I am trying to hook onCreate() of android application using frida. Here is my activity code - .
package com.example;
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.telephony.TelephonyManager;
import android.util.Log;
public class UnreachableCode extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_unreachable_code);
}
//this method is never called
private void unreachable(){
TelephonyManager tm =(TelephonyManager)getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);
String deviceid = tm.getDeviceId();
Log.i("ID", deviceid);
}
}
Now, in above code unreachable() is never called. But I want to override onCreate() and want to call unreachable() from it. I have tried following code --
import frida
import sys
def on_message(message,data):
print(message)
jscode = """Java.perform(function() {
console.log("[ * ] Starting implementation override...")
var MainActivity = Java.use("com.example.UnreachableCode");
MainActivity.onCreate.overload("android.os.Bundle").implementation = function(var_0){
var ret = this.onCreate.overload("android.os.Bundle").call(this,var_0);
console.log("[ + ] Calling function unreachable");
this.unreachable();
};
send("Hooks installed.");
});
"""
try:
device = frida.get_usb_device().attach('com.example')
script = device.create_script(jscode)
script.on('message',on_message)
print('[ * ] Running Frida Demo application, Loading script now')
script.load()
sys.stdin.read()
except KeyboardInterrupt:
print ("[!] Killing app...")
This is not working. I am not much familiar with frida, so I need expert's advice. frida version -- 15.2.2, Android - 9
Edit ---- Updated second block of code.