Printing all the loaded classes

Java.perform(function(){Java.enumerateLoadedClasses({"onMatch":function(className){ console.log(className) },"onComplete":function(){}})})

Creating a class instance and calling it’s methods

Java.perform(function(){
	a=Java.use("com.AppSecLabs.AppName.MainActivity");
	Java.scheduleOnMainThread(function(){
		b=a.$new();
		console.log(b.myMethod1("a","b"));
		console.log(b.myMethod2("f"));
	})
})

Calling a method of an existing class instance

Java.perform(function () {
	done=false;
	Java.choose("com.AppSecLabs.AppName.MainActivity", { 
		"onMatch":function(instance){
			if(!done) {
				a=instance.myMethod1("a","a");
				done=true;
				console.log("[*] Instance found, result: ", a);
			}
		},
		"onComplete":function() {
			console.log("[*] Finished heap search")
		}
	});
});

Creating a java boolean

Java.perform(function(){
	console.log(Java.use("java.lang.Boolean").$new(true));
})

Creating a java string object, note the difference between send and console.log

Java.perform(function(){
	s=Java.use("java.lang.String");
	x=s.$new('Hello World');
	send(x);
	console.log(x);
})

Overriding Android’s class method – Changing the IMEI

Java.perform(function(){
	Java.use("android.telephony.TelephonyManager").getDeviceId.overload().implementation=function(){
	return "so simple"
	}
})

Overriding the app’s class method

Java.perform(function(){
	t=Java.use("java.lang.Boolean").$new(true);
	Java.use("com.AppSecLabs.AppName.MainActivity").myMethod1.implementation=function(x,y){
		console.log("Original value: " + this.myMethod1(x,y));
		return t;
	}
})