Objection Practical - Introduction to Hooking (and watching) using Objection

Learning Frida is great. It helps a lot during mobile app testing and complements the static analysis process. One of the tools that is built on top of Frida is Objection.

I have challenged my self to use tool Objection to solve the labs on the Android Frida Labs? created by MobileHackingLab . For you that don't familiar with frida, the course is very easy to follow and teach you basic concept of using frida during mobile application pentest.

Objection have some nice built-in feature that make life easier during hooking and/or watching the classes and methods of the application, I think it will be fun to solve the lab with Objection. Also I want to understand how far Objection can be utilized during engagement activity. ?

Prequisite :

1. Android studio Emulator or any other Emulator eg;( NOX
2. Frida server on android emulator
3. Frida-tools on your laptop/PC
4. Objection installed on your laptop
5. Enroll course here (it's free) https://www.mobilehackinglab.com/course/android-frida-labs.
6. Download app-debug.rar from section "Introduction to Hooking".

Since this article will focus only on Objection, I will assume that you already know basic command for running frida-server on the device, checking the process running, load script, etc.

Objection have feature used for watching classes and methods. I have write the article about this here : https://www.dhirubhai.net/pulse/hooking-objection-watching-classes-methods-romi-syuhada-yguvc/

1.?????? Running objection

objection -g com.mobilehackinglab.fridaone explore

2.?????? List all activities

android hooking list activities

3.?????? List class methods from class MainActivity

android hooking list class_methods com.mobilehackinglab.fridaone.MainActivity

We can see that the one using integer is generatrRandomNumber. Let’s check it by watching the method.

4.?????? Watch method generateRandomNumber()

android hooking watch class_method com.mobilehackinglab.fridaone.MainActivity.generateRandomNumber --dump-return

There is no hooking when we try to input the data and click the button “Check Number”

5.?????? Check using jadx-gui.

We found that the generateRandomNumber() is called during activity creation. It is not triggered by click from button.

6.?????? We can launch the activity MainActivity using launch_activity

android intent launch_activity com.mobilehackinglab.fridaone.MainActivity

We have the number : 762

We can input the number and click button Check Number.

We got the flag :D

7.?????? Another way is to run the application and execute the command during running using -s argument

objection -g com.mobilehackinglab.fridaone explore -s "android hooking watch class_method com.mobilehackinglab.fridaone.MainActivity.generateRandomNumber --dump-return"

We got the number : 810

We can input the number and hit button for Check Number

This article series is part of #menulis100hari process.

~Bandung , 11 February 2025

~16/100

?