Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failure to effectively hook all the methods of a class in newer Android versions #501

Open
Ch0pin opened this issue Mar 1, 2024 · 5 comments

Comments

@Ch0pin
Copy link

Ch0pin commented Mar 1, 2024

In newest Android versions (>= 13) I am facing an issue when I try to hook all the methods of a java class. More specifically, given the following function:

function traceMethod(targetClassMethod){
	var delim = targetClassMethod.lastIndexOf(".");
	if (delim === -1) return;
	var targetClass = targetClassMethod.slice(0, delim)
	var targetMethod = targetClassMethod.slice(delim + 1, targetClassMethod.length)
	var hook = Java.use(targetClass);
	var overloadCount12 = hook[targetMethod].overloads.length;

	for (var i = 0; i < overloadCount12; i++) {
		hook[targetMethod].overloads[i].implementation = function() {
		  console.log("\n[ ▶︎▶︎▶︎] Entering: " + targetClassMethod);
			for (var j = 0; j < arguments.length; j++) {
				console.log("|\t\\_arg[" + j + "]: " + arguments[j]);
			}
			var retval = this[targetMethod].apply(this, arguments); 
			console.log("[ ◀︎◀︎◀︎ ] Exiting " + targetClassMethod);
      
            console.log('\t\\_Returns: '+retval+'\n');
			return retval;
		}
	}
}

and the following calls:

traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.finish');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.onActivityResult');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.onCreate');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ɻ');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʕ');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʖ');

I can effectively hook all the methods of a class in Android 9 and get the correct logs:

Screenshot 2024-03-01 at 10 42 48

Using the traceMethod , same app, in Android 13, yields the following output:

Screenshot 2024-03-01 at 10 45 08

Failing to display the logs of methods called within the onCreate. Subsequently, removing the onCreate hook, displays the log of com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʕ but fails to follow the calls to the class's methods started from within the ʕ method:

Screenshot 2024-03-01 at 10 47 18

My Android 13 device's fingerprint is the following:

[google/barbet/barbet:13/TQ3A.230901.001/10750268:user/release-keys]

While the Android 9 fingerprint is the following:

[samsung/dream2ltexx/dream2lte:9/PPR1.180610.011/G955FXXUCDUD1:user/release-keys]

@Ch0pin
Copy link
Author

Ch0pin commented Mar 2, 2024

using a simpler example, assuming the following java code:

    public void func(){
        System.out.println("in func");
        func1();
    }

    public void func1(){
        System.out.println("in func1");
    }

the following script:

Java.perform(function() {

    let className1 = Java.use("com.intent.sender.min.MainActivity");

    className1.func.implementation = function(){
    
        console.log("FRIDA: in func");
        this.func();
    
    }

    className1.func1.implementation = function(){
    
        console.log("FRIDA: in func1")
    }
});

logs only : FRIDA: in func

@giorgosioak
Copy link

I am also affected by this bug!

@LeitaoDeveloper
Copy link

+1 here

@Ginggas
Copy link

Ginggas commented Mar 4, 2024

Likewise, affected by this bug

@ilyasKerbal
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants