0

im trying to hook the C6494a method has 2 parameters the ge6 object and a activity object whenever i try to hook this method with a hook overload that contains both ge6 and the activity object frida throws a error saying the overload is incorrect (view image2)

image1

this is the hook im using to hook the constructor

Java.use("com.ge6$a").$init.overload('com.ge6', 'android.app.Activity').implementation = function(a, b){ }

and this is the error frida throws when using the above hook

Error: ge6$a(): specified argument types do not match any of: .overload('android.app.Activity') at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:569) at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:899) at <anonymous> (/frida/repl-2.js:76) at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12) at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:250) at <anonymous> (frida/node_modules/frida-java-bridge/index.js:242) at apply (native) at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:620) at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)

and even if i set the overload without the ge6 object

Java.use("com.ge6$a").$init.overload('android.app.Activity').implementation = function(a){ }

frida throws this error instead

Error: Cast from 'com.ge6' to 'android.app.Activity' isn't possible at cast (frida/node_modules/frida-java-bridge/lib/class-factory.js:131) at fromJni (/_java.js) at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:617) at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)

also trying to create a new object of this subclass throws this issue instead

Process crashed: Trace/BPT trap *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** Build fingerprint: 'google/sdk_gphone_x86_arm/generic_x86_arm:11/RSR1.201013.001/6903271:userdebug/dev-keys' Revision: '0' ABI: 'x86' Timestamp: 2022-07-24 18:37:32+0100 pid: 15013, tid: 15013, name: nalds.mobileapp >>> com.mcdonalds.mobileapp <<< uid: 10153 signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- Abort message: 'JNI DETECTED ERROR IN APPLICATION: use of invalid jobject 0xffaadb28 from void com.ge6.a(android.app.Activity, com.ge6$b)' eax 00000000 ebx 00003aa5 ecx 00003aa5 edx 00000006 edi f005e81e esi ffaad310 ebp f237ab90 esp ffaad2b8 eip f237ab99 backtrace: #00 pc 00000b99 [vdso] (__kernel_vsyscall+9) #01 pc 0005ad68 /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x59000) (syscall+40) (BuildId: 6e3a0180fa6637b68c0d181c343e6806) #02 pc 00076511 /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x75000) (abort+209) (BuildId: 6e3a0180fa6637b68c0d181c343e6806) #03 pc 0000040e <anonymous:e3a29000> ***
Improve this question
5
  • Please do not post screen shots of code and terminal output, instead post everything as text and format it as code. This is the general recommendation and in your case the screen shots are partially so bat that they are hard to read. Please edit your question and change it as proposed. Commented Jul 24, 2022 at 17:26
  • @Robert i have edited the post as proposed, yes i am trying to hook the constructor not a class method also calling it throws a new issue i have included it in the post Commented Jul 24, 2022 at 17:39
  • First your hooking code of a constructor needs to call and return the original constructor: github.com/iddoeldor/frida-snippets#hook-constructor and second: are you sure you have the correct Activity class? Check the imports in Jadx, because there can be more classes in different packages of that name. Commented Jul 24, 2022 at 18:09
  • is it possible the second error is not a hooking error, but an error that happens when the app calls that class? try return this.$new(a); - or add a console.log after hooking to see if it works Commented Sep 14, 2022 at 17:53
  • it turns out i decompiled a apk version and forgot to install it on the emulator so i was hooking a older version Commented Sep 27, 2022 at 21:09

1 Answer 1

Reset to default
0

as embarrassing as this is turns out the installed version of the app on the emulator is slightly older than the one i decompiled with jadx-gui installing the same version fixed this

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.