AndroidCheetSheet

AndroidCheetSheet.md

Objection commands

Patch apk

# objection patchapk --source my.apk

Get Objection shell

# objection explore

Disable cert pinning

objection# android sslpinning disable

Frida

Early instrumentation

frida -U --no-pause -l disableRoot.js -f com.example.app1

Enumerate custom class in apps

Java.perform(function() {
    Java.enumerateLoadedClasses({
        onMatch: function(className) {
            if(!className.startsWith("android.") && !className.startsWith("java.")
            && !className.startsWith("sun.") && !className.startsWith("javax.") 
            && !className.startsWith("com.google") && !className.startsWith("com.crashlytics")
            && !className.startsWith("com.android")&& !className.startsWith("com.apache")
            && !className.startsWith("libcore.") && !className.startsWith("dalvik.")
            && !className.startsWith("androidx")&& !className.startsWith("io.fabric")
            && !className.startsWith("com.crashlytics")&& !className.startsWith("org.apache")
            && !className.startsWith("org.json")&& !className.startsWith("org.w3c")
            && !className.startsWith("[L")&& !className.startsWith("org.xml.")
            && !className.startsWith("[[")
                )
            console.log(className);
        },
        onComplete: function() {}
    });
});

Change the function

// Change the implementation of a function i(param) in the package f.o.c in the class i

Java.perform(function() {
       console.log("Root bypass script loaded")
       var theClass = Java.use("f.o.c.i"); //PackageName.className
       console.log(theClass)
       //i -> name of the function, of which the implementation has to be changed.
       // x -> params of function i.
       theClass.i.implementation = function(x){
        console.log("Chnaging the implementation...")
        return false
       }
       console.log("Exploit Complete")
})