Frida: Error occurs when injecting code to android app to fetch signatures

Created on 1 Jun 2015  路  5Comments  路  Source: frida/frida

Hi

Recently i encounter a error when trying to inject code to android app to fetch signatures, here is the js code executing:

Dalvik.perform(function () {
var application = Dalvik.use("com.test.test").currentApplication();
var context = application.getApplicationContext();
var package_name = context.getPakcageName();
var package_info = context.getPackageManager().getPakcageInfo(package_info, 64);
send(package_info);
send(context):
send(package_name):
var sign = package_info.signatures[0];
send(signs);
});

The exception occurs when executing package_info.signatures[0]. It's known to us that it's the way to get signature in java, but i just can't do it in frida:

        PackageInfo packageInfo = context.getPackageManager().getPackageInfo(pkgName, PackageManager.GET_SIGNATURES);
        Signature[] signs = packageInfo.signatures;
        Signature sign = signs[0];
                    getMD5(sign.toByteArray());

The class "PackageInfo" and "Signature" are all class that implement interface "Percelable", the difference is "PackageInfo" implements "toString" while "Signature" only implements "toCharsString", i don't know if it matters. Is there anything i missed?

Most helpful comment

@s0be1t it should work fine now

Dalvik.perform(function () {
   ...
   const sign = package_info.signatures.value[0];
   ...
});

All 5 comments

btw, the error message description i get is
"TypeError: cannont read property '0' of undefined", meanwhile, signs is not an array? But even i send package_info.signatures directly, there is no neither payload or error field in message, i get a pure message like this:

{u'type': u'send'}

Any thought?

Hi,

The Dalvik integration doesn't yet support fields, only methods. I think @marc1006 started on a patch adding support for this, so hopefully this might happen in the near future.

Cheers!

Thx! I'll wait for the new version.

@s0be1t it should work fine now

Dalvik.perform(function () {
   ...
   const sign = package_info.signatures.value[0];
   ...
});

Considering this one fixed.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

PerilousTheGreat picture PerilousTheGreat  路  3Comments

HamidZaeri picture HamidZaeri  路  3Comments

cgbcsh picture cgbcsh  路  4Comments

jorgschulze73 picture jorgschulze73  路  3Comments

lqxn1015 picture lqxn1015  路  4Comments