I'm trying to pentest and Hook my android application method using frida. But when i do execute the command from command prompt in windows then my application get crashed and intended method is not executed from the apk.
I want to start my second activity by hook returning true from the frida script. Please help me to correct my code or with valid solution correction.
My app code:
package com.g.fridaplay;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
if(check())
startActivity(new Intent(MainActivity.this,VaultActivity.class));
else Toast.makeText(MainActivity.this,"Failed access",Toast.LENGTH_LONG).show();
}
boolean check(){
String pass="asdf@123";
if(pass.equals("asdf"))
return true;
else return false;
}
}
Frida java script: vault.js
Java.perform(function() {
var theClass = Java.use("com.g.fridaplay.MainActivity");
theClass.check.implementation = function(v) {
console.log("In function check() ");
return true;
}
console.log("Exploit Completed.. finished");
})
Frida script command used
//adb
./frida-server-15.1.3-android-x86 &
//python>script
frida -U --no-pause -l vault.js -f com.g.fridaplay
Command output
C:\Python39\Scripts>frida -U --no-pause -l vault.js -f com.g.fridaplay
____
/ _ | Frida 15.1.3 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Spawned `com.g.fridaplay`. Resuming main thread!
[Android::com.g.fridaplay]-> Exploit Completed.. finished
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/vbox86p/vbox86p:7.1.1/NMF26Q/76:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 1657, tid: 1657, name: re-initialized> >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x80000000
eax 00000000 ebx 00000679 ecx 00000679 edx 0000000b
esi ffdea80c edi ffdea5a0
xcs 00000023 xds 0000002b xes 0000002b xfs 0000006b xss 0000002b
eip f49ecbb9 ebp ffdea620 esp ffdea538 flags 00000296
backtrace:
#00 pc 00000bb9 [vdso:f49ec000] (__kernel_vsyscall+9)
#01 pc 0007f9d8 /system/bin/linker (__dl_syscall+40)
#02 pc 000046a1 /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1201)
#03 pc 0000b7fd /system/bin/app_process32_xposed (InvokeUserSignalHandler+317)
#04 pc 000ff441 /system/lib/libart.so (offset 0x10a000)
***
[Android::com.g.fridaplay]->
Thank you for using Frida!
My setup:
I found a solution. The problem was with emulator. I just switched from android 7.1 device to android 10 genymotion device.