Smali: methods to return true using sget-object

Question

I've tried to implement the suggested line that I got from here, but it didn't work and the app crashed.

This is the original code:

.method public final getHasDrawn()Ljava/lang/String;
  .registers 2

    iget-object v0, p0, Lcom/abcjean/skull/User;->hasdrawn:Ljava/lang/String;

    return-object v0

.end method

And by adding the new line using sget-object, I wrote it this way:

.method public final getHasDrawn()Ljava/lang/String;

    .registers 2

    iget-object v0, p0, Lcom/abcjean/skull/User;->hasdrawn:Ljava/lang/String;

    sget-object v0, Lcom/abcjean/skull/User;->TRUE:Ljava/lang/String;

    return-object v0

.end method`

I wish I could make this method to return true, but the only problem is the app keeps crashing. So I assume that the code above is written incorrectly. Is it possible to do this?

ed9w2in6 · Answer 1 · 2023-06-06T09:39:41.080

The app keeps crashing because your new code is invalid, I have added some comments to the original code:

.method public final getHasDrawn()Ljava/lang/String; // return type is a java.lang.String object
  .registers 2

    iget-object v0, p0, Lcom/abcjean/skull/User;->hasdrawn:Ljava/lang/String; // com.abcjean.skull.User->hasdrawn is a java.lang.String object, which is read into v0

    return-object v0 // the string above

.end method

So there are 2 errors for your code:

getHasDrawn() is not returning a java.lang.String, which the other code are most likely expecting it to be doing so.
com/abcjean/skull/User;->TRUE:Ljava/lang/String; is not valid. It should be java/lang/Boolean;->TRUE:Ljava/lang/String; as in the question you had linked to, if you intended to return java.lang.Boolean.TRUE. The line is referring to a object identifer named TRUE, which is of type java.lang.Boolean
- see java.lang.Boolean's source code (jdk7) or the documentation

I would need more context on what you are trying to achieve to truly solve your problem.

Here is a rough sketch of what a solution might be, assuming your goal is to make getHasDrawn() return a string primitive "yes":

.method public final getHasDrawn()Ljava/lang/String;
  .registers 3

    iget-object v0, p0, Lcom/abcjean/skull/User;->hasdrawn:Ljava/lang/String;

    const-string v1, "yes"
    return-object v1

.end method

Most likely, you should be looking at other methods that returns a boolean that blocks your access to a certain view of the target app. Unless the app uses string instead of boolean to do so.

Read more on smali syntax on the official docs:

Android OSP docs :: dalvik-bytecode (what instructions there are)
Android OSP docs :: dex-format#typedescriptor (how to define types)

Another suggestion unrelated to your question, is that from my experience you will have a better chance just hooking up a reverse proxy and read the API calls to achieve your reverse-engineering goals without editing the smali / decompiled java code.

I had kept the `iget-object` call in my suggested code as I am not sure what implication that will have, most likely you can just remove that line, in which case change `v1` to `v0` and change `.registers` to 1 — ed9w2in6, Jun 06 '23 at 06:50

Smali: methods to return true using sget-object

1 Answers1