.

injects/spoof.js

@@ -10,16 +10,16 @@ const mcc = "255"
 const mnc = "06"
 const simOperator = "25506"
 const networkOperator = "25506"
-const simSerialNumber = "89380062300689133048"
+const simSerialNumber = "89380062300689132983"
 const iccId = simSerialNumber
 const number = "969379250"
-const imei = "864929043714851"
+const imei = "860114061248785"
 const imsi = "255065209546456"
 const countryIso = "ua"
-const subId = "12"
+const subId = "8"
 
 const source = fs
-    .readFileSync(path.resolve(__dirname, "../scripts/spoof.js"))
+    .readFileSync(path.resolve(__dirname, "../scripts/spoof1.js"))
     .toString()
     .replace("{{mcc}}", mcc)
     .replace("{{mnc}}", mnc)

injects/spoof_gms.js

@@ -14,10 +14,10 @@ const networkOperator = "25506"
 const simSerialNumber = "89380062300689132983"
 const iccId = simSerialNumber
 const number = "969379250"
-const imei = "864929043714851"
+const imei = "860114061248785"
 const imsi = "255065209546456"
 const countryIso = "ua"
-const subId = "12"
+const subId = "8"
 
 const source_gms = fs
     .readFileSync(path.resolve(__dirname, "../scripts/spoof_gms.js"))

scripts/_spoof.js

@@ -2,85 +2,16 @@ const mcc = "255"
 const mnc = "06"
 const simOperator = "25506"
 const networkOperator = "25506"
-const simSerialNumber = "89380062300689133048"
-const iccId = "89380062300689133048"
+const simSerialNumber = "89380062300689132983"
+const iccId = "89380062300689132983"
 const number = "969379250"
-const imei = "864929043714851"
+const imei = "860114061248785"
 const imsi = "255065209546456"
 const countryIso = "ua"
-const subId = "12"
+const subId = "8"
 
 setImmediate(() => {
     Java.perform(function () {
-        console.log("")
-        console.log("[.] Cert Pinning Bypass/Re-Pinning")
-
-        var CertificateFactory = Java.use(
-            "java.security.cert.CertificateFactory"
-        )
-        var FileInputStream = Java.use("java.io.FileInputStream")
-        var BufferedInputStream = Java.use("java.io.BufferedInputStream")
-        var X509Certificate = Java.use("java.security.cert.X509Certificate")
-        var KeyStore = Java.use("java.security.KeyStore")
-        var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory")
-        var SSLContext = Java.use("javax.net.ssl.SSLContext")
-
-        // Load CAs from an InputStream
-        console.log("[+] Loading our CA...")
-        var cf = CertificateFactory.getInstance("X.509")
-
-        try {
-            var fileInputStream = FileInputStream.$new(
-                "/data/local/tmp/cert-der.crt"
-            )
-        } catch (err) {
-            console.log("[o] " + err)
-        }
-
-        var bufferedInputStream = BufferedInputStream.$new(fileInputStream)
-        var ca = cf.generateCertificate(bufferedInputStream)
-        bufferedInputStream.close()
-
-        var certInfo = Java.cast(ca, X509Certificate)
-        console.log("[o] Our CA Info: " + certInfo.getSubjectDN())
-
-        // Create a KeyStore containing our trusted CAs
-        console.log("[+] Creating a KeyStore for our CA...")
-        var keyStoreType = KeyStore.getDefaultType()
-        var keyStore = KeyStore.getInstance(keyStoreType)
-        keyStore.load(null, null)
-        keyStore.setCertificateEntry("ca", ca)
-
-        // Create a TrustManager that trusts the CAs in our KeyStore
-        console.log(
-            "[+] Creating a TrustManager that trusts the CA in our KeyStore..."
-        )
-        var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm()
-        var tmf = TrustManagerFactory.getInstance(tmfAlgorithm)
-        tmf.init(keyStore)
-        console.log("[+] Our TrustManager is ready...")
-
-        console.log("[+] Hijacking SSLContext methods now...")
-        console.log("[-] Waiting for the app to invoke SSLContext.init()...")
-
-        SSLContext.init.overload(
-            "[Ljavax.net.ssl.KeyManager;",
-            "[Ljavax.net.ssl.TrustManager;",
-            "java.security.SecureRandom"
-        ).implementation = function (a, b, c) {
-            console.log("[o] App invoked javax.net.ssl.SSLContext.init...")
-            SSLContext.init
-                .overload(
-                    "[Ljavax.net.ssl.KeyManager;",
-                    "[Ljavax.net.ssl.TrustManager;",
-                    "java.security.SecureRandom"
-                )
-                .call(this, a, tmf.getTrustManagers(), c)
-            console.log(
-                "[+] SSLContext initialized with our custom TrustManager!"
-            )
-        }
-
         const SmsManager = Java.use("android.telephony.SmsManager")
         SmsManager.getSmsManagerForSubscriptionId.overload(
             "int"
@@ -91,7 +22,7 @@ setImmediate(() => {
         }
 
         SmsManager.getDefault.overload().implementation = function () {
-            const _smsManager = this.getDefault()
+            const _smsManager = this.getDefault(i)
             console.log(`SmsManager.getDefault`)
             return _smsManager
         }
@@ -100,7 +31,7 @@ setImmediate(() => {
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
                 console.log(
-                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                    `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
                 )
                 return parseInt(subId)
             }
@@ -110,6 +41,179 @@ setImmediate(() => {
             console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
             return parseInt(subId)
         }
+        SmsManager.getCarrierConfigValues.overload().implementation =
+            function () {
+                const _config = this.getCarrierConfigValues()
+                console.log(`SmsManager.getCarrierConfigValues: ${_config}`)
+                return _config
+            }
+
+        const CarrierConfigManager = Java.use(
+            "android.telephony.CarrierConfigManager"
+        )
+        CarrierConfigManager.getConfigForSubId.overload("int").implementation =
+            function (i) {
+                const _config = this.getConfigForSubId(i)
+                console.log(`CarrierConfigManager.getConfigForSubId: ${i}`)
+                return _config
+            }
+
+        const SubscriptionManager = Java.use(
+            "android.telephony.SubscriptionManager"
+        )
+        SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
+            function () {
+                const _count = this.getActiveSubscriptionInfoCount()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
+                )
+                return _count
+            }
+        SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSmsSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultVoiceSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getActiveDataSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getSlotIndex.overload("int").implementation =
+            function (i) {
+                const _slotIndex = this.getSlotIndex(i)
+                console.log(
+                    `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
+                )
+                return 0
+            }
+        SubscriptionManager.isUsableSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isUsable = this.isUsableSubscriptionId(i)
+            console.log(
+                `SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`
+            )
+            return _isUsable
+        }
+        SubscriptionManager.isValidSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isValid = this.isValidSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
+            )
+            return true
+        }
+        SubscriptionManager.getPhoneNumber.overload("int").implementation =
+            function (i) {
+                console.log(
+                    `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
+                )
+                return number
+            }
+        SubscriptionManager.getPhoneNumber.overload(
+            "int",
+            "int"
+        ).implementation = function (i, i2) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
+            )
+            return number
+        }
+        SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionInfoList()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
+                )
+                return _list
+            }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i})`
+            )
+            return _info
+        }
+        SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionIdList()
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
+                )
+                return [parseInt(subId)]
+            }
+        SubscriptionManager.getActiveSubscriptionInfo.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfo(i)
+
+            const simCount = this.getActiveSubscriptionInfoCountMax()
+
+            let subInfo = null
+            try {
+                for (let i = 0; i < simCount; i++) {
+                    subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+                    if (subInfo) {
+                        break
+                    }
+                }
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+            } catch (error) {
+                console.error(
+                    `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+                error.printStackTrace()
+            }
+            return subInfo
+        }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
+                    _info ? "ok" : "null"
+                }  ${_info}`
+            )
+            return _info
+        }
+        SubscriptionManager.isActiveSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isActive = this.isActiveSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
+            )
+            return true
+        }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
         SubscriptionInfo.getMcc.overload().implementation = function () {
@@ -178,6 +282,12 @@ setImmediate(() => {
             }
 
         const TelephonyManager = Java.use("android.telephony.TelephonyManager")
+        TelephonyManager.createForSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            console.log(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
+            return this
+        }
         TelephonyManager.getLine1Number.overload().implementation =
             function () {
                 const _number = this.getLine1Number()
@@ -275,12 +385,14 @@ setImmediate(() => {
             "int",
             "int",
             "java.lang.String",
-            "android.os.Bundle"
-        ).implementation = function (str, j, i, i2, str2, bundle) {
+            "android.os.Bundle",
+            "int",
+            "long"
+        ).implementation = function (str, l, i, i2, str2, bundle, i3, l2) {
             console.log("PhoneNumberVerification.$init")
 
             console.log(
-                `str: ${str}, j: ${j}, i: ${i}, i2: ${i2}, str2: ${str2}`
+                `str: ${str}, l: ${l}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l2: ${l2}`
             )
             // print bundle
             if (bundle) {
@@ -291,29 +403,20 @@ setImmediate(() => {
                 }
             }
 
-            return this.$init(str, j, i, i2, str2, bundle)
+            return this.$init(str, l, i, i2, str2, bundle, i3, l2)
         }
 
-        const aays = Java.use("aays")
-        aays.d.overload("int", "boolean").implementation = function (i, z) {
-            console.log("aays.d", i, z, Object.keys(this.f.value))
-
-            return number
-        }
+        // const aays = Java.use("aays")
+        // aays.d.overload("int", "boolean").implementation = function (i, z) {
+        //     console.log("aays.d", i, z, Object.keys(this.f.value))
 
-        const aoor = Java.use("aoor")
-        aoor.h.overload("android.content.Context", "int").implementation =
-            function (c, i) {
-                const _i = this.h(c, i)
-                console.log("aoor.h", c, i, _i)
-                return _i
-            }
+        //     return number
+        // }
 
         const SetAsterismConsentRequest = Java.use(
             "com.google.android.gms.asterism.SetAsterismConsentRequest"
         )
         SetAsterismConsentRequest.$init.overload(
-            //int i, int i2, int i3, int[] iArr, Long l, int i4, Bundle bundle, int i5, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8
             "int",
             "int",
             "int",
@@ -408,27 +511,14 @@ setImmediate(() => {
             // )
             return this.$init(i, str, str2)
         }
-    })
 
-    // spoof sim to exist
-    const bjsf = Java.use("athm")
-    bjsf.r.overload("android.content.Context").implementation = function (c) {
-        console.log("athm.r")
-        return true
-    }
-
-    const asts = Java.use("asts")
-    asts.b.overload().implementation = function () {
-        const url = this.b()
-        console.log("asts.b(configUrl)", url.orElse("null"))
-        console.log("l", this.l())
-        console.log("g", this.g())
-        console.log("k", this.k())
-        const str = Java.use("arhb").M().s().a()
-        console.log("str", str)
-        // todo: rcs-acs-mcc%s.jibe.google.com
-        return Java.use("j$.util.Optional").of(
-            "http://rcs-acs-mcc255.jibe.google.com/"
-        )
-    }
+        // spoof sim to exist
+        const bjsf = Java.use("bjsf")
+        bjsf.s.overload("android.content.Context").implementation = function (
+            c
+        ) {
+            console.log("bjsf.s spoof sim to exist")
+            return true
+        }
+    })
 })

scripts/_spoof_gms.js

@@ -5,10 +5,10 @@ const networkOperator = "25506"
 const simSerialNumber = "89380062300689132983"
 const iccId = "89380062300689132983"
 const number = "969379250"
-const imei = "864929043714851"
+const imei = "860114061248785"
 const imsi = "255065209546456"
 const countryIso = "ua"
-const subId = "12"
+const subId = "8"
 function trace() {
     console.log(
         Java.use("android.util.Log").getStackTraceString(
@@ -35,7 +35,7 @@ Java.perform(function () {
         function () {
             const _subId = this.getDefaultSmsSubscriptionId()
             console.log(
-                `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
             )
             return parseInt(subId)
         }
@@ -45,6 +45,174 @@ Java.perform(function () {
         console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
         return parseInt(subId)
     }
+    SmsManager.getCarrierConfigValues.overload().implementation = function () {
+        const _config = this.getCarrierConfigValues()
+        console.log(`SmsManager.getCarrierConfigValues: ${_config}`)
+        return _config
+    }
+
+    const CarrierConfigManager = Java.use(
+        "android.telephony.CarrierConfigManager"
+    )
+    CarrierConfigManager.getConfigForSubId.overload("int").implementation =
+        function (i) {
+            const _config = this.getConfigForSubId(i)
+            console.log(`CarrierConfigManager.getConfigForSubId: ${i}`)
+            return _config
+        }
+
+    const SubscriptionManager = Java.use(
+        "android.telephony.SubscriptionManager"
+    )
+    SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
+        function () {
+            const _count = this.getActiveSubscriptionInfoCount()
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
+            )
+            return _count
+        }
+    SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultSmsSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultVoiceSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getActiveDataSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getSlotIndex.overload("int").implementation = function (
+        i
+    ) {
+        const _slotIndex = this.getSlotIndex(i)
+        console.log(
+            `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
+        )
+        return 0
+    }
+    SubscriptionManager.isUsableSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isUsable = this.isUsableSubscriptionId(i)
+            console.log(
+                `SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`
+            )
+            return _isUsable
+        }
+    SubscriptionManager.isValidSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isValid = this.isValidSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
+            )
+            return true
+        }
+    SubscriptionManager.getPhoneNumber.overload("int").implementation =
+        function (i) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
+            )
+            return number
+        }
+    SubscriptionManager.getPhoneNumber.overload("int", "int").implementation =
+        function (i, i2) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
+            )
+            return number
+        }
+    SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
+        function () {
+            const _list = this.getActiveSubscriptionInfoList()
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
+            )
+            return _list
+        }
+    SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+        "int"
+    ).implementation = function (i) {
+        const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+        console.log(
+            `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
+                _info ? "ok" : "null"
+            }`
+        )
+        return _info
+    }
+    SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
+        function () {
+            const _list = this.getActiveSubscriptionIdList()
+            console.log(
+                `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
+            )
+            return [parseInt(subId)]
+        }
+    SubscriptionManager.getActiveSubscriptionInfo.overload(
+        "int"
+    ).implementation = function (i) {
+        const _info = this.getActiveSubscriptionInfo(i)
+
+        const simCount = this.getActiveSubscriptionInfoCountMax()
+
+        let subInfo = null
+        try {
+            for (let i = 0; i < simCount; i++) {
+                subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+                if (subInfo) {
+                    break
+                }
+            }
+            console.log(
+                `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
+            )
+        } catch (error) {
+            console.error(
+                `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
+            )
+            error.printStackTrace()
+        }
+        return subInfo
+    }
+    SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+        "int"
+    ).implementation = function (s) {
+        const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+        console.log(
+            `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex: ${_info}`
+        )
+        return _info
+    }
+    SubscriptionManager.isActiveSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isActive = this.isActiveSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
+            )
+            return true
+        }
 
     const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
     SubscriptionInfo.getMcc.overload().implementation = function () {
@@ -108,6 +276,12 @@ Java.perform(function () {
     }
 
     const TelephonyManager = Java.use("android.telephony.TelephonyManager")
+    TelephonyManager.createForSubscriptionId.overload("int").implementation =
+        function (i) {
+            console.log(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
+            return this
+        }
+
     TelephonyManager.getLine1Number.overload().implementation = function () {
         const _number = this.getLine1Number()
         console.log(
@@ -492,6 +666,10 @@ Java.perform(function () {
     const alja = Java.use("alja")
     alja.u.overload("java.lang.Exception").implementation = function (e) {
         console.log("alja.u", JSON.stringify(e))
+        console.log(Object.keys(e))
+
+        const b = e.b.value
+        console.log("b", b.toString())
         return this.u(e)
     }
 })

scripts/spoof.js

@@ -100,7 +100,7 @@ setImmediate(() => {
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
                 console.log(
-                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                    `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
                 )
                 return parseInt(subId)
             }
@@ -110,6 +110,179 @@ setImmediate(() => {
             console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
             return parseInt(subId)
         }
+        SmsManager.getCarrierConfigValues.overload().implementation =
+            function () {
+                const _config = this.getCarrierConfigValues()
+                console.log(`SmsManager.getCarrierConfigValues: ${_config}`)
+                return _config
+            }
+
+        const CarrierConfigManager = Java.use(
+            "android.telephony.CarrierConfigManager"
+        )
+        CarrierConfigManager.getConfigForSubId.overload("int").implementation =
+            function (i) {
+                const _config = this.getConfigForSubId(i)
+                console.log(`CarrierConfigManager.getConfigForSubId: ${i}`)
+                return _config
+            }
+
+        const SubscriptionManager = Java.use(
+            "android.telephony.SubscriptionManager"
+        )
+        SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
+            function () {
+                const _count = this.getActiveSubscriptionInfoCount()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
+                )
+                return _count
+            }
+        SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSmsSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultVoiceSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getActiveDataSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getSlotIndex.overload("int").implementation =
+            function (i) {
+                const _slotIndex = this.getSlotIndex(i)
+                console.log(
+                    `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
+                )
+                return 0
+            }
+        SubscriptionManager.isUsableSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isUsable = this.isUsableSubscriptionId(i)
+            console.log(
+                `SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`
+            )
+            return _isUsable
+        }
+        SubscriptionManager.isValidSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isValid = this.isValidSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
+            )
+            return true
+        }
+        SubscriptionManager.getPhoneNumber.overload("int").implementation =
+            function (i) {
+                console.log(
+                    `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
+                )
+                return number
+            }
+        SubscriptionManager.getPhoneNumber.overload(
+            "int",
+            "int"
+        ).implementation = function (i, i2) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
+            )
+            return number
+        }
+        SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionInfoList()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
+                )
+                return _list
+            }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i})`
+            )
+            return _info
+        }
+        SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionIdList()
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
+                )
+                return [parseInt(subId)]
+            }
+        SubscriptionManager.getActiveSubscriptionInfo.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfo(i)
+
+            const simCount = this.getActiveSubscriptionInfoCountMax()
+
+            let subInfo = null
+            try {
+                for (let i = 0; i < simCount; i++) {
+                    subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+                    if (subInfo) {
+                        break
+                    }
+                }
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+            } catch (error) {
+                console.error(
+                    `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+                error.printStackTrace()
+            }
+            return subInfo
+        }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
+                    _info ? "ok" : "null"
+                }`
+            )
+            return _info
+        }
+        SubscriptionManager.isActiveSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isActive = this.isActiveSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
+            )
+            return true
+        }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
         SubscriptionInfo.getMcc.overload().implementation = function () {
@@ -178,6 +351,13 @@ setImmediate(() => {
             }
 
         const TelephonyManager = Java.use("android.telephony.TelephonyManager")
+        TelephonyManager.createForSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            console.log(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
+            return this
+        }
+
         TelephonyManager.getLine1Number.overload().implementation =
             function () {
                 const _number = this.getLine1Number()
@@ -411,9 +591,9 @@ setImmediate(() => {
     })
 
     // spoof sim to exist
-    const bjsf = Java.use("athm")
-    bjsf.r.overload("android.content.Context").implementation = function (c) {
-        console.log("athm.r")
+    const bjsf = Java.use("bjsf")
+    bjsf.s.overload("android.content.Context").implementation = function (c) {
+        console.log("bjsf.s")
         return true
     }
 

scripts/spoof1.js

@@ -12,75 +12,6 @@ const subId = "{{subId}}"
 
 setImmediate(() => {
     Java.perform(function () {
-        console.log("")
-        console.log("[.] Cert Pinning Bypass/Re-Pinning")
-
-        var CertificateFactory = Java.use(
-            "java.security.cert.CertificateFactory"
-        )
-        var FileInputStream = Java.use("java.io.FileInputStream")
-        var BufferedInputStream = Java.use("java.io.BufferedInputStream")
-        var X509Certificate = Java.use("java.security.cert.X509Certificate")
-        var KeyStore = Java.use("java.security.KeyStore")
-        var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory")
-        var SSLContext = Java.use("javax.net.ssl.SSLContext")
-
-        // Load CAs from an InputStream
-        console.log("[+] Loading our CA...")
-        var cf = CertificateFactory.getInstance("X.509")
-
-        try {
-            var fileInputStream = FileInputStream.$new(
-                "/data/local/tmp/cert-der.crt"
-            )
-        } catch (err) {
-            console.log("[o] " + err)
-        }
-
-        var bufferedInputStream = BufferedInputStream.$new(fileInputStream)
-        var ca = cf.generateCertificate(bufferedInputStream)
-        bufferedInputStream.close()
-
-        var certInfo = Java.cast(ca, X509Certificate)
-        console.log("[o] Our CA Info: " + certInfo.getSubjectDN())
-
-        // Create a KeyStore containing our trusted CAs
-        console.log("[+] Creating a KeyStore for our CA...")
-        var keyStoreType = KeyStore.getDefaultType()
-        var keyStore = KeyStore.getInstance(keyStoreType)
-        keyStore.load(null, null)
-        keyStore.setCertificateEntry("ca", ca)
-
-        // Create a TrustManager that trusts the CAs in our KeyStore
-        console.log(
-            "[+] Creating a TrustManager that trusts the CA in our KeyStore..."
-        )
-        var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm()
-        var tmf = TrustManagerFactory.getInstance(tmfAlgorithm)
-        tmf.init(keyStore)
-        console.log("[+] Our TrustManager is ready...")
-
-        console.log("[+] Hijacking SSLContext methods now...")
-        console.log("[-] Waiting for the app to invoke SSLContext.init()...")
-
-        SSLContext.init.overload(
-            "[Ljavax.net.ssl.KeyManager;",
-            "[Ljavax.net.ssl.TrustManager;",
-            "java.security.SecureRandom"
-        ).implementation = function (a, b, c) {
-            console.log("[o] App invoked javax.net.ssl.SSLContext.init...")
-            SSLContext.init
-                .overload(
-                    "[Ljavax.net.ssl.KeyManager;",
-                    "[Ljavax.net.ssl.TrustManager;",
-                    "java.security.SecureRandom"
-                )
-                .call(this, a, tmf.getTrustManagers(), c)
-            console.log(
-                "[+] SSLContext initialized with our custom TrustManager!"
-            )
-        }
-
         const SmsManager = Java.use("android.telephony.SmsManager")
         SmsManager.getSmsManagerForSubscriptionId.overload(
             "int"
@@ -100,7 +31,7 @@ setImmediate(() => {
             function () {
                 const _subId = this.getDefaultSmsSubscriptionId()
                 console.log(
-                    `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                    `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
                 )
                 return parseInt(subId)
             }
@@ -110,6 +41,179 @@ setImmediate(() => {
             console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
             return parseInt(subId)
         }
+        SmsManager.getCarrierConfigValues.overload().implementation =
+            function () {
+                const _config = this.getCarrierConfigValues()
+                console.log(`SmsManager.getCarrierConfigValues: ${_config}`)
+                return _config
+            }
+
+        const CarrierConfigManager = Java.use(
+            "android.telephony.CarrierConfigManager"
+        )
+        CarrierConfigManager.getConfigForSubId.overload("int").implementation =
+            function (i) {
+                const _config = this.getConfigForSubId(i)
+                console.log(`CarrierConfigManager.getConfigForSubId: ${i}`)
+                return _config
+            }
+
+        const SubscriptionManager = Java.use(
+            "android.telephony.SubscriptionManager"
+        )
+        SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
+            function () {
+                const _count = this.getActiveSubscriptionInfoCount()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
+                )
+                return _count
+            }
+        SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultSmsSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getDefaultVoiceSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
+            function () {
+                const _subId = this.getActiveDataSubscriptionId()
+                console.log(
+                    `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
+                )
+                return parseInt(subId)
+            }
+        SubscriptionManager.getSlotIndex.overload("int").implementation =
+            function (i) {
+                const _slotIndex = this.getSlotIndex(i)
+                console.log(
+                    `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
+                )
+                return 0
+            }
+        SubscriptionManager.isUsableSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isUsable = this.isUsableSubscriptionId(i)
+            console.log(
+                `SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`
+            )
+            return _isUsable
+        }
+        SubscriptionManager.isValidSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isValid = this.isValidSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
+            )
+            return true
+        }
+        SubscriptionManager.getPhoneNumber.overload("int").implementation =
+            function (i) {
+                console.log(
+                    `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
+                )
+                return number
+            }
+        SubscriptionManager.getPhoneNumber.overload(
+            "int",
+            "int"
+        ).implementation = function (i, i2) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
+            )
+            return number
+        }
+        SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionInfoList()
+                console.log(
+                    `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
+                )
+                return _list
+            }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i})`
+            )
+            return _info
+        }
+        SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
+            function () {
+                const _list = this.getActiveSubscriptionIdList()
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
+                )
+                return [parseInt(subId)]
+            }
+        SubscriptionManager.getActiveSubscriptionInfo.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfo(i)
+
+            const simCount = this.getActiveSubscriptionInfoCountMax()
+
+            let subInfo = null
+            try {
+                for (let i = 0; i < simCount; i++) {
+                    subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+                    if (subInfo) {
+                        break
+                    }
+                }
+                console.log(
+                    `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+            } catch (error) {
+                console.error(
+                    `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
+                )
+                error.printStackTrace()
+            }
+            return subInfo
+        }
+        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+            "int"
+        ).implementation = function (i) {
+            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
+                    _info ? "ok" : "null"
+                }  ${_info}`
+            )
+            return _info
+        }
+        SubscriptionManager.isActiveSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            const _isActive = this.isActiveSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
+            )
+            return true
+        }
 
         const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
         SubscriptionInfo.getMcc.overload().implementation = function () {
@@ -178,6 +282,12 @@ setImmediate(() => {
             }
 
         const TelephonyManager = Java.use("android.telephony.TelephonyManager")
+        TelephonyManager.createForSubscriptionId.overload(
+            "int"
+        ).implementation = function (i) {
+            console.log(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
+            return this
+        }
         TelephonyManager.getLine1Number.overload().implementation =
             function () {
                 const _number = this.getLine1Number()
@@ -401,5 +511,14 @@ setImmediate(() => {
             // )
             return this.$init(i, str, str2)
         }
+
+        // spoof sim to exist
+        const bjsf = Java.use("bjsf")
+        bjsf.s.overload("android.content.Context").implementation = function (
+            c
+        ) {
+            console.log("bjsf.s spoof sim to exist")
+            return true
+        }
     })
 })

scripts/spoof_gms.js

@@ -35,7 +35,7 @@ Java.perform(function () {
         function () {
             const _subId = this.getDefaultSmsSubscriptionId()
             console.log(
-                `SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+                `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
             )
             return parseInt(subId)
         }
@@ -45,6 +45,174 @@ Java.perform(function () {
         console.log(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
         return parseInt(subId)
     }
+    SmsManager.getCarrierConfigValues.overload().implementation = function () {
+        const _config = this.getCarrierConfigValues()
+        console.log(`SmsManager.getCarrierConfigValues: ${_config}`)
+        return _config
+    }
+
+    const CarrierConfigManager = Java.use(
+        "android.telephony.CarrierConfigManager"
+    )
+    CarrierConfigManager.getConfigForSubId.overload("int").implementation =
+        function (i) {
+            const _config = this.getConfigForSubId(i)
+            console.log(`CarrierConfigManager.getConfigForSubId: ${i}`)
+            return _config
+        }
+
+    const SubscriptionManager = Java.use(
+        "android.telephony.SubscriptionManager"
+    )
+    SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
+        function () {
+            const _count = this.getActiveSubscriptionInfoCount()
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
+            )
+            return _count
+        }
+    SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultSmsSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getDefaultVoiceSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
+        function () {
+            const _subId = this.getActiveDataSubscriptionId()
+            console.log(
+                `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
+            )
+            return parseInt(subId)
+        }
+    SubscriptionManager.getSlotIndex.overload("int").implementation = function (
+        i
+    ) {
+        const _slotIndex = this.getSlotIndex(i)
+        console.log(
+            `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
+        )
+        return 0
+    }
+    SubscriptionManager.isUsableSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isUsable = this.isUsableSubscriptionId(i)
+            console.log(
+                `SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`
+            )
+            return _isUsable
+        }
+    SubscriptionManager.isValidSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isValid = this.isValidSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
+            )
+            return true
+        }
+    SubscriptionManager.getPhoneNumber.overload("int").implementation =
+        function (i) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
+            )
+            return number
+        }
+    SubscriptionManager.getPhoneNumber.overload("int", "int").implementation =
+        function (i, i2) {
+            console.log(
+                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
+            )
+            return number
+        }
+    SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
+        function () {
+            const _list = this.getActiveSubscriptionInfoList()
+            console.log(
+                `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
+            )
+            return _list
+        }
+    SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+        "int"
+    ).implementation = function (i) {
+        const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+        console.log(
+            `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
+                _info ? "ok" : "null"
+            }`
+        )
+        return _info
+    }
+    SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
+        function () {
+            const _list = this.getActiveSubscriptionIdList()
+            console.log(
+                `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
+            )
+            return [parseInt(subId)]
+        }
+    SubscriptionManager.getActiveSubscriptionInfo.overload(
+        "int"
+    ).implementation = function (i) {
+        const _info = this.getActiveSubscriptionInfo(i)
+
+        const simCount = this.getActiveSubscriptionInfoCountMax()
+
+        let subInfo = null
+        try {
+            for (let i = 0; i < simCount; i++) {
+                subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+                if (subInfo) {
+                    break
+                }
+            }
+            console.log(
+                `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
+            )
+        } catch (error) {
+            console.error(
+                `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
+            )
+            error.printStackTrace()
+        }
+        return subInfo
+    }
+    SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
+        "int"
+    ).implementation = function (s) {
+        const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
+        console.log(
+            `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex: ${_info}`
+        )
+        return _info
+    }
+    SubscriptionManager.isActiveSubscriptionId.overload("int").implementation =
+        function (i) {
+            const _isActive = this.isActiveSubscriptionId(i)
+            console.log(
+                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
+            )
+            return true
+        }
 
     const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
     SubscriptionInfo.getMcc.overload().implementation = function () {
@@ -108,6 +276,12 @@ Java.perform(function () {
     }
 
     const TelephonyManager = Java.use("android.telephony.TelephonyManager")
+    TelephonyManager.createForSubscriptionId.overload("int").implementation =
+        function (i) {
+            console.log(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
+            return this
+        }
+
     TelephonyManager.getLine1Number.overload().implementation = function () {
         const _number = this.getLine1Number()
         console.log(
@@ -492,6 +666,10 @@ Java.perform(function () {
     const alja = Java.use("alja")
     alja.u.overload("java.lang.Exception").implementation = function (e) {
         console.log("alja.u", JSON.stringify(e))
+        console.log(Object.keys(e))
+
+        const b = e.b.value
+        console.log("b", b.toString())
         return this.u(e)
     }
 })