Objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
Installation
pip3 install objection
Connection
Make a regular ADB conection and start the frida server in the device (and check that frida is working in both the client and the server).
If you are using a rooted device it is needed to select the application that you want to test inside the --gadget option. in this case:
filedownload<remote_path> [<local path>] (copy filefromdevice)fileupload<local_path> [<remote path>] (copy filetodevice)# Imports Fridascript from a file on the local filesystem and executes it as a job. Ex: import ~/home/hooks/custom.js custom-hook-name
import<local_path> [job_name] [--no-exception-handler]
# Hooks a specified class method and reports on invocations. Ex: android hooking watch class_method com.example.test.login
androidhookingwatchclass_method<fullyqualifiedclassmethod> [--dump-args] [--dump-backtrace] [--dump-return]# Hooks a specified class' methods and reports on invocations. Ex: android hooking watch class com.example.testandroidhookingwatchclass<class># Sets a methods return value to always be true / false. Ex: android hooking set return_value com.example.test.rootUtils.isRooted false
androidhookingsetreturn_value"<fully qualified class>""<overload if needed>"<true/false>
memorydumpall<localpath> (dump allmemory)memorydumpfrom_base<base_address><size_to_tump><local_path> (dump partofthememory)memorylistmodules (list allofthemodulesloadedinthecurrentprocess)memorylistexports<module_name> (list exportsinaspecificloadedmodule)memorysearch"<pattern>" [--string] [--offsets-only] (searchthecurrentprocesses' heap for a pattern)memory write "<address>" "<pattern>" [--string] (write an arbitrary set of bytes to an address in memory)android heap search instances <class> (search for and print live instances of a specific Java class)