branches right, R0 is permanently 0, if R0 is an argument, it’s meaningless. Therefore,
PhoneSettingsCopyMyNumber doesn’t seem to have any argument either. To play it safe, let’s
reconfirm our guesses by checking the implementation of CTSettingCopyMyPhoneNumber in
CoreTelephony, as shown in figure 6-46.
Figure 6-46 CTSettingCopyMyPhoneNumber
According to the naming conventions of Objective-C functions,
CTTelephonyCenterGetDefault is a getter and should return something; as a result, R0 under
“BL _CTTelephonyCenterGetDefault” is set to the return value of
CTTelephonyCenterGetDefault. Meanwhile, at the bottom of figure 6-46, R1 is set to R4 in
“MOV R1, R4”. If R0 and R1 are arguments, then they are useless, which doesn’t make sense.
Now we can say for sure that CTSettingCopyMyPhoneNumber has no argument. What about
its return value? We naturally guess it’s an NSString object. Let’s verify it by setting a breakpoint
at the end of CTSettingCopyMyPhoneNumber, and print out R0. First locate to the end of
CTSettingCopyMyPhoneNumber in IDA, as shown in figure 6-47.