Hi all,
I have been playing around with some Android crackmes from the OWASP community and found that I was not able to hook the first class loaded that extended from the class Activity. Therefore, I wondered why this was happening.
Target code (decompiled)
First of all lets see the target code to intercept:
public class MainActivity extends Activity
{
private void a(final String title) {
final AlertDialog create = new AlertDialog$Builder((Context)this).create();
create.setTitle((CharSequence)title);
create.setMessage((CharSequence)"This in unacceptable. The app is now going to exit.");
create.setButton(-3, (CharSequence)"OK", (DialogInterface$OnClickListener)new b(this));
create.show();
}
protected void onCreate(final Bundle bundle) {
if (c.a() || c.b() || c.c()) {
this.a("Root detected!");
}
if (sg.vantagepoint.a.b.a(this.getApplicationContext())) {
this.a("App is debuggable!");
}
super.onCreate(bundle);
this.setContentView(2130903040);
}
The goal is to inject code when entering into onCreate() to defeat the security checks. To achieve early instrumentation, the process was chosen to be spawned instead of attached, and the hook was written as such:
Java.perform(function () {
send("Starting hooks OWASP uncrackable1...");
var mainactivity = Java.use("sg.vantagepoint.uncrackable1.MainActivity");
mainactivity.onCreate.overload("android.os.Bundle").implementation = function(var_0) {
send("sg.vantagepoint.uncrackable1.MainActivity.onCreate(Landroid/os/Bundle;)V MainActivity HIT!!!");
var ret = this.onCreate.overload("android.os.Bundle").call(this,var_0);
};
send("Hooks installed.");
});
Question
With all that, my question was if Frida is capable of intercepting this early method when the main activity class is instantiated.
Further information
APK: Uncrackable level1
Target class: public class MainActivity extends Activity
Target method: protected void onCreate(final Bundle bundle)
Frida version: 9.1.27
Target Arch: Android 7.1.x ART
Device: Nexus 5x
Host Arch: x64 Ubuntu 16.04.2
Hi all,
I have been playing around with some Android crackmes from the OWASP community and found that I was not able to hook the first class loaded that extended from the class
Activity. Therefore, I wondered why this was happening.Target code (decompiled)
First of all lets see the target code to intercept:
The goal is to inject code when entering into
onCreate()to defeat the security checks. To achieve early instrumentation, the process was chosen to be spawned instead of attached, and the hook was written as such:Question
With all that, my question was if Frida is capable of intercepting this early method when the main activity class is instantiated.
Further information
APK: Uncrackable level1
Target class:
public class MainActivity extends ActivityTarget method:
protected void onCreate(final Bundle bundle)Frida version: 9.1.27
Target Arch: Android 7.1.x ART
Device: Nexus 5x
Host Arch: x64 Ubuntu 16.04.2