Closed aph3rson closed 2 weeks ago
aph3rson
commented
5 years ago I did some simple debugging - it looks like single/double quotes are stripped from the args parameter that set_method_return_value ingests. I'd imagine this is being done by the REPL.
aph3rson
commented
5 years ago Coming back around to this - the problem is in the use of shlex.split by get_tokens - before that call, the document has the proper quotes included, but they're no longer present after.
aph3rson
commented
5 years ago Adding posix=True to the shlex call keeps the quotes in place. However, it looks like there's a further problem with the splitClassMethod agent method - it's splitting based on the last period in the string to determine a method, whereas overloaded methods will have parentheses to show which overload to use.
aph3rson
commented
5 years ago Alright, I've gotten as far as modifying the splitClassMethod to now extract an overload signature if it's passed in to the REPL. However, I'm stuck on mapping the argument types via methodInstance.argumentTypes with the overload - I've tried putting it in an eval() line similar to the following: eval("methodInstance." + overload + ".argumentTypes.map((arg) => arg.className)"), but am getting parse errors for some reason.
leonjza
commented
5 years ago Thanks so much for looking into this and updating the ticket as you go along. You rock! I'll also take a peek at this one asap.
aph3rson
commented
5 years ago I'm relatively sure I've gotten this - I'm doing some testing on my side before I fork and file a PR.
aph3rson
commented
5 years ago PR #239 has been opened which should fix this issue.
pich4ya
commented
5 years ago I faced the identical problem here. Tested on objection 1.6.6.
a.b.c.d on (Android: 8.0.0) [net] # android hooking set return_value a.b.c.XXX true
(agent) Attempting to modify return value for class a.b.c and method XXX.
A Frida agent exception has occurred.
Error: XXX(): has more than one overload, use .overload(<signature>) to choose from:
.overload()
.overload()
at throwOverloadError (frida/node_modules/frida-java/lib/class-factory.js:2159)
at frida/node_modules/frida-java/lib/class-factory.js:1393
at /script1.js:5143
at /script1.js:5232
at frida/node_modules/frida-java/lib/vm.js:42
at frida/node_modules/frida-java/index.js:281
at /script1.js:5236
at /script1.js:2108
at /script1.js:5237```The PR I filed hasn't yet been merged - you can try adding my fork as an alternate remote, and rebasing my issue branch onto your fork's master.
leonjza
commented
5 years ago Sorry about the delay in this one. Things are a little hectic at the moment, but I should finally get to it post DEF CON (with a new release).
leonjza
commented
4 years ago Left a comment suggesting an alternative implementation for #239. Once we got that sorted I think we can land it. Thanks so much for the help @aph3rson ! :)
IPMegladon
commented
2 weeks ago Done in 4cfacc46c696f72a08.
Attempting to set the return value of an overloaded method in an Android app, I get a Frida exception.
First, here's the attempt to patch the method without declaring an overloaded method:
After that, I attempt to declare an overload per the documentation (note that I'm running in Powershell, and a backtick is an escape character):