Hooks on methods within dynamically loaded DEX do not work

[cryptax]

The APK loads dynamically (using DexClassLoader) another DEX file. I want to hook a method inside that second dex.

With Dexcalibur, I am able to search for that method, and create a custom hook ("probe on") for it. For example, in the image below I probe a method a() which is contained within a dynamically loaded dex.

The custom hook appears ok in Dexcalibur. See the custom hook at the bottom.

Unfortunately, it does not work! When I spawn Dexcalibur, the hook never gets called : no logs appear for it (for other hooks, logs appear fine).

• I am 100% certain though the hooked method is called. I tried with Frida, and hooked that function, and I get in the hook fine.
• I tried to hook another method from that dynamically loaded dex: onCreate() from a class which is actually the main of the loaded dex. Same, no logs appear for onCreate with Dexcalibur.

Conclusion: I think something is broken with the implementation of those dyn hooks.

NB. I do not recall the Dexcalibur console showing anything abnormal.

Desktop (please complete the following information):

• OS: Linux Mint
• Node JS version: 12.20
• Dexcalibur version (see 'package.json' or output) : 0.7.3
• Sample I tried it with: Android/Alien malware dc215663af92d41f40f36088ec1b850b81092ea94a4a061a9ce88178daee965a. You can get it from github (September 2020). Beware: it is malicious!

[FrenchYeti]

It is a long time issue which will be patched.

Hook of methods loaded dynamically should be deployed when the its bytecode is loaded. In other words, hooks definition should be called from DexClassLoader hook.