Search code examples
javaandroidreverse-engineeringfrida

How to get return value of a function using context as parameter?

I am new to Reverse engineering, I need some help in frida.

This below function uses a context as a parameter. I need to get the return value.

private final String getActiveMCCMNC(Context context) {
        Object systemService = context.getSystemService("phone");
        if (systemService != null) {
            String simOperator = ((TelephonyManager) systemService).getSimOperator();
            String str = "";
            if (simOperator != null && (!Intrinsics.areEqual((Object) simOperator, (Object) ""))) {
                try {
                    StringBuilder sb = new StringBuilder();
                    sb.append("");
                    String substring = simOperator.substring(0, 3);
                    Intrinsics.checkExpressionValueIsNotNull(substring, "(this as java.lang.Strin…ing(startIndex, endIndex)");
                    sb.append(substring);
                    String sb2 = sb.toString();
                    StringBuilder sb3 = new StringBuilder();
                    sb3.append(sb2);
                    sb3.append(HelpFormatter.DEFAULT_OPT_PREFIX);
                    String substring2 = simOperator.substring(3);
                    Intrinsics.checkExpressionValueIsNotNull(substring2, "(this as java.lang.String).substring(startIndex)");
                    sb3.append(substring2);
                    str = sb3.toString();
                } catch (NumberFormatException e) {
                    e.printStackTrace();
                }
            }
            return !TextUtils.isEmpty(str) ? str : "";
        }
        throw new TypeCastException("null cannot be cast to non-null type android.telephony.TelephonyManager");
    }

I tried with the help of some articles , but i am facing some errors.

Java.perform(function x(){
    console.log("Inside java perform function");
    var my_class = Java.use("util.PlayerDeviceIdentifier")
    var context = Java.use('android.app.ActivityThread').currentApplication().getApplicationContext();

    // context.getActiveMCCMNC.implementation = function(){

    //     console.log(this.val) 

    // } // tried with context

    my_class.getActiveMCCMNC.implementation = function(){

        console.log(this.val) 

    }

})

How to execute it and get the return value?

Solution

  • I understand you want to hook a function in order to inspect the value it returns. You don't need to care about the Context parameter for this. You would need to retrieve it to make a custom call, but I don't feel it's what you want here.

    Try something like this:

    Java.perform(function() {
  var my_class = Java.use("util.PlayerDeviceIdentifier");
  my_class.getActiveMCCMNC.implementation = function (context) { // replace original implementation
    var value = this.getActiveMCCMNC(context); // call original implementation
    // then do what you want with the returned value HERE
    // and finally return it so you don't break the app
    return value;
  };
});