Question

15

Frida - Calling a specific method overload

rated 0 times [ 17] [ 2] / answers: 1 / hits: 7543 / 4 Years ago, wed, april 15, 2020, 12:00:00

I am exploring an Android program that has several methods with the same names and parameters.

I need to call a specific method overload.
Java code like this

package a;

public class d

{

     public int a() {

        return 10;

    }



    public long a() {

        return 20;

    }

    public long b() {

        long ret = a();

        return ret + 1;

    }

}

I need replace implementation of b() and call (int)a() instead of (long)a().
Please help me fix my frida js code.

Java.perform(function () {

  Var Class_A_D = java.Use(a.d);

  Class_A_D.b.implementation = function(){

    var ret = this.(a); // need to call int implementation

    return ret;

 }

}

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

katelynn

Add To Favorites

Follow

Total Points: 378

Total Questions: 86

Total Answers: 108

Location: Azerbaijan

Member since Fri, May 12, 2023

1 Year ago

katelynn questions

1 npm update is not updating the version in package.json file

Mon, Apr 4, 22, 00:00, 2 Years ago

1 How to fetch and display blob images

Fri, Mar 12, 21, 00:00, 3 Years ago

1 Svelte store function update

Mon, Nov 16, 20, 00:00, 4 Years ago

1 How can I use swiper on IE? is there any solution?

Thu, Jul 23, 20, 00:00, 4 Years ago

1 How may I upload file with formData to node js with express?

Wed, May 29, 19, 00:00, 5 Years ago

View All

answered 4 Years ago diontajm · Accepted Answer

I found the answer with Java.reflect

Java.perform(function () {

    var Java_lang_Object = Java.use('java.lang.Object');

    var Java_lang_String = Java.use('java.lang.String');

//This function get method reference by reflect

        function dynamic_search_method(io_object, iv_name, iv_ret_type, it_par){ 

          var lt_methods = io_object.getMethods()  ;

          var lv_found;

          for(var  lv_i=0;lv_i < lt_methods.length;lv_i++){

             if(lt_methods[lv_i].getName().toString()  == iv_name && lt_methods[lv_i].getGenericReturnType().toString() == iv_ret_type){

                var lt_par_type = lt_methods[lv_i].getParameterTypes();

                if(lt_par_type.length == it_par.length){

                  lv_found = true; 

                  for(var  lv_j=0;lv_j < lt_par_type.length && lv_found == true;lv_j++){

                    if(lt_par_type[lv_j].getName().toString() != it_par[lv_j]) lv_found = false  ; 

                  }                   

                  if(lv_found == true) return lt_methods[lv_i];

                }

             }

          }

         return null;

        }

//This function call method dynamically 

        function dynamic_invoke(io_object,io_method, it_par){

          if(io_object===null || io_method ===null ) return null;

          try{

            var lo_cast_obj = Java.cast( io_object ,Java_lang_Object);

          }catch(e){

            return null;

          }

          var lt_par = Java.array('java.lang.Object',it_par);

          return io_method.invoke(lo_cast_obj,lt_par);

        }

//example of use

  Var Class_A_D = java.Use(a.d);





  Class_A_D.b.implementation = function(){

// call method a of instance, with long return and without parameter

var lo_meth = dynamic_search_method(this.getClass(),a,long,[]);

var lv_var= dynamic_invoke(this,lo_meth,[]);



// call method c of instance, with android.content.Context return and with 2 parameters

lo_meth = dynamic_search_method(this.getClass(),a,class android.content.Context,['java.lang.String','java.lang.String']);

var lv_var= dynamic_invoke(this,lo_meth,[Java_lang_String.$new(Test),Java_lang_String.$new(String)]);

// call static method

var lo_meth = dynamic_search_method(Class_A_D.class,d,class java.lang.String,[]);

var lv_var= dynamic_invoke(Class_A_D.class,lo_meth,[]);    

};



)};