how to hook onCreate medthod in Application Class

[henrytom1703]

Hello, @oleavr . Here my source code:

package com.abc.app
import android.app.Application;

public class MyCustomApplication extends Application {
        // Called when the application is starting, before any other application objects have been created.
        // Overriding this method is totally optional!
	@Override
	public void onCreate() {
	    super.onCreate();
            // Required initialization logic here!
	}

        // Called by the system when the device configuration changes while your component is running.
        // Overriding this method is totally optional!
	@Override
	public void onConfigurationChanged(Configuration newConfig) {
	    super.onConfigurationChanged(newConfig);
	}

        // This is called when the overall system is running low on memory, 
        // and would like actively running processes to tighten their belts.
        // Overriding this method is totally optional!
	@Override
	public void onLowMemory() {
	    super.onLowMemory();
	}
}
``

Java.perform(function () {
var app= Java.use("com.abc.app.MyCustomApplication");
app.onCreate.implementation = function() {
console.log("Called");
};
});

I tried hook onCreate . But It's not successful. how to hook onCreate in application  Class?

Thanks.

[pich4ya]

bump

[Youlor]

So, Did you solute?

[projectbtle]

Hi,

I had this same issue, but was able to hook onCreate() by following the suggestion here and based on the code here (this assumes the use of a Python script to load the JavaScript code).

That is, in test.py:

jscode="""
if (Java.available) {
    Java.perform(function () {        
        var mainapp = Java.use('com.abc.app.MyCustomApplication');
        mainapp.onCreate.implementation = function() {
            console.log('Called');
        };
    });
}
"""

try:
    device  = frida.get_usb_device()
    pid     = device.spawn(['com.abc.app'])
    session = device.attach(pid)
    script  = session.create_script(jscode)
    
    script.on('message', on_message)
    script.load()
    sys.stdin.read()
    
    #Call resume *after* script.load(), otherwise onCreate won't get hooked.
    device.resume(pid)
    time.sleep(1)
except KeyboardInterrupt:
    print ("[!] Killing app...")

Could you try this and see if it works?

[H4oK3]

did you guys figure out? The script above does not work for me

[projectbtle]

@H4oK3 Could you post your Android app code (only the relevant Activity/Application) and your Python/JS code?

[pachoo]

@henrytom1703 I'm running into the same issue, did you get this working?

It looks like the App.onCreate() code is being run before hook code in Java.perform. The script was loaded after spawning before resuming. My test app is similar to the OPs. It was created in Android Studio as an "New Project > Empty Activity" and adding a new MyApp class that extends android.app.Application and overriding onCreate().

Interestingly the Frida hooking works if I use a debug build, but not a signed, release build.
Also, the hooking does seem to work if Java.deoptimizeEverything() is called prior to hooking.

Device: Pixel 4a
OS: Android 10 OTA, rooted via Magisk
Frida server 14.2.17

Suggestions that did not work.

• used frida cli to load then resume.
• used python to spawn, create, load, resume