I hook a function with no error, but it has no output, I can be sure that the app runs this function
import frida
import sys
rdev = frida.get_remote_device()
session = rdev.attach("com.che168.autotradercloud") # "com.che168.autotradercloud" 1990
scr = """
Java.perform(function () {
// package.class
var SPUtils = Java.use("com.che168.autotradercloud.util.SPUtils");
var SharedPreferencesUtil = Java.use("com.che168.atclibrary.utils.SharedPreferencesUtil");
// This hook runs successfully
SPUtils.saveDeviceId.implementation = function(str){
console.log("set device_id",str);
this.saveDeviceId(str);
}
// This hook function is in the same class as the above one, and it should have been executed, but nothing happened,no `console.log...`
SPUtils.getDeviceId.implementation = function(){
var res = this.getDeviceId();
console.log("get id",res);
return res;
}
});
"""
script = session.create_script(scr)
def on_message(message, data):
print(message, data)
script.on("message", on_message)
script.load()
sys.stdin.read()
The source code decompiled with jadx is as follows (in part)
// getSpUtil() is SharedPreferencesUtil
public static void saveDeviceId(String str) {
getSpUtil().saveString(KEY_DEVICE_ID, str);
}
public static String getDeviceId() {
return getSpUtil().getString(KEY_DEVICE_ID, "");
}
The frida-version is 16.0.1 and py version is 3.7.9
By calling
rdev.attach("com.che168.autotradercloud")you attach Frida to the existing instance of the app.If you then hook functions the hook will only be executed if the app executes this function after you have attached with Frida. If the app just calls it once at app start-up then attaching to the app is too late as the call was already executed.
The only way to hook function calls that are called by the app at start-up is to spawn the app in suspended state, attach to it, load your hook script and then resume it (let it run).