How I was able to get extra coins

What is Frida?

It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built on top of the Frida API. These can be used as-is, tweaked to your needs, or serve as examples of how to use the API.

To setup Frida you need a rooted device. How to setup Frida

In our case I used Frida to change function return value during run time.

Case study

Since this is a private program let’s assume the program name to be This is a gaming android application in which you need to have a minimum coin of around 10,000 to play.

The application has a feature that provides you a daily bonus of coins ranging from ( 1000 to 50,000 ) you can claim this bonus only once per 24hrs.

so either you wait for 24hrs to get coins and play or you pay $20 dollars to get coins and then play.


Downloaded the APK file and Decompile it. I used jadx Decompiler

After decompiling the APK I started to search for daily bonus and found one of the function with following code

public final boolean shouldShowDailyBonus() {
        if (dailyBonusModel == null || dailyBonusModel.getAvailable() <= 0 || dailyBonusModel.isClaimed() || ((Boolean) this.cardGame.getFromSessionStorage(DAILY_BONUS_SHOWN_KEY, false)).booleanValue()) {
            return false;
        return true;

As you can see the return value is set to false once you claim the bonus

To get the daily bonus again I just have to return a true value for this function, to do this I used Frida. In order to hook Frida JavaScript file you need to first start Frida server in your android phone

adb root; adb connect localhost:6000; sleep 1; adb push frida-server /data/local/tmp/; adb shell "chmod 755 /data/local/tmp/frida-server"; adb shell "/data/local/tmp/frida-server &" 

JavaScript Code that is used to change return value from False to True

Java.perform(function() {
var classA = Java.use("");
classA.shouldShowDailyBonus.implementation = function(x) {
console.log("In function shouldShowDailyBonus");
return True;

To hook Frida file use following command

frida -U --no-pause -l javascript_file_name.js -f

as soon as the function is called the Frida calls the hooked JavaScript file and returns the value true which indeed displays the daily bonus page and I was able to collect extra coins.

Leave a Reply