Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Objection wraps Frida into an interactive REPL with pre-built commands for the most common mobile pentesting tasks. No JavaScript needed for the bulk of day-to-day analysis, SSL unpinning, root bypass, file system exploration, and class enumeration are single commands. Built on top of Frida, Frida server must be running on the device first. Works on: Android · iOS

Install

pip install objection
Verify: 
objection --version
Requires Frida server on device. See Frida setup.

Connect to App

Spawn app (start fresh): 
objection -g com.example.app explore
Attach to running process: 
objection -g "App Name" explore
Attach by PID: 
objection -g <PID> explore

SSL Pinning Bypass

Single command, covers OkHttp, TrustManager, Cordova, Xamarin, and more: 
android sslpinning disable
iOS: 
ios sslpinning disable
Run on spawn to catch pinning during app startup: 
objection -g com.example.app explore --startup-command "android sslpinning disable"

Root / Jailbreak Detection Bypass

Android: 
android root disable
iOS: 
ios jailbreak disable

Environment Info

env
Shows: data directory, external storage path, bundle/package details, architecture.

File System

ls                          # current directory
cd /data/data/com.example/
ls
file download sensitive.db  # pull file to host
file upload local.txt /sdcard/

Memory

List loaded modules: 
memory list modules
List exports from a module: 
memory list exports libart.so
Search memory for string: 
memory search --string "password"
Dump memory region: 
memory dump all mem.dmp

Java / Class Exploration (Android)

List all loaded classes: 
android hooking list classes
Search classes by keyword: 
android hooking search classes login
List methods of a class: 
android hooking list class_methods com.example.app.LoginActivity
Hook all methods of a class (log calls + args): 
android hooking watch class com.example.app.LoginActivity
Hook specific method: 
android hooking watch class_method com.example.app.LoginActivity.checkCredentials --dump-args --dump-return

Intent / Activity

List activities: 
android hooking list activities
Start an exported activity: 
android intent launch_activity com.example.app.AdminActivity

Shared Preferences

Dump all shared preferences: 
android heap execute com.example.app dump_preferences
Or directly: 
android shared_preferences get

Keystore

List Android KeyStore entries: 
android keystore list

iOS Extras

List all classes: 
ios hooking list classes
Hook Objective-C method: 
ios hooking watch method "-[LoginViewController verifyCredentials:password:]" --dump-args --dump-return
Dump keychain: 
ios keychain dump
Bypass biometric / TouchID: 
ios ui biometrics_bypass
List URL schemes: 
ios urlscheme list

Run Commands on Startup

Bypass SSL pinning before the app code runs: 
objection -g com.example.app explore \
  --startup-command "android sslpinning disable" \
  --startup-command "android root disable"

Patch APK (no Frida server needed)

Objection can repackage an APK with Frida gadget embedded, useful on non-rooted devices: 
# Patch APK
objection patchapk --source target.apk

# Install patched APK
adb install target.objection.apk

# Launch app — objection connects automatically
objection -g com.example.app explore
Patched APK must be signed. objection patchapk handles signing automatically if apksigner and keytool are in PATH.