[AOS] Android Frida
FridaLab is an app to study the framework called Frida.
Before I knew this app, I kept coming to Crackmeโs Android, but it was difficult because I couldnโt understand exactly how to use the API that Frida pursues.
My primary purpose of writing this article is to summarize why Frida was used this way.
Letโs get started ~
โ๐ป FridaLab01
Change class challenge_01โs variable โchall01โ to 1:
package uk.rossmarks.fridalab;
/* loaded from: classes.dex */
public class challenge_01 {
static int chall01;
public static int getChall01Int() {
return chall01;
}
}
The first problem is to access the chall01 variable in challenge_01 class and change the value to 1.
There are three things to think about to solve this problem.
- How to access the challenge_01 class
- How to approach the challenge_01 variable in the class
- How to approach a variable and put it into the cycle (change)
Letโs work it out step by step
How to access a class
There are two ways to access a particular method through the class.
First, use Java.use(className) API.
The second is to use the Java.choose(className,callback) API.
[ Please refer to the other blog for each description ] -> blog
To access the method
The approach to the method is the same as in any other programming languages. . You can access the classโ methods using the .
To access a variable
Use the โvalueโ field to get the value.
โ๐ป Code
function sol1() {
console.log("[>] Start");
// Java.perform API๋ฅผ ์ด์ฉํ์ฌ ๊ฐ์๋จธ์ ๊ณผ ์ฐ๊ฒฐ๋์ด์๋์ง ํ์ธ
Java.perform(function () {
// ํํนํ๊ณ ์ ํ๋ ๋ณ์๊ฐ static์ผ๋ก ์ ์ธ๋์ด ์๊ธฐ ๋๋ฌธ์ use
var className = Java.use("uk.rossmarks.fridalab.challenge_01");
// ๊ฐ ์ ๊ทผ์ ์ํด value ์ฌ์ฉ
className.chall01.value = 1;
console.log("[>] ์ ์ฅ๋ ๊ฐ: " + className.chall01.value);
});
}
sol1();
Leave a comment