Failure to effectively hook all the methods of a class in newer Android versions
In newest Android versions (>= 13) I am facing an issue when I try to hook all the methods of a java class. More specifically, given the following function:
function traceMethod(targetClassMethod){
var delim = targetClassMethod.lastIndexOf(".");
if (delim === -1) return;
var targetClass = targetClassMethod.slice(0, delim)
var targetMethod = targetClassMethod.slice(delim + 1, targetClassMethod.length)
var hook = Java.use(targetClass);
var overloadCount12 = hook[targetMethod].overloads.length;
for (var i = 0; i < overloadCount12; i++) {
hook[targetMethod].overloads[i].implementation = function() {
console.log("\n[ ▶︎▶︎▶︎] Entering: " + targetClassMethod);
for (var j = 0; j < arguments.length; j++) {
console.log("|\t\\_arg[" + j + "]: " + arguments[j]);
}
var retval = this[targetMethod].apply(this, arguments);
console.log("[ ◀︎◀︎◀︎ ] Exiting " + targetClassMethod);
console.log('\t\\_Returns: '+retval+'\n');
return retval;
}
}
}
and the following calls:
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.finish');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.onActivityResult');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.onCreate');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ɻ');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʕ');
traceMethod('com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʖ');
I can effectively hook all the methods of a class in Android 9 and get the correct logs:
Using the traceMethod , same app, in Android 13, yields the following output:
Failing to display the logs of methods called within the onCreate. Subsequently, removing the onCreate hook, displays the log of com.airbnb.android.lib.deeplinks.activities.DeepLinkEntryActivity.ʕ but fails to follow the calls to the class's methods started from within the ʕ method:
My Android 13 device's fingerprint is the following:
[google/barbet/barbet:13/TQ3A.230901.001/10750268:user/release-keys]
While the Android 9 fingerprint is the following:
[samsung/dream2ltexx/dream2lte:9/PPR1.180610.011/G955FXXUCDUD1:user/release-keys]
using a simpler example, assuming the following java code:
public void func(){
System.out.println("in func");
func1();
}
public void func1(){
System.out.println("in func1");
}
the following script:
Java.perform(function() {
let className1 = Java.use("com.intent.sender.min.MainActivity");
className1.func.implementation = function(){
console.log("FRIDA: in func");
this.func();
}
className1.func1.implementation = function(){
console.log("FRIDA: in func1")
}
});
logs only : FRIDA: in func
I am also affected by this bug!
+1 here
Likewise, affected by this bug