sensepost / objection Goto Github PK

📱 objection - runtime mobile exploration

License: GNU General Public License v3.0

Python 64.40% Makefile 0.04% TypeScript 33.40% JavaScript 2.07% Objective-C 0.09%

mobile pentest framework ios instrumentation frida security android

objection's Introduction

📱objection - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

Supports both iOS and Android.
Inspect and interact with container file systems.
Bypass SSL pinning.
Dump keychains.
Perform memory related tasks, such as dumping & patching.
Explore and manipulate objects on the heap.
And much, much more...

Screenshots are available in the wiki.

installation

Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

For more detailed update and installation instructions, please refer to the wiki page here.

license

objection is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

objection's People

Contributors

Stargazers

Watchers

Forkers

johnjohnsp1 practise2017 darktemple9 zenzue pentestingtools m4lv0id tardummy01 r3dsm0k3 davedacoda yaeger cys3c idkwim netspi nx4dm1n getgate lovesuae filipesam de8gman1990 ropnop onetaway blackap3rture yak0xff colman-mbuya methos2016 expertasif juanriaza uvbs mr-brain-sec naveen12 exploitcollection darksoulcool dineshdinz djgrasss mopi1402 pinperepette makaisghr ashr own2pwn mayl8822 jackyvan hybridious fb11 stjoannou shuixi2013 ro9ueadmin kernullist techlord-rce burrowingsec charliebwup arryboom bhasbor zbx91 heartbee ghxst01 yjup pharazone mattsgarrison myandroidcrackhacktoolsrat fxfactorial d1pakda5 bl4ck01 miloqq srgtcauliflour gavz murthysagi misshuichao explife0011 zhanglang001 shmulikk jonathanslenders caigehui pachoo huliang2016 blabla1337 r3zk0n theotherside miragshin h4ok3 parag85 qsdj rakibulislam bigfoxses josephazrak extremdrone yuknight bravery9 ldzspace j0nk0 zhangkn praveen18111992 antemasqued shantanu561993 necrose99 letsunlockiphone bjzz rk00 dgrivera deeby cjsatuforc rudrasingh99

objection's Issues

device is not connected

I tried to connect android device using usb but i am getting the below error:

(virtual-python3)MacBook-Pro:~ dinz$ objection explore
Error: timed out while waiting for device to appear

*Note: Please make a overview video/blog for better understanding for starters.

Failed to start: invalid interaction specified

After injecting Frida with objection to an apk, the app runs, but apparently I cannot connect.

adb logcat showed the following errors:

01-31 16:54:00.357 29877 29877 F GLib    : g_path_get_basename: assertion 'file_name != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_location_construct: assertion 'executable_name != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_load_config: assertion 'location != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_config_get_code_signing: assertion 'self != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_location_get_range: assertion 'self != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_config_get_interaction: assertion 'self != NULL' failed
01-31 16:54:00.357 29877 29877 F Frida   : frida_gadget_config_get_runtime: assertion 'self != NULL' failed
01-31 16:54:00.359 29877 29938 F Frida   : frida_gadget_config_get_interaction: assertion 'self != NULL' failed
01-31 16:54:00.359 29877 29938 F Frida   : Failed to start: invalid interaction specified

Packaging OS is Windows 10.
Smartphone is Galaxy S8 with Oreo.

1.2.5 dependency error

Hi @leonjza

After upgrading to 1.2.5 I am hitting an error when iOS patching.

objection patchipa -s unencryptedapp.ipa -c MY_DEVELOPER_ID --skip-cleanup

Checking the other closed Issues, I made sure my Node & pip3 version were both updated.

$ node --version
v9.7.1

$ python -V
Python 3.6.4

$ pip3 --version
pip 9.0.1 from /usr/local/lib/python3.6/site-packages (python 3.6)

Using latest Github gadget version: 10.6.58
Patcher will be using Gadget version: 10.6.58
No provision file specified, searching for one...
No provisioning files found. Please specify one or generate one by building an app.
Working with app: myapp.app
Bundle identifier is: com.me.mobile.hello
Codesigning 21 .dylib's with signature 1D200xxxxxxxxx
Code signing: libswiftMapKit.dylib
Code signing: libswiftCoreImage.dylib
Code signing: libswiftObjectiveC.dylib
Code signing: libswiftCore.dylib
Code signing: libswiftCoreGraphics.dylib
Code signing: libswiftUIKit.dylib
Code signing: libswiftMetal.dylib
Code signing: libswiftCoreData.dylib
Code signing: libswiftDispatch.dylib
Code signing: libswiftos.dylib
Code signing: libswiftCoreFoundation.dylib
Code signing: FridaGadget.dylib
Code signing: libswiftDarwin.dylib
Code signing: libswiftContacts.dylib
Code signing: libswiftQuartzCore.dylib
Code signing: libswiftCoreAudio.dylib
Code signing: libswiftAVFoundation.dylib
Code signing: libswiftFoundation.dylib
Code signing: libswiftCoreMedia.dylib
Code signing: libswiftCoreLocation.dylib
Code signing: libswiftsimd.dylib
Creating new archive with patched contents...
Codesigning patched IPA...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/objection/console/cli.py", line 205, in patchipa
    patch_ios_ipa(**locals())
  File "/usr/local/lib/python3.6/site-packages/objection/commands/mobile_packages.py", line 70, in patch_ios_ipa
    patcher.archive_and_codesign(original_name=source, codesign_signature=codesign_signature)
  File "/usr/local/lib/python3.6/site-packages/objection/utils/patchers/ios.py", line 405, in archive_and_codesign
    self.patched_ipa_path
  File "/usr/local/Cellar/python/3.6.4_3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/subprocess.py", line 461, in list2cmdline
    needquote = (" " in arg) or ("\t" in arg) or not arg
TypeError: argument of type 'NoneType' is not iterable

unable to communicate with remote frida-server

I used the command objection exploreon mac (10.12.6 (16G29)). It got me the following error:

Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/objection/console/cli.py", line 83, in explore
    device_info = get_device_info()
  File "/usr/local/lib/python3.6/site-packages/objection/commands/device.py", line 20, in get_device_info
    runner.run(hook=hook)
  File "/usr/local/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 341, in run
    session = self.get_session()
  File "/usr/local/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 282, in get_session
    return frida.get_usb_device(5).attach(state_connection.gadget_name)
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 97, in attach
    return Session(self._impl.attach(self._pid_of(target)))
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 115, in _pid_of
    return self.get_process(target).pid
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 67, in get_process
    matching = [process for process in self._impl.enumerate_processes() if fnmatch.fnmatchcase(process.name.lower(), process_name_lc)]
frida.ProtocolError: unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use

Any idea what went wrong? The versions don't match is weird because we just build the application with the tool.

Failed compile

Hi,

I tried to use Objection on HuluPlus just as a test, and it failed. I'm new to this and this method but not new to modifying apps (for Android anyway).

I was hoping you could shed some light on what is happening here. I'll include the full trace. I tried with Groupon just as a test and all went fine.

Using Gadget version: 10.6.41
Unpacking hulu.apk
App already has android.permission.INTERNET
Reading smali from: /tmp/tmprwl_cthi.apktemp/smali/com/hulu/features/splash/SplashActivity.smali
Injecting loadLibrary call at line: 22
Writing patched smali back to: /tmp/tmprwl_cthi.apktemp/smali/com/hulu/features/splash/SplashActivity.smali
Creating library path: /tmp/tmprwl_cthi.apktemp/lib/arm64
Copying Frida gadget to libs path...
Rebuilding the APK with the frida-gadget loaded...
Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:                                                          
W: /tmp/tmprwl_cthi.apktemp/AndroidManifest.xml:101: Tag <receiver> attribute name has invalid character '}'. Ignoring...                                             
W: /tmp/tmprwl_cthi.apktemp/AndroidManifest.xml:102: Tag <service> attribute name has invalid character ']'. Ignoring...                                              
W: /tmp/tmprwl_cthi.apktemp/AndroidManifest.xml:103: Tag <service> attribute name has invalid character ''. Ignoring...                                               
W: /tmp/tmprwl_cthi.apktemp/AndroidManifest.xml:116: Tag <activity> attribute name has invalid character '*'. Ignoring...                                            
W: /tmp/tmprwl_cthi.apktemp/assets/LICENSE.txt: error: File is case-insensitive equivalent to: /tmp/tmprwl_cthi.apktemp/assets/license.txt                            
Exception in thread "main" brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_3725730383723196938.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 25, --version-code, 250374, --version-name, 3.16.0.250374, --no-version-vectors, -F, /tmp/tmprwl_cthi.apktemp.objection.apk, -0, arsc, -0, arsc, -A, /tmp/tmprwl_cthi.apktemp/assets, /tmp/tmprwl_cthi.apktemp/build/apk]                                                   at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:456)                                                                                        at brut.androlib.Androlib.buildApk(Androlib.java:689)                              
at brut.androlib.Androlib.build(Androlib.java:309)                                 
at brut.androlib.Androlib.build(Androlib.java:270)                                 
at brut.apktool.Main.cmdBuild(Main.java:227)                                       
at brut.apktool.Main.main(Main.java:75)                                    
Caused by: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_3725730383723196938.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 25, --version-code, 250374, --version-name, 3.16.0.250374, --no-version-vectors, -F, /tmp/tmprwl_cthi.apktemp.objection.apk, -0, arsc, -0, arsc, -A, /tmp/tmprwl_cthi.apktemp/assets, /tmp/tmprwl_cthi.apktemp/build/apk]                 
at brut.util.OS.exec(OS.java:95)                                                   
at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:450)                                                                                        ... 5 more                                                                 

Built new APK with injected loadLibrary and frida-gadget
Signing new APK.
jarsigner: unable to open jar file: /tmp/tmprwl_cthi.apktemp.objection.apk

Signed the new APK
Performing zipalign
Zipaligning the APK may have failed. Read the following output to determine if zipalign actually had an error:                                                        Unable to open '/tmp/tmprwl_cthi.apktemp.objection.apk' as zip archive

Zipaling completed
Copying final apk from /tmp/tmprwl_cthi.apktemp.aligned.objection.apk to current directory...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1066, in invoke    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/objection/console/cli.py", line 213, in patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.5/dist-packages/objection/commands/mobile_packages.py", line 156, in patch_android_apk
    shutil.copyfile(patcher.get_patched_apk_path(), os.path.join(os.path.abspath('.'), destination))
  File "/usr/lib/python3.5/shutil.py", line 114, in copyfile
    with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmprwl_cthi.apktemp.aligned.objection.apk'
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/tmprwl_cthi.apktemp.objection.apk'

Thanks for any insight and very cool/exciting project you're working on here!

frida.ProcessNotFoundError: unable to find process with name 'Gadget'

Hi there,

I just installed frida and objection to try some iOS debugging. Unfortunately I only receive errors about closed connection and missing gadget.
I tried to google it and read all the docs but havent found anything. So hopefully I dont ask a stupid RTFM question.

I have

a jailbroken iPad with iOS 9.3.3
connected through USB cable
frida is installed through Cydia and the frida-server is running
objection is installed through pip

frida is capable to list the device

frida-ls-devices 
Id                                        Type    Name        
----------------------------------------  ------  ------------
local                                     local   Local System
581759c322bf                    tether  iOS Device  
tcp                                       remote  Local TCP

Process listening seems to work also:

frida-ps -Uai
PID  Name           Identifier                     
---  -------------  -------------------------------
994  Cydia          com.saurik.Cydia               
993  Kalender       com.apple.mobilecal            
290  Mail           com.apple.mobilemail           
941  Nachrichten    com.apple.MobileSMS            
  -  App Store      com.apple.AppStore             
...

When I try objection explore, for a dedicated process/gadget, I receive the following error:

objection -g "com.apple.Preferences" explore
Error: unable to find process with name 'com.apple.Preferences'

Even though the process exists.

When I run objection device_type I receive another issue:

objection device_type
Traceback (most recent call last):
  File "/root/virtual-python3/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/root/virtual-python3/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/root/virtual-python3/lib/python3.6/site-packages/objection/console/cli.py", line 164, in device_type
    device_name, system_name, model, system_version = get_device_info()
  File "/root/virtual-python3/lib/python3.6/site-packages/objection/commands/device.py", line 20, in get_device_info
    runner.run(hook=hook)
  File "/root/virtual-python3/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 346, in run
    session = self.get_session()
  File "/root/virtual-python3/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 281, in get_session
    return frida.get_usb_device(5).attach(state_connection.gadget_name)
  File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 97, in attach
    return Session(self._impl.attach(self._pid_of(target)))
  File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 115, in _pid_of
    return self.get_process(target).pid
  File "/root/virtual-python3/lib/python3.6/site-packages/frida/core.py", line 73, in get_process
    raise _frida.ProcessNotFoundError("unable to find process with name '%s'" % process_name)
frida.ProcessNotFoundError: unable to find process with name 'Gadget'

SSL Pinning hooks not effective

Hi Objection team.

I am part of a team that is reverse engineering the DJI GO 4 IOS application. As part of that effort, we wanted to peek inside SSL traffic. Objection looked to fit our needs. However, your SSL pinning hooks were not effective for a device running iOS 10.x

After searching, we used hooks found which we found were able to disable all SSL pinning for iOS 10.x at https://raw.githubusercontent.com/vtky/Swizzler2/master/SSLKillSwitch.js

Would appreciate if you could review your hooks and update accordingly.

Our progress and methods are documented at https://dji.retroroms.info/ if you would like to replicate/test to help you validate our results.

upload and download not working (Unknown or ambiguous command:)

Hi,

I am having issues downloading and uploading files with objection 0.1.1.

iPhone on (iPhone: 10.3.1) [usb] # env
Name                  System    Model    Version
--------------------  --------  -------  ---------
iPhone  iOS       iPhone   10.3.1

Name                           Path
-----------------------------  ------------------------------------------------------------------------------------------------------------
DocumentDirectory              /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Documents
LibraryDirectory               /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library
CachesDirectory                /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Caches
BundlePath                     /var/containers/Bundle/Application/242F786B-6916-476E-966F-EF5D9E06A448/foo.app
ApplicationDirectory           /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Applications
DemoApplicationDirectory       /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Applications/Demos
DeveloperApplicationDirectory  /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Developer/Applications
UserDirectory
CoreServiceDirectory
AutosavedInformationDirectory  /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Autosave Information
DesktopDirectory               /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Desktop
ApplicationSupportDirectory    /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Application Support
ReceiptPath                    /private/var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/StoreKit/sandboxReceipt
ResourcePath                   /var/containers/Bundle/Application/242F786B-6916-476E-966F-EF5D9E06A448/foo.app
iPhone on (iPhone: 10.3.1) [usb] # cd /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Documents
/var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Documents
iPhone on (iPhone: 10.3.1) [usb] # ls
Read Access
Write Access
Type    Perms    Read    Write    Owner    Group    Size    Creation    Name
------  -------  ------  -------  -------  -------  ------  ----------  ------
iPhone on (iPhone: 10.3.1) [usb] # upload /Users/sven/Desktop/Bsd_daemon1.jpg .
Unknown or ambiguous command: `upload /Users/sven/Desktop/Bsd_daemon1.jpg .`. Try `help upload /Users/sven/Desktop/Bsd_daemon1.jpg .`.
iPhone on (iPhone: 10.3.1) [usb] # cd /var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Caches
/var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Caches
iPhone on (iPhone: 10.3.1) [usb] # ls
Read Access
Write Access
Type                   Perms  Read    Write    Owner         Group         Size     Creation                   Name
-------------------  -------  ------  -------  ------------  ------------  -------  -------------------------  -------------------
NSFileTypeDirectory      493  False   False    mobile (501)  mobile (501)  96.0 B   2017-07-24 07:53:43 +0000  Snapshots
NSFileTypeDirectory      493  True    True     mobile (501)  mobile (501)  160.0 B  2017-07-24 07:51:35 +0000  com.foo.bar
iPhone on (iPhone: 10.3.1) [usb] # cd com.foo.bar
/var/mobile/Containers/Data/Application/8EE1B050-72C2-4341-B020-79915E0645D6/Library/Caches/com.foo.bar
iPhone on (iPhone: 10.3.1) [usb] # ls

Read Access
Write Access
Type                 Perms  Read    Write    Owner         Group         Size      Creation                   Name
-----------------  -------  ------  -------  ------------  ------------  --------  -------------------------  ------------
NSFileTypeRegular      420  True    True     mobile (501)  mobile (501)  52.0 KiB  2017-07-24 07:51:35 +0000  Cache.db
NSFileTypeRegular      420  True    True     mobile (501)  mobile (501)  32.0 KiB  2017-07-24 07:51:35 +0000  Cache.db-shm
NSFileTypeRegular      420  True    True     mobile (501)  mobile (501)  0.0 B     2017-07-24 07:51:35 +0000  Cache.db-wal
iPhone on (iPhone: 10.3.1) [usb] #
iPhone on (iPhone: 10.3.1) [usb] # download Cache.db /Users/sven/Desktop
Unknown or ambiguous command: `download Cache.db /Users/sven/Desktop`. Try `help download Cache.db /Users/sven/Desktop`.
iPhone on (iPhone: 10.3.1) [usb] #

Error: unable to find process with name 'Gadget'

Documentation mistake for 'virtual' installation - source

The documentation https://github.com/sensepost/objection/wiki/Installation mentions:

source ~/virtual-python3

On OSX this command should be:

source ~/virtual-python3/bin/activate

objection explore command get ERROR on Win10 x86_64 py3.6.0

Hi,

When i running objection.exe --gadget "com.somapp.somapp" explore i get the following error:

Process SpawnPoolWorker-1:
Traceback (most recent call last):
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\process.py", line 249, in _bootstrap
    self.run()
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\process.py", line 93, in run
    self._target(*self._args, **self._kwargs)
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\pool.py", line 108, in worker
    task = get()
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\queues.py", line 345, in get
    return _ForkingPickler.loads(res)
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\site-packages\objection\utils\__init__.py", line 57, in <module>
    Pool(processes=1).apply_async(check_version)
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\context.py", line 119, in Pool
    context=self.get_context())
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\pool.py", line 168, in __init__
    self._repopulate_pool()
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\pool.py", line 233, in _repopulate_pool
    w.start()
  File "c:\users\pwn2own\appdata\local\programs\python\python36\lib\multiprocessing\process.py", line 103, in start
    'daemonic processes are not allowed to have children'
AssertionError: daemonic processes are not allowed to have children

I totally have no idea about this and googled a few times but nothing work.
Thanks!

patchapk - error in patch

In patching one apk file, the following error trigger:

Test APK download link: https://mega.nz/#!s4JCWaQa!KrqDqb44K_54qqWiD2_JwMSTTJAeDrHLMUT7xi8cJtU

objection patchapk -s l.apk
No architecture specified. Determining it using `adb`...
Detected target device architecture as: armeabi-v7a
Using latest Github gadget version: 10.6.54
Patcher will be using Gadget version: 10.6.54
Unpacking l.apk
An error may have occured while extracting the APK.
Exception in thread "main" java.lang.IndexOutOfBoundsException
	at java.base/java.nio.ByteBuffer.wrap(ByteBuffer.java:388)
	at brut.androlib.res.decoder.StringBlock.decodeString(StringBlock.java:297)
	at brut.androlib.res.decoder.StringBlock.getString(StringBlock.java:110)
	at brut.androlib.res.decoder.StringBlock.getHTML(StringBlock.java:126)
	at brut.androlib.res.decoder.ARSCDecoder.readValue(ARSCDecoder.java:341)
	at brut.androlib.res.decoder.ARSCDecoder.readEntryData(ARSCDecoder.java:257)
	at brut.androlib.res.decoder.ARSCDecoder.readTableType(ARSCDecoder.java:233)
	at brut.androlib.res.decoder.ARSCDecoder.readTableTypeSpec(ARSCDecoder.java:156)
	at brut.androlib.res.decoder.ARSCDecoder.readTablePackage(ARSCDecoder.java:118)
	at brut.androlib.res.decoder.ARSCDecoder.readTableHeader(ARSCDecoder.java:80)
	at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:47)
	at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:599)
	at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:73)
	at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:65)
	at brut.androlib.Androlib.getResTable(Androlib.java:68)
	at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:228)
	at brut.androlib.ApkDecoder.decode(ApkDecoder.java:118)
	at brut.apktool.Main.cmdDecode(Main.java:163)
	at brut.apktool.Main.main(Main.java:72)

App already has android.permission.INTERNET
Smali not found in smali directory. This might be a multidex APK. Searching...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/objection/console/cli.py", line 219, in patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.6/site-packages/objection/commands/mobile_packages.py", line 155, in patch_android_apk
    patcher.inject_load_library()
  File "/usr/local/lib/python3.6/site-packages/objection/utils/patchers/android.py", line 496, in inject_load_library
    raise Exception('Unable to find smali to patch!')
Exception: Unable to find smali to patch!
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/dy/vrzdl9g97r383jmfvrq43fvr0000gn/T/tmpndaytecv.apktemp.objection.apk'

Android SSL Disable Pinning triggered error - Didn't find class "com.sensepost.test.TrustManager"

Hello awesome Sensepost team,

I was running objection on rooted Android phone 4.4.2 and experienced error in doing SSL Pinning on all apps.

Tested platform: Sumsung Android 4.4.2.
Tested both: USB, Network

$ objection -N -h 192.168.1.127 -g com.x.y explore

     _     _         _   _
 ___| |_  |_|___ ___| |_|_|___ ___
| . | . | | | -_|  _|  _| | . |   |
|___|___|_| |___|___|_| |_|___|_|_|
        |___|(object)inject(ion) v1.2.4

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
com.x.y on (samsung: 4.4.2) [net] # android sslpinning disable
Job: 0029b653-7642-4228-bb3c-ffa1638be7eb - Starting
[ffa1638be7eb] [java-perform-exception] java.lang.ClassNotFoundException: Didn't find class "com.sensepost.test.TrustManager" on path: DexPathList[[],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
Unloading script due to startup errors.


$ objection -g com.x.y explore

     _     _         _   _
 ___| |_  |_|___ ___| |_|_|___ ___
| . | . | | | -_|  _|  _| | . |   |
|___|___|_| |___|___|_| |_|___|_|_|
        |___|(object)inject(ion) v1.2.4

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
com.x.y on (samsung: 4.4.2) [usb] # android sslpinning disable
Job: e2e7b406-9188-4f9b-9148-58fd92f9df7f - Starting
[58fd92f9df7f] [java-perform-exception] java.lang.ClassNotFoundException: Didn't find class "com.sensepost.test.TrustManager" on path: DexPathList[[],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
Unloading script due to startup errors.

Directly running Pinning code with Frida triggered the same error.

frida -U -p 5153
     ____
    / _  |   Frida 10.6.54 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at http://www.frida.re/docs/home/
[Samsung GT-I9505::PID::5153]-> if (Java.available) {
                                    Java.perform(function() {

                                    var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
                                    var SSLContext = Java.use('javax.net.ssl.SSLContext');

                                    var TrustManager = Java.registerClass({
                                        name: 'com.sensepost.test.TrustManager',
                                        implements: [X509TrustManager],
                                        methods: {
                                            checkClientTrusted: function (chain, authType) {
                                            },
                                            checkServerTrusted: function (chain, authType) {
                                            },
                                            getAcceptedIssuers: function () {
                                                return [];
                                            }
                                        }
                                    });
                                    }
                                )};
undefined
Error: java.lang.ClassNotFoundException: Didn't find class "com.sensepost.test.TrustManager" on path: DexPathList[[],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
    at frida/node_modules/frida-java/lib/env.js:220
    at ensureClass (frida/node_modules/frida-java/lib/class-factory.js:737)
    at frida/node_modules/frida-java/lib/class-factory.js:120
    at registerClass (frida/node_modules/frida-java/lib/class-factory.js:1939)
    at [anon] (input:19)
    at frida/node_modules/frida-java/lib/vm.js:39
    at frida/node_modules/frida-java/index.js:287
    at eval (input:21)
    at eval (native)

installation issue on mac

hi
by fallowing the installation steps in mac

virtual' installation completed and while doing "pip3 install -U objection" it showing issue as in error
so have downloaded the git "git clone https://github.com/sensepost/objection.git"
then ran "pip install -r requirements.txt --user"
then am confused how to open the objection module
$objection explore
-bash: objection: command not found

am confused when am i missed

when i directly runs the "pip3 install -U objection" it showing below error
Command "/Library/Frameworks/Python.framework/Versions/3.6/bin/python3.6 -u -c "import setuptools, tokenize;file='/private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-eubc01_f/frida/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-ug5xpgoh-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-eubc01_f/frida/

please help me

python default is 2.7
newly installed is 3.6
by using the virtual installation used "pip3 install -U objection"
virtual-python3) ymac:objection apple$ pip3 install -U objection
Collecting objection
Collecting frida (from objection)
Using cached frida-10.6.21.tar.gz
Collecting jsbeautifier (from objection)
Collecting requests (from objection)
Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting tabulate (from objection)
Requirement already up-to-date: prompt-toolkit in /Users/apple/virtual-python3/lib/python3.6/site-packages (from objection)
Requirement already up-to-date: delegator.py in /Users/apple/virtual-python3/lib/python3.6/site-packages (from objection)
Collecting click (from objection)
Using cached click-6.7-py2.py3-none-any.whl
Collecting jinja2 (from objection)
Using cached Jinja2-2.10-py2.py3-none-any.whl
Requirement already up-to-date: colorama>=0.2.7 in /Users/apple/virtual-python3/lib/python3.6/site-packages (from frida->objection)
Requirement already up-to-date: pygments>=2.0.2 in /Users/apple/virtual-python3/lib/python3.6/site-packages (from frida->objection)
Collecting editorconfig>=0.12.0 (from jsbeautifier->objection)
Using cached EditorConfig-0.12.1-py3-none-any.whl
Requirement already up-to-date: six>=1.6.1 in /Users/apple/virtual-python3/lib/python3.6/site-packages (from jsbeautifier->objection)
Collecting idna<2.7,>=2.5 (from requests->objection)
Using cached idna-2.6-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests->objection)
Using cached certifi-2017.11.5-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests->objection)
Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting urllib3<1.23,>=1.21.1 (from requests->objection)
Using cached urllib3-1.22-py2.py3-none-any.whl
Requirement already up-to-date: wcwidth in /Users/apple/virtual-python3/lib/python3.6/site-packages (from prompt-toolkit->objection)
Requirement already up-to-date: pexpect>=4.1.0 in /Users/apple/virtual-python3/lib/python3.6/site-packages (from delegator.py->objection)
Collecting MarkupSafe>=0.23 (from jinja2->objection)
Requirement already up-to-date: ptyprocess>=0.5 in /Users/apple/virtual-python3/lib/python3.6/site-packages (from pexpect>=4.1.0->delegator.py->objection)
Building wheels for collected packages: frida
Running setup.py bdist_wheel for frida ... error
Complete output from command /Users/apple/virtual-python3/bin/python3 -u -c "import setuptools, tokenize;file='/private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-t_8qf4qi/frida/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/tmpmdvqjc5hpip-wheel- --python-tag cp36:
running bdist_wheel
running build
running build_py
creating build
creating build/lib.macosx-10.6-intel-3.6
creating build/lib.macosx-10.6-intel-3.6/frida
copying frida/init.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/application.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/core.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/discoverer.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/kill.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/lsd.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/ps.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/repl.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/tracer.py -> build/lib.macosx-10.6-intel-3.6/frida
running build_ext
querying pypi for available prebuilds
network query failed
looking for prebuilt extension in home directory, i.e. /Users/apple/frida-10.6.21-py3.6-macosx-10.6-intel.egg
no prebuilt extension found in home directory
error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)>

Failed building wheel for frida
Running setup.py clean for frida
Failed to build frida
Installing collected packages: frida, editorconfig, jsbeautifier, idna, certifi, chardet, urllib3, requests, tabulate, click, MarkupSafe, jinja2, objection
Running setup.py install for frida ... error
Complete output from command /Users/apple/virtual-python3/bin/python3 -u -c "import setuptools, tokenize;file='/private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-t_8qf4qi/frida/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-e8dmrzjl-record/install-record.txt --single-version-externally-managed --compile --install-headers /Users/apple/virtual-python3/bin/../include/site/python3.6/frida:
running install
running build
running build_py
creating build
creating build/lib.macosx-10.6-intel-3.6
creating build/lib.macosx-10.6-intel-3.6/frida
copying frida/init.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/application.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/core.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/discoverer.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/kill.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/lsd.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/ps.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/repl.py -> build/lib.macosx-10.6-intel-3.6/frida
copying frida/tracer.py -> build/lib.macosx-10.6-intel-3.6/frida
running build_ext
querying pypi for available prebuilds
network query failed
looking for prebuilt extension in home directory, i.e. /Users/apple/frida-10.6.21-py3.6-macosx-10.6-intel.egg
no prebuilt extension found in home directory
error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)>

Command "/Users/apple/virtual-python3/bin/python3 -u -c "import setuptools, tokenize;file='/private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-t_8qf4qi/frida/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-e8dmrzjl-record/install-record.txt --single-version-externally-managed --compile --install-headers /Users/apple/virtual-python3/bin/../include/site/python3.6/frida" failed with error code 1 in /private/var/folders/z8/vxvtd5yj0ls68c72cgyn3pr00000gn/T/pip-build-t_8qf4qi/frida/
(virtual-python3) ymac:objection apple$

Feature Request: watch-class-methods with overload selection

Would it be possible to enhance the watch-class-methods-functionality to watch only specific overloads?

Currently it watches all overloads which is somehow useless if you have an obfuscated class that has a lot of method overloads called "a" :-)

KeyChain dump missing protection class attributes when TouchID or FaceID is used for authentication

Is it possible to modify the «https://github.com/sensepost/objection/blob/master/objection/hooks/ios/keychain/dump.js» in order to list the keychain items and their attributes when TouchID or FaceID s used for authentication?

I can see that even when exported to *.json, some of the protection class attributes are not listed properly or missing completely.

MWR needle has a great example (I'm using this script currently): https://github.com/mwrlabs/needle/blob/master/needle/modules/storage/data/keychain_dump_frida.py

[Feature request] Android wildcard hooking

e.g. : android hooking watch class_method com.myApp.MyClass *

Exception: Unable to determine URL for iOS gadget download

# Tried this on Kali Linux aswell as win10. Same result on both. I'm pretty new to this, but I decided to check the source code and really had no idea. What's going on exactly? Phone is a Google Pixel on 8.0

C:\Users\calib>objection patchapk  --source C:\Users\calib\Desktop\base.apk
No architecture specified. Determining it using `adb`...
Detected the architecture as: arm64-v8a
Github FridaGadget is v10.6.7, local is v0. Updating...
Unable to determine URL to download the library
Traceback (most recent call last):
  File "C:\Users\calib\AppData\Local\Programs\Python\Python36\Scripts\objection-script.py", line 11, in <module>
    load_entry_point('objection==1.1.10', 'console_scripts', 'objection')()
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 697, in main
    rv = self.invoke(ctx)
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\objection\console\cli.py", line 181, in patchapk
    patch_android_apk(**locals())
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\objection\commands\mobile_packages.py", line 108, in patch_android_apk
    android_gadget.download() \
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\objection\utils\packages.py", line 721, in download
    download_url = self._get_download_url()
  File "c:\users\calib\appdata\local\programs\python\python36\lib\site-packages\objection\utils\packages.py", line 756, in _get_download_url
    raise Exception('Unable to determine URL for iOS gadget download.')
Exception: Unable to determine URL for iOS gadget download.

patchapk zipalign error

Command: objection patchapk -s app.apk -a x86
Gadget version: 10.7.7
Zip align error:

Copying Frida gadget to libs path...
Rebuilding the APK with the frida-gadget loaded...
Built new APK with injected loadLibrary and frida-gadget
Signing new APK.
Signed the new APK
Performing zipalign
Zipaligning the APK may have failed. Read the following output to determine if zipalign actually had an error:

ERROR: unknown flag -p
Zip alignment utility
Copyright (C) 2009 The Android Open Source Project

Usage: zipalign [-f] [-v] infile.zip outfile.zip
zipalign -c [-v] infile.zip

: alignment in bytes, e.g. '4' provides 32-bit alignment
-c: check alignment only (does not modify file)
-f: overwrite existing outfile.zip
-v: verbose output

Zipaling completed

Suggestion =]

Hi,
First of all great tool, i'm using it alot!!
Secondly, would you please add --json capability to the cookies get options? it will really help =]

And please add more features :)

great job...

Plans to support frida-server instead of gadget?

Great tool! Just wondering if there's every any plans to support funning frida-server as root instead of relying on the gadget? I see the value in using the gadget when jailbreak or root is not possible, but I would love to use the REPL with an unpatched app on a jailbroken/rooted device. Is that possible?

Patching an IPA

Getting an error when trying to patch an IPA, I double checked all the dependencies and they looked good.

Not sure if it's an issue with my IPA file or something isn't installed/configured right.

Documentation needs to be changed for 'applesign' installation

The sources for applesign are not available anymore from "npm install -g node-applesign" as mentioned by the documentation.

npm install -g node-applesign
npm ERR! Darwin 16.7.0
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "-g" "node-applesign"
npm ERR! node v6.10.2
npm ERR! npm  v3.10.10
npm ERR! code E404

npm ERR! 404 Registry returned 404 for GET on https://registry.npmjs.org/node-applesign
npm ERR! 404 
npm ERR! 404  'node-applesign' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

Instead the following should be used to install applesign:

npm install -g -S "https://github.com/nowsecure/node-applesign.git"

Python Errors

[patchapk] rebuiding apk - error | Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:

Hello awesome SensePost team,

I faced error in another APK file in rebuilding phase.

Problem APK: https://mega.nz/#!h8wiyIAR!V5okSQdKu1KkCTUGQKzxlIE706LychmkrDqXTcIXm_8

$ objection patchapk -s /temp/r.apk
objc[63892]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[63892]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
No architecture specified. Determining it using `adb`...
Detected target device architecture as: armeabi-v7a
Using Gadget version: 10.6.55
Unpacking /temp/r.apk
App already has android.permission.INTERNET
Reading smali from: /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/smali/com/redmart/redmart/usecases/start/StartActivity.smali
Injecting into an existing constructor
Injecting loadLibrary call at line: 40
Writing patched smali back to: /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/smali/com/redmart/redmart/usecases/start/StartActivity.smali
Copying Frida gadget to libs path...
Rebuilding the APK with the frida-gadget loaded...
Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:

W: /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/res/values-v24/styles.xml:7: error: Error retrieving parent for item: No resource found that matches the given name '@android:style/Animation.OptionsPanel'.
W:
W: /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/res/values-v24/styles.xml:8: error: Error retrieving parent for item: No resource found that matches the given name '@android:style/Animation.LockScreen'.
W:
Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/brut_util_Jar_1783797410346703816.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 22, --version-code, 198, --version-name, 2.5.37.3463, --no-version-vectors, -F, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/APKTOOL4684494251419083774.tmp, -0, arsc, -0, META-INF/services/com.fasterxml.jackson.core.JsonFactory, -0, META-INF/services/com.fasterxml.jackson.core.ObjectCodec, -0, arsc, -I, /Users/user/Library/apktool/framework/1.apk, -S, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/res, -M, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/AndroidManifest.xml]
	at brut.androlib.Androlib.buildResourcesFull(Androlib.java:492)
	at brut.androlib.Androlib.buildResources(Androlib.java:426)
	at brut.androlib.Androlib.build(Androlib.java:305)
	at brut.androlib.Androlib.build(Androlib.java:270)
	at brut.apktool.Main.cmdBuild(Main.java:227)
	at brut.apktool.Main.main(Main.java:75)
Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/brut_util_Jar_1783797410346703816.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 22, --version-code, 198, --version-name, 2.5.37.3463, --no-version-vectors, -F, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/APKTOOL4684494251419083774.tmp, -0, arsc, -0, META-INF/services/com.fasterxml.jackson.core.JsonFactory, -0, META-INF/services/com.fasterxml.jackson.core.ObjectCodec, -0, arsc, -I, /Users/user/Library/apktool/framework/1.apk, -S, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/res, -M, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/AndroidManifest.xml]
	at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:456)
	at brut.androlib.Androlib.buildResourcesFull(Androlib.java:478)
	... 5 more
Caused by: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/brut_util_Jar_1783797410346703816.tmp, p, --forced-package-id, 127, --min-sdk-version, 15, --target-sdk-version, 22, --version-code, 198, --version-name, 2.5.37.3463, --no-version-vectors, -F, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/APKTOOL4684494251419083774.tmp, -0, arsc, -0, META-INF/services/com.fasterxml.jackson.core.JsonFactory, -0, META-INF/services/com.fasterxml.jackson.core.ObjectCodec, -0, arsc, -I, /Users/user/Library/apktool/framework/1.apk, -S, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/res, -M, /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp/AndroidManifest.xml]
	at brut.util.OS.exec(OS.java:95)
	at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:450)
	... 6 more

Built new APK with injected loadLibrary and frida-gadget
Signing new APK.
jarsigner: unable to open jar file: /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp.objection.apk

Signed the new APK
Performing zipalign
Zipaligning the APK may have failed. Read the following output to determine if zipalign actually had an error:

Unable to open '/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp.objection.apk' as zip archive

Zipaling completed
Copying final apk from /var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp.aligned.objection.apk to current directory...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/objection/console/cli.py", line 213, in patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.6/site-packages/objection/commands/mobile_packages.py", line 156, in patch_android_apk
    shutil.copyfile(patcher.get_patched_apk_path(), os.path.join(os.path.abspath('.'), destination))
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/shutil.py", line 120, in copyfile
    with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp.aligned.objection.apk'
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/4p/6jcgwmts2dl5j6zjc2zj0scm0000gn/T/tmpn3o7sld1.apktemp.objection.apk'

Bypassing Network Security Configuration in Android 7

Is it possible to bypass the network security configuration in Android 7 with objection? Currently, there are a two approaches (as described here) to achieve this, but it would be quite convenient to be able to do the same within objection or in the process of patching the app via objection patchapk .

I ask this question mainly because in the same article linked above, there is a section called "Hooking on runtime" which shows how to perform this bypass in frida, so I thought it might be possible to do it in objection.

Screenshot not working

I've tested the screenshot feature in both iOS 10.1.1 and iOS 9.3.3 and is not working in neither of those;

The objection message is:

kim.cracksby.yalu102 on (iPhone: 10.1.1) [usb] # ios ui screenshot "asdf.png"

An exception occurred while processing the command. If this looks like a code related error, please file a bug report!
Error: write() argument must be str, not bytes

In fact I tested just the frida-script and it returns some kind of blank image that still has the correct size. On iOS 9.3.3 after base64 encoding the image is something like:

iVBORw0KGgoAAAANSUhEUgAAAoAAAAPACAYAAACl4sj7AAAAAXNSR0IArs4c6QAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAABxpRE9UAAAAAgAAAAAAAAHgAAAAKAAAAeAAAAHgAAAVPDOQ+S4AABUISURBVHgB7NABDQAAAMKg909tDjeIQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgIGPgQEAAP//93ui4gAAFQZJREFU7dABDQAAAMKg909tDjeIQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgIGPgQGF6wABXxH2vwAAAABJRU5ErkJggg==

You can test the code returned after base64 encode in codebeautify/base64-to-image-converter

Undocumented Windows Dependencies

Hi,

The 'installation' prereqs section on the wiki lists 'python version 3.3+' as the only real prerequisite.

However, it appears that objection/utils/packages.py expects 'which' to be available on the local system in order to locate all of the Android dependencies (aapt, apktool, etc).

It's possible to use objection on Windows by commenting out the dependency-checking section and manually specifying each tool's location, or by installing an environment that provides 'which'. It may be worth stating this explicitly in the documentation so Windows users with unmodified command-line environments will be able to figure out what they're missing.

When patching an IPA which name is patched.ipa, the output is named "tched-frida-codesigned.ipa" (first two letters missing)

I'm not sure what's happening there, but I just noticed that if I provide an IPA named "patched.ipa" the objection patchipa output is missing the first two letters:

objection patchipa --source patched.ipa --codesign-signature XXXXXXX -p embedded.mobileprovision

output:

tched-frida-codesigned.ipa

objection run issue

installed objection tools on mac by "pip3 install -U objection"

while accessing the tool "objection --help" it showing some error message as below python 3.6 was installed

(virtual-python3) ymac:objection apple$ objection --help

Failed to load the Frida native extension: dlopen(/Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so, 2): Symbol not found: ___strlcpy_chk
Referenced from: /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so
Expected in: /usr/lib/libSystem.B.dylib
in /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so
Please ensure that the extension was compiled for Python 3.x.

Traceback (most recent call last):
File "/Users/apple/virtual-python3/bin/objection", line 7, in
from objection.console.cli import cli
File "/Users/apple/virtual-python3/lib/python3.6/site-packages/objection/console/cli.py", line 2, in
import frida
File "/Users/apple/virtual-python3/lib/python3.6/site-packages/frida/init.py", line 26, in
raise ex
File "/Users/apple/virtual-python3/lib/python3.6/site-packages/frida/init.py", line 6, in
import _frida
ImportError: dlopen(/Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so, 2): Symbol not found: ___strlcpy_chk
Referenced from: /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so
Expected in: /usr/lib/libSystem.B.dylib
in /Users/apple/virtual-python3/lib/python3.6/site-packages/_frida.cpython-36m-darwin.so

Unicode path handling

Yet another path-related bug. Non-ASCII characters in the name of the app bundle appear to cause gruesome issues with insert_dylib. I can try and dig into this further - as a quick workaround, I've found extracting the .ipa, renaming the offending .app folder and binary, and updating the Info.plist to have an ASCII-only name will allow the process to work.

NetSPI:Desktop netspi$ objection patchipa -s unicode.ipa -c XXXXXXXX
Using Gadget version: 10.5.1
<snip>
Working with app: Test┬«ΓÇá┬╡╦Ü┬¼.app
Bundle identifier is: XXXXXXX.test
Injecting the load library to /var/folders/1k/mw7w1kfd4c96jkvkw5mp3qfm0000gn/T/Payload/Test┬«ΓÇá┬╡╦Ü┬¼.app/Test®†µ˚¬ might have failed.

/var/folders/1k/mw7w1kfd4c96jkvkw5mp3qfm0000gn/T/Payload/Test┬«ΓÇá┬╡╦Ü┬¼.app/Test®†µ˚¬: No such file or directory

Codesigning 11 .dylib's with signature XXXXXXXXX
Code signing: libswiftRemoteMirror.dylib
Code signing: FridaGadget.dylib
Code signing: libswiftCore.dylib
Code signing: libswiftCoreGraphics.dylib
Code signing: libswiftCoreImage.dylib
Code signing: libswiftDarwin.dylib
Code signing: libswiftDispatch.dylib
Code signing: libswiftFoundation.dylib
Code signing: libswiftObjectiveC.dylib
Code signing: libswiftQuartzCore.dylib
Code signing: libswiftUIKit.dylib
Creating new archive with patched contents...
Codesigning patched IPA...

Copying final ipa from /var/folders/1k/mw7w1kfd4c96jkvkw5mp3qfm0000gn/T/unicode-frida-codesigned.ipa to current directory...
Cleaning up temp files...

App crashing on run

Run through patch, everything went smoothly. No errors, nice .apk... Until I run it on my device

"Linkedin keeps stopping" - closes automatically

App: LinkedIn (latest apk)
Device: Samsung Galaxy S7 Edge
Version: Android 7.0

Also tried with an older LinkedIn ipa build on iPhone 7 and wouldn't open there either. /:

Failure to unpack apk

This error keeps occuring when trying to unpack an apk, it seems that objection is looking for a randomised apk name but apktool generates an apk called 1.apk so objection can't find it.

Don't know if something changed but this has only just started happening when I recently installed the latest version of objection.

Tested with apktool v2.3.2 and v2.3.1 still the same issue

[Fatal Error] AndroidManifest.xml:1:1: Content is not allowed in prolog.

Hi,
I am getting the below message and i am using kali linux has anyone else had this issue or know how to fix it please.Thanks

Rebuilding the APK with the frida-gadget loaded...
Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:

[Fatal Error] AndroidManifest.xml:1:1: Content is not allowed in prolog.

Timeout while using objection

Hi,

we just repackaged an IPA and installed it via ios-deploy:

ios-deploy --bundle Payload/XXX.app -W -d

The app is starting on the non-jailbroken phone and objection is also identifying the app

➜  ~ frids-ps -U
zsh: command not found: frids-ps
➜  ~ frida-ps -U
PID  Name
---  ------
467  Gadget
➜  ~ objection explore

     _     _         _   _
 ___| |_  |_|___ ___| |_|_|___ ___
| . | . | | | -_|  _|  _| | . |   |
|___|___|_| |___|___|_| |_|___|_|_|
        |___|(object)inject(ion) v1.1.4

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
com.empty.awesome on (iPhone: 10.3.1) [usb] # env

Name                           Path
-----------------------------  ------------------------------------------------------------------------------------------------------------
DocumentDirectory              /var/mobile/Containers/Data/Application/1A1714A9-8F70-49BF-9ED0-AA400DD34391/Documents
LibraryDirectory               /var/mobile/Containers/Data/Application/1A1714A9-8F70-49BF-9ED0-AA400DD34391/Library
CachesDirectory                /var/mobile/Containers/Data/Application/1A1714A9-8F70-49BF-9ED0-AA400DD34391/Library/Caches
...

But if I want to navigate or make a 'ls' I get a timeout. Any idea why this is happening?

com.empty.awesome on (iPhone: 10.3.1) [usb] # cd /var/mobile/Containers/Data/Application/1A1714A9-8F70-49BF-9ED0-AA400DD34391/Documents
Exception in thread Thread-9:
Traceback (most recent call last):
  File "/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/sven/Library/Python/3.6/lib/python/site-packages/prompt_toolkit/interface.py", line 865, in run
    completions = list(buffer.completer.get_completions(document, complete_event))
  File "/usr/local/lib/python3.6/site-packages/objection/console/completer.py", line 103, in get_completions
    commands.update(self.find_completions(document))
  File "/usr/local/lib/python3.6/site-packages/objection/console/completer.py", line 65, in find_completions
    current_suggestions = current_suggestions[candidate]['dynamic']()
  File "/usr/local/lib/python3.6/site-packages/objection/commands/filemanager.py", line 852, in list_folders_in_current_fm_directory
    response = _get_short_ios_listing()
  File "/usr/local/lib/python3.6/site-packages/objection/commands/filemanager.py", line 761, in _get_short_ios_listing
    runner.run()
  File "/usr/local/lib/python3.6/site-packages/objection/utils/frida_transport.py", line 327, in run
    script.load()
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 300, in load
    self._impl.load()
frida.TransportError: timeout was reached

/var/mobile/Containers/Data/Application/1A1714A9-8F70-49BF-9ED0-AA400DD34391/Documents

Error occured while extracting the APK.

root@xxx:~# objection patchapk -s com.mimikko.mimikkoui_1.8.6_29.apk --architecture arm64-v8a
Using latest Github gadget version: 10.6.54
Patcher will be using Gadget version: 10.6.54
Unpacking com.mimikko.mimikkoui_1.8.6_29.apk
An error may have occured while extracting the APK.
Exception in thread "main" java.lang.NullPointerException
	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1792)
	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
	at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
	at brut.androlib.res.AndrolibResources.getFrameworkApk(AndrolibResources.java:570)
	at brut.androlib.res.AndrolibResources.loadFrameworkPkg(AndrolibResources.java:112)
	at brut.androlib.res.data.ResTable.getPackage(ResTable.java:82)
	at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:65)
	at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:61)
	at brut.androlib.res.decoder.ResAttrDecoder.decode(ResAttrDecoder.java:39)
	at brut.androlib.res.decoder.AXmlResourceParser.getAttributeValue(AXmlResourceParser.java:369)
	at org.xmlpull.v1.wrapper.classic.XmlPullParserDelegate.getAttributeValue(XmlPullParserDelegate.java:69)
	at brut.androlib.res.decoder.XmlPullStreamDecoder$1.parseManifest(XmlPullStreamDecoder.java:97)
	at brut.androlib.res.decoder.XmlPullStreamDecoder$1.event(XmlPullStreamDecoder.java:65)
	at brut.androlib.res.decoder.XmlPullStreamDecoder.decode(XmlPullStreamDecoder.java:141)
	at brut.androlib.res.decoder.XmlPullStreamDecoder.decodeManifest(XmlPullStreamDecoder.java:153)
	at brut.androlib.res.decoder.ResFileDecoder.decodeManifest(ResFileDecoder.java:140)
	at brut.androlib.res.AndrolibResources.decodeManifestWithResources(AndrolibResources.java:199)
	at brut.androlib.Androlib.decodeManifestWithResources(Androlib.java:140)
	at brut.androlib.ApkDecoder.decode(ApkDecoder.java:100)
	at brut.apktool.Main.cmdDecode(Main.java:165)
	at brut.apktool.Main.main(Main.java:81)

App already has android.permission.INTERNET
Smali not found in smali directory. This might be a multidex APK. Searching...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/objection/console/cli.py", line 219, in patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.5/dist-packages/objection/commands/mobile_packages.py", line 155, in patch_android_apk
    patcher.inject_load_library()
  File "/usr/local/lib/python3.5/dist-packages/objection/utils/patchers/android.py", line 496, in inject_load_library
    raise Exception('Unable to find smali to patch!')
Exception: Unable to find smali to patch!
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/tmpqavggvwl.apktemp.objection.apk

I am not sure what happened to this app. Do you need this apk?

Able to work in jailbroken device?

If an App installed on JB device, does it require patching the app?
Could two patched app installed at the same time? I did not where to specify the app name. Did I miss anything?

Documentation recommends using Python 3.3+ while specific functions used are only available from Python 3.4+

The documentation https://github.com/sensepost/objection/wiki/Installation mentions:

python version 3.3+

File "./objection/utils/packages.py", line 466, in set_application_binary:

    info_plist = plistlib.load(f)

From Python documentation (https://docs.python.org/3/library/plistlib.html):

plistlib.load(fp, *, fmt=None, use_builtin_types=True, dict_type=dict)
Read a plist file. fp should be a readable and binary file object. Return the unpacked root object (which usually is a dictionary).
[...]
New in version 3.4.

As a result objection crashes when using plistlib.load with Python 3.3.

Documentation should be updated to mention Python 3.4+ requirement or code must be changed to be compatible with Python 3.3.

App crash on startup (32-bit instead of 64-bit)

$ adb shell getprop ro.product.cpu.abi
arm64-v8a

logcat output:

04-23 03:04:51.817 21559 21636 E AndroidRuntime: FATAL EXCEPTION: Thread-16
04-23 03:04:51.817 21559 21636 E AndroidRuntime: Process: com.stockon, PID: 21559
04-23 03:04:51.817 21559 21636 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dlopen failed: "/data/data/com.stockon/lib-main/libgnustl_shared.so" is 32-bit instead of 64-bit
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at java.lang.Runtime.load0(Runtime.java:897)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at java.lang.System.load(System.java:1542)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibraryFrom(DirectorySoSource.java:71)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibrary(DirectorySoSource.java:42)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.SoLoader.loadLibraryBySoName(SoLoader.java:299)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibraryFrom(DirectorySoSource.java:65)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibrary(DirectorySoSource.java:42)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.SoLoader.loadLibraryBySoName(SoLoader.java:299)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibraryFrom(DirectorySoSource.java:65)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibrary(DirectorySoSource.java:42)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.SoLoader.loadLibraryBySoName(SoLoader.java:299)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibraryFrom(DirectorySoSource.java:65)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.DirectorySoSource.loadLibrary(DirectorySoSource.java:42)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.SoLoader.loadLibraryBySoName(SoLoader.java:299)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.soloader.SoLoader.loadLibrary(SoLoader.java:247)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.react.bridge.ReactBridge.staticInit(ReactBridge.java:20)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.react.bridge.NativeMap.<clinit>(NativeMap.java:21)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.react.bridge.JSCJavaScriptExecutorFactory.create(JSCJavaScriptExecutorFactory.java:23)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at com.facebook.react.ReactInstanceManager$5.run(ReactInstanceManager.java:921)
04-23 03:04:51.817 21559 21636 E AndroidRuntime: 	at java.lang.Thread.run(Thread.java:762)

I've tried compiling it with --architecture armeabi, but that gives me a different logcat error:

04-23 04:18:23.959   970   970 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.stockon-1/base.apk"],nativeLibraryDirectories=[/data/app/com.stockon-1/lib/arm, /data/app/com.stockon-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]] couldn't find "libfrida-gadget.so"

any suggestions?

ps. I love this software, it totally worked for another app that I've tried, no errors, no glitches

frida.ProcessNotFoundError: unable to find process with name 'Gadget'

when i use it, command:objection device_type
error occurred：
frida.ProcessNotFoundError: unable to find process with name 'Gadget'

Failed to determine device type !

So I installed objection (pip install objection) , installed virtualenv (and all the prequesites)
ran : objection --gadget frida-server explore
and everytime I get failed to determine device type, I'm on windows 7 if that means anything.

frida-ps -U works well so it's not from frida

(C:\Users\CARBON\Anaconda3) C:\Windows\system32>objection
Usage: objection [OPTIONS] COMMAND [ARGS]...

       _     _         _   _
   ___| |_  |_|___ ___| |_|_|___ ___
  | . | . | | | -_|  _|  _| | . |   |
  |___|___|_| |___|___|_| |_|___|_|_|
          |___|(object)inject(ion)

       Runtime Mobile Exploration
          by: @leonjza from @sensepost

  By default, communications will happen over USB, unless the --network
  option is provided.

Options:
  -N, --network       Connect using a network connection instead of USB.
                      [default: False]
  -h, --host TEXT     [default: 127.0.0.1]
  -p, --port INTEGER  [default: 27042]
  -g, --gadget TEXT   Name of the Frida Gadget/Process to connect to.
                      [default: Gadget]
  --help              Show this message and exit.

Commands:
  device_type  Get information about an attached device.
  explore      Start the objection exploration REPL.
  patchapk     Patch an APK with the frida-gadget.so.
  patchipa     Patch an IPA with the FridaGadget dylib.
  run          Run a single objection command.
  version      Prints the current version and exists.

(C:\Users\CARBON\Anaconda3) C:\Windows\system32>objection --gadget frida-server
device_type
[hook failure] Unknown Platform
Failed to determine device type!
Traceback (most recent call last):
  File "c:\users\carbon\anaconda3\lib\runpy.py", line 193, in _run_module_as_mai
n
    "__main__", mod_spec)
  File "c:\users\carbon\anaconda3\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\CARBON\Anaconda3\Scripts\objection.exe\__main__.py", line 9, in
 <module>
  File "c:\users\carbon\anaconda3\lib\site-packages\click\core.py", line 722, in
 __call__
    return self.main(*args, **kwargs)
  File "c:\users\carbon\anaconda3\lib\site-packages\click\core.py", line 697, in
 main
    rv = self.invoke(ctx)
  File "c:\users\carbon\anaconda3\lib\site-packages\click\core.py", line 1066, i
n invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "c:\users\carbon\anaconda3\lib\site-packages\click\core.py", line 895, in
 invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\carbon\anaconda3\lib\site-packages\click\core.py", line 535, in
 invoke
    return callback(*args, **kwargs)
  File "c:\users\carbon\anaconda3\lib\site-packages\objection\console\cli.py", l
ine 145, in device_type
    device_name, system_name, model, system_version = get_device_info()
  File "c:\users\carbon\anaconda3\lib\site-packages\objection\commands\device.py
", line 28, in get_device_info
    raise Exception(msg)
Exception: Failed to determine device type!

Error on connecting to server running on emulator

I have used following command to connect to the server running inside an emulator, but an error occurs:

$ adb forward tcp:27042 tcp:27042
$ objection -N explore
Error: unable to connect to remote frida-server: Error receiving data: An existing connection was forcibly closed by the remote host.

maybe useful:

$ objection  device_type
Traceback (most recent call last):
  File "c:\python3\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\python3\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Python3\Scripts\objection.exe\__main__.py", line 9, in <module>
  File "c:\python3\lib\site-packages\click\core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "c:\python3\lib\site-packages\click\core.py", line 697, in main
    rv = self.invoke(ctx)
  File "c:\python3\lib\site-packages\click\core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "c:\python3\lib\site-packages\click\core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\python3\lib\site-packages\click\core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "c:\python3\lib\site-packages\objection\console\cli.py", line 164, in device_type
    device_name, system_name, model, system_version = get_device_info()
  File "c:\python3\lib\site-packages\objection\commands\device.py", line 20, in get_device_info
    runner.run(hook=hook)
  File "c:\python3\lib\site-packages\objection\utils\frida_transport.py", line 346, in run
    session = self.get_session()
  File "c:\python3\lib\site-packages\objection\utils\frida_transport.py", line 281, in get_session
    return frida.get_usb_device(5).attach(state_connection.gadget_name)
  File "c:\python3\lib\site-packages\frida\core.py", line 97, in attach
    return Session(self._impl.attach(self._pid_of(target)))
  File "c:\python3\lib\site-packages\frida\core.py", line 115, in _pid_of
    return self.get_process(target).pid
  File "c:\python3\lib\site-packages\frida\core.py", line 67, in get_process
    matching = [process for process in self._impl.enumerate_processes() if fnmatch.fnmatchcase(process.name.lower(), process_name_lc)]
frida.ServerNotRunningError: unable to connect to remote frida-server: closed

and I'm using windows 7

launchable-activity-Check from aapt not 100% valid?

There is a check for the launchable active in the code, that checks for "launchable-activity". Thats why I always get the error "Unable to determine the launchable activity using aapt"

The Code has a comment:

['launchable-activity: name=', 'com.app.activity', ' label=', 'bob']

But the actual line by aapt dump badging is:

launchable activity name='com.app.activity'label='bob' icon=''

Support scheduling jobs with spawn

Just something that I have been think about that would be an awesome addition.

Currently frida.attach is being used to get a session. This automatically resumes the application when frida connects.

Adding the ability to start objection in spawn mode, where only jobs can be queued/loaded will allow for some cool hooks. Such as root detection bypasses, better disabling of certificate pinning, preventing setting of FLAG_SECURE, etc.

Playing around with this at the moment, but might require some hectic refactoring. Any suggestions on how to integrate this into the REPL/CLI?

Kali Linux 2017.2 - install fail

Hello,
using Kali Linux 2017.2

root@kaliOS:~# pip install objection
Collecting objection
Could not find a version that satisfies the requirement objection (from versions: )
No matching distribution found for objection

Installed python packages:
list.txt

did git clone https://github.com/sensepost/objection

root@kaliOS:~# pip install /root/objection/
Processing ./objection
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-lOwQdW-build/setup.py", line 8
def _package_files(directory: str, suffix: str) -> list:
^
SyntaxError: invalid syntax

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-lOwQdW-build/

How to fix this ?
Thanks

TypeError: string indices must be integers

Hi,

thanks for this amazing tool. When trying to "download" or "ios plist cat" a file I am only getting this error on iOS 10.3.1 (I write download, press space and then this error is triggered):

iPhone on (iPhone: 10.3.1) [usb] # download Exception in thread Thread-201:
Traceback (most recent call last):
  File "/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/sven/virtual-python3/lib/python3.6/site-packages/prompt_toolkit/interface.py", line 860, in run
    completions = list(buffer.completer.get_completions(document, complete_event))
  File "/Users/sven/virtual-python3/lib/python3.6/site-packages/objection/console/completer.py", line 115, in get_completions
    meta = extra['meta'] if 'meta' in extra else None
TypeError: string indices must be integers

With Python 3.6.1

(virtual-python3) ➜  objection python -V
Python 3.6.1

APK installation error: INSTALL_PARSE_FAILED_NO_CERTIFICATES

I created the modified apk with:
# objection patchapk --source com.myapk.apk --architecture arm64-v8a

Then I tried to install the apk with:
# adb install modified_apk.apk

However I receive the following error:
Failed to install modified_apk.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates from /data/app/vmdl710965881.tmp/base.apk: Attempt to get length of null array]

Any idea's how to fix this? I also tried to manually sign it again with the following tool:
https://github.com/appium/sign
The command I used:
# java -jar sign.jar modified_apk.apk

Code signing failed

MacOS 10.13.3

IPA = DVIA.ipa
http://damnvulnerableiosapp.com/?paiddownloads_id=11

$ pip3.6 show objection
Name: objection
Version: 1.2.4

$ npm list -g --depth=0
/usr/local/lib
├── [email protected]
[...]

$ objection patchipa -s "/Users/XXX/DVIA.ipa" -c XXXYYYZZZ
objc[92749]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[92749]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
Using latest Github gadget version: 10.6.53
Patcher will be using Gadget version: 10.6.53
No provision file specified, searching for one...
Found provision file /Users/XXX/Library/Developer/Xcode/DerivedData/YYYY1-elizruhxoinlpjarbzfeauucavdp/Build/Products/Debug-iphoneos/YYYY1.app/embedded.mobileprovision expiring in 6 days, 12:02:41.160930
Found provision file /Users/XXX/Library/Developer/Xcode/DerivedData/YYYY2-axmclaoqvldmvpfandfjkjhkasbl/Build/Products/Debug-iphoneos/YYYY2.app/embedded.mobileprovision expiring in 6 days, 12:10:26.160930
Found a valid provisioning profile
Working with app: DamnVulnerableIOSApp.app
Bundle identifier is: com.highaltitudehacks.dvia
Creating Frameworks directory for FridaGadget...
Codesigning 1 .dylib's with signature XXXYYYZZZ
Code signing: FridaGadget.dylib
Creating new archive with patched contents...
Codesigning patched IPA...
Cannot find entitlements in binary. Using defaults
/var/folders/50/7j5rhs4n4tq9hw9mjm2yntg40000gn/T/DVIA-frida.ipa.43fc6a5a-6013-4f9f-b3cb-909c6450fe23/Payload/DamnVulnerableIOSApp.app 120x120.png [TypeError: Buffer.alloc is not a function]
TypeError: Buffer.alloc is not a function
Cannot find any MACH0 binary to sign
Cannot find any MACH0 binary to sign undefined
[TypeError: Buffer.alloc is not a function] undefined

Copying final ipa from /var/folders/50/7j5rhs4n4tq9hw9mjm2yntg40000gn/T/DVIA-frida-codesigned.ipa to current directory...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/objection/console/cli.py", line 195, in patchipa
    patch_ios_ipa(**locals())
  File "/usr/local/lib/python3.6/site-packages/objection/commands/mobile_packages.py", line 75, in patch_ios_ipa
    os.path.join(os.path.abspath('.'), os.path.basename(patcher.get_patched_ipa_path())))
  File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/shutil.py", line 120, in copyfile
    with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/var/folders/50/7j5rhs4n4tq9hw9mjm2yntg40000gn/T/DVIA-frida-codesigned.ipa'
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/50/7j5rhs4n4tq9hw9mjm2yntg40000gn/T/DVIA-frida-codesigned.ipa'

I have tried with multiple apps, still got the similar errors during the signing process. I pulled the unencrypted IPAs using Clutch2. Are there any further requirement on input IPA?

I/O error unable to write directory

frida

Failed to load the Frida native extension: Can't extract file(s) to egg cache

The following error occurred while trying to extract file(s)
to the Python egg cache:

[Errno 5] Input/output error

The Python egg cache directory is currently set to:

/root/.cache/Python-Eggs

Perhaps your account does not have write access to this directory?
You can change the cache directory by setting the PYTHON_EGG_CACHE
environment variable to point to an accessible directory.

Please ensure that the extension was compiled for Python 3.x.