'invalid string' Error on Funtion Hook

[TheFrozenDuck]

I am trying to hook an obfuscated Android app, using frida 14.2.17. I try to intercept the input and output of the method fqikwlxyqx. The strings passed to the functions are in unicode format. Following is an example:

    const-string v4, "\u5f77\u2b04\u2366\u3ca2\u2c29\u9929\udfe3\uf1f1\udc61\u12b8\u26b1\ud9d8\u8d71"

    invoke-static {v4}, Lasd/xyz/abc/ProtectedAbcApplication;->fqikwlxyqx(Ljava/lang/String;)Ljava/lang/String;

    move-result-object v4

I use following script to try to print the output of the function:

Java.deoptimizeEverything();

Java.perform(() => {
    const target = Java.use("asd.xyz.abc.ProtectedAbcApplication");

    console.log("Trying to hook now ...");

    target.$init.overload().implementation = function () {

        console.log("I am called :')");

        return this.$init();
    }

    target.fqikwlxyqx.overload('java.lang.String').implementation = function(x) {

        if (x == null) {
            console.log("Input is null");
            return null;
        } else {
            console.log("Encrypted String: 0x");
            console.log(x);
        }

        const ret = this.fqikwlxyqx(x);
        console.log("Plain String: " + ret);

        return ret;

    };

});

Calling it with following command:

frida -p 0 --runtime=v8 --debug -U -f asd.xyz.abc.def -l frida_script.ts --no-pause

results in following stacktrace:

I am called :')
Error: invalid string
    at NativePointer.readUtf16String (frida/runtime/core.js:127:1)
    at t.stringFromJni (frida/node_modules/frida-java-bridge/lib/env.js:600:1)
    at Object.fromJni (frida/node_modules/frida-java-bridge/lib/types.js:199:1)
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610:1)
    at frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1057:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:963:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)
    at Proxy.o.implementation (frida/node_modules/frida-java-bridge/index.js:225:1)
Encrypted String: '彇'
Plain String: '䍒'
Error: invalid string
    at NativePointer.readUtf16String (frida/runtime/core.js:127:1)
    at t.stringFromJni (frida/node_modules/frida-java-bridge/lib/env.js:600:1)
    at Object.fromJni (frida/node_modules/frida-java-bridge/lib/types.js:199:1)
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610:1)
    at frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1057:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:963:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)
    at Proxy.o.implementation (frida/node_modules/frida-java-bridge/index.js:225:1)
Error: invalid string
    at NativePointer.readUtf16String (frida/runtime/core.js:127:1)
    at t.stringFromJni (frida/node_modules/frida-java-bridge/lib/env.js:600:1)
    at Object.fromJni (frida/node_modules/frida-java-bridge/lib/types.js:199:1)
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610:1)
    at frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1057:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:963:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)
    at Proxy.o.implementation (frida/node_modules/frida-java-bridge/index.js:225:1)
Error: invalid string
    at NativePointer.readUtf16String (frida/runtime/core.js:127:1)
    at t.stringFromJni (frida/node_modules/frida-java-bridge/lib/env.js:600:1)
    at Object.fromJni (frida/node_modules/frida-java-bridge/lib/types.js:199:1)
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610:1)
    at frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1057:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:963:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)
    at Proxy.o.implementation (frida/node_modules/frida-java-bridge/index.js:225:1)
Error: invalid string
    at NativePointer.readUtf16String (frida/runtime/core.js:127:1)
    at t.stringFromJni (frida/node_modules/frida-java-bridge/lib/env.js:600:1)
    at Object.fromJni (frida/node_modules/frida-java-bridge/lib/types.js:199:1)
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610:1)
    at frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1057:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)
    at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:963:1)
    at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)
    at Proxy.o.implementation (frida/node_modules/frida-java-bridge/index.js:225:1)
Process crashed: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String java.lang.String.concat(java.lang.String)' on a null object reference

My guess is that frida might have a problem handling the unicode characters. The behaviour persists when removing the logging part in the reimplementation or overloading the method.

[notjulin]

Any updates?

[neomafo88]

bump

[ductai230894]

any update, I same error