[AOS] Android Frida
FridaLab is an app to study the framework called Frida.
Before I knew this app, I kept coming to Crackme’s Android, but it was difficult because I couldn’t understand exactly how to use the API that Frida pursues.
My primary purpose of writing this article is to summarize why Frida was used this way.
Let’s get started ~
☝🏻 FridaLab01
Change class challenge_01’s variable ‘chall01’ to 1:
package uk.rossmarks.fridalab;
/* loaded from: classes.dex */
public class challenge_01 {
static int chall01;
public static int getChall01Int() {
return chall01;
}
}
The first problem is to access the chall01 variable in challenge_01 class and change the value to 1.
There are three things to think about to solve this problem.
- How to access the challenge_01 class
- How to approach the challenge_01 variable in the class
- How to approach a variable and put it into the cycle (change)
Let’s work it out step by step
How to access a class
There are two ways to access a particular method through the class.
First, use Java.use(className) API.
The second is to use the Java.choose(className,callback) API.
[ Please refer to the other blog for each description ] -> blog
To access the method
The approach to the method is the same as in any other programming languages. . You can access the class’ methods using the .
To access a variable
Use the ‘value’ field to get the value.
✌🏻 Code
function sol1() {
console.log("[>] Start");
// Java.perform API를 이용하여 가상머신과 연결되어잇는지 확인
Java.perform(function () {
// 후킹하고자 하는 변수가 static으로 선언되어 있기 때문에 use
var className = Java.use("uk.rossmarks.fridalab.challenge_01");
// 값 접근을 위해 value 사용
className.chall01.value = 1;
console.log("[>] 저장된 값: " + className.chall01.value);
});
}
sol1();
Leave a comment