Intro
Frida is cool
Templates
Empty
If a method needs an argument of type Context
, getApplicationContext()
needs to be used. Otherwise, may skip it.
function getApplicationContext() {
const ActivityThread = Java.use("android.app.ActivityThread");
const currentApplication = ActivityThread.currentApplication();
var ret = currentApplication.getApplicationContext();
return ret;
}
function bruteforcePIN() {
Java.perform(() => {
// if the method requires Context type arg
var context = getApplicationContext();
try {
// code here
}
catch(e) {
// exceptions to handle, example:
console.log(e.message);
}
});
}
Reverse Bool
If there is a function that returns a bool, and this bool value needs to be reversed:
function makePinMatchReturnTrueAlways() {
Java.perform(function(){
try {
var t=Java.use("java.lang.Boolean").$new(true);
Java.use(/*full class name like 'com.github.browep.privatephotovault.crypto.CryptoUtils'*/).pinsMatch.implementation=function(x,y, z){
//instead of pinsMatch - the method name to hook
// function(x,y,z) can be function() or function(x,y) etc depending on the amount of arguments for the hooked function
console.log("Original value: " + this.pinsMatch(x,y,z));
return Boolean(t);
}
}
catch(e) {
console.log(e.message);
}
})
References
https://summit-labs.frida.ninja/whats-next/additional-resources-questions
https://appsec-labs.com/portal/frida-cheatsheet-for-android/