.

PhoneNumberVerification.txt

@@ -0,0 +1,7 @@
+PhoneNumberVerification.$init
+str: +380731848010, j: 1712564460000, i: 0, i2: 0, str2: eyJhbGciOiJSUzI1NiIsImtpZCI6IjkzYjQ5NTE2MmFmMGM4N2NjN2E1MTY4NjI5NDA5NzA0MGRhZjNiNDMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhdWQiOiIzNTczMTc4OTk2MTAtNjR1cXZjNGFsYTk2bXVhbWxvYWN0cmZscGRjZGNlcmUuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJwaG9uZV9udW1iZXIiOiIrMzgwNzMxODQ4MDEwIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjp0cnVlLCJuYmYiOjE3MTI2NjMwNDgsIm5vbmNlIjoiOWU1MzliOGQwNmI4MTdhYjBjNzBjOGQzM2QyNmRkZTRkNDJlY2E1MDI3ODU5YjM3ZjRhMTkxODYwYThhOTEyNyIsImF1dGhfdGltZSI6MTcxMjU2NDQ2MCwiaWF0IjoxNzEyNjYzMzQ4LCJleHAiOjE3MTI2NjY5NDgsImp0aSI6IjhjNDE4YjcxM2IyMGUyOWQ1ZTcxMDg2YTIzNjFhNzFjZGVmOTFhNmMifQ.v1_zATarOUIb2RoHJX6a-RY11hPgFBE9kFCvAPf-jQjrJEu34t7cIqhoMRnK4zPkLfxHlg1xRbgDVGyiZAabYRPuUxZlABiE887tAhPDBJGZhpVkizL0fgzkH7_itzCz8h8cE1Xhp8h_Esa0caayexfr971DQ7RTi4KcH0c4JdC26d7NeVN5bwrcrdf1PuZpjSZL-J8YY4jr97qnRDTkjwMG6hcOhjaZkJYiQgEMSJD1jtgUZGBc1u7P6RsYJHld1TxcOFdCNbNZa2KgqB_iu_wGC8W9_VvBioJIw2jFAT4AyfeAAKjOzDzA4SO0S3e3bBD8A_nu5UIRUAdl4uHysQ
+key: calling_api, value: verifyPhoneNumber
+key: IMSI, value: 255065007246414
+key: required_consumer_consent, value: RCS
+key: mcc_mnc, value: 25506
+key: session_id, value: 12ba7842-e308-4a34-a7a6-761efac684de

injects/spoof.js

@@ -6,20 +6,20 @@ import path from "path"
 const filePath = url.fileURLToPath(import.meta.url)
 const __dirname = path.dirname(filePath)
 
-const mcc = "310"
-const mnc = "630"
-const simOperator = "310630"
-const networkOperator = "310630"
-const simSerialNumber = "89380062300689131123"
+const mcc = "255"
+const mnc = "06"
+const simOperator = "25506"
+const networkOperator = "25506"
+const simSerialNumber = "89380062300689133048"
 const iccId = simSerialNumber
-const number = "6183592513"
+const number = "969379250"
 const imei = "864929043714851"
-const imsi = "3106306433246456"
-const countryIso = "us"
-const subId = ""
+const imsi = "255065209546456"
+const countryIso = "ua"
+const subId = "12"
 
 const source = fs
-    .readFileSync(path.resolve(__dirname, "../scripts/spoof1.js"))
+    .readFileSync(path.resolve(__dirname, "../scripts/spoof.js"))
     .toString()
     .replace("{{mcc}}", mcc)
     .replace("{{mnc}}", mnc)

injects/spoof_gms.js

@@ -7,17 +7,17 @@ import { setTimeout } from "timers/promises"
 const filePath = url.fileURLToPath(import.meta.url)
 const __dirname = path.dirname(filePath)
 
-const mcc = "310"
-const mnc = "630"
-const simOperator = "310630"
-const networkOperator = "310630"
-const simSerialNumber = "89380062300689131123"
+const mcc = "255"
+const mnc = "06"
+const simOperator = "25506"
+const networkOperator = "25506"
+const simSerialNumber = "89380062300689132983"
 const iccId = simSerialNumber
-const number = "6183592513"
+const number = "969379250"
 const imei = "864929043714851"
-const imsi = "3106306433246456"
-const countryIso = "us"
-const subId = ""
+const imsi = "255065209546456"
+const countryIso = "ua"
+const subId = "12"
 
 const source_gms = fs
     .readFileSync(path.resolve(__dirname, "../scripts/spoof_gms.js"))
@@ -38,21 +38,16 @@ const source_ssl = fs.readFileSync(
     path.resolve(__dirname, "../scripts/ssl_bypass.js")
 )
 
-fs.writeFileSync(path.resolve(__dirname, "../scripts/_spoof_gms.js"), source_gms)
+fs.writeFileSync(
+    path.resolve(__dirname, "../scripts/_spoof_gms.js"),
+    source_gms
+)
 
 let device = null
 
 async function main() {
     device = await frida.getUsbDevice()
-
-    let processes = await device.enumerateProcesses()
-    const p = processes.find(p => p.name == "com.google.android.gms")
-    if (p) {
-        await device.kill(p.pid)
-        console.log("[*] Killed", p.pid, p.name)
-    }
-    await setTimeout(1000)
-    processes = await device.enumerateProcesses()
+    const processes = await device.enumerateProcesses()
     for (const process of processes) {
         if (process.name.startsWith("com.google.android.gms")) {
             console.log("[*] Attaching to", process.pid, process.name)

scripts/_spoof.js

@@ -1,14 +1,14 @@
-const mcc = "310"
-const mnc = "630"
-const simOperator = "310630"
-const networkOperator = "310630"
-const simSerialNumber = "89380062300689131123"
-const iccId = "89380062300689131123"
-const number = "6183592513"
+const mcc = "255"
+const mnc = "06"
+const simOperator = "25506"
+const networkOperator = "25506"
+const simSerialNumber = "89380062300689133048"
+const iccId = "89380062300689133048"
+const number = "969379250"
 const imei = "864929043714851"
-const imsi = "3106306433246456"
-const countryIso = "us"
-const subId = ""
+const imsi = "255065209546456"
+const countryIso = "ua"
+const subId = "12"
 
 setImmediate(() => {
     Java.perform(function () {
@@ -91,7 +91,7 @@ setImmediate(() => {
         }
 
         SmsManager.getDefault.overload().implementation = function () {
-            const _smsManager = this.getDefault(i)
+            const _smsManager = this.getDefault()
             console.log(`SmsManager.getDefault`)
             return _smsManager
         }
@@ -99,14 +99,16 @@ setImmediate(() => {
         SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
-                console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
-                return _subId
+                console.log(
+                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
             }
 
         SmsManager.getSubscriptionId.overload().implementation = function () {
             const _subId = this.getSubscriptionId()
-            console.log(`SmsManager.getSubscriptionId: ${_subId}`)
-            return _subId
+            console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
+            return parseInt(subId)
         }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
@@ -258,25 +260,11 @@ setImmediate(() => {
                 return parseInt(subId)
             }
 
-        // const asos = Java.use("asos")
-        // asos.b.overload().implementation = function () {
-        //     console.log("asos.b")
-        //     return true
-        // }
-
-        const asmy = Java.use("asmy")
-        const bqni = Java.use("bqni")
-        const askd = Java.use("askd")
-        // asmy.b.overload().implementation = function () {
-        //     this.$super.b()
-        //     this._a.value.Q(bqni.b(19))
-        //     this._a.value.av(27)
-        //     const a = this._a.value._P.value.a()
-        //     var c = askd.c(a, "")
-        //     console.log(this._a.value.r)
-        //     var ar = Java.cast(this._a.value, Java.use("arqs"))
-        //     ar.r(36, Java.cast(c, Java.use("java.lang.Object")))
-        // }
+        TelephonyManager.getSimState.overload().implementation = function () {
+            const _simState = this.getSimState()
+            console.log(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
+            return 5
+        }
 
         const PhoneNumberVerification = Java.use(
             "com.google.android.gms.constellation.PhoneNumberVerification"
@@ -287,14 +275,12 @@ setImmediate(() => {
             "int",
             "int",
             "java.lang.String",
-            "android.os.Bundle",
-            "int",
-            "long"
-        ).implementation = function (str, l, i, i2, str2, bundle, i3, l2) {
+            "android.os.Bundle"
+        ).implementation = function (str, j, i, i2, str2, bundle) {
             console.log("PhoneNumberVerification.$init")
 
             console.log(
-                `str: ${str}, l: ${l}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l2: ${l2}`
+                `str: ${str}, j: ${j}, i: ${i}, i2: ${i2}, str2: ${str2}`
             )
             // print bundle
             if (bundle) {
@@ -305,20 +291,29 @@ setImmediate(() => {
                 }
             }
 
-            return this.$init(str, l, i, i2, str2, bundle, i3, l2)
+            return this.$init(str, j, i, i2, str2, bundle)
         }
 
-        // const aays = Java.use("aays")
-        // aays.d.overload("int", "boolean").implementation = function (i, z) {
-        //     console.log("aays.d", i, z, Object.keys(this.f.value))
+        const aays = Java.use("aays")
+        aays.d.overload("int", "boolean").implementation = function (i, z) {
+            console.log("aays.d", i, z, Object.keys(this.f.value))
 
-        //     return number
-        // }
+            return number
+        }
+
+        const aoor = Java.use("aoor")
+        aoor.h.overload("android.content.Context", "int").implementation =
+            function (c, i) {
+                const _i = this.h(c, i)
+                console.log("aoor.h", c, i, _i)
+                return _i
+            }
 
         const SetAsterismConsentRequest = Java.use(
             "com.google.android.gms.asterism.SetAsterismConsentRequest"
         )
         SetAsterismConsentRequest.$init.overload(
+            //int i, int i2, int i3, int[] iArr, Long l, int i4, Bundle bundle, int i5, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8
             "int",
             "int",
             "int",
@@ -334,8 +329,7 @@ setImmediate(() => {
             "java.lang.String",
             "java.lang.String",
             "java.lang.String",
-            "java.lang.String",
-            "int"
+            "java.lang.String"
         ).implementation = function (
             i,
             i2,
@@ -352,8 +346,7 @@ setImmediate(() => {
             str5,
             str6,
             str7,
-            str8,
-            i6
+            str8
         ) {
             console.log(
                 Java.use("android.util.Log").getStackTraceString(
@@ -363,7 +356,7 @@ setImmediate(() => {
             console.log("SetAsterismConsentRequest.$init")
 
             console.log(
-                `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}, i6: ${i6}`
+                `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}`
             )
             // print bundle
             const keySet = bundle.keySet().toArray()
@@ -388,8 +381,7 @@ setImmediate(() => {
                 str5,
                 str6,
                 str7,
-                str8,
-                i6
+                str8
             )
         }
 
@@ -417,4 +409,26 @@ setImmediate(() => {
             return this.$init(i, str, str2)
         }
     })
+
+    // spoof sim to exist
+    const bjsf = Java.use("athm")
+    bjsf.r.overload("android.content.Context").implementation = function (c) {
+        console.log("athm.r")
+        return true
+    }
+
+    const asts = Java.use("asts")
+    asts.b.overload().implementation = function () {
+        const url = this.b()
+        console.log("asts.b(configUrl)", url.orElse("null"))
+        console.log("l", this.l())
+        console.log("g", this.g())
+        console.log("k", this.k())
+        const str = Java.use("arhb").M().s().a()
+        console.log("str", str)
+        // todo: rcs-acs-mcc%s.jibe.google.com
+        return Java.use("j$.util.Optional").of(
+            "http://rcs-acs-mcc255.jibe.google.com/"
+        )
+    }
 })

scripts/_spoof_gms.js

@@ -1,14 +1,14 @@
-const mcc = "310"
-const mnc = "630"
-const simOperator = "310630"
-const networkOperator = "310630"
-const simSerialNumber = "89380062300689131123"
-const iccId = "89380062300689131123"
-const number = "6183592513"
+const mcc = "255"
+const mnc = "06"
+const simOperator = "25506"
+const networkOperator = "25506"
+const simSerialNumber = "89380062300689132983"
+const iccId = "89380062300689132983"
+const number = "969379250"
 const imei = "864929043714851"
-const imsi = "3106306433246456"
-const countryIso = "us"
-const subId = ""
+const imsi = "255065209546456"
+const countryIso = "ua"
+const subId = "12"
 function trace() {
     console.log(
         Java.use("android.util.Log").getStackTraceString(
@@ -34,14 +34,16 @@ Java.perform(function () {
     SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
         function () {
             const _subId = this.getDefaultSmsSubscriptionId()
-            console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
-            return _subId
+            console.log(
+                `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
         }
 
     SmsManager.getSubscriptionId.overload().implementation = function () {
         const _subId = this.getSubscriptionId()
-        console.log(`SmsManager.getSubscriptionId: ${_subId}`)
-        return _subId
+        console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
+        return parseInt(subId)
     }
 
     const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
@@ -183,6 +185,12 @@ Java.perform(function () {
         return parseInt(subId)
     }
 
+    TelephonyManager.getSimState.overload().implementation = function () {
+        const _simState = this.getSimState()
+        console.log(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
+        return 5
+    }
+
     const PhoneNumberVerification = Java.use(
         "com.google.android.gms.constellation.PhoneNumberVerification"
     )
@@ -454,13 +462,17 @@ Java.perform(function () {
         console.log("ConscryptFileDescriptorSocket.setSoWriteTimeout: ", i)
         return this.setSoWriteTimeout(i)
     }
-    ConscryptFileDescriptorSocket.verifyCertificateChain.overload('[[B', 'java.lang.String').implementation = function (bArr, str) {
-        console.log(
-            "[*] ConscryptFileDescriptorSocket.verifyCertificateChain: ",
-            bArr,
-            str
-        )
-    }
+    // ConscryptFileDescriptorSocket.verifyCertificateChain.overload(
+    //     //byte[][] bArr, String str
+    //     "[[B",
+    //     "java.lang.String"
+    // ).implementation = function (bArr, str) {
+    //     console.log(
+    //         "ConscryptFileDescriptorSocket.verifyCertificateChain: ",
+    //         bArr,
+    //         str
+    //     )
+    // }
 
     const cvgy = Java.use("cvgy")
     cvgy.g.overload().implementation = function () {
@@ -476,4 +488,10 @@ Java.perform(function () {
         trace()
         return createSocket
     }
+
+    const alja = Java.use("alja")
+    alja.u.overload("java.lang.Exception").implementation = function (e) {
+        console.log("alja.u", JSON.stringify(e))
+        return this.u(e)
+    }
 })

scripts/spoof.js

@@ -91,7 +91,7 @@ setImmediate(() => {
         }
 
         SmsManager.getDefault.overload().implementation = function () {
-            const _smsManager = this.getDefault(i)
+            const _smsManager = this.getDefault()
             console.log(`SmsManager.getDefault`)
             return _smsManager
         }
@@ -99,14 +99,16 @@ setImmediate(() => {
         SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
-                console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
-                return _subId
+                console.log(
+                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
             }
 
         SmsManager.getSubscriptionId.overload().implementation = function () {
             const _subId = this.getSubscriptionId()
-            console.log(`SmsManager.getSubscriptionId: ${_subId}`)
-            return _subId
+            console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
+            return parseInt(subId)
         }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
@@ -258,25 +260,11 @@ setImmediate(() => {
                 return parseInt(subId)
             }
 
-        // const asos = Java.use("asos")
-        // asos.b.overload().implementation = function () {
-        //     console.log("asos.b")
-        //     return true
-        // }
-
-        const asmy = Java.use("asmy")
-        const bqni = Java.use("bqni")
-        const askd = Java.use("askd")
-        // asmy.b.overload().implementation = function () {
-        //     this.$super.b()
-        //     this._a.value.Q(bqni.b(19))
-        //     this._a.value.av(27)
-        //     const a = this._a.value._P.value.a()
-        //     var c = askd.c(a, "")
-        //     console.log(this._a.value.r)
-        //     var ar = Java.cast(this._a.value, Java.use("arqs"))
-        //     ar.r(36, Java.cast(c, Java.use("java.lang.Object")))
-        // }
+        TelephonyManager.getSimState.overload().implementation = function () {
+            const _simState = this.getSimState()
+            console.log(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
+            return 5
+        }
 
         const PhoneNumberVerification = Java.use(
             "com.google.android.gms.constellation.PhoneNumberVerification"
@@ -413,11 +401,34 @@ setImmediate(() => {
 
             console.log("SetAsterismConsentResponse.$init")
             console.log(`i: ${i}, str: ${str}, str2: ${str2}`)
-            return this.$init(
-                1,
-                "c4q5zP5Ft4A:APA91bEASr50HwwOY789LSZrcHPT8aG_fT19xlelS35qgIJeC3UBYypAHmmL9IygzlphzTKKz0wCdiQwuoPZMJKvgKPmGi3_imdr1CY0s7fs8qa_LMgNDFfvWEnpTCReAYc7IjThhFQq",
-                "c4q5zP5Ft4A"
-            )
+            // return this.$init(
+            //     1,
+            //     "c4q5zP5Ft4A:APA91bEASr50HwwOY789LSZrcHPT8aG_fT19xlelS35qgIJeC3UBYypAHmmL9IygzlphzTKKz0wCdiQwuoPZMJKvgKPmGi3_imdr1CY0s7fs8qa_LMgNDFfvWEnpTCReAYc7IjThhFQq",
+            //     "c4q5zP5Ft4A"
+            // )
+            return this.$init(i, str, str2)
         }
     })
+
+    // spoof sim to exist
+    const bjsf = Java.use("athm")
+    bjsf.r.overload("android.content.Context").implementation = function (c) {
+        console.log("athm.r")
+        return true
+    }
+
+    const asts = Java.use("asts")
+    asts.b.overload().implementation = function () {
+        const url = this.b()
+        console.log("asts.b(configUrl)", url.orElse("null"))
+        console.log("l", this.l())
+        console.log("g", this.g())
+        console.log("k", this.k())
+        const str = Java.use("arhb").M().s().a()
+        console.log("str", str)
+        // todo: rcs-acs-mcc%s.jibe.google.com
+        return Java.use("j$.util.Optional").of(
+            "http://rcs-acs-mcc255.jibe.google.com/"
+        )
+    }
 })

scripts/spoof1.js

@@ -99,14 +99,16 @@ setImmediate(() => {
         SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
-                console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
-                return _subId
+                console.log(
+                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
             }
 
         SmsManager.getSubscriptionId.overload().implementation = function () {
             const _subId = this.getSubscriptionId()
-            console.log(`SmsManager.getSubscriptionId: ${_subId}`)
-            return _subId
+            console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
+            return parseInt(subId)
         }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
@@ -258,25 +260,11 @@ setImmediate(() => {
                 return parseInt(subId)
             }
 
-        // const asos = Java.use("asos")
-        // asos.b.overload().implementation = function () {
-        //     console.log("asos.b")
-        //     return true
-        // }
-
-        const asmy = Java.use("asmy")
-        const bqni = Java.use("bqni")
-        const askd = Java.use("askd")
-        // asmy.b.overload().implementation = function () {
-        //     this.$super.b()
-        //     this._a.value.Q(bqni.b(19))
-        //     this._a.value.av(27)
-        //     const a = this._a.value._P.value.a()
-        //     var c = askd.c(a, "")
-        //     console.log(this._a.value.r)
-        //     var ar = Java.cast(this._a.value, Java.use("arqs"))
-        //     ar.r(36, Java.cast(c, Java.use("java.lang.Object")))
-        // }
+        TelephonyManager.getSimState.overload().implementation = function () {
+            const _simState = this.getSimState()
+            console.log(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
+            return 5
+        }
 
         const PhoneNumberVerification = Java.use(
             "com.google.android.gms.constellation.PhoneNumberVerification"
@@ -334,8 +322,7 @@ setImmediate(() => {
             "java.lang.String",
             "java.lang.String",
             "java.lang.String",
-            "java.lang.String",
-            "int"
+            "java.lang.String"
         ).implementation = function (
             i,
             i2,
@@ -352,8 +339,7 @@ setImmediate(() => {
             str5,
             str6,
             str7,
-            str8,
-            i6
+            str8
         ) {
             console.log(
                 Java.use("android.util.Log").getStackTraceString(
@@ -363,7 +349,7 @@ setImmediate(() => {
             console.log("SetAsterismConsentRequest.$init")
 
             console.log(
-                `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}, i6: ${i6}`
+                `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}`
             )
             // print bundle
             const keySet = bundle.keySet().toArray()
@@ -388,8 +374,7 @@ setImmediate(() => {
                 str5,
                 str6,
                 str7,
-                str8,
-                i6
+                str8
             )
         }
 

scripts/spoof_gms.js

@@ -34,14 +34,16 @@ Java.perform(function () {
     SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
         function () {
             const _subId = this.getDefaultSmsSubscriptionId()
-            console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
-            return _subId
+            console.log(
+                `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
         }
 
     SmsManager.getSubscriptionId.overload().implementation = function () {
         const _subId = this.getSubscriptionId()
-        console.log(`SmsManager.getSubscriptionId: ${_subId}`)
-        return _subId
+        console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
+        return parseInt(subId)
     }
 
     const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
@@ -183,6 +185,12 @@ Java.perform(function () {
         return parseInt(subId)
     }
 
+    TelephonyManager.getSimState.overload().implementation = function () {
+        const _simState = this.getSimState()
+        console.log(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
+        return 5
+    }
+
     const PhoneNumberVerification = Java.use(
         "com.google.android.gms.constellation.PhoneNumberVerification"
     )
@@ -454,17 +462,17 @@ Java.perform(function () {
         console.log("ConscryptFileDescriptorSocket.setSoWriteTimeout: ", i)
         return this.setSoWriteTimeout(i)
     }
-    ConscryptFileDescriptorSocket.verifyCertificateChain.overload(
-        //byte[][] bArr, String str
-        "[[B",
-        "java.lang.String"
-    ).implementation = function (bArr, str) {
-        console.log(
-            "ConscryptFileDescriptorSocket.verifyCertificateChain: ",
-            bArr,
-            str
-        )
-    }
+    // ConscryptFileDescriptorSocket.verifyCertificateChain.overload(
+    //     //byte[][] bArr, String str
+    //     "[[B",
+    //     "java.lang.String"
+    // ).implementation = function (bArr, str) {
+    //     console.log(
+    //         "ConscryptFileDescriptorSocket.verifyCertificateChain: ",
+    //         bArr,
+    //         str
+    //     )
+    // }
 
     const cvgy = Java.use("cvgy")
     cvgy.g.overload().implementation = function () {
@@ -480,4 +488,10 @@ Java.perform(function () {
         trace()
         return createSocket
     }
+
+    const alja = Java.use("alja")
+    alja.u.overload("java.lang.Exception").implementation = function (e) {
+        console.log("alja.u", JSON.stringify(e))
+        return this.u(e)
+    }
 })