v1.7.1

new

• Add the ability to pause iOS IPA patching to allow for manual changes before repackaging and code signing. This is done by adding a --pause flag to the patchipa command.

Code Changes Since v1.7.0

v1.7.0 - DEF CON 27

new

• Add new iOS and Android heap interaction methods. These new commands allow you to performs various tasks under the <target> heap command context.
• Add a small JavaScript editor for simple scripts using the evaluate command.
• Add an iOS binary protections enumeration module.
• Add an on device HTTP server.

fixes

• Fix Android Activity launching
• Complete the iOS file delete feature.
• Fix duplicate entries created when adding the Android debuggable flag or a Network Security Config.
• Fix iOS keychain data hex string conversions.

other

• Upgrade frida-compile to v9.

Code Changes Since v1.6.6

v1.6.6

fixes

• Fix ascii art 💥
• Improve iOS SSL pinning bypass stability.
• Improve internal jobs cleanup logic.

other

• Cleanup agent TSConfig and replace frida-gum-types with @types/frida-gum.

Code Changes Since v1.6.5

v1.6.5 – Keychain dumper improvements

new

• The iOS keychain dumper will now add a key called dataHex when dumping entries with the --json flag. This key is a hex string of the raw data from the keychain.
• The iOS keychain dumper has a new --smart flag to trigger automatic decoding of data fields. Without this flag (the default), entries are UTF8 encoded.

fixes

• Improve the iOS keychain dumper's reliability.

other

• Bump agent dependencies

Code Changes Since v1.6.4

v1.6.4

new

• Add the ability to enumerate an iOS apps' included frameworks observable by NSBundle. This is available as the new ios bundles list_frameworks command.
• Add a new --target-class flag to the Android patcher to inject a loadLibrary call for a Frida gadget in any arbitrary class' constructor (for example, to run before an applications onCreate()). The default is still to use the apps main launchable activity.
• Add a new SSL Pinning bypass hook for iOS Cordova applications making use of this plugin. Thanks @aph3rson.

fixes

• Improve application stability for the Android patcher when injecting a loadLibrary call into an existing class constructor by correctly incrementing the .locals count.

other

• Bump agent dependencies

Code Changes Since v1.6.3

v1.6.3

new

• Add the ability to enumerate the currently active Android activity. This can be done with the new android hooking get current_activity command.
• Add a new R class helper to the agent for Android hooks.

fixes

• Fix networked Frida connections. The the --host and --network flags will work again as intended.
• Fix spawning on iOS (using a jailbroken environment) (thanks @aph3rson)

Code Changes Since v1.6.2

v1.6.2

new

• Add the ability to save modules and module exports as json.

fixes

• Improve error handling when downloading Frida gadgets.

thanks

This release contains commits primarily contributed by @AV-IO 🎉

Code Changes Since v1.6.1

v1.6.1

fixes

• Fix Frida remote connection capability. Specifying a host and port will be done in a future release.
• Small typing fixes in the agent

Code Changes Since v1.6.0

v1.6.0 - Crash reporting, plugins and more!

new

• Implement Frida crash reporting.
• Add warnings before clearing the iOS keychain or the Android Keystore.
• Report the Frida runtime in use as part of the frida command.
• Add inspection of live instances of Java objects. This feature is available as a new command: android heap print_instances <class>.
• Add an Android method searcher. This is available as a new command: android hooking search methods <search string>.
• Add plugin support (thanks @SpeedyFireCyclone). For more information, see the wiki article here. Sample plugins can be seen here (Sample plugin used in tests), here (Stetho sideloader) and here (Objections clipboard monitor as a plugin).
• Add the ability to delete files on an Android device. This is implemented as the rm command.

fixes

• Fix class enumeration in the Android class watcher where methods with generics broke parsing.
• Fix a cache key invalidation issue when uploading files.

Code Changes Since v1.5.4

v1.5.4

fixes

• Enumerate writable pages when searching memory with the memory search command

new

• Improve the visual feedback of the memory search command. Small hexdump snippets will now be returned unless the --offsets-only flag is provided.

other

• Bump the Frida agents' dependencies.

Code Changes Since v1.5.3