Objection: Powering Mobile Application Runtime Exploration
A brief introduction to the project:
Objection, a comprehensive, open-source GitHub project, offers a new approach to mobile application runtime exploration. Developed by sensepost, this Java-based software aids developers and testers in managing the runtime environment of mobile applications. This article will delve into the significance, relevance, functionalities, and the architecture of Objection.
Project Overview:
Objection seeks to address the prevalent challenge of controlling the runtime environment of mobile applications, particularly for Android and iOS applications. It aims to provide tools to manipulate, intercept, and inspect on-the-fly transactions, making it a valuable resource for developers, testers, application security analysts, and hobbyists interested in breaking applications for research.
Project Features:
The heart of Objection lies in its robust features. On a high level, it assists in the exploration of runtime environments by including functionality for dynamic method invocation and artful data manipulation. Other key features include:
• Environment exploration for both iOS and Android applications.
• On-the-fly application patching for iOS applications.
• Swift method hooking with a built-in REPL.
• Extraction of loaded classes, method signatures, and hooking into methods.
These features collectively contribute to making the manipulation of runtime environments easier, rendering it invaluable to various use cases such as application debugging, stress testing, and security auditing.
Technology Stack:
Objection is built on a suite of robust technologies. Its core runtime is based on Frida, a dynamic instrumentation toolkit. Frida is chosen for its swift hooking capabilities and compatibility with various platforms including Windows, MacOS, Linux, iOS, Android, and QNX. The scripting of Objection is done in Python, enhancing its user friendliness and versatility.
Project Structure and Architecture:
Objection follows a simple yet refined structure. At its core, it uses Frida to instrument both Android and iOS applications. Frida, which is essentially a scriptable runtime, is utilized to inject the Objection agent into the memory space of a process, hence facilitating necessary transactions. Further, it provides a REPL interface and command-based interaction methodology to perform an array of tasks.