.

injects/all.js

@@ -108,15 +108,6 @@ async function main() {
     // Log.i("[*] Spawned com.google.android.apps.messaging: " + pid)
     // const tracer = await Tracer.open(pid)
     // tracers.push(tracer)
-    const processes = await device.enumerateProcesses()
-    for (const process of processes) {
-        if (process.name.startsWith('com.android.phone')) {
-            console.log('[*] Attaching to', process.pid, process.name)
-            const session = await device.attach(process.pid)
-            const script = await session.createScript(loadSource('../scripts/spoof_phone.js'))
-            await script.load()
-        }
-    }
 }
 
 async function onSpawnAdded(spawn) {

scripts/spoof_gms.js

@@ -34,6 +34,7 @@ class Log {
 
 Java.perform(function () {
     const PhoneNumberVerification = Java.use('com.google.android.gms.constellation.PhoneNumberVerification')
+
     PhoneNumberVerification.$init.overload(
         'java.lang.String',
         'long',
@@ -78,76 +79,11 @@ Java.perform(function () {
             Log.i(`VerifyPhoneNumberRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
         }
 
-        return this.$init(str, j, idTokenRequest, bundle, list, z, i, list2)
-    }
-    const SetAsterismConsentRequest = Java.use('com.google.android.gms.asterism.SetAsterismConsentRequest')
-    SetAsterismConsentRequest.$init.overload(
-        'int',
-        'int',
-        'int',
-        '[I',
-        'java.lang.Long',
-        'int',
-        'android.os.Bundle',
-        'int',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'int'
-    ).implementation = function (
-        i,
-        i2,
-        i3,
-        iArr,
-        l,
-        i4,
-        bundle,
-        i5,
-        str,
-        str2,
-        str3,
-        str4,
-        str5,
-        str6,
-        str7,
-        str8,
-        i6
-    ) {
-        Log.i(
-            `SetAsterismConsentRequest.$init(
-                i=${i}, i2=${i2}, i3=${i3}, iArr=${iArr}, l=${l},
-                i4=${i4}, bundle=${bundle}, i5=${i5}, str=${str},
-                str2=${str2}, str3=${str3}, str4=${str4}, str5=${str5},
-                str6=${str6}, str7=${str7}, str8=${str8}, i6=${i6})`
-        )
-        // print bundle
-        const keySet = bundle.keySet().toArray()
-        for (let i = 0; i < keySet.length; i++) {
-            const key = keySet[i]
-            Log.i(`SetAsterismConsentRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
-        }
-
-        return this.$init(i, i2, i3, iArr, l, i4, bundle, i5, str, str2, str3, str4, str5, str6, str7, str8, i6)
-    }
-
-    const SetAsterismConsentResponse = Java.use('com.google.android.gms.asterism.SetAsterismConsentResponse')
-    SetAsterismConsentResponse.$init.overload('int', 'java.lang.String', 'java.lang.String').implementation = function (
-        i,
-        str,
-        str2
-    ) {
-        Log.i(`SetAsterismConsentResponse.$init(i=${i}, str=${str}, str2=${str2})`)
-        return this.$init(i, str, str2)
+        return this.$init('upi-carrier-id-with-mo-sms-relax', j, idTokenRequest, bundle, list, z, i, list2)
     }
-
-    const EventManager = Java.use('com.google.android.gms.constellation.EventManager')
-    EventManager.onHandleIntent.overload('android.content.Intent').implementation = function (intent) {
-        Log.i('EventManager.onHandleIntent(intent)')
-        return this.onHandleIntent(intent)
+    VerifyPhoneNumberRequest.writeToParcel.overload('android.os.Parcel', 'int').implementation = function (parcel, i) {
+        Log.e(`VerifyPhoneNumberRequest.writeToParcel(parcel=${parcel}, i=${i})`)
+        trace()
+        return this.writeToParcel(parcel, i)
     }
 })

scripts/spoof_sms.js

@@ -34,142 +34,37 @@ function trace(tag) {
 
 setImmediate(() => {
     Java.perform(function () {
-        const PhoneNumberVerification = Java.use('com.google.android.gms.constellation.PhoneNumberVerification')
-        PhoneNumberVerification.$init.overload(
+        const VerifyPhoneNumberRequest = Java.use('com.google.android.gms.constellation.VerifyPhoneNumberRequest')
+        VerifyPhoneNumberRequest.$init.overload(
+            //String str, long j, IdTokenRequest idTokenRequest, Bundle bundle, List list, boolean z, int i, List list2
             'java.lang.String',
             'long',
-            'int',
-            'int',
-            'java.lang.String',
+            'com.google.android.gms.constellation.IdTokenRequest',
             'android.os.Bundle',
+            'java.util.List',
+            'boolean',
             'int',
-            'long'
-        ).implementation = function (str, l, i, i2, str2, bundle, i3, l2) {
-            Log.i('PhoneNumberVerification.$init')
-
-            Log.i(`str: ${str}, l: ${l}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l2: ${l2}`)
+            'java.util.List'
+        ).implementation = function (str, j, idTokenRequest, bundle, list, z, i, list2) {
+            Log.e(`VerifyPhoneNumberRequest.$init(
+                str=${str}, j=${j}, idTokenRequest=${idTokenRequest}, bundle=${bundle}, list=${list}, z=${z}, i=${i}, list2=${list2})`)
+            trace()
             // print bundle
-            if (bundle) {
-                const keySet = bundle.keySet().toArray()
-                for (let i = 0; i < keySet.length; i++) {
-                    const key = keySet[i]
-                    Log.i(`key: ${key}, value: ${bundle.get(key)}`)
-                }
+            const keySet = bundle.keySet().toArray()
+            for (let i = 0; i < keySet.length; i++) {
+                const key = keySet[i]
+                Log.i(`VerifyPhoneNumberRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
             }
 
-            return this.$init(str, l, i, i2, str2, bundle, i3, l2)
+            return this.$init('upi-carrier-id-with-mo-sms-relax', j, idTokenRequest, bundle, list, z, i, list2)
         }
-
-        function printConfiguration(config) {
-            JSON.stringify({
-                mDeviceId: config.mDeviceId.value,
-                mTachyonAuthToken: config.mTachyonAuthToken.value,
-                mVerifiedSmsToken: config.mVerifiedSmsToken.value,
-                tachygramEnabled: config.tachygramEnabled.value,
-                tachyonUrl: config.tachyonUrl.value,
-                mConfigState: config.mConfigState.value,
-                mToken: {
-                    mValue: config.mToken.value.mValue.value,
-                    mExpirationTime: config.mToken.value.mExpirationTime.value
-                },
-                mType: config.mType.value,
-                mImsConfiguration: {
-                    mAuthDigestPassword: config.mImsConfiguration.value.mAuthDigestPassword.value,
-                    mAuthDigestRealm: config.mImsConfiguration.value.mAuthDigestRealm.value,
-                    mAuthDigestUsername: config.mImsConfiguration.value.mAuthDigestUsername.value,
-                    mAuthenticationScheme: config.mImsConfiguration.value.mAuthenticationScheme.value,
-                    mDomain: config.mImsConfiguration.value.mDomain.value,
-                    mPcscfAddress: config.mImsConfiguration.value.mPcscfAddress.value,
-                    mPcsfPort: config.mImsConfiguration.value.mPcsfPort.value,
-                    mPrivateIdentity: config.mImsConfiguration.value.mPrivateIdentity.value,
-                    mPsMediaTransport: config.mImsConfiguration.value.mPsMediaTransport.value,
-                    mPsRtpTransport: config.mImsConfiguration.value.mPsRtpTransport.value,
-                    mPsSipTransport: config.mImsConfiguration.value.mPsSipTransport.value,
-                    mPublicIdentity: config.mImsConfiguration.value.mPublicIdentity.value,
-                    mUserName: config.mImsConfiguration.value.mUserName.value,
-                    mWifiMediaTransport: config.mImsConfiguration.value.mWifiMediaTransport.value,
-                    mWifiRtpTransport: config.mImsConfiguration.value.mWifiRtpTransport.value,
-                    mWifiSipTransport: config.mImsConfiguration.value.mWifiSipTransport.value,
-                    mT1: config.mImsConfiguration.value.mT1.value,
-                    mT2: config.mImsConfiguration.value.mT2.value,
-                    mT4: config.mImsConfiguration.value.mT4.value,
-                    mLocalSipPort: config.mImsConfiguration.value.mLocalSipPort.value,
-                    mQ: config.mImsConfiguration.value.mQ.value,
-                    mKeepAlive: config.mImsConfiguration.value.mKeepAlive.value,
-                    mPhoneContext: config.mImsConfiguration.value.mPhoneContext.value,
-                    mRegRetryBaseTime: config.mImsConfiguration.value.mRegRetryBaseTime.value,
-                    mRegRetryMaxTime: config.mImsConfiguration.value.mRegRetryMaxTime.value,
-                    mNatUrlFmt: config.mImsConfiguration.value.mNatUrlFmt.value,
-                    mIntUrlFmt: config.mImsConfiguration.value.mIntUrlFmt.value,
-                    rcsVolteSingleRegistration: config.mImsConfiguration.value.rcsVolteSingleRegistration.value
-                },
-                mInstantMessageConfiguration: {
-                    mAutoAccept: config.mInstantMessageConfiguration.value.mAutoAccept.value,
-                    mAutoAcceptGroupChat: config.mInstantMessageConfiguration.value.mAutoAcceptGroupChat.value,
-                    mChatAuth: config.mInstantMessageConfiguration.value.mChatAuth.value,
-                    mChatRevokeTimer: config.mInstantMessageConfiguration.value.mChatRevokeTimer.value,
-                    mConferenceFactoryUri: config.mInstantMessageConfiguration.value.mConferenceFactoryUri.value,
-                    mDeferredMessageFunctionUri:
-                        config.mInstantMessageConfiguration.value.mDeferredMessageFunctionUri.value,
-                    mExploderUri: config.mInstantMessageConfiguration.value.mExploderUri.value,
-                    mFileTransferAutoAcceptSupported:
-                        config.mInstantMessageConfiguration.value.mFileTransferAutoAcceptSupported.value,
-                    mFtCapAlwaysOn: config.mInstantMessageConfiguration.value.mFtCapAlwaysOn.value,
-                    mFtHttpCapAlwaysOn: config.mInstantMessageConfiguration.value.mFtHttpCapAlwaysOn.value,
-                    mFtHttpContentServerPassword:
-                        config.mInstantMessageConfiguration.value.mFtHttpContentServerPassword.value,
-                    mFtHttpContentServerUri: config.mInstantMessageConfiguration.value.mFtHttpContentServerUri.value,
-                    mFtHttpContentServerUser: config.mInstantMessageConfiguration.value.mFtHttpContentServerUser.value,
-                    mFtStoreAndForwardEnabled:
-                        config.mInstantMessageConfiguration.value.mFtStoreAndForwardEnabled.value,
-                    mFullGroupSandFSupported: config.mInstantMessageConfiguration.value.mFullGroupSandFSupported.value,
-                    mImCapAlwaysOn: config.mInstantMessageConfiguration.value.mImCapAlwaysOn.value,
-                    mImSessionStart: config.mInstantMessageConfiguration.value.mImSessionStart.value,
-                    mImWarnSF: config.mInstantMessageConfiguration.value.mImWarnSF.value,
-                    mMaxAdhocGroupSize: config.mInstantMessageConfiguration.value.mMaxAdhocGroupSize.value,
-                    mPublishPresenceCap: config.mInstantMessageConfiguration.value.mPublishPresenceCap.value,
-                    mReconnectGuardTimer: config.mInstantMessageConfiguration.value.mReconnectGuardTimer.value,
-                    mSmsFallBackAuth: config.mInstantMessageConfiguration.value.mSmsFallBackAuth.value,
-                    mMaxSize1to1: config.mInstantMessageConfiguration.value.mMaxSize1to1.value,
-                    mMaxSize1toM: config.mInstantMessageConfiguration.value.mMaxSize1toM.value,
-                    mMaxSizeFileTransfer: config.mInstantMessageConfiguration.value.mMaxSizeFileTransfer.value,
-                    mWarnSizeFileTransfer: config.mInstantMessageConfiguration.value.mWarnSizeFileTransfer.value,
-                    mFtThumbnailSupported: config.mInstantMessageConfiguration.value.mFtThumbnailSupported.value,
-                    mFtDefaultMechanism: config.mInstantMessageConfiguration.value.mFtDefaultMechanism.value,
-                    mMessageTech: config.mInstantMessageConfiguration.value.mMessageTech.value,
-                    mDefaultSharingMethod: config.mInstantMessageConfiguration.value.mDefaultSharingMethod.value,
-                    mTimerIdleSecs: config.mInstantMessageConfiguration.value.mTimerIdleSecs.value,
-                    mDeliveryReportTimeout: config.mInstantMessageConfiguration.value.mDeliveryReportTimeout.value,
-                    mAnonymousChat: config.mInstantMessageConfiguration.value.mAnonymousChat.value,
-                    mMaxConcurrentSession: config.mInstantMessageConfiguration.value.mMaxConcurrentSession.value,
-                    mSwitchoverSize: config.mInstantMessageConfiguration.value.mSwitchoverSize.value
-                },
-                mReconfigRequested: config.mReconfigRequested.value,
-                mMessageTech: config.mMessageTech.value,
-                rcsState: config.rcsState.value,
-                iccids: config.iccids.value,
-                mValiditySecs: config.mValiditySecs.value,
-                mLastUpdateSecs: config.mLastUpdateSecs.value,
-                mVersion: config.mVersion.value
-            })
-        }
-
-        // const Configuration = Java.use('com.google.android.ims.provisioning.config.Configuration')
-        // Configuration.k.overload().implementation = function () {
-        //     Log.e(`Configuration.k()`)
-        //     printConfiguration(this)
-        //     return this.k()
-        // }
-
-        function dumpList(list) {
-            if (list) {
-                let res = []
-                for (let i = 0; i < list.size(); i++) {
-                    res.push('' + list.get(i))
-                }
-                return res
-            }
-            return []
+        VerifyPhoneNumberRequest.writeToParcel.overload('android.os.Parcel', 'int').implementation = function (
+            parcel,
+            i
+        ) {
+            Log.e(`VerifyPhoneNumberRequest.writeToParcel(parcel=${parcel}, i=${i})`)
+            trace()
+            return this.writeToParcel(parcel, i)
         }
     })
 })