Search code examples
androidfrida

How to hook into onClick method inside a method using frida

I want to change behaviour of onClick method by hooking with frida. The code I used is

Java.perform(function() {
    console.log("[*] START...")
    var mClass = Java.use("sg.vantagepoint.uncrackable1.MainActivity")
    mClass.a.onClick.implementation=function() {
        console.log("[*] Clicked ")
    }
})

iam getting error

TypeError: cannot write property 'implementation' of undefined
    at [anon] (../../../frida-gum/bindings/gumjs/duktape.c:57636)
    at /uncrackable1.js:6
    at frida/node_modules/frida-java-bridge/lib/vm.js:11
    at E (frida/node_modules/frida-java-bridge/index.js:346)
    at frida/node_modules/frida-java-bridge/index.js:298
    at frida/node_modules/frida-java-bridge/lib/vm.js:11
    at frida/node_modules/frida-java-bridge/index.js:278
    at /uncrackable1.js:11

source code is

    private void a(String str) {
        AlertDialog create = new AlertDialog.Builder(this).create();
        create.setTitle(str);
        create.setMessage("This is unacceptable. The app is now going to exit.");
        create.setButton(-3, "OK", new DialogInterface.OnClickListener() {
            public void onClick(DialogInterface dialogInterface, int i) {
                System.exit(0);
            }
        });
Solution

  • You are trying to hook the wrong class - most likely because you are using Jadx for decompiling the wrong settings and no knowledge on Java classes.

    If you are using Jadx for decompiling the APK file make sure to disable the setting Inline anonymous classes to see the real class name a method belongs to.

    The Method onClick() belongs to the anonymous inner class created by new DialogInterface.OnClickListener() and not to sg.vantagepoint.uncrackable1.MainActivity - hence you are trying to hook the wrong class. The method a(String) it is used in is totally irrelevant for hooking. Anonymous inner classes have their own class name based on the outer class appended by $ and a number. Therefore the correct class name may be sg.vantagepoint.uncrackable1.MainActivity$1 or sg.vantagepoint.uncrackable1.MainActivity$2, depending on how many other anonymous inner classes are present.

    Additionally something like mClass.a.onClick is not possible, as there is no method inside a method (a is a method and onClick is a method).

    In the end you may end up with the following frida code:

    Java.perform(function() {
    console.log("[*] START...")
    var mClass = Java.use("sg.vantagepoint.uncrackable1.MainActivity$1")
    mClass.onClick.implementation=function() {
        console.log("[*] Clicked ")
    }
})