I have an android program that has been obfuscated. And in this program classes have attributes with the same name. Depiled code like this
public class d implements c
{
public int a;
public Cache$Entry a;
public Cache a;
public volatile a a;
public e a;
public ByteArrayOutputStream a;
public volatile AtomicBoolean a;
or smali code like this
# interfaces
.implements Le/a/x/c;
# instance fields
.field public a:I
.field public a:Lanetwork/channel/cache/Cache$Entry;
.field public a:Lanetwork/channel/cache/Cache;
.field public volatile a:Ld/a/w/a;
.field public a:Le/a/x/e;
.field public a:Ljava/io/ByteArrayOutputStream;
.field public volatile a:Ljava/util/concurrent/atomic/AtomicBoolean;
I create a hook to one method asd() and i need to access to attribute "a" of this class. But I need attribute "a" with type "e.a.x.e"
Java.perform(function () {
var var_ddd = Java.use("e.a.x.d");
var_ddd.asd.implementation = function() {
this.asd();
console.log("e.a.x.d.asd()",Java.cast(this.a.value,Java.use("e.a.x.e")));
};
});
When I try to write this.a.value - I get a wrong attribute. When I write Java.cast(this.a.value,Java.use("e.a.x.e")) I get message
TypeError: cannot read property 'hasOwnProperty' of undefined
Please tell me how to get the right attribute with the right type
I have an android program that has been obfuscated. And in this program classes have attributes with the same name. Depiled code like this
public class d implements c
{
public int a;
public Cache$Entry a;
public Cache a;
public volatile a a;
public e a;
public ByteArrayOutputStream a;
public volatile AtomicBoolean a;
or smali code like this
# interfaces
.implements Le/a/x/c;
# instance fields
.field public a:I
.field public a:Lanetwork/channel/cache/Cache$Entry;
.field public a:Lanetwork/channel/cache/Cache;
.field public volatile a:Ld/a/w/a;
.field public a:Le/a/x/e;
.field public a:Ljava/io/ByteArrayOutputStream;
.field public volatile a:Ljava/util/concurrent/atomic/AtomicBoolean;
I create a hook to one method asd() and i need to access to attribute "a" of this class. But I need attribute "a" with type "e.a.x.e"
Java.perform(function () {
var var_ddd = Java.use("e.a.x.d");
var_ddd.asd.implementation = function() {
this.asd();
console.log("e.a.x.d.asd()",Java.cast(this.a.value,Java.use("e.a.x.e")));
};
});
When I try to write this.a.value - I get a wrong attribute. When I write Java.cast(this.a.value,Java.use("e.a.x.e")) I get message
TypeError: cannot read property 'hasOwnProperty' of undefined
Please tell me how to get the right attribute with the right type
Share Improve this question asked Feb 29, 2020 at 13:49 almalm 1012 silver badges8 bronze badges2 Answers
Reset to default 3Thanks to Robert, a solution was found.The code made minor corrections
var lo_fld_eaxe;
var lv_found = false;
var lt_fields = this.getClass().getDeclaredFields();
for (var i = 0; i < lt_fields.length && lv_found == false; i++) {
if(lt_fields[i].getName().toString() == 'a' && lt_fields[i].getType().getName().toString() == 'e.a.x.e' ){
lo_fld_eaxe = lt_fields[i];
lv_found = true;
}
}
if(lv_found == true) {
lo_fld_eaxe.setAccessible(true);
try{
var lv_e_a_x_e = lo_fld_eaxe.get(this);
}
catch(err){
console.log("Error:"+err);
}
}
In case there is a conflict between a method and a field of the same name Frida has built in workaround: Prepend the field name with an underscore: _a.
If there is a name collision, method & member has the same name, an underscore will be added to member.
But I am not sure if this information is still valid. The current Frida Java bridge code does not like it would rename fields with colliding field names: https://github./frida/frida-java-bridge/blob/master/lib/class-factory.js#L301
I also don't see a way to access the fields in Frida in a way that don't base on it's name.
The only chance I see is accessing the field via Java reflection:
const eaxe = Java.use("e.a.x.e");
for (f of eaxe.class.getDeclaredFields()) {
if (f.getType().getName() == "e.a.x.e") {
f.setAccessible(true);
var fieldValue = f.get(this);
console.log("Field of type e.a.x.e has value: " + fieldValue);
}
}
Note: The code above has not been tested in Frida, therefore it may need some more refinement before it actually works.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745202563a4616415.html
评论列表(0条)