Frida
Android
Frida Scripting Guide (3) - Access to content of classes
In this blogpost I will explain how to access different methods with different visibilities in a class through Frida. Whenever we work with Java we have four scopes available applicable to a class, method or attribute. The following table shows what each scope means.
| Class | Package | Subclass (same pkg) | Subclass (diff pkg) | World | |
|---|---|---|---|---|---|
| public | + | + | + | + | + |
| protected | + | + | + | + | |
| no modifier | + | + | + | ||
| private | + |
- : accessible blank : not accessible
As an example a private method can only be invoked by the class or instance that owns the method (if it is not static, just by an instance). The static methods and objects can be used from a Frida script independently of the scope modifier, as shown in the following example:
var ScopeObject = Java.use("com.blog.testfrida.complexobjects.ScopeObject");
console.log("private static object:" + ScopeObject.privateStaticObject.value);
console.log("protected static object:" + ScopeObject.protectedStaticObject.value);
console.log("public static object:" + ScopeObject.publicStaticObject.value);
console.log("static object:" + ScopeObject.nonModifiedStaticObject.value);
console.log("private static method:" + ScopeObject.privateStaticMethod());
console.log("protected static method:" + ScopeObject.protectedStaticMethod());
console.log("public static method:" + ScopeObject.publicStaticMethod());
console.log("static method:" + ScopeObject.nonModifiedStaticMethod());
In order to use the attributes and methods of an instance, we need to create an instance by calling its constructor. Frida acts like in the case of the static methods and attributes:
var ScopeObject = Java.use("com.blog.testfrida.complexobjects.ScopeObject");
var scopeInstance = ScopeObject.$new();
console.log("private object:" + scopeInstance.privateObject.value);
console.log("protected object:" + scopeInstance.protectedObject.value);
console.log("public object:" + scopeInstance.publicObject.value);
console.log("object:" + scopeInstance.nonModifiedObject.value);
console.log("private method:" + scopeInstance.privateMethod());
console.log("protected method:" + scopeInstance.protectedMethod());
console.log("public method:" + scopeInstance.publicMethod());
console.log("method:" + scopeInstance.nonModifiedMethod());
Next: “this” reference