Objection Practical - Plugin Hookhelper

Objection Practical - Plugin Hookhelper

Romi Syuhada Romi Syuhada

Romi Syuhada

OSCP | CRTE | CRTP | CPSA - Cyber Security Consultant - Moslem

发布日期: 2025年3月15日
+ 关注

Several days ago I have introduce Objection plugin hookhelper. Today we will try the plugin to solving the lab. ?

Prequisite

1.?????? ?Labs, we will use fridatwo, FridaThree, FridaFour and FridaFive that you can download from MobileHackingLab course here : https://www.mobilehackinglab.com/course/android-frida-labs.

Go to the respective section below? :

  • Frida Two : "Invoking a method using Frida”.
  • Frida Three : “Changing the value of a static variable”.
  • Frida Four : “Calling the method of a non static class”.

2.?????? Objection Plugin HookHelper : https://github.com/zief/hookhelper


Since we will focus on using the plugin, please check the course and try to solve it using Frida first. You can also check previous article to solving lab using objection. Kindly reminder that sometimes the use of “android heap” is not stable. ?

·?????? https://www.dhirubhai.net/pulse/objection-practical-invoking-method-using-romi-syuhada-sejkc

·?????? https://www.dhirubhai.net/pulse/objection-practical-changing-value-static-variable-romi-syuhada-uforc

·?????? https://www.dhirubhai.net/pulse/objection-practical-calling-method-non-static-class-romi-syuhada-bfk3f

?

Use Hookhelper to get flags

Frida Two

1.?????? Run the Frida Two

2.?????? Use objection

objection -g "Frida Two" explore

3.?????? Load plugin hookhelper. I put the plugin on D:\Tools.

plugin load "D:\Tools\hookhelper"


4.?????? We will invoke showFlag() on main Activity. (Please check https://www.dhirubhai.net/pulse/objection-practical-invoking-method-using-romi-syuhada-sejkc for detail )

android hooking list activities

android hooking list class_methods com.mobilehackinglab.fridatwo.MainActivity


5.?????? We can use invokeMethod to invoke the showFlag(). Use -h to show help message.


The command will be :

plugin hookhelper invokeMethod --package-name com.mobilehackinglab.fridatwo --class-name MainActivity --method showFlag


?

Frida Three

1.?????? Open the application and use objection. Then load the plugin.

领英推荐


2.?????? We can change value of the variable code to 256. Another way is to invoke method setCode() and set 256 as parameter. (Please check https://www.dhirubhai.net/pulse/objection-practical-changing-value-static-variable-romi-syuhada-uforc for detail)

3.?????? We can use changeVar to change the value of the code property.

The command is below :

plugin hookhelper changeVar --package-name com.mobilehackinglab.FridaThree --class-name Checker --variable-name code --new-value 256 –int


Clicking the button “Click me” will display the flag.


4.?????? Let’s restart the app and try to invoke the method setCode()

5.?????? We can use invokeMethod to invoke the setCode().

plugin hookhelper invokeMethod --package-name com.mobilehackinglab.FridaThree --class-name Checker --method setCode --args-int 256


Clicking the button “Click me” will display the flag.

?

Frida Four

1.?????? Open the application and use objection. Then load the plugin.

2.?????? We wil call the method getFlag() on the Check class. However, it is a non-static class. Also if we check the instances, it is not created yet. ?(Check here https://www.dhirubhai.net/pulse/objection-practical-calling-method-non-static-class-romi-syuhada-bfk3f for detail)

3.?????? We can use invokeNonStatic


Since the getFlag() method returning the value, we will use args --return-value to get the value.

The command will be look like below :

plugin hookhelper invokeNonStatic --package-name com.mobilehackinglab.FridaFour --class-name Check --method getFlag --args-int 1337 --return-value



With this, we can continue to solving the next labs on the next article.

~ Bandung 15 March 2025

~ 25/100

?

要查看或添加评论,请登录

Romi Syuhada的更多文章

社区洞察

其他会员也浏览了