get a variable value from a method at runtime with frida

Question

I'm completely beginner to frida. I've this final method which belongs to class say X.

I want to extract the value of token variable -> result.getToken() when i hook frida to the android app which contains that class at runtime.

can anyone complete this code with javascript API of frida to get the value of token variable ?

Java.perform(function () {
      Java.choose("com.xx.xx", {
        onMatch: function (inst) {
//.................................
        }
      });
      console.log("Done");

    });

then i'll use --> frida -U -f "xxx.apk" -l test.js

thank you so much for help !!

Answer 1

Java.choose is in most cases the wrong approach because that only lists the existing instances of a class, so you can only hook a method if there is already an instance loaded into memory.

The common way is to hook the method itself so that all existing and newly created instances use your hook.

var classInstanceIdResult = Java.use('com.google.firebase.iid.InstanceIdResult');
var getTokenMethod = classInstanceIdResult.getToken.overload();
// replace the getToken() method with out own implementation
getTokenMethod.implementation = function () {
    // call the orignal method
    var ret = getTokenMethod.call(this);
    // do something with ret
    console.log("Token: " + ret); 
    return ret;
}

BTW: The code for hooking a Java method can simply be generated by using Jadx-Gui. Just decompile the APK, select the method and let Jadx generate the Frida code snipped necessary to hook the method (see context menu of the method).