.png)
6 months ago
46 BOOK THIS SPACE FOR AD
ARTICLE ADIn the emulator open the application in the foregroundAttach frida to the application via frida -U --runtime=v8 -FCreate a JS file for Frida, which can be used to hoock a certain function, method etc.
Java.perform(function() {
var challenge_01 = Java.use('uk.rossmarks.fridalab.challenge_01');
challenge_01.chall01.value = 1;
})
}Load the script into the application via Frida CLI %load <js_file>
...
private void chall02() {
this.completeArr[1] = 1;
}
...var main;
Java.choose("uk.rossmarks.fridalab.MainActivity", {
onMatch: function(instance) {
main = instance;
},
onComplete: function() {}
})
return false;
}main.chall03.overload().implementation = function() {
return true;
};In Java, a method can have multiple overloads (different parameter lists). Frida provides the overload method to specify which version of the method you want to hook. If the method chall03 has only one version, you can call overload() without any arguments. Otherwise, you need to specify the argument types, like overload('java.lang.String', 'int')implementation redefines the implementation of the method chall03. By assigning a function to implementation, you are effectively hooking the method. The new function provided will be called whenever chall03 is invoked. Within this function, you can add any custom behavior you need.![]()
Notes to Java functions
Java.perform— Used to wrap code that tampers with the application to generate a save environment.
Java.use— Used to work with methods from a class that do not need an instance (static functions).
Java.choose— Used to find and use already existing instances in memory (needed when methods are not static).
Examples from FridaLab challanges
Original app code (challange → change the integer’s value of chall01 to 1)package uk.rossmarks.fridalab;/* loaded from: classes.dex */
public class challenge_01 {
static int chall01;
public static int getChall01Int() {
return chall01;
}
}ja
Java.perform(function() {
var challenge_01 = Java.use('uk.rossmarks.fridalab.challenge_01');
challenge_01.chall01.value = 1;
})
}Load the script into the application via Frida CLI %load <js_file>
Note that getChall01Int() is a static function, so we do not need to create an instance of the class to call that function
public class MainActivity extends AppCompatActivity {...
private void chall02() {
this.completeArr[1] = 1;
}
...var main;
Java.choose("uk.rossmarks.fridalab.MainActivity", {
onMatch: function(instance) {
main = instance;
},
onComplete: function() {}
})
main.chall02();
Since chall02() is not a static function, we do now need to create a instance of MainActivity
public boolean chall03() {return false;
}main.chall03.overload().implementation = function() {
return true;
};In Java, a method can have multiple overloads (different parameter lists). Frida provides the overload method to specify which version of the method you want to hook. If the method chall03 has only one version, you can call overload() without any arguments. Otherwise, you need to specify the argument types, like overload('java.lang.String', 'int')implementation redefines the implementation of the method chall03. By assigning a function to implementation, you are effectively hooking the method. The new function provided will be called whenever chall03 is invoked. Within this function, you can add any custom behavior you need.
Bengali (Bangladesh) · 
English (United States) ·