Skip to content

MASTG-TECH-0033: Method Tracing

In contrast to method profiling, which tells you how frequently a method is being called, method tracing helps you determine its input and output values. This technique can prove to be very useful when dealing with applications that have a big codebase and/or are obfuscated.

If you prefer a GUI-based approach, you can use tools such as RMS Runtime Mobile Security, which enables a more visual experience as well as includes several convenience tracing options.

If you prefer the command line, Frida offers a useful syntax to query Java classes and methods as well as Java method tracing support for frida-trace via -j (starting on frida-tools 8.0, Frida 12.10).

  • In Frida scripts: e.g. Java.enumerateMethods('*youtube*!on*') uses globs to take all classes that include "youtube" as part of their name and enumerate all methods starting with "on".
  • In frida-trace: e.g. -j '*!*certificate*/isu' triggers a case-insensitive query (i), including method signatures (s) and excluding system classes (u).

Refer to the Release Notes for Frida 12.10 for more details on this new feature. To learn more about all options for advanced usage, check the documentation on the official Frida website.

Tests

MASTG-TEST-0201: Runtime Use of APIs to Access External Storage MASTG-TEST-0203: Runtime Use of Logging APIs MASTG-TEST-0319: Runtime Use of SDK APIs Known to Handle Sensitive User Data MASTG-TEST-0320: WebViews Not Cleaning Up Sensitive Data MASTG-TEST-0308: Runtime Use of Asymmetric Key Pairs Used For Multiple Purposes MASTG-TEST-0014: Testing the Configuration of Cryptographic Standard Algorithms MASTG-TEST-0221: Broken Symmetric Encryption Algorithms MASTG-TEST-0212: Use of Hardcoded Cryptographic Keys in Code MASTG-TEST-0016: Testing Random Number Generation MASTG-TEST-0015: Testing the Purposes of Keys MASTG-TEST-0013: Testing Symmetric Cryptography MASTG-TEST-0232: Broken Symmetric Encryption Modes MASTG-TEST-0204: Insecure Random API Usage