Printing all the loaded classes
Java.perform(function(){Java.enumerateLoadedClasses({"onMatch":function(className){ console.log(className) },"onComplete":function(){}})})
Creating a class instance and calling it’s methods
Java.perform(function(){
a=Java.use("com.AppSecLabs.AppName.MainActivity");
Java.scheduleOnMainThread(function(){
b=a.$new();
console.log(b.myMethod1("a","b"));
console.log(b.myMethod2("f"));
})
})
Calling a method of an existing class instance
Java.perform(function () {
done=false;
Java.choose("com.AppSecLabs.AppName.MainActivity", {
"onMatch":function(instance){
if(!done) {
a=instance.myMethod1("a","a");
done=true;
console.log("[*] Instance found, result: ", a);
}
},
"onComplete":function() {
console.log("[*] Finished heap search")
}
});
});
Creating a java boolean
Java.perform(function(){
console.log(Java.use("java.lang.Boolean").$new(true));
})
Creating a java string object, note the difference between send and console.log
Java.perform(function(){
s=Java.use("java.lang.String");
x=s.$new('Hello World');
send(x);
console.log(x);
})
Overriding Android’s class method – Changing the IMEI
Java.perform(function(){
Java.use("android.telephony.TelephonyManager").getDeviceId.overload().implementation=function(){
return "so simple"
}
})
Overriding the app’s class method
Java.perform(function(){
t=Java.use("java.lang.Boolean").$new(true);
Java.use("com.AppSecLabs.AppName.MainActivity").myMethod1.implementation=function(x,y){
console.log("Original value: " + this.myMethod1(x,y));
return t;
}
})