SlideShare a Scribd company logo

objection - runtime mobile exploration

SensePost
SensePost

This document summarizes a presentation about Objection, a Python framework that bundles Frida scripts to enable runtime mobile exploration on iOS and Android without needing a jailbroken or rooted device. It includes demos of using Objection to bypass jailbreak detection, extract data from NSUserDefaults, explore the filesystem, bypass SSL pinning, and monitor class methods. Objection aims to make Frida easier to use on mobile by compiling scripts and bundling common functionality.

Mobile
1 of 22
Download to read offline
0xcon 2017 📱objection RUNTIME MOBILE EXPLORATION
0xcon 2017 @leonjza @sensepost
0xcon 2017
0xcon 2017
0xcon 2017 meh.
0xcon 2017 - Ole André Vadla Ravnås (@oleavr) - dynamic instrumentation toolkit - injects chrome v8 (or duktape) into process - instrumentation done using JavaScript - basically magic (no really.) frida
0xcon 2017 ‘embedded mode’ (recently added fully autonomous mode)
0xcon 2017 demo(native function hooking)
0xcon 2017 objective-c (and java)
0xcon 2017 @implementation JailbreakDetection +(BOOL) isJailbroken { NSFileManager *fm = [NSFileManager defaultManager]; if ([fm fileExistsAtPath:@"/bin/bash"]) { return YES; } return NO; } @end
0xcon 2017 var JailbreakDetection = ObjC.classes.JailbreakDetection; Interceptor.attach( JailbreakDetection.isJailbroken.implementation, { onEnter: function (args) { // }, onLeave: function (retval) { retval.replace(0x0); } });
0xcon 2017 demo(jailbreak detection simulation/bypass)
0xcon 2017 lets… inject arbitrary code
0xcon 2017 demo(nsuserdefaults extraction)
0xcon 2017 📱objection bundled it up, and called it… (object)inject(ion)
0xcon 2017 - python3, installable with pip3 - bundles ios and android hooks - ’compiles’ hooks with Jinja2 - can import arbitrary Frida scripts - do not need a jailbroken / rooted device internals
0xcon 2017 thanks! 🎉
0xcon 2017 demo(exploring the filesystem)
0xcon 2017 demo(ssl pinning bypass)
0xcon 2017 demo(class method monitoring)
0xcon 2017 - dump process/module memory - interact with iOS keychain - bypass touchid* - monitor iOS pasteboard - extract iOS binary cookies and lots more!
0xcon 2017 questions? https://github.com/sensepost/objection @leonjza / @sensepost

Recommended

Event loop
Event loopEvent loop
Event loop
codepitbull
 
Don’t block the event loop!
Don’t block the event loop!Don’t block the event loop!
Don’t block the event loop!
hujinpu
 
All you need to know about the JavaScript event loop
All you need to know about the JavaScript event loopAll you need to know about the JavaScript event loop
All you need to know about the JavaScript event loop
Saša Tatar
 
JavaScript Engines and Event Loop
JavaScript Engines and Event Loop JavaScript Engines and Event Loop
JavaScript Engines and Event Loop
Tapan B.K.
 
Async java8
Async java8Async java8
Async java8
Murali Pachiyappan
 
톰캣 #04-환경설정
톰캣 #04-환경설정톰캣 #04-환경설정
톰캣 #04-환경설정
GyuSeok Lee
 
ECMAScript 6
ECMAScript 6ECMAScript 6
ECMAScript 6
偉格 高
 
Avoiding Callback Hell with Async.js
Avoiding Callback Hell with Async.jsAvoiding Callback Hell with Async.js
Avoiding Callback Hell with Async.js
cacois
 

Recommended

Event loop
Event loopEvent loop
Event loop
codepitbull
 
Don’t block the event loop!
Don’t block the event loop!Don’t block the event loop!
Don’t block the event loop!
hujinpu
 
All you need to know about the JavaScript event loop
All you need to know about the JavaScript event loopAll you need to know about the JavaScript event loop
All you need to know about the JavaScript event loop
Saša Tatar
 
JavaScript Engines and Event Loop
JavaScript Engines and Event Loop JavaScript Engines and Event Loop
JavaScript Engines and Event Loop
Tapan B.K.
 
Async java8
Async java8Async java8
Async java8
Murali Pachiyappan
 
톰캣 #04-환경설정
톰캣 #04-환경설정톰캣 #04-환경설정
톰캣 #04-환경설정
GyuSeok Lee
 
ECMAScript 6
ECMAScript 6ECMAScript 6
ECMAScript 6
偉格 高
 
Avoiding Callback Hell with Async.js
Avoiding Callback Hell with Async.jsAvoiding Callback Hell with Async.js
Avoiding Callback Hell with Async.js
cacois
 
Go for Rubyists
Go for RubyistsGo for Rubyists
Go for Rubyists
Luka Zakrajšek
 
Coroutines talk ppt
Coroutines talk pptCoroutines talk ppt
Coroutines talk ppt
Shahroz Khan
 
Node js presentation
Node js presentationNode js presentation
Node js presentation
martincabrera
 
BOSH deploys distributed systems, and Diego runs any containers
BOSH deploys distributed systems, and Diego runs any containersBOSH deploys distributed systems, and Diego runs any containers
BOSH deploys distributed systems, and Diego runs any containers
Benjamin Gandon
 
libuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenlibuv, NodeJS and everything in between
libuv, NodeJS and everything in between
Saúl Ibarra Corretgé
 
G*なクラウド 雲のかなたに ショートバージョン
G*なクラウド 雲のかなたに ショートバージョンG*なクラウド 雲のかなたに ショートバージョン
G*なクラウド 雲のかなたに ショートバージョン
Tsuyoshi Yamamoto
 
Puppet and Openshift
Puppet and OpenshiftPuppet and Openshift
Puppet and Openshift
Gareth Rushgrove
 
How NOT to write in Node.js
How NOT to write in Node.jsHow NOT to write in Node.js
How NOT to write in Node.js
Piotr Pelczar
 
HTML5 video filters
HTML5 video filtersHTML5 video filters
HTML5 video filters
Artigiani del Web
 
Nodejs intro
Nodejs introNodejs intro
Nodejs intro
Ndjido Ardo BAR
 
Modern frontend in react.js
Modern frontend in react.jsModern frontend in react.js
Modern frontend in react.js
Abdulsattar Mohammed
 
OS-autoinst: Testing with Perl and openCV
OS-autoinst: Testing with Perl and openCVOS-autoinst: Testing with Perl and openCV
OS-autoinst: Testing with Perl and openCV
Alex-P. Natsios
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.js
jacekbecela
 
Binary Studio Academy: Concurrency in C# 5.0
Binary Studio Academy: Concurrency in C# 5.0Binary Studio Academy: Concurrency in C# 5.0
Binary Studio Academy: Concurrency in C# 5.0
Binary Studio
 
Scalable Angular 2 Application Architecture
Scalable Angular 2 Application ArchitectureScalable Angular 2 Application Architecture
Scalable Angular 2 Application Architecture
FDConf
 
How to Write Node.js Module
How to Write Node.js ModuleHow to Write Node.js Module
How to Write Node.js Module
Fred Chien
 
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
Joachim Bengtsson
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
Susan Potter
 
Event Loop in Javascript
Event Loop in JavascriptEvent Loop in Javascript
Event Loop in Javascript
DiptiGandhi4
 
Laravel Day / Deploy
Laravel Day / DeployLaravel Day / Deploy
Laravel Day / Deploy
Simone Gentili
 
Catch a spider monkey
Catch a spider monkeyCatch a spider monkey
Catch a spider monkey
ChengHui Weng
 
Eric Lafortune - The Jack and Jill build system
Eric Lafortune - The Jack and Jill build systemEric Lafortune - The Jack and Jill build system
Eric Lafortune - The Jack and Jill build system
GuardSquare
 

More Related Content

What's hot

Node js presentation
Node js presentationNode js presentation
Node js presentation
martincabrera
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
Susan Potter
 

What's hot (20)

Go for Rubyists
Go for RubyistsGo for Rubyists
Go for Rubyists
 
Coroutines talk ppt
Coroutines talk pptCoroutines talk ppt
Coroutines talk ppt
 
Node js presentation
Node js presentationNode js presentation
Node js presentation
 
BOSH deploys distributed systems, and Diego runs any containers
BOSH deploys distributed systems, and Diego runs any containersBOSH deploys distributed systems, and Diego runs any containers
BOSH deploys distributed systems, and Diego runs any containers
 
libuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenlibuv, NodeJS and everything in between
libuv, NodeJS and everything in between
 
G*なクラウド 雲のかなたに ショートバージョン
G*なクラウド 雲のかなたに ショートバージョンG*なクラウド 雲のかなたに ショートバージョン
G*なクラウド 雲のかなたに ショートバージョン
 
Puppet and Openshift
Puppet and OpenshiftPuppet and Openshift
Puppet and Openshift
 
How NOT to write in Node.js
How NOT to write in Node.jsHow NOT to write in Node.js
How NOT to write in Node.js
 
HTML5 video filters
HTML5 video filtersHTML5 video filters
HTML5 video filters
 
Nodejs intro
Nodejs introNodejs intro
Nodejs intro
 
Modern frontend in react.js
Modern frontend in react.jsModern frontend in react.js
Modern frontend in react.js
 
OS-autoinst: Testing with Perl and openCV
OS-autoinst: Testing with Perl and openCVOS-autoinst: Testing with Perl and openCV
OS-autoinst: Testing with Perl and openCV
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.js
 
Binary Studio Academy: Concurrency in C# 5.0
Binary Studio Academy: Concurrency in C# 5.0Binary Studio Academy: Concurrency in C# 5.0
Binary Studio Academy: Concurrency in C# 5.0
 
Scalable Angular 2 Application Architecture
Scalable Angular 2 Application ArchitectureScalable Angular 2 Application Architecture
Scalable Angular 2 Application Architecture
 
How to Write Node.js Module
How to Write Node.js ModuleHow to Write Node.js Module
How to Write Node.js Module
 
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
Nevyn — Promise, It's Async! Swift Language User Group Lightning Talk 2015-09-24
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
 
Event Loop in Javascript
Event Loop in JavascriptEvent Loop in Javascript
Event Loop in Javascript
 
Laravel Day / Deploy
Laravel Day / DeployLaravel Day / Deploy
Laravel Day / Deploy
 

Similar to objection - runtime mobile exploration

JavaScript Growing Up
JavaScript Growing UpJavaScript Growing Up
JavaScript Growing Up
David Padbury
 
A new execution model for Nashorn in Java 9
A new execution model for Nashorn in Java 9A new execution model for Nashorn in Java 9
A new execution model for Nashorn in Java 9
Marcus Lagergren
 
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpathLyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
Alexis Hassler
 
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
Alexis Hassler
 
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath JavaDevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
Alexis Hassler
 
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
Publicis Sapient Engineering
 

Similar to objection - runtime mobile exploration (20)

Catch a spider monkey
Catch a spider monkeyCatch a spider monkey
Catch a spider monkey
 
Eric Lafortune - The Jack and Jill build system
Eric Lafortune - The Jack and Jill build systemEric Lafortune - The Jack and Jill build system
Eric Lafortune - The Jack and Jill build system
 
Hipster oriented programming (Mobilization Lodz 2015)
Hipster oriented programming (Mobilization Lodz 2015)Hipster oriented programming (Mobilization Lodz 2015)
Hipster oriented programming (Mobilization Lodz 2015)
 
Play framework
Play frameworkPlay framework
Play framework
 
JavaScript Growing Up
JavaScript Growing UpJavaScript Growing Up
JavaScript Growing Up
 
A new execution model for Nashorn in Java 9
A new execution model for Nashorn in Java 9A new execution model for Nashorn in Java 9
A new execution model for Nashorn in Java 9
 
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpathLyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
 
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath LyonJUG : Comment Jigsaw est prêt à tuer le classpath
LyonJUG : Comment Jigsaw est prêt à tuer le classpath
 
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath JavaDevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
DevFest Nantes 2016 - Jigsaw est prêt à tuer le classpath Java
 
Nantes Jug - Java 7
Nantes Jug - Java 7Nantes Jug - Java 7
Nantes Jug - Java 7
 
Cocoaheads Stockholm 2014-02: Writing your own jailbreak tweak
Cocoaheads Stockholm 2014-02: Writing your own jailbreak tweakCocoaheads Stockholm 2014-02: Writing your own jailbreak tweak
Cocoaheads Stockholm 2014-02: Writing your own jailbreak tweak
 
HTML5 for the Silverlight Guy
HTML5 for the Silverlight GuyHTML5 for the Silverlight Guy
HTML5 for the Silverlight Guy
 
OSGi and Eclipse RCP
OSGi and Eclipse RCPOSGi and Eclipse RCP
OSGi and Eclipse RCP
 
React native
React nativeReact native
React native
 
What`s new in Java 7
What`s new in Java 7What`s new in Java 7
What`s new in Java 7
 
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
XebiCon'17 : Faites chauffer les neurones de votre Smartphone avec du Deep Le...
 
Painless JavaScript Testing with Jest
Painless JavaScript Testing with JestPainless JavaScript Testing with Jest
Painless JavaScript Testing with Jest
 
Writing your Third Plugin
Writing your Third PluginWriting your Third Plugin
Writing your Third Plugin
 
Intro to HTML5
Intro to HTML5Intro to HTML5
Intro to HTML5
 
BATTLESTAR GALACTICA : Saison 5 - Les Cylons passent dans le cloud avec Vert....
BATTLESTAR GALACTICA : Saison 5 - Les Cylons passent dans le cloud avec Vert....BATTLESTAR GALACTICA : Saison 5 - Les Cylons passent dans le cloud avec Vert....
BATTLESTAR GALACTICA : Saison 5 - Les Cylons passent dans le cloud avec Vert....
 

More from SensePost

Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 

More from SensePost (20)

Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nation
 

objection - runtime mobile exploration