From the source code we know that the ‘JokeService’ class returns a ‘JokeResponse’ when querying the API.
The following Frida script intercepts the network service and returns spoofed data as a response:
The basic premise of the code is:
Lines 1-5: Define Java types used
Line 6: Use the Java instrumentation to perform the hooking
Lines 7-8: Define the Java classes in the application binary to use
Lines 11-21: Overload the API method in the network service classes
Line 18: Log the actual value
Line 20: Return the spoofed Response
Kotlin coroutines internally passes an intrinsic parameter to signal the function has suspended instead of returned. In Frida we need to handle this on lines 14-16 before performing the overload by checking for the constant COROUTINE_SUSPENDED.
The command to run the script (frida -U --no-pause -f com.github.ryjen.jokeapp -l network.js) shows application parrots back the hacked response every network call.
The logging should look something like this in the Frida console:
JokeResponse(id=kOfaUvP7Muc, joke=What did the Dorito farmer say to the other Dorito farmer? Cool Ranch!, status=200)