Hooking in Objection - Watching classes and methods
Objection have a function that will make your live more easier during static analysis. Sometime you will find the application that is heavily obfuscated that the activities or code is hardly readable when the application is opened using jadx-gui. In some-cases the classes is not there. AndroidManifest tell you the classes name, the activities, but you can't find it during static analysis.
If the application does not check Frida or maybe checking it but not immediately force-closing it, we still have a chance to analyze the application using objection. We can watch the activities and methods, analyzing if the methods need a parameter and also watching when the methods is used by the application.
Here is the command you will familiar with :
PS : We are using sieve 2.0 from https://github.com/WithSecureLabs/sieve/releases/tag/2.0
1. Listing the activities
android hooking list activities
2. Get current activity
android hooking get current_activity
3. Search classes
android hooking search classes <package name>
android hooking search classes com.withsecure.example.sieve
4. Search methods of classes
android hooking search methods <package name> <class name>
android hooking search methods com.withsecure.example.sieve activity
5. List declared Methods of a class with their parameters
android hooking list class_methods <full class name>
android hooking list class_methods com.withsecure.example.sieve.activity.MainLoginActivity
6. Watching methods
android hooking watch class_method <full methods name> --dump-return
android hooking watch class_method com.withsecure.example.sieve.activity.MainLoginActivity.loginFailed --dump-return
7. Watching all methods in the class
android hooking watch class <full class name> --dump-return
android hooking watch class com.withsecure.example.sieve.activity.MainLoginActivity --dump-return
This article is part of #menulis100hari process.
~Bandung , 21 Januari 2025
~4/100