How to install Objection and bypass SSL pinning on an iOS App

Bypassing jailbreak detection, bypassing SSL certificate pinning…These are annoyances that you have or will experience when you eventually test mobile applications.

There are few and far in between tools/techniques that help in these cases. Frida is an amazing toolkit that is often behind all of these tools and enables the use of these techniques. That said, Objection is a runtime “mobile exploration framework” that utilizes Frida and enables you to do a bunch of cool shit.

In those post I’m going to post the exact I had to do on a recent engagement to set up and get my OSX box ready for this engagement and all those in the future.

STEPS HERE:

Install xCode from the OSX App Store

Install Command Line Tools for your version of xCode (12.5.1 at the time of this post) Also note that you’ll have to sign in to your apple dev account to get that. Link HERE

brew install python
cd /Applications/Python 3.9/ 
sudo ./Install Certificates.command 
pip3 install objection 
brew install node 

Open xcode –> Preferences –> Accounts –> Add your Apple Dev Account –> Create a blank app project –> compile it

npm install -g applesign 

Open xCode Preferences again –> Accounts –> Select your Dev Account –> Click Download Manual Profiles

Plug in iPhone you’re using for pen testing compile and deploy the app to the iPhone If your device is under the current version of iOS (which probably is if it’s jailbroken)

Then click the top of the project file tree and then select the general tab

Now scroll down to Deployment Info and change the iOS version to one that matches your device

Now compile and deploy to your device

security find-identity -p codesigning -v 

Confirm that your apple dev account is listed there and take note of the string

sudo xcode-select -s /Applications/Xcode.app/Contents/Developer 
cd /opt/MOBILE/IOS/ git clone https://github.com/Tyilo/insert_dylib  
cd insert_dylib  
xcodebuild   
cp build/Release/insert_dylib /usr/local/bin/insert_dylib 
pip3 install frida-tools 
cd /opt/MOBILE/IOS/ 
git clone https://github.com/AloneMonkey/frida-ios-dump 
pip3 install -r requirements.txt 
brew install libimobiledevice 
iproxy 2222 22 
python dump.py 'com.app.encrypted' -u root -P <iphones-root-password> 
sudo objection patchipa -s REDACTED-Grabbed-from-python-dump-py.ipa -c REDACTED --skip-cleanup

Now just sideload the app with Xcode, Cydia Impactor, iFunBox or whatever else you like and you’re good to go to proxy through Burp Suite or ZAP!

Have trouble? LMK on any of the GainSec socials (Left on desktop and underneath this post on mobile) Or just search GainSec in google!

Read more about iOS hacking and penetration testing HERE

Read more about Android hacking and penetration testing HERE

END TRANSMISSION

Leave a Reply