Objection Practical - Calling the method of a non-static class

I have challenged my self to use tool Objection to solve the labs on the Android Frida Labs created by MobileHackingLab. For you that don't familiar with frida, the course is very easy to follow and teach you basic concept of using frida during mobile application pentest.

Now, we will continue with the next topic, Calling the method of a non-static class. I recommend you to read the material from the course and practice using frida before using Objection as this article will not cover the frida part.

Actually, we will use same technique used on the previous article. Using android heap evaluate to solve the problem and get flag. Please take a note that using command "android heap" in objection is often unstable.

Prequisite :

1. Android studio Emulator or any other Emulator eg;( NOX
2. Frida server on android emulator
3. Frida-tools on your laptop/PC
4. Objection installed on your laptop
5. Enroll course here (it's free) https://www.mobilehackinglab.com/course/android-frida-labs.
6. Download app-debug.rar from section "Calling the method of a non static class".

How to create new object of the class and then calling the method inside it.

1.?????? Running objection

objection -g com.mobilehackinglab.FridaFour explore

2.?????? List all activities

android hooking list activities

3.?????? Check all classes on package

android hooking search classes com.mobilehackinglab.FridaFour

4.?????? Check all method on MainActivity

android hooking list class_methods com.mobilehackinglab.FridaFour.MainActivity

we don’t find anything helpful, let’s try check static analysis

5.?????? Check using jadx-gui

MainActivity does not call any class during creation.

We found there is class Check

This class have final method getFlag() which is never called on the activity.

The method is expecting integer that is saved as code variable.

If the code is equal to 1337 then flag will returned.

6.?????? Check if we can get hashcode of Check class

android heap search instances com.mobilehackinglab.FridaFour.Check

No instance of Check class.

We can use instance MainActivity to call method getFlag()

7.?????? Get hashcode MainActivity

android heap search instances com.mobilehackinglab.FridaFour.MainActivity

Hashcode : 149158277

8.?????? Using heap evaluate to execute code

To instantiate an object, $new() is used. This is a Frida-specific method allows you to instantiate objects of a particular class.

var check = Java.use("com.mobilehackinglab.FridaFour.Check");

var check_obj = check.$new(); //class Object

var res = check_obj.getFlag(1337); //calling the method

console.log("flag " + res);

?

android heap evaluate 149158277

[ESC] + [ENTER] to save

Ok we get the flag. :D

Actually, if you have finished the lab using frida, the code used is literally same. We only utilize objection "android heap" to execute the code. Nothing new here, since we already using it on previous article.

This article series is part of #menulis100hari process.

~Bandung , 24 February 2025

~19/100