Frida

Java

Hooking de función.

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.<function-name>.implementation = function() {
        return this.<function-name>();
    }
});

Cambiar el valor de retorno de una función.

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.<function-name>.implementation = function() {
        var ret_val = this.<function-name>();
        console.log("[*] Original return value", ret_val);
        var new_ret_val = <new-value>;
        console.log("[*] New return value", new_ret_val);
        return new_ret_val;
    }
});

Cambiar el valor booleano de retorno de una función a false.

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.<function-name>.implementation = function() {
        var ret_val = this.<function-name>();
        console.log("[*] Original return value " + ret_val);        
        // Alternative 1
        var new_ret_val = false;
        // Alternative 2        
        var new_ret_val = Java.use("java.lang.Boolean").$new(false);
        console.log("[*] New return value " + new_ret_val);
        return new_ret_val;
    }
});

Ejecutar método estático (static method).

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.<method-name>();
});

Cambiar el valor de una variable.

Java.perform(function (){
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.<variable-name>.value = <new-value>;
});

Ejecutar método de una clase no estática.

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    var classInstance = classRef.$new();
    classInstance.<method-name>();
});

Hooking de constructor.

Java.perform(function() {
    var classRef = Java.use("<package-name>.<class-name>");
    classRef.$init.implementation = function() {
        this.$init();
    }
});

Ejecutar método en una instancia existente.

Java.performNow(function() {
    Java.choose("<package-name>.<class-name>", {
        onMatch: function(instance) {
        instance.<method-name>();
    },
    onComplete: function() {}
    });
});

Proporcionar un objeto como argumento a un método y ejecutarlo en una instancia existente.

Java.performNow(function() {
    Java.choose("<package-name>.<class-name>", {
        onMatch: function(instance) {
            var classRef = Java.use("<package-name>.<class-name>");
            var obj = classRef.$new();
            obj.<variable-name>.value = <value>;
            instance.<method-name>(obj);
        },
        onComplete: function() {}
    });
});

Native libraries

AnteriorHookingSiguienteObjection

Última actualización