CODEWITHSUNDEEP
androidfrida
user3799658
user3799658

Reputation: 389

How to write a Frida hook for a nested class function?

Android v 6.0.1

Frida v 12.2.19

I'm new to Frida and not sure how to resolve this issue. The function I am targeting is in the path com -> appname -> folder -> xyz.class

In xyz.class, the class is nested like this:

public abstract class abc
{
    public string dosomething()
    {
        StringBuilder localStringBuilder = new StringBuilder();
        localStringBuilder.append(getClass().getSimpleName());
        localStringBuilder.append("Value 1=");
        localStringBuilder.append(this.value1);
        localStringBuilder.append("Value 2=");
        localStringBuilder.append(this.value2);
        return localStringBuilder.dosomething();
    }
}

I've written this hook to try and print both value1 and value2 to the console.

custom_script.js:

setImmediate(function() {
console.log("[*] Starting script");

    Java.perform(function () {
        var Activity = Java.use("com.appname.folder.xyz$");
        Activity.dosomething.overload().implementation = function () {
            var datastring = localStringBuilder.dosomething();
            console.log(datastring);
            return datastring;
        };
    });

})

I'm not sure how to frame the path in the Java.use() function, whether I need to put xyz.class or xyz$ or xyz.class.abc$. 

Error: java.lang.ClassNotFoundException: Didn't find class "com.appname.folder.xyz$" on path... etc.

If I specify the path as com.appname.folder.xyz.class.abc$ I just get a 'Process terminated' error.

The Frida command I'm using on the terminal is 

frida -U -f com.appname -l custom_script.js --no-pause

What is going wrong in my script?

Edit: Added word to title

Upvotes: 3

Views: 6686

Answers (1)

Robert
Robert

Reputation: 42585

A class name never ends with a $. Afterwards there is a number for anonymous inner classes or the name of the inner class abc in your case.

Therefore the class name is most likely com.appname.folder.xyz$abc.

However sometimes the class name is different by surprise. In such cases it makes sens to list all class names known to Frida and filter it for a certain package:

Java.enumerateLoadedClasses({
    onMatch: function(className) {
        if (className.startsWith("com.appname.folder.xyz")) {
            console.log(className);
        }
    },
    onComplete: function() {}
});

It prints the list of classes below com.appname.folder.xyz. Just look at it and pick the right one.

Upvotes: 6

Related Questions