0

I am new to frida and I tried several methods with no luck.. I am attempting to modify the return value of the boolean function to be false but I keep getting the following error: Process crashed: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean com.cgflauowyeim.pxhvwigtoc.App.I()' on a null object reference

This is the class:

public class App extends Application {
    private static App M;
    public libInterface f = null;
    public int g = 0;

    /* renamed from: K  reason: collision with other method in class */
    public boolean m42K() {
        return false;
    }

    public boolean I() {
        try {
            if (!Build.FINGERPRINT.startsWith(v.K((Object) "\u000fQ\u0006Q\u001a]\u000b"))) {
                if (!m42K()) {
                    if (Build.FINGERPRINT.startsWith(u.K("&a&e?d")) || Build.MODEL.contains(v.K((Object) "S\u0007[\u000fX\rk\u001bP\u0003")) || Build.MODEL.contains(u.K("\rg=f)~'x")) || Build.MODEL.contains(v.K((Object) "/w-\u0014\u0010\f^\u0014\u0018\\\u0007Z\r")) || Build.MODEL.contains(u.K("Y<k&n)x,*\u0018I")) || Build.MODEL.contains(v.K((Object) ")Z\fF\u0007]\f\u0014;p#")) || Build.MODEL.contains(u.K(";n#U/z e&o")) || Build.MODEL.contains(v.K((Object) "u'g8")) || Build.MODEL.contains(u.K("\u00102pz:e")) || Build.MODEL.contains(v.K((Object) ">]\u001a@\u001dU\u0004")) || Build.MODEL.contains(u.K("\u001eG?k:o")) || Build.MANUFACTURER.contains(v.K((Object) "$}%}<q,")) || Build.MANUFACTURER.contains(u.K("\u0005E\nC\u0004O")) || Build.MANUFACTURER.contains(v.K((Object) "b%C\tF\r")) || Build.MANUFACTURER.contains(u.K("\\!x<)f")) || Build.MANUFACTURER.contains(v.K((Object) "e-y=")) || Build.MANUFACTURER.contains(u.K("&a&e?d")) || Build.MANUFACTURER.contains(v.K((Object) "s\rZ\u0011Y\u0007V\u0001X\r")) || Build.MANUFACTURER.contains(u.K("\u000fo&s%e<c'd")) || ((Build.BRAND.startsWith(v.K((Object) "\u000fQ\u0006Q\u001a]\u000b")) && Build.DEVICE.startsWith(u.K("m-d-x!i"))) || v.K((Object) "S\u0007[\u000fX\rk\u001bP\u0003").equals(Build.PRODUCT))) {
                        return true;
                    }
                    return false;
                }
            }
        } catch (Exception unused) {
        }
        return true;
    }

    public void onCreate() {
        super.onCreate();
        if (!I()) {
            try {
                if (M == null) {
                    K(this);
                }
                Thread.setDefaultUncaughtExceptionHandler(new u());
                o.K().m50K();
                v.K().m55K((Context) this);
                aa.K().I();
                l.K().I(this);
                startForegroundService(new Intent(this, ServiceHandler.class));
                I();
            } catch (Exception unused) {
            }
        }
    }

    private static synchronized /* synthetic */ void K(App app) {
        synchronized (App.class) {
            M = app;
        }
    }

    /* renamed from: K  reason: collision with other method in class */
    public void m41K() {
        try {
            System.exit(0);
        } catch (Exception unused) {
        }
    }

    public static App K() {
        return M;
    }
}

This is my frida script:

Java.perform(function() {
  var App = Java.use('com.cgflauowyeim.pxhvwigtoc.App');
  App.I.implementation = function() {
    console.log('I method called, returning false');
    return false;
  };

  // Register a hook that is executed before the onCreate method is called
  App.onCreate.before(function() {
    console.log('onCreate method called, replacing I method');
    App.I.implementation = function() {
      console.log('I method called, returning false');
      return false;
    };
  });
});

I managed to bypass the vm detection editing the smali code and compiling it back but I would like to try to achieve the same result using frida. also i tried to enumerate the overload but didnt find any and kept getting the same error "Attempt to invoke virtual method 'boolean com.cgflauowyeim.pxhvwigtoc.App.I()' on a null object reference".

Any ideas?

Robert
  • 39,162
  • 17
  • 99
  • 152
balbavik
  • 1
  • Yo are trying to hook `App.I` multiple times (one time directly and a second time in `App.onCreate.before`). I would only hook it once. – Robert Dec 24 '22 at 09:46
  • I changed it but still doesn't work.. – balbavik Dec 26 '22 at 09:52
  • You mentioned that you have created a modified APK version of the app. Just for curiosity have you tested if you can hook the method of the modified APK (even if this would not be necessary)? Just to find out if there is something wrong with the app or frida, the device or your frida code. – Robert Dec 26 '22 at 10:37

0 Answers0