Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hooking to Context doesn't work #67

Open
afjoseph opened this issue Apr 3, 2018 · 4 comments
Open

Hooking to Context doesn't work #67

afjoseph opened this issue Apr 3, 2018 · 4 comments

Comments

@afjoseph
Copy link

afjoseph commented Apr 3, 2018

Hey. I ran into a small issue during instrumentation. Hooking into this function of context simply doesn't work. I wanted to know if the issue is on my side.

python script

import frida, sys
import time

jscode = """

Java.perform(function() {
    var context = Java.use("android.content.Context");

    context.openFileOutput.implementation = function(a, b) {
        console.log("Hello world");
        this.openFileOutput(a, b);
    }

});

"""

device = frida.get_usb_device()

pid = device.spawn(["com.whatever.bbb"])
session = device.attach(pid)
script = session.create_script(jscode)

device.resume(pid)
script.load()
print('[*] Running...')
sys.stdin.read()

The app is running and the frida-server is running on the android emulator. I'm sure that this piece of code is being called since I have the source code. The issue is that it is never hooked. Am I doing something wrong here?
@jhscheer
Copy link

jhscheer commented Apr 5, 2018
edited
Loading

try:

Java.perform(function() {                                                                                                                                     
    var context = Java.use("android.content.Context");                                                                                                        
                                                                                                                                                              
    /* FileOutputStream openFileOutput (String name, int mode) */                                                                                             
    context.openFileOutput.overload("java.lang.String","java.lang.Integer").implementation = function(name, mode) {                                           
        this.openFileOutput.overload("java.lang.String","java.lang.Integer").call(this, name, mode);                                                              
    }                                                                                                                                                         
                                                                                                                                                              
});

@afjoseph
Copy link
Author

afjoseph commented Apr 5, 2018

Same issue.
Could be that frida can't hook to native Android code?

@eanker
Copy link

eanker commented Oct 17, 2018
edited
Loading

I stumbled upon this ticket when I had the same problem.
Hope you're not struggling with this anymore, but thought to provide an answer for others struggling with this.

This is caused by the fact that android.content.Context is an interface and therefor you can't hook it.
For me I needed to hook android.app.ContextImpl, as that is the implementation used. This is not stated in the imports of the file (there indeed android.content.Context is listed), but I found this by enumerating all classes with Frida.

So then the code would be:

Java.perform(function() {                                                                                                                                     
    var context = Java.use("android.app.ContextImpl");                                                                                                        
                                                                                                                                                              
    context.openFileOutput.overload("java.lang.String","java.lang.Integer").implementation = function(name, mode) {                    
        console.log("Yes, this method is called correctly!");                       
        this.openFileOutput(name, mode);                                                              
    }                                                                                                                                                         
                                                                                                                                                              
});

@g3rzi
Copy link

g3rzi commented Feb 22, 2019

You can call the Context with ActivityThread like this:
var context = Java.use('android.app.ActivityThread').currentApplication().getApplicationContext();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jhscheer @eanker @afjoseph @g3rzi