Instead of passing a normal string into the function, new String("script"); was inputted. This caused the sanity check to not see any issue, and pass it into the native function.
The boot mode used by such tools is sometimes called EDL.
。关于这个话题,PDF资料提供了深入分析
这个真的心动,但我好像没有什么使用场景.....,详情可参考下载安装汽水音乐
https://cilynx.com/vulnerabilities/exploring-native-functions-on-android-and-runtime-analyses-using-jadx-ghidra-and-frida/1565/