Skip to content

MASTG-TOOL-0029: objection for Android

Objection's pip/PyPI package is outdated and not Frida 17+ compliant

You can keep using Objection with Frida 17+ by installing it from the source repo's master branch. See Development Environment Installation.

Once a new release exists and is made available on the Python Package Index (PyPI), you can install it using pip.

Objection offers several features specific to Android. You can find the full list of features on the project's page, but here are a few interesting ones:

  • Repackage applications to include the Frida gadget
  • Disable SSL pinning for popular methods
  • Access application storage to download or upload files
  • Execute custom Frida scripts
  • List the Activities, Services, and Broadcast receivers
  • Start Activities
  • Detect implicit intents

If you have a rooted device with frida-server installed, Objection can connect directly to the running Frida server to provide all its functionality without needing to repackage the application. However, it is not always possible to root an Android device, or the app may contain advanced RASP controls for root detection, so injecting a frida-gadget may be the easiest way to bypass those controls.

The ability to perform advanced dynamic analysis on non-rooted devices is one of the features that makes Objection incredibly useful. After following the repackaging process ( Repackaging & Re-Signing), you will be able to run all the aforementioned commands, which make it very easy to quickly analyze an application or bypass basic security controls.

Using Objection on Android

Starting up Objection depends on whether you've patched the APK or whether you are using a rooted device running Frida-server. For running a patched APK, either the foreground process -f or Gadget should be specified -n Gadget. Whereas when using frida-server, you need to specify which application you want to attach to or spawn.

# Connecting to a patched APK
objection -f explore

# Using Frida-server
# Find the correct name using frida-ps
$ frida-ps -Ua | grep -i telegram
30268  Telegram                               org.telegram.messenger

# Connecting to the Telegram app through Frida-server
$ objection -n "Telegram" start
# Alternatively use the process ID (PID)
$ objection -n 30268 start

# Objection can also spawn the app through Frida-server using the application identifier / package name
$ objection -s -n "org.telegram.messenger"
... [usb] resume

# Alternatively with "no pause"
$ objection -s -p -n "org.telegram.messenger"

Once you are in the Objection REPL, you can execute any of the available commands. Below is an overview of some of the most useful ones:

# Show the different storage locations belonging to the app
$ env

# Disable popular SSL pinning methods
$ android sslpinning disable

# List items in the keystore
$ android keystore list

# Try to circumvent root detection
$ android root disable

More information on using the Objection REPL can be found on the Objection Wiki