What I loved most about your video is that you didn't just go on to show what works, but you also showed errors that we might encounter and how we could tackle them. Thanks a million.
Thank you man you are the best it really helped me understand it i think you are the only person on youtube that could show me it like that really appreciate it
followed all the steps, got the agent injected, but still seeing the "some error occurred try again" type of problem , why ? btw i did that on a revolut app version 7.30.3
Do you know how to bypass ssl pinning by modifying TLS SSL hand shake without having to install a server or inject the frida gadget in the app with objection I need that method
@@rhen4610 what do you mean by that would it require having access to the app before installation on the device or would it be while the app is already installed on the device
I did this and it worked perfectly but when I upload the patched app in my phone it keeps crashing is this because the app recognizes it has been modified and crashes and is there any way to fix this? A reply as quick as possible is appreciated as I am in a rush thank you in advance.
I don't think I have ever had this issue before, but it could be due to some anti-tampering protections on the app, which take some more extensive research to figure out how to bypass. I did find these two threads on github that might have some comments that could be helpful. github.com/sensepost/objection/issues/64 github.com/sensepost/objection/issues/119
@@CorSecure Hey I used a separate tool to manage the split apks and combined them into one and saved it. The tools known for handling objection split apk files so after that I used the objection command on the new combined apk file and I keep getting this error and I have no idea how to fix it I looked online everywhere and couldn't find a place where the issue was solved this was the command and output: objection patchapk -s SAVE_APK No architecture specified. Determining it using `adb`... Detected target device architecture as: arm64-v8a Using latest Github gadget version: 16.1.3 Patcher will be using Gadget version: 16.1.3 Detected apktool version as: 2.8.1 Running apktool empty-framework-dir... I: Removing 1.apk framework file... Unpacking SAVE_APK App already has android.permission.INTERNET Target class not specified, searching for launchable activity instead... Reading smali from: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali Injecting loadLibrary call at line: 16 Attempting to fix the constructors .locals count Current locals value is 0, updating to 1: Writing patched smali back to: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali Copying Frida gadget to libs path... Rebuilding the APK with the frida-gadget loaded... Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:
../../../tmp/tmpezqieai3.apktemp/smali_assets/javax/annotation/Nonnull.smali[29,20] Class Ljavax/annotation/Nonnull; has already been interned Could not smali file: javax/annotation/Nonnull.smali
Built new APK with injected loadLibrary and frida-gadget Performing zipalign Zipalign completed Signing new APK. Signed the new APK Copying final apk from /tmp/tmpezqieai3.apktemp.aligned.objection.apk to SAVE_APK in current directory... Cleaning up temp files...
when i type patch apk etc instead of giving me the error it gave you it said "Failed to determine architecture. Is the device connected or authorized?" what's that mean
@@songlyrics1944 do you have your phone or emulator connected over USB? that error most likely means that it can't find your device with ADB. you need to have USB debugging enabled and have it connected over USB.
You need to use the option -a and giving the architecture as an argument. For example objection patchapk -s filename.apk -a x86 or objection patchapk -s filename.apk -a x86_64 The value of the argument depends on the target architecture. For me it is x86_64 since my android emulator used this architecture. Hope that helps you and others that stumble upon the same issue.
I don't have a lot of experience working with multiple devices connected at the same time, but I believe the -S or --serial flag should work for that. You should be able to run adb devices to get the identifier for the device you are working with and then add -S and that identifier to your command.
Most of the apps I work with either come from the Play Store or are provided in APK format, so I don't have a lot of experience working with XAPKs. My best suggestion would be to convert the XAPK to an APK and then proceed with the normal process using that APK. I found this website that has some instructions for XAPK conversion: openxapkfile.net/convert-xapk-to-apk.html And I also found this standalone Python script to convert an XAPK to an APK: github.com/LuigiVampa92/xapk-to-apk Like I said, I don't have a lot of experience working with XAPKs, so I haven't really looked into either of these methods. These were just some options that came up from some initial research. I may end up making a video about working with XAPKs in the future after I learn more about them. I hope this helps!
@@CorSecure Thanks for the reply! I'll try converting to an APK again, I've had difficulty because some apps have really weird xapk setups, but we'll see. Thanks for continuing to make good content!
The app may have some sort of tampering protection in place that prevents tools like Objection and Frida to be used. It may be possible to bypass those types of protections as well, but it would probably take some additional reverse engineering to determine how they were implemented.
there may be a way to do it using objection or frida, but I would patch the apk to allow the app to use user certificates and install the burp cert as a user cert on the device. I might actually make another video about how to do that pretty soon.
You don't need rooted device to install the burp cert. Just copy it to the device and install it in the Android settings like described in this video. ruclips.net/video/CJR_BSIStmE/видео.html
Using objection tool didn't work for me. Instead i used apk-mitm tool and it was way simple. Installation : sudo npm install -g apk-mitm Command : apk-mitm {name of the apk} I have tried with twitter apk and it worked fine.
frida is a prerequisite for objection and must be installed on your computer, but the frida-server does not need to be installed on the mobile device, which is the part that requires root. in the "patchapk" step you are essentially baking the frida-server into the apk itself. at what step is objection failing for you?
@@CorSecure After objection explore, I'm getting this error: "Using USB device `xxx` Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is:"
@@fatiherdogan3838 did you run the app on the device first? if you try to open the app on the device after it is patched, it should hang like mine did at 10:10. then you can run "objection explore" and the app will continue.
@@CorSecure It does not somehow hang and get this error: "Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\frida\gadget-android-arm64.so". I'm trying with snapchat apk btw
@@CorSecure helloo , me too i was having the same problem its showing i cant connect to the frida server , i will try to run it on a rooted emulator later to find out , btw your content is wayyy cool 😎 keep up
I don't believe that I have ever run into that error while using objection, but I found this issue on github that has some potential fixes. I hope that helps. github.com/sensepost/objection/issues/498
I know i m kind of a bit late for this but I tried to follow your steps, and eventually solved some errors that you mentioned in your video and another bunch which wasn't reported on it, but i m stuck on an error( Unable to find smali file to patch). It popped out after i installed all the requested libraries and launched the patchapk command of objection. Please help me on this.
It looks like you are facing the same issue that is mentioned in this thread: github.com/sensepost/objection/issues/332 I haven't faced this error myself, but according to the response in that thread, the solution is to use the --target-class flag and specify a class. Some more info on using that flag can be found on the wiki here: github.com/sensepost/objection/wiki/Android-APK-Patching#custom-target-classes
The issue I'm facing is probably my fault I actually watched this video yesterday and I came across an issue where I modified aapt files this is my error /usr/bin/aapt: error while loading shared libraries: libunwind.so.0: cannot open shared object file: No such file or directory
i want to mention that objection was not able to bypass SSL pinning in the app i was testing, but with root access and with frida i was able to bypass SSL pinning here is the video from CorSecure ruclips.net/video/BQwyy338Zag/видео.html the frida is what worked for my case.
Error after running objection explore :Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: /home/kali/.cache/frida/gadget-android-arm64.so
I have never run into this error before, but I found this issue on github. looks it could possibly be a version mismatch. github.com/sensepost/objection/issues/456
What I loved most about your video is that you didn't just go on to show what works, but you also showed errors that we might encounter and how we could tackle them. Thanks a million.
Thank you man you are the best it really helped me understand it i think you are the only person on youtube that could show me it like that really appreciate it
im using genymotion with android 12 and when running objection explore the app is closed, how to solve this issue..
what if I have multiple apks for single application? objection only taking single apk for patching
followed all the steps, got the agent injected, but still seeing the "some error occurred try again" type of problem , why ? btw i did that on a revolut app version 7.30.3
Does it work on instagram app?
This was really helpful. Thanks 🙏🏽
Honestly, I didnt know ssl unpinning would be this easy. About to test it on some apps, might be helpful
Do you know how to bypass ssl pinning by modifying TLS SSL hand shake without having to install a server or inject the frida gadget in the app with objection I need that method
@user-yy2wp9ys6d u could modify and downgrade the max sdk version of the apk to sdk 23 (might be 21 idk, I forgot)
@@rhen4610 what do you mean by that would it require having access to the app before installation on the device or would it be while the app is already installed on the device
@@Ale-m3u before installation
I did this and it worked perfectly but when I upload the patched app in my phone it keeps crashing is this because the app recognizes it has been modified and crashes and is there any way to fix this? A reply as quick as possible is appreciated as I am in a rush thank you in advance.
I don't think I have ever had this issue before, but it could be due to some anti-tampering protections on the app, which take some more extensive research to figure out how to bypass. I did find these two threads on github that might have some comments that could be helpful.
github.com/sensepost/objection/issues/64
github.com/sensepost/objection/issues/119
@@CorSecure ok thank you I'll get back to you if I find anything thanks!
@@CorSecure Hey I used a separate tool to manage the split apks and combined them into one and saved it. The tools known for handling objection split apk files so after that I used the objection command on the new combined apk file and I keep getting this error and I have no idea how to fix it I looked online everywhere and couldn't find a place where the issue was solved this was the command and
output: objection patchapk -s SAVE_APK
No architecture specified. Determining it using `adb`...
Detected target device architecture as: arm64-v8a
Using latest Github gadget version: 16.1.3
Patcher will be using Gadget version: 16.1.3
Detected apktool version as: 2.8.1
Running apktool empty-framework-dir...
I: Removing 1.apk framework file...
Unpacking SAVE_APK
App already has android.permission.INTERNET
Target class not specified, searching for launchable activity instead...
Reading smali from: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali
Injecting loadLibrary call at line: 16
Attempting to fix the constructors .locals count
Current locals value is 0, updating to 1:
Writing patched smali back to: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali
Copying Frida gadget to libs path...
Rebuilding the APK with the frida-gadget loaded...
Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:
../../../tmp/tmpezqieai3.apktemp/smali_assets/javax/annotation/Nonnull.smali[29,20] Class Ljavax/annotation/Nonnull; has already been interned
Could not smali file: javax/annotation/Nonnull.smali
Built new APK with injected loadLibrary and frida-gadget
Performing zipalign
Zipalign completed
Signing new APK.
Signed the new APK
Copying final apk from /tmp/tmpezqieai3.apktemp.aligned.objection.apk to SAVE_APK in current directory...
Cleaning up temp files...
This happened to me as well. I just edited the dex of the apk to avoid checking if it is modified
when i type patch apk etc instead of giving me the error it gave you it said "Failed to determine architecture. Is the device connected or authorized?" what's that mean
and how do i fix it
@@songlyrics1944 do you have your phone or emulator connected over USB? that error most likely means that it can't find your device with ADB. you need to have USB debugging enabled and have it connected over USB.
U needed to have adb connect
You need to use the option -a and giving the architecture as an argument.
For example
objection patchapk -s filename.apk -a x86
or
objection patchapk -s filename.apk -a x86_64
The value of the argument depends on the target architecture. For me it is x86_64 since my android emulator used this architecture. Hope that helps you and others that stumble upon the same issue.
What alternative is there to prevent ssl bypass
if I have multiple devices connected to my laptop, how do I determine which device I want to use for objections tools?
I don't have a lot of experience working with multiple devices connected at the same time, but I believe the -S or --serial flag should work for that. You should be able to run adb devices to get the identifier for the device you are working with and then add -S and that identifier to your command.
thank you for the video , please keep sharing content
Do you have alternatives for XAPK? It doesnt seem like objection works on xapks
Most of the apps I work with either come from the Play Store or are provided in APK format, so I don't have a lot of experience working with XAPKs. My best suggestion would be to convert the XAPK to an APK and then proceed with the normal process using that APK.
I found this website that has some instructions for XAPK conversion:
openxapkfile.net/convert-xapk-to-apk.html
And I also found this standalone Python script to convert an XAPK to an APK:
github.com/LuigiVampa92/xapk-to-apk
Like I said, I don't have a lot of experience working with XAPKs, so I haven't really looked into either of these methods. These were just some options that came up from some initial research. I may end up making a video about working with XAPKs in the future after I learn more about them.
I hope this helps!
@@CorSecure Thanks for the reply! I'll try converting to an APK again, I've had difficulty because some apps have really weird xapk setups, but we'll see. Thanks for continuing to make good content!
Hello, Im having an issue. Whenever I do this the app (Roblox) closes on open.
The app may have some sort of tampering protection in place that prevents tools like Objection and Frida to be used. It may be possible to bypass those types of protections as well, but it would probably take some additional reverse engineering to determine how they were implemented.
How are you adding the burp certificate to a non rooted Android phone?
there may be a way to do it using objection or frida, but I would patch the apk to allow the app to use user certificates and install the burp cert as a user cert on the device.
I might actually make another video about how to do that pretty soon.
You don't need rooted device to install the burp cert. Just copy it to the device and install it in the Android settings like described in this video. ruclips.net/video/CJR_BSIStmE/видео.html
Using objection tool didn't work for me. Instead i used apk-mitm tool and it was way simple.
Installation : sudo npm install -g apk-mitm
Command : apk-mitm {name of the apk}
I have tried with twitter apk and it worked fine.
Hey is there more tools like this which I can use for multiple ssl bypassing
Thanks! it worked for me after using other version of apk-tools (The default version was causing errors.)
I dont know if i did something wrong but objection did not work without frida. So frida needs root and this cant be ssl unpinning without root.
frida is a prerequisite for objection and must be installed on your computer, but the frida-server does not need to be installed on the mobile device, which is the part that requires root. in the "patchapk" step you are essentially baking the frida-server into the apk itself.
at what step is objection failing for you?
@@CorSecure After objection explore, I'm getting this error: "Using USB device `xxx`
Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is:"
@@fatiherdogan3838 did you run the app on the device first? if you try to open the app on the device after it is patched, it should hang like mine did at 10:10. then you can run "objection explore" and the app will continue.
@@CorSecure It does not somehow hang and get this error: "Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\frida\gadget-android-arm64.so". I'm trying with snapchat apk btw
@@CorSecure helloo , me too i was having the same problem its showing i cant connect to the frida server , i will try to run it on a rooted emulator later to find out , btw your content is wayyy cool 😎 keep up
Im getting a lot of errors using objection so Im probably going to do a different approach which is garuanteed to work
Thanks for Video and you make it easy way
Can you make a video to do like that but for iphone?
I have much more experience with Android than iOS. I'll put it on my list of video ideas though and maybe I will make some videos about iOS as well.
very helpful...thanks 🙏
Can You Make A Video On Any Easy Method Without PC
Thanks for sharing this knowledge
facing installation error - > Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed collecting certificates
I don't believe that I have ever run into that error while using objection, but I found this issue on github that has some potential fixes. I hope that helps.
github.com/sensepost/objection/issues/498
just disconnect and reconnect your device. should work
Respect dude
Can you give me your twitch link
I would, but I don't actually stream anymore. I prefer just making videos offline.
How about I tell you the app on playstore and you ssl bypass the app and provideme ?
anyone know how to unpin snapchat
I know i m kind of a bit late for this but I tried to follow your steps, and eventually solved some errors that you mentioned in your video and another bunch which wasn't reported on it, but i m stuck on an error( Unable to find smali file to patch). It popped out after i installed all the requested libraries and launched the patchapk command of objection. Please help me on this.
It looks like you are facing the same issue that is mentioned in this thread: github.com/sensepost/objection/issues/332
I haven't faced this error myself, but according to the response in that thread, the solution is to use the --target-class flag and specify a class. Some more info on using that flag can be found on the wiki here: github.com/sensepost/objection/wiki/Android-APK-Patching#custom-target-classes
Oh thanks very much, i really appreciate. By the way i love your video
The issue I'm facing is probably my fault I actually watched this video yesterday and I came across an issue where I modified aapt files
this is my error /usr/bin/aapt: error while loading shared libraries: libunwind.so.0: cannot open shared object file: No such file or directory
You're awesome
Thanks! :)
Did that work?
@@misterge3169 unfortunately no. Though everything was successful, the still could not allow me to bypass ssl pinning.
i want to mention that objection was not able to bypass SSL pinning in the app i was testing, but with root access and with frida i was able to bypass SSL pinning here is the video from CorSecure ruclips.net/video/BQwyy338Zag/видео.html the frida is what worked for my case.
😍
How to contact you brother
It fucking works.
Can i contact you?
Error after running objection explore :Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: /home/kali/.cache/frida/gadget-android-arm64.so
I have never run into this error before, but I found this issue on github. looks it could possibly be a version mismatch.
github.com/sensepost/objection/issues/456
Objection -g explore, this fixed my issue
@@deathpoolxrs3494 great! I'm glad you were able to figure it out.
i get this error
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Is the issue fixed now?