search

sensepost / objection

📱 objection - runtime mobile exploration
GNU General Public License v3.0
7.54k stars 855 forks source link

[bug] Error when running two modules in a certain order #343

Closed sdcampbell closed 4 years ago

sdcampbell commented 4 years ago

Describe the bug When I run the modules 'android root disable' and 'android sslpinning disable' in that order, I get the error "Unhandled promise rejection Error: File not found". If I run them in the opposite order, no errors and it works. I've tested this on a Mac OS system as well as a Linux system, both with the latest version installed using 'pip3 install objection'.

To Reproduce Steps to reproduce the behavior:

  1. Run command 'objection --gadget [gadget name] explore'
  2. Run command 'android root disable'
  3. Run command 'android sslpinning disable'
  4. See error "Unhandled promise rejection Error: File not found".

Expected behavior Lack of errors.

*Evidence / Logs / Screenshots

Note: Process name is redacted due to NDA.

objection --debug --gadget [redacted] explore
[debug] Agent path is: /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/objection/agent.js
[debug] Injecting agent...
Using USB device `Pixel`
[debug] Attempting to attach to process: `[redacted]`
[debug] Process attached!
Agent injected and responds ok!

     _   _         _   _
 ___| |_|_|___ ___| |_|_|___ ___
| . | . | | -_|  _|  _| | . |   |
|___|___| |___|___|_| |_|___|_|_|
      |___|(object)inject(ion) v1.8.4

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
[redacted] on (Android: 9) [usb] # android root disable
- [incoming message] ------------------
{
  "payload": "Registering job \u001b[94mc3g15zza7uf\u001b[39m. Type: \u001b[92mroot-detection-disable\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Registering job c3g15zza7uf. Type: root-detection-disable
[redacted] on (Android: 9) [usb] # android sslpinning disable
- [incoming message] ------------------
{
  "payload": "\u001b[90mFound okhttp3.CertificatePinner, overriding CertificatePinner.check()\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Found okhttp3.CertificatePinner, overriding CertificatePinner.check()
- [incoming message] ------------------
{
  "payload": "\u001b[90mFound com.android.org.conscrypt.TrustManagerImpl, overriding TrustManagerImpl.verifyChain()\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Found com.android.org.conscrypt.TrustManagerImpl, overriding TrustManagerImpl.verifyChain()
- [incoming message] ------------------
{
  "payload": "\u001b[90mFound com.android.org.conscrypt.TrustManagerImpl, overriding TrustManagerImpl.checkTrustedRecursive()\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Found com.android.org.conscrypt.TrustManagerImpl, overriding TrustManagerImpl.checkTrustedRecursive()
- [incoming message] ------------------
{
  "payload": "Registering job \u001b[94m4lpg4snx80o\u001b[39m. Type: \u001b[92mandroid-sslpinning-disable\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Registering job 4lpg4snx80o. Type: android-sslpinning-disable
- [incoming message] ------------------
[redacted] on (Android: 9) [usb] # {
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
- [incoming message] ------------------
{
  "columnNumber": 1,
  "description": "TypeError: undefined not callable (property 'apply' of [object Object])",
  "fileName": "/script1.js",
  "lineNumber": 9598,
  "stack": "TypeError: undefined not callable (property 'apply' of [object Object])\n    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:65012)\n    at src/android/root.ts:41\n    at _e (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)\n    at frida/node_modules/frida-java-bridge/lib/class-factory.js:581",
  "type": "error"
}
- [./incoming message] ----------------
Unhandled promise rejection Error: File not found

Environment (please complete the following information):

Additional context None

leonjza commented 4 years ago

Thanks for the report!

My first response was, "wtf, that makes no sense". Turns out I can replicate it locally on an Android 7 device now. This will need some investigation.

leonjza commented 4 years ago

Well that was a fun one to debug. Fix https://github.com/sensepost/objection/commit/539fc306ca88b6f4f47c486d195c18e896280af6 will land in the next tagged release.