逆向工程 - 在 Android 应用程序中使用 Frida 挂钩接口方法 - 吾爱随笔录

我试图了解一个 android 应用程序正在通过网络发送什么，因此我试图用 Frida 连接到它，特别是一个名为storeKeys.

我能够从 Frida 的网站上执行 Android 教程，所以我知道它正在运行。但是当我发出这个命令时，它告诉我它挂钩了 0 个函数：

frida-trace -U -i storeKeys com.vendor.app

因此，我很高兴apktool获得一组可读的源文件，我可以storeKeys在两个地方找到。第一个是它被调用的地方：

# virtual methods
.method public a(Ljava/lang/String;)I
    .locals 2

    const-string v0, "jwtToken"

    invoke-static {p1, v0}, Lkotlin/e/b/i;->b(Ljava/lang/Object;Ljava/lang/String;)V

    .line 20
    invoke-virtual {p0}, Lcom/vendor/alljoynbridge/provisioning/f;->getProxyObject()Lorg/alljoyn/bus/ProxyBusObject;

    move-result-object v0

    const-class v1, Lcom/vendor/alljoynbridge/provisioning/ProvisioningMediationTransport;

    invoke-virtual {v0, v1}, Lorg/alljoyn/bus/ProxyBusObject;->getInterface(Ljava/lang/Class;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Lcom/vendor/alljoynbridge/provisioning/ProvisioningMediationTransport;

    .line 21
    invoke-interface {v0, p1}, Lcom/vendor/alljoynbridge/provisioning/ProvisioningMediationTransport;->storeKeys(Ljava/lang/String;)S

    move-result p1

    return p1
.end method

第二个似乎是它的声明：

.class public interface abstract Lcom/vendor/alljoynbridge/provisioning/ProvisioningMediationTransport;
.super Ljava/lang/Object;
.source "ProvisioningMediationTransport.java"

# interfaces
.implements Lorg/alljoyn/bus/BusObject;


# annotations
.annotation runtime Lorg/alljoyn/bus/annotation/BusInterface;
    announced = "true"
    name = "com.app.standard.infrastructure.api.device.mediation.client"
.end annotation

.annotation runtime Lorg/alljoyn/bus/annotation/Secure;
.end annotation


# static fields
.field public static final INTERFACE_NAME:Ljava/lang/String; = "com.app.standard.infrastructure.api.device.mediation.client"

.field public static final OBJ_PATH:Ljava/lang/String; = "/Provisioning"


# virtual methods
.method public abstract storeKeys(Ljava/lang/String;)S
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Lorg/alljoyn/bus/BusException;
        }
    .end annotation

    .annotation runtime Lorg/alljoyn/bus/annotation/BusMethod;
        replySignature = "n"
        signature = "s"
    .end annotation
.end method

我最感兴趣的是String给定参数的内容storeKeys

似乎因为该方法是虚拟抽象的，所以 Frida 没有什么可以挂钩的。

我在这里错过了什么？
你建议我接下来尝试什么？