 1.9.2(May 10, 2020)

    new

    • Expose the ping command to the CLI to check if the agent is alive and responds. (https://github.com/sensepost/objection/commit/fee42b3947a9c7d3e22b10305e1c8b130d923821)

    fixes

    • Fix a typo in the android hooking generate simple command. Thanks @Techbrunch (#360)
    • Add missing quotes to the ios hooking watch method command help file (https://github.com/sensepost/objection/commit/a5a1edb4bda424f25c5529f31313d4d706afef54)
    • Improve error reporting when hooking iOS selectors (https://github.com/sensepost/objection/commit/0a206c8401c326fdf0b11b2f0fa1ab472b55a3dc)
    • Improve Windows apktool version detection, again (https://github.com/sensepost/objection/commit/46f8d0cc12fb425005e332947a6c9d197a8af243)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/a69fffc4f813456a2400a4f0d960e3bfea75764d)

    Code Diff Since v1.9.1

    Source code(tar.gz)
    Source code(zip)
  • 1.9.1(Apr 7, 2020)

    new

    • Extend support for embedding a gadget configuration and script added in version 1.9.0 to iOS IPA's. Thanks @interference-security (#349)
    • Automatically toggle extractNativeLibs to false in Android manifests (with a flag to leave the value untouched). Thanks @StingraySA (#353)
    • Refactor the ios keychain add command. The --key flag has been removed in favour of the --account and --service flags, allowing for more granular setting of attributes for a keychain item. (https://github.com/sensepost/objection/commit/4dadfc497864ff8d0eeff6b4d4468a1645558a95)

    fixes

    • Improve apktool version parsing on Windows (https://github.com/sensepost/objection/commit/79aa7ed881789e5c9458e6a09573bbc848c02441)
    • Fix command line overload parsing for the android watch class_method command (https://github.com/sensepost/objection/commit/f08cc24cd9bde142c754876690877f5cc5071b84)
    • Improve shell command argument. Thanks @dvalter (#355)

    other

    • Bump agent dependencies (https://github.com/sensepost/objection/commit/cf204a0e28f247e2aa760f03dc74e30a1928788b)

    Code Changes Since v1.9.0

    Source code(tar.gz)
    Source code(zip)
  • 1.9.0(Mar 29, 2020)

    new

    • Add the --inline flag to the ios heap execute js command, allowing for inline JavaScript evaluation on iOS heap objects. (https://github.com/sensepost/objection/commit/956056aab6d18bbc37105902996102f02a492a67)
    • Add a new --unzip-unicode flag to the iOS IPA patcher to treat the IPA name as unicode. Thanks @Fabiano1107 (#309)
    • Add the ability to patch in a gadget configuration and script to Android APK's, making it possible to eternalise scripts without needing a computer. Note: This is an Android only feature for now and needs porting for iOS. For more information, please see: https://frida.re/docs/gadget/. Thanks @gergesh (#329)
    • Improve the Android method watcher by dumping information about objects instead of simply showing [object, object] for the argument. Thanks @arielmiki (#334)
    • Improve anti-frida evasion by using a different prefix for .dex files generated by Java.registerClass(). An example patch to recompile the Android frida-server with the name frida renamed to freeda can be seen here. (https://github.com/sensepost/objection/commit/d1035e566cef7e4e4c139258ee6d112adafa09af)
    • Add a new android keystore watch command. This command will report usages of the java.security.KeyStore class, revealing the password used when accessing items. (https://github.com/sensepost/objection/commit/0513b2d780092eedc95390db51c27c895606f241)

    fixes

    • Fix android hooking set return_value crashing when no optional overload is set. Thanks @root-intruder (#307)
    • Fix suggested package name for jarsigner on Linux. Thanks @RomainL972 (#327)
    • Update the iOS biometrics bypass script to handle cases where applications check for an error rather than if a success status was returned. Thanks @gagnonca (#333)
    • Android patcher improvements. This comes mostly by enforcing the use of apktool version 2.4.1 and up, as well as by automatically running the empty-framework-dir command before patching. Information about upgrading apktool can be found in the wiki here. (https://github.com/sensepost/objection/commit/46288b5c7b708837bf15e03e44f3d45fa24f148f)
    • Fix Android root detection scripts that were pretty horribly broken 😂 (https://github.com/sensepost/objection/commit/539fc306ca88b6f4f47c486d195c18e896280af6)

    other

    • Bump Python dependencies (https://github.com/sensepost/objection/commit/e09e7bda54e188b3119b0c3c52e6be9f4cb68860)
    • Bump agent dependencies (https://github.com/sensepost/objection/commit/326b28ec330802cfea0509d96e0c7a1551125c37, https://github.com/sensepost/objection/commit/ae91da03e55e3b0dcd7aa33d03cd6d89ffd51ad3, https://github.com/sensepost/objection/commit/1b78cb36123e5cb7d1b03d5fdf3cd2d8257f9c20, https://github.com/sensepost/objection/commit/d672f1a554212167d922c6260bfe2800c8ef3e3c, https://github.com/sensepost/objection/commit/2ee2dda2f9c356190963099ec174d0ecdafcb6c4, https://github.com/sensepost/objection/commit/5583264e7d4fca67e511ec2525d0d43149f9593c)
    • Remove support for Python 3.5 (https://github.com/sensepost/objection/commit/1b198e8fca04218f2994d24e08e37225437794dc)
    • Code cleanups. (https://github.com/sensepost/objection/commit/be95b6006038ccb1b9985a4174b596a4b0e86836, https://github.com/sensepost/objection/commit/b63f6fb2ccaf6e32eb12617042beed5d0f3765d7)

    Code Changes Since v1.8.4

    Source code(tar.gz)
    Source code(zip)
  • 1.8.4(Feb 11, 2020)

  • 1.8.3(Dec 2, 2019)

  • 1.8.2(Nov 5, 2019)

  • 1.8.1(Oct 22, 2019)

  • 1.8.0(Oct 19, 2019)

    new

    • Add a libboringssl SSL pinning bypass for iOS 11+ (thanks @NickstaDB via #281)
    • Multiple Android APK patcher improvements which include better support for Kotlin coroutines, a flag to use aapt2 with apktool and better error handling. (thanks @dnet via #282, #283 and #284)
    • Add the ability to watch a specific Java method overload, or set a return value for a specific method overload (thanks @aph3rson via #239)
    • Add a new iOS command to dump raw, unparsed and unformatted data from the keychain. This is available as the ios keychain dump_raw command and should be used in conjunction with the original dump command to make sure no parsing errors have occurred.
    • Add a new file cat command that will perform cat-like activities, added for convenience. Only ASCII printable characters in the target file will be echoed to screen. For any other processing, files should still be downloaded and processed locally.
    • Add new Frida hook generator commands to quickly get ready to use, boilerplate code for your own Frida hooks. Two flavours are available; a simple and class version. The version you choose will depend on your use case, so feel free to experiment!
    • Completely refactor SQLite database interactions, removing the old implementation and replacing it with LiteCli. Running the sqlite connect database.sqlite command will now automatically drop you into a litecli REPL. If you want to make changed to the target database, add the --sync flag. This way, once you quit from the litecli REPL, the modified database will be synchronized back to the device.

    fixes

    • Improve RPC messaging from the JavaScript agent to the Python environment.

    other

    • Update the Frida agent's dependencies, bumping @types/frida-gum to version 14.

    Code Changes Since v1.7.5

    Source code(tar.gz)
    Source code(zip)
  • 1.7.5(Oct 1, 2019)

  • 1.7.4(Aug 27, 2019)

  • 1.7.3(Aug 21, 2019)

  • 1.7.2(Aug 15, 2019)

  • 1.7.1(Aug 14, 2019)

  • 1.7.0(Aug 11, 2019)

    new

    • Add new iOS and Android heap interaction methods. These new commands allow you to performs various tasks under the <target> heap command context.
    • Add a small JavaScript editor for simple scripts using the evaluate command.
    • Add an iOS binary protections enumeration module.
    • Add an on device HTTP server.

    fixes

    • Fix Android Activity launching
    • Complete the iOS file delete feature.
    • Fix duplicate entries created when adding the Android debuggable flag or a Network Security Config.
    • Fix iOS keychain data hex string conversions.

    other

    • Upgrade frida-compile to v9.

    Code Changes Since v1.6.6

    Source code(tar.gz)
    Source code(zip)
  • 1.6.6(Jun 23, 2019)

  • 1.6.5(Jun 7, 2019)

    new

    • The iOS keychain dumper will now add a key called dataHex when dumping entries with the --json flag. This key is a hex string of the raw data from the keychain.
    • The iOS keychain dumper has a new --smart flag to trigger automatic decoding of data fields. Without this flag (the default), entries are UTF8 encoded.

    fixes

    • Improve the iOS keychain dumper's reliability.

    other

    • Bump agent dependencies

    Code Changes Since v1.6.4

    Source code(tar.gz)
    Source code(zip)
  • 1.6.4(May 22, 2019)

    new

    • Add the ability to enumerate an iOS apps' included frameworks observable by NSBundle. This is available as the new ios bundles list_frameworks command.
    • Add a new --target-class flag to the Android patcher to inject a loadLibrary call for a Frida gadget in any arbitrary class' constructor (for example, to run before an applications onCreate()). The default is still to use the apps main launchable activity.
    • Add a new SSL Pinning bypass hook for iOS Cordova applications making use of this plugin. Thanks @aph3rson.

    fixes

    • Improve application stability for the Android patcher when injecting a loadLibrary call into an existing class constructor by correctly incrementing the .locals count.

    other

    • Bump agent dependencies

    Code Changes Since v1.6.3

    Source code(tar.gz)
    Source code(zip)
  • 1.6.3(Apr 11, 2019)

    new

    • Add the ability to enumerate the currently active Android activity. This can be done with the new android hooking get current_activity command.
    • Add a new R class helper to the agent for Android hooks.

    fixes

    • Fix networked Frida connections. The the --host and --network flags will work again as intended.
    • Fix spawning on iOS (using a jailbroken environment) (thanks @aph3rson)

    Code Changes Since v1.6.2

    Source code(tar.gz)
    Source code(zip)
  • 1.6.2(Apr 2, 2019)

  • 1.6.1(Apr 1, 2019)

  • 1.6.0(Mar 29, 2019)

    new

    • Implement Frida crash reporting.
    • Add warnings before clearing the iOS keychain or the Android Keystore.
    • Report the Frida runtime in use as part of the frida command.
    • Add inspection of live instances of Java objects. This feature is available as a new command: android heap print_instances <class>.
    • Add an Android method searcher. This is available as a new command: android hooking search methods <search string>.
    • Add plugin support (thanks @SpeedyFireCyclone). For more information, see the wiki article here. Sample plugins can be seen here (Sample plugin used in tests), here (Stetho sideloader) and here (Objections clipboard monitor as a plugin).
    • Add the ability to delete files on an Android device. This is implemented as the rm command.

    fixes

    • Fix class enumeration in the Android class watcher where methods with generics broke parsing.
    • Fix a cache key invalidation issue when uploading files.

    Code Changes Since v1.5.4

    Source code(tar.gz)
    Source code(zip)
  • 1.5.4(Mar 22, 2019)

    fixes

    • Enumerate writable pages when searching memory with the memory search command

    new

    • Improve the visual feedback of the memory search command. Small hexdump snippets will now be returned unless the --offsets-only flag is provided.

    other

    • Bump the Frida agents' dependencies.

    Code Changes Since v1.5.3

    Source code(tar.gz)
    Source code(zip)
Owner
SensePost
Orange Cyberdefense's Ethical Hacking Team
SensePost
A modern runtime (soon: modification) library

Bridge A Modern Runtime (soon: Modification) Library Setup swift package generate-xcodeproj Whenever you need to create/modify a target, please regen

Cero 18 Oct 31, 2022
Grapefruit: Runtime Application Instruments for iOS

Grapefruit: Runtime Application Instruments for iOS Get Started Dependencies Grapefruit requires Node.js to be installed. If you can't install the fri

codecolorist 632 Dec 26, 2022
This is a simple mobile app which is connect to the Twitter API

Project 3 - My Twitter My Twitter is a basic twitter app to read your tweets. Time spent on two parts: 8.5 hours spent in total Twitter - Part II This

Alem 1 Dec 14, 2022
A simple Hacker News mobile client

A simple Hacker News mobile client. Overview This app was built with the Hacker News API This is one of my first apps outside of a tut

Antonio Vega Ochoa 0 Nov 29, 2021
This is a basic mobile app that allows the user to tap a button to change the color of a label.

MYAPP App Description `This is a basic mobile app that allows the user to tap a button to change the color of a label. App Walk-though Required User S

null 0 Nov 27, 2021
The Art World in Your Pocket or Your Trendy Tech Company's Tote, Artsy's mobile app.

Meta State: production Point People: Brian Beckerle, Mounir Dhahri, Pavlos Vinieratos CI : This is an Artsy OSS project. Other mobile projects are Ene

Artsy 3.2k Jan 4, 2023
Restaurant - Educational application from the Apple Mobile Development Course for MDA

Restaurant Educational application from the Apple Mobile Development Course for

NIKOLAY NIKITIN 0 Aug 8, 2022
Codepath-intro-prework - Hello World iOS App | Prework Project for CodePath Intro to Mobile App Development

Hello World iOS App App Description Prework Project for CodePath Intro to Mobile

null 0 Jan 25, 2022
The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms.

Bitwarden Mobile Application The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms. Build/Run Require

Bitwarden 4.2k Dec 29, 2022
CodePath-iOS-Prework - Prework project for Intro to Mobile App Development course on CodePath

CodePath iOS Prework App Description This app has an input field, text, and seve

Russell Elliott 0 Feb 2, 2022
MicrofrontendGenerator - Script for creating micro frontends for Mobile in a simple and easy way

Introdução Template para a criação de SDK iOS. Existem duas opções de template:

Julio Fernandes Jr 4 Nov 2, 2022
Puma - A set of build utilities to automate mobile application development and deployment

Puma → https://github.com/onmyway133/Swiftlane Puma is a set of build utilities

Puma Swift 5 Oct 8, 2022
Ported scrcpy for mobile platforms, to remotely control Android devices on your iPhone or Android phone.

scrcpy-mobile Ported scrcpy for mobile platforms, to remotely control Android devices on your iPhone or Android phone. Currently only supports control

Ethan 140 Jan 2, 2023
BoldContacts mobile app for people with visual/cognitive/motor disabilities

BoldContacts mobile app BoldContacts™ is a mobile app that helps you browse your contacts and connect with them. BoldContacts is intended for people w

SixArm 25 Dec 15, 2022
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Runtime Mobile Security (RMS) ?? ?? by @mobilesecurity_ Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to

Mobile Security 2k Dec 29, 2022
Swift-compute-runtime - Swift runtime for Fastly Compute@Edge

swift-compute-runtime Swift runtime for Fastly Compute@Edge Getting Started Crea

Andrew Barba 57 Dec 24, 2022
An in-app debugging and exploration tool for iOS

FLEX FLEX (Flipboard Explorer) is a set of in-app debugging and exploration tools for iOS development. When presented, FLEX shows a toolbar that lives

FLEXTool 13.3k Dec 31, 2022
Dogs - A fun exploration of using Clean Swift methodology (VIP) to build a simple app

Dogs A fun exploration of using Clean Swift methodology (VIP) to build a simple app Was following the directory structure and templates as described i

Yarden Eitan 2 Dec 30, 2022
An MVI, SwiftUI and Combine exploration project to shop clothe by resemblance 👗

Portfolio is an MVI, SwiftUI and Combine exploration project to keep track of your portfolio over time. Resources MVI MVI Architecture for Android Tut

Bastien Falcou 7 Oct 4, 2022
Switchboard - easy and super light weight A/B testing for your mobile iPhone or android app. This mobile A/B testing framework allows you with minimal servers to run large amounts of mobile users.

Switchboard - easy A/B testing for your mobile app What it does Switchboard is a simple way to remote control your mobile application even after you'v

Keepsafe 287 Nov 19, 2022