Fin/Spar/frida

Start emulator and install burp cert

Original guide see here

emulator -netdelay none -netspeed full -avd Pixel_2_XL_API_27_2 -qt-hide-window -grpc-use-token -idle-grpc-timeout 300 -http-proxy http://192.168.0.171:8081 -debug-proxy -writable-system
adb root
sleep 2
adb remount
adb push Downloads/sparapp/9a5ba575.0 /storage/emulated/0/
adb shell "mv /storage/emulated/0/9a5ba575.0 /system/etc/security/cacerts"
adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0"
adb shell "chown root:root /system/etc/security/cacerts/9a5ba575.0"
adb shell "ls -lah /system/etc/security/cacerts/9a5ba575.0"

Hacking jar

Good starting point OWASP

install frida server

curl -L -o /tmp/frida-server.xz https://github.com/frida/frida/releases/download/16.1.3/frida-server-16.1.3-android-x86.xz
unxz /tmp/frida-server.xz
adb root && sleep 2
adb push /tmp/frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

Patch and install an apk

python -m venv1 venv                                # creates virtual environment
. ./venv1/bin/activate                              # changes into the virtual environment
pip install objection
objection patchapk --source SPAR_1.0.1_Apkpure.apk  # patches apk so that is injectable
adb root && sleep 2
adb install
adb install SPAR_1.0.1_Apkpure.objection.apk

Connected to patched apk

# while in virtual environment
frida-ps -Ua                                        # lists available to attach objection to
objection -d -g `at.spar.app` explore               # starts app with objection attached

Useful commands when in objection shell

android sslpinning disable                          # try disable certificate pinning
android hooking ...                                 # various commands for class/method listing, call hooking, etc
import <scriptname on computer>                     # executes a frida injection javascript
import Fin/Spar/frida/hook_login.js
import Fin/Spar/frida/hook_apicalls.js
...