CODEWITHSUNDEEP
securityfridamobile-security
sloan
sloan

Reputation: 11

Frida: Change value of method calling enum

Looking to modify the return value of a method that is calling from an enum type. I am able to call the method and properly display the enum value into console, but then it crashes the application complaining on a compatible implementation. Example code below with error:

Java.perform(() => {
const Class = Java.use('com.package.class');
Class.getMethod.implementation = function() {
 
var str = this.getMethod();
 
send('getMethod() value for enum is: ' + str);
 
};
});
[Pixel 5::com.package ]-> message: {'type': 'send', 'payload': 'getMethod() value for enum is: EnumContent'} data: None
Error: Implementation for getMethod expected return value compatible with [Lcom.com.package.EnumType;
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:674)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:651)
Process terminated

My final goal is to obtain the initial enum value, change the enum return value ingested by the method and display the results in console.

I found a few reference here: https://github.com/frida/frida/issues/1256 and here: https://neo-geo2.gitbook.io/adventures-on-security/frida-scripting-guide/enums but was ultimately unsuccessful in helping.

Edit: To elaborate with an example. Say you are attempting to use JS script like below with return or console.log:

Java.perform(() => {
var enumContent = Java.use('com.some.package.Enum');
return enumContent.values();
)};

or

Java.perform(() => {
var enumContent = Java.use('com.some.package.Enum');
console.log(enumContent.A.value);
)};

Assuming your Java code looks like this:

package com.some.package;

import kotlin.Metadata;

public enum Enum {
    A,
    B,
    C,
    D
}

Edit 2:

Here is a snippet of that class.

package com.package.class;
[TRUNCATED]
...
[TRUNCATED]
    @NotNull
    public final Enum[] getMethod() {
        return this.selection;
    }
}

Upvotes: 1

Views: 559

Answers (1)

Robert
Robert

Reputation: 42585

Your main problem is that if you hook a Java method you automaticalyl replace the method. Therefore is the method has a return type other than void you are forced to somehow provide a return value that matches the return type:

Not sure if the following code directly works, but it demonstrates whyt you have to do to return a new Enum[]:

Java.perform(() => {
    const myClass = Java.use('com.package.class');
    const enumContent = Java.use('com.some.package.Enum');
    myClass.getMethod.implementation = function() {
        var enumArr = this.getMethod();
        send('getMethod() value for enum is: ' + enumArr);

        // you need to return a value of the type Enum[]
        // you have the choice to return enumArr or 
        // create a new Enum array with a content of your choice:

        return Java.array('com.some.package.Enum', [ enumContent.A.value ]);

        // return enumArr; // alternative solution return the unmodified array
    };
});

Upvotes: 0

Related Questions