Overwriting C/C++ Method Using Frida

In This section we want to change the value of inputs and outputs in native library functions. It should be clear for you that we can’t just simply change the function arguments and return value because they may have different class types. For example if you want to change the input of a function that is

jstring

you can’t provide a JavaScript string.

Frida is awesome. It provide bridge between Frida to Java. Therefore we can create any Java class and Objects. You can access them with

Java.vm.getEnv()

. Also to see full abilities you have you can check there:

github.com

https://github.com/frida/frida-java-bridge/blob/main/lib/env.js

As you see we can create

jstring

by using

newStringUtf

Example:

Interceptor.attach( Module.findExportByName("libnativesecret.so", "Java_lab_seczone64_nativesecret_MainActivity_encryptDecrypt"), {
                    onEnter: (args) => {
                        args[2] = Java.vm.getEnv().newStringUtf("Seczone64")
                    },
                    onLeave: (ret) => {
                        ret.replace(Java.vm.getEnv().newStringUtf("Hooora. We did it. :)"))
                    }
                })
            }

You can’t directly change return value. You should use

.replace

function to change it.

If you need C/C++ string type look at here:

Hooking NDK Libraries - Hooking strcmp Function