CODEWITHSUNDEEP
androidenumsfrida
tine proens
tine proens

Reputation: 11

Frida is it possible to change enum values

I am playing with Frida and exploring its functionality using an APP where I place hooks on. The app has an enum somewhere:

enum AppMode{ debug, release }

In the app a lot of functions use the following comparison:

public void ExampleFunction(){ AppMode appmode = AppMode.release; if(appmode == AppMode.debug){ ... } }

I am wondering if it is possible with Frida to change the value of 'AppMode.release' in a way so it would be the same value as 'AppMode.debug'. This would be an efficient method into having the whole app act like it is in debug mode.

I searched online for solutions. I am aware that frida can only hook FUNCTIONS but I am wondering, maybe there is a core enum-function that fetches the ordinal of a enumvalue when assigning a variable with an enum value.

Upvotes: 1

Views: 423

Answers (1)

Robert
Robert

Reputation: 42585

Enums are converted to a class and each enum value becomes a .field public static final enum. If you compare a value to an enum in an if clause the value of this field is loaded (sget-object).

To get an understanding let's look at an example:

Java code:

enum MyEnum {
    A, B, C, D, E
}

Relevant Smali code of MyEnum:

.class final enum Lcom/example/myapplication/MyEnum;
.super Ljava/lang/Enum;

.field public static final enum A:Lcom/example/myapplication/MyEnum;

.field public static final enum B:Lcom/example/myapplication/MyEnum;

.field public static final enum C:Lcom/example/myapplication/MyEnum;

.field public static final enum D:Lcom/example/myapplication/MyEnum;

.field public static final enum E:Lcom/example/myapplication/MyEnum;

And this way it is used:

    private static void test(MyEnum me) {
        if (me == MyEnum.C) {
            Log.d("MainActivity", "C");
        } 
    }

.method private static test(Lcom/example/myapplication/MyEnum;)V
    .registers 3
    .param p0, "me"    # Lcom/example/myapplication/MyEnum;

    // in next line the enum value for comparison is loaded
    sget-object v0, Lcom/example/myapplication/MyEnum;->C:Lcom/example/myapplication/MyEnum; 

    const-string v1, "MainActivity"

    // the actual comparison is in the next line
    if-ne p0, v0, :cond_c

    const-string v0, "C"

    invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

    cond_c:
...

You can see the sget-object call that loads the enum value for comparison in if-ne. So changing the value of the field C will change the value that is loaded for comparison.

Frida code:

Java.perform(function() {
    
    let enumClass = Java.use("com.example.myapplication.MyEnum");
    enumClass.C.value = enumClass.A.value;

});

So you just have to replace C from the example with debug and A with release.

Upvotes: 0

Related Questions