.

PhoneNumberVerification.txt

@@ -1,7 +0,0 @@
-PhoneNumberVerification.$init
-str: +380731848010, j: 1712564460000, i: 0, i2: 0, str2: eyJhbGciOiJSUzI1NiIsImtpZCI6IjkzYjQ5NTE2MmFmMGM4N2NjN2E1MTY4NjI5NDA5NzA0MGRhZjNiNDMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhdWQiOiIzNTczMTc4OTk2MTAtNjR1cXZjNGFsYTk2bXVhbWxvYWN0cmZscGRjZGNlcmUuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJwaG9uZV9udW1iZXIiOiIrMzgwNzMxODQ4MDEwIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjp0cnVlLCJuYmYiOjE3MTI2NjMwNDgsIm5vbmNlIjoiOWU1MzliOGQwNmI4MTdhYjBjNzBjOGQzM2QyNmRkZTRkNDJlY2E1MDI3ODU5YjM3ZjRhMTkxODYwYThhOTEyNyIsImF1dGhfdGltZSI6MTcxMjU2NDQ2MCwiaWF0IjoxNzEyNjYzMzQ4LCJleHAiOjE3MTI2NjY5NDgsImp0aSI6IjhjNDE4YjcxM2IyMGUyOWQ1ZTcxMDg2YTIzNjFhNzFjZGVmOTFhNmMifQ.v1_zATarOUIb2RoHJX6a-RY11hPgFBE9kFCvAPf-jQjrJEu34t7cIqhoMRnK4zPkLfxHlg1xRbgDVGyiZAabYRPuUxZlABiE887tAhPDBJGZhpVkizL0fgzkH7_itzCz8h8cE1Xhp8h_Esa0caayexfr971DQ7RTi4KcH0c4JdC26d7NeVN5bwrcrdf1PuZpjSZL-J8YY4jr97qnRDTkjwMG6hcOhjaZkJYiQgEMSJD1jtgUZGBc1u7P6RsYJHld1TxcOFdCNbNZa2KgqB_iu_wGC8W9_VvBioJIw2jFAT4AyfeAAKjOzDzA4SO0S3e3bBD8A_nu5UIRUAdl4uHysQ
-key: calling_api, value: verifyPhoneNumber
-key: IMSI, value: 255065007246414
-key: required_consumer_consent, value: RCS
-key: mcc_mnc, value: 25506
-key: session_id, value: 12ba7842-e308-4a34-a7a6-761efac684de

Verification fail.txt

@@ -1,3 +0,0 @@
-[verification_manager] Verification failed with error: syncVerif failed: PhoneVerifier.Verify failed: generic::invalid_argument: com.google.apps.framework.request.BadRequestException: VerifyRequest from UNIFIED_PHONE_IDENTITY rejected.
-                                                                                                    Invalid endpoint imsi: 3100102992729814
-2024-04-11 16:17:27.579 27118-27481 constellation           com.google.android.gms               I  [verification_manager] No challenge issued due to state: 1

configuratio1.json

@@ -1,87 +0,0 @@
-{
-    "mDeviceId": null,
-    "mTachyonAuthToken": "Co4BAMGp9URq_nfz_ZlENzz8u_puvxmWh8d5un7_YrRxQz88BIcLMy1f6u1lxLquLek1WVqiQFJIcRueVtpSAywHShUH92CkY39YrMwQTHWUfGHrXhmJQSR6onQ7N_XU2kTbOkILS9PvJ5cDXurT-O5-zTfn2NEJBzT5exUVnHOWKjQSWV5YX-SIzcZbyA8mhQ",
-    "mVerifiedSmsToken": "ANvafuAntB4GjBoi3ikbvSWdYkdhoiWuaWYUxiL-o2GBYZPX5r6WouAJLk-HfaLEH6LNMAaosZ7p1Rg",
-    "tachygramEnabled": true,
-    "tachyonUrl": "instantmessaging-pa-jms-preprod-eu.googleapis.com:443",
-    "mConfigState": 0,
-    "mToken": {
-        "mValue": "5-AA50oPN5bXQoEeEXT6kDyXyHL943xMTTVHqU3GHkP0dPSJTiFthNX1Vyt0BYyI_sR1QG6NqtL6X6I6qlPJXcVTZA-EaKQE5dbxdeKGTlzimqwL1qblW4FQBEymYIzx-9W8oPQnocyqj_f1stVFAGNa4hCsftGRRSe2HQPA",
-        "mExpirationTime": "1715843339453"
-    },
-    "mType": 1,
-    "mImsConfiguration": {
-        "mAuthDigestPassword": "VMV4z80XuTTWO7GezziZjHFNIKMzL7fY",
-        "mAuthDigestRealm": "ua-lifecell.rcs.telephony.goog",
-        "mAuthDigestUsername": "+380638783055",
-        "mAuthenticationScheme": "Digest",
-        "mDomain": "ua-lifecell.rcs.telephony.goog",
-        "mPcscfAddress": "ua-lifecell.rcs.telephony.goog",
-        "mPcsfPort": -1,
-        "mPrivateIdentity": "+380638783055@ua-lifecell.rcs.telephony.goog",
-        "mPsMediaTransport": "MSRPoTLS",
-        "mPsRtpTransport": "SRTP",
-        "mPsSipTransport": "SIPoTLS",
-        "mPublicIdentity": "tel:+380638783055",
-        "mUserName": "+380638783055",
-        "mWifiMediaTransport": "MSRPoTLS",
-        "mWifiRtpTransport": "SRTP",
-        "mWifiSipTransport": "SIPoTLS",
-        "mT1": 600,
-        "mT2": 9500,
-        "mT4": 10000,
-        "mLocalSipPort": 5762,
-        "mQ": 0.5,
-        "mKeepAlive": true,
-        "mPhoneContext": "tel:+380638783055",
-        "mRegRetryBaseTime": 30,
-        "mRegRetryMaxTime": 1800,
-        "mNatUrlFmt": "tel",
-        "mIntUrlFmt": "tel",
-        "rcsVolteSingleRegistration": false
-    },
-    "mInstantMessageConfiguration": {
-        "mAutoAccept": true,
-        "mAutoAcceptGroupChat": true,
-        "mChatAuth": false,
-        "mChatRevokeTimer": 300,
-        "mConferenceFactoryUri": "sip:conference@rcs.google.com",
-        "mDeferredMessageFunctionUri": "sip:foo@bar",
-        "mExploderUri": "sip:foo@bar",
-        "mFileTransferAutoAcceptSupported": true,
-        "mFtCapAlwaysOn": false,
-        "mFtHttpCapAlwaysOn": true,
-        "mFtHttpContentServerPassword": "TelJNe0M4972xu8fhpsOibrtM9cGFpGd",
-        "mFtHttpContentServerUri": "https://rcs-copper-eu.googleapis.com",
-        "mFtHttpContentServerUser": "+380638783055",
-        "mFtStoreAndForwardEnabled": false,
-        "mFullGroupSandFSupported": true,
-        "mImCapAlwaysOn": true,
-        "mImSessionStart": 0,
-        "mImWarnSF": false,
-        "mMaxAdhocGroupSize": 100,
-        "mPublishPresenceCap": false,
-        "mReconnectGuardTimer": 120,
-        "mSmsFallBackAuth": false,
-        "mMaxSize1to1": 8192,
-        "mMaxSize1toM": 8192,
-        "mMaxSizeFileTransfer": 104857600,
-        "mWarnSizeFileTransfer": 104857600,
-        "mFtThumbnailSupported": false,
-        "mFtDefaultMechanism": "http",
-        "mMessageTech": 1,
-        "mDefaultSharingMethod": -1,
-        "mTimerIdleSecs": 180,
-        "mDeliveryReportTimeout": 300,
-        "mAnonymousChat": true,
-        "mMaxConcurrentSession": 0,
-        "mSwitchoverSize": 1300
-    },
-    "mReconfigRequested": false,
-    "mMessageTech": 0,
-    "rcsState": 0,
-    "iccids": "",
-    "mValiditySecs": 411163,
-    "mLastUpdateSecs": "1713337739",
-    "mVersion": 1
-}

euicc.js

@@ -1,4 +0,0 @@
-Java.perform(() => {
-    const TelephonyProvider = Java.use('com.android.providers.telephony.TelephonyProvider')
-    console.log('TelephonyProvider', TelephonyProvider)
-})

euicc.sh

@@ -1 +0,0 @@
-frida -U -l euicc.js "$(frida-ps -U|grep com.google.android.euicc | sed 's/[^0-9]*//g')"

gen.js

@@ -1,9 +1,9 @@
-import NodeImei from "node-imei"
-import util from "util"
-import randomstring from "randomstring"
-import fs from "fs"
-import url from "url"
-import path from "path"
+import NodeImei from 'node-imei'
+import util from 'util'
+import randomstring from 'randomstring'
+import fs from 'fs'
+import url from 'url'
+import path from 'path'
 
 const filePath = url.fileURLToPath(import.meta.url)
 const __dirname = path.dirname(filePath)
@@ -11,55 +11,37 @@ const __dirname = path.dirname(filePath)
 const nodeImei = new NodeImei()
 
 function randomeNumber(length) {
-    let n = randomstring.generate({ length, charset: "numeric" })
-    while (n[0] === "0") {
-        n = randomstring.generate({ length, charset: "numeric" })
+    let n = randomstring.generate({ length, charset: 'numeric' })
+    while (n[0] === '0') {
+        n = randomstring.generate({ length, charset: 'numeric' })
     }
     return n
 }
 
-const mcc = "255"
-const mnc = "06"  // 240 160
-const simOperator = mcc + mnc
-const networkOperator = mcc + mnc
-const simSerialNumber = randomeNumber(20)
-const iccId = simSerialNumber
-const number = "739727133" || randomeNumber(9)
+const mcc = '310'
+const mnc = '240'
+const iccid = randomeNumber(20)
+const number = randomeNumber(10)
 const imei = nodeImei.random()
 const imsi = mcc + mnc + randomeNumber(15 - (mcc + mnc).length)
-const countryIso = "ua"
-let subId = "37"
-const androidId = randomstring.generate({ length: 16, charset: "hex" })
-const serialNumber = randomstring.generate({ length: 8, charset: "hex" })
-
-try {
-    const old = JSON.parse(
-        fs.readFileSync(path.resolve(__dirname, "vars.json"))
-    )
-    if (old.subId) {
-        subId = (parseInt(old.subId) + 1).toString()
-    }
-} catch (e) {
-    console.error(e)
-}
+const country = 'us'
 
 const vars = {
     mcc,
     mnc,
-    simOperator,
-    networkOperator,
-    simSerialNumber,
-    iccId,
+    iccid,
     number,
     imei,
     imsi,
-    countryIso,
-    subId,
-    androidId,
-    serialNumber
+    country
 }
 console.log(JSON.stringify(vars, null, 4))
+fs.writeFileSync(path.resolve(__dirname, 'vars.json'), JSON.stringify(vars, null, 4))
+
 fs.writeFileSync(
-    path.resolve(__dirname, "vars.json"),
-    JSON.stringify(vars, null, 4)
+    path.resolve(__dirname, 'scripts/spoof_phone.js'),
+    fs
+        .readFileSync(path.resolve(__dirname, 'scripts/spoof_phone.js'))
+        .toString()
+        .replace(/config = (\{[\w\W\s\W]+?\})/g, `config = ${JSON.stringify(vars, null, 4)}`)
 )

injects/phone.js

@@ -0,0 +1,243 @@
+import frida from 'frida'
+import fs from 'fs'
+import url from 'url'
+import path from 'path'
+import util from 'util'
+import Vorpal from 'vorpal'
+import { spawn, execSync } from 'child_process'
+import { setTimeout } from 'timers/promises'
+
+const filePath = url.fileURLToPath(import.meta.url)
+const __dirname = path.dirname(filePath)
+
+function loadSource(filePath) {
+    Log.s(`Loading ${filePath}`)
+    return fs.readFileSync(path.resolve(__dirname, filePath)).toString()
+}
+
+class Log {
+    static TAG = ''
+    static format(...msg) {
+        let m = []
+        for (let i = 0; i < msg.length; i++) {
+            if (typeof msg[i] === 'object') {
+                if ('[object Object]' === msg[i].toString()) {
+                    m.push(util.inspect(msg[i]))
+                }
+            } else {
+                m.push(msg[i])
+            }
+        }
+        m = m.join(' ')
+        return m
+    }
+    static i(...msg) {
+        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static w(...msg) {
+        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static e(...msg) {
+        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static s(...msg) {
+        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+}
+
+let device = null
+let tracers = []
+
+async function stop() {
+    Log.i('[*] Stopping all tracers')
+    for (const tracer of tracers) {
+        Log.i('[*] Stopping', tracer.pid)
+        tracer.session.detach()
+        try {
+            await device.kill(tracer.pid)
+        } catch (error) {}
+    }
+    process.exit(1)
+}
+
+process.on('SIGTERM', stop)
+process.on('SIGINT', stop)
+
+async function main() {
+    device = await frida.getUsbDevice()
+    device.spawnAdded.connect(onSpawnAdded)
+
+    Log.i('[*] Enabling spawn gating')
+    await device.enableSpawnGating()
+    Log.i('[*] Enabled spawn gating')
+
+    // Log.i("[*] Spawning com.google.android.apps.messaging")
+    // const pid = await device.spawn("com.google.android.apps.messaging")
+    // Log.i("[*] Spawned com.google.android.apps.messaging: " + pid)
+    // const tracer = await Tracer.open(pid)
+    // tracers.push(tracer)
+    const processes = await device.enumerateProcesses()
+    for (const process of processes) {
+        if (process.name.startsWith('com.android.phone')) {
+            console.log('[*] Attaching to', process.pid, process.name)
+            const session = await device.attach(process.pid)
+            const script = await session.createScript(loadSource('../scripts/spoof_phone.js'))
+            await script.load()
+        }
+    }
+}
+
+async function onSpawnAdded(spawn) {
+    try {
+        if (spawn.identifier.startsWith('com.android.phone')) {
+            Log.i('[*] Tracing', spawn.pid, spawn.identifier)
+            const tracer = await Tracer.open(spawn.pid, '../scripts/spoof_phone.js')
+            tracers.push(tracer)
+        } else {
+            Log.i('[*] Resuming', spawn.pid, spawn.identifier)
+            await device.resume(spawn.pid)
+        }
+    } catch (e) {
+        Log.e(`err: ${e}`)
+    }
+}
+
+class Tracer {
+    static async open(pid, source) {
+        const tracer = new Tracer(pid, source)
+        await tracer._initialize()
+        return tracer
+    }
+
+    constructor(pid, sourceFile) {
+        this.pid = pid
+        this.sourceFile = sourceFile
+        this.source = loadSource(sourceFile)
+        this.session = null
+        this.script = null
+    }
+
+    async _initialize() {
+        const session = await device.attach(this.pid)
+        this.session = session
+        session.detached.connect(this._onSessionDetached.bind(this))
+
+        const script = await session.createScript(this.source)
+        this.script = script
+        script.message.connect(this._onScriptMessage.bind(this))
+        await script.load()
+
+        // const script_ssl = await session.createScript(source_ssl)
+        // await script_ssl.load()
+
+        try {
+            await device.resume(this.pid)
+        } catch (e) {
+            Log.e(e)
+        }
+    }
+
+    async reload() {
+        if (this.script) {
+            this.script.unload()
+        }
+        this.source = loadSource(this.sourceFile)
+        this.script = await this.session.createScript(this.source)
+        this.script.message.connect(this._onScriptMessage.bind(this))
+        await this.script.load()
+    }
+
+    _onSessionDetached(reason) {
+        Log.i(`[PID ${this.pid}] onSessionDetached(reason='${reason}')`)
+        const i = tracers.findIndex((tracer) => tracer.pid === this.pid)
+        if (i !== -1) {
+            tracers.splice(i, 1)
+        }
+    }
+
+    _onScriptMessage(message, data) {
+        if (message.type === 'error') {
+            Log.e(`[PID ${this.pid}] onScriptMessage()`, message, data ? JSON.stringify(data) : '')
+        } else {
+            Log.i(`[PID ${this.pid}] onScriptMessage()`, message, data ? JSON.stringify(data) : '')
+        }
+    }
+}
+
+main()
+const vorpal = new Vorpal()
+vorpal.sigint(function () {
+    stop()
+})
+
+vorpal.command('clear [app]').action(async function (args, callback) {
+    try {
+        const app = args.app
+        if ('sms' === app) {
+            execSync('adb shell pm clear com.google.android.apps.messaging')
+        } else if ('gms' === app) {
+            execSync('adb shell pm clear com.google.android.gms')
+        } else if ('gsf' === app) {
+            execSync('adb shell pm clear com.google.android.gsf')
+        } else if ('all' === app) {
+            execSync('adb shell pm clear com.google.android.apps.messaging')
+            await setTimeout(1000)
+            execSync('adb shell pm clear com.google.android.gms')
+        }
+    } catch (error) {
+        Log.e(error)
+    }
+    callback()
+})
+
+vorpal.command('stop').action(function (args, callback) {
+    try {
+        execSync('adb shell am force-stop com.google.android.apps.messaging')
+        execSync('adb shell am force-stop com.google.android.gms')
+    } catch (error) {
+        Log.e(error)
+    }
+    callback()
+})
+vorpal.command('gen').action(function (args, callback) {
+    execSync(`node ${path.resolve(__dirname, '../gen.js')}`)
+    callback()
+})
+vorpal.command('reload').action(function (args, callback) {
+    tracers.forEach((tracer) => {
+        tracer.reload()
+    })
+    callback()
+})
+vorpal.command('otp [code]').action(async function (args, callback) {
+    const code = args.code
+    let phoneProcess
+    try {
+        phoneProcess = await device.getProcess('com.android.phone')
+    } catch (error) {
+        try {
+            phoneProcess = await device.getProcess('SIM 卡工具包')
+        } catch (error) {}
+    }
+    if (!phoneProcess) {
+        Log.e('Phone process not found')
+        callback()
+        return
+    }
+    const session = await device.attach(phoneProcess.pid)
+    const script = await session.createScript(
+        loadSource('../scripts/sendsms.js')
+            .replace('{{sender}}', '3538')
+            .replace('{{msg}}', `Your Messenger verification code is G-${code}`)
+    )
+    script.message.connect((message) => {
+        console.log('[*] Message:', message)
+
+        if (message.type === 'send' && message.payload === 'ok') {
+            script.unload()
+        }
+    })
+    await script.load()
+    callback()
+})
+vorpal.delimiter('rcs$').show()

injects/sendsms.js

@@ -1,33 +1,65 @@
-import frida from "frida"
-import fs from "fs"
-import url from "url"
-import path from "path"
-
+import frida from 'frida'
+import fs from 'fs'
+import url from 'url'
+import path from 'path'
+import { execSync } from 'child_process'
 const filePath = url.fileURLToPath(import.meta.url)
 const __dirname = path.dirname(filePath)
+function pushFile(file, dest, force = false) {
+    const fileName = path.basename(file)
+    const srcPath = path.resolve(__dirname, file)
+    const destPath = dest + fileName
+
+    if (!force) {
+        console.log(`Checking if ${destPath} exists`)
+        try {
+            if (execSync(`adb shell ls ${destPath}`).toString().includes('No such file or directory')) {
+                throw new Error('File not found')
+            }
+            console.log(`File ${fileName} already exists`)
+            return
+        } catch (e) {
+            console.log(`File ${fileName} not found`)
+        }
+    }
 
-const source = fs.readFileSync(path.resolve(__dirname, "../scripts/sendsms.js"))
+    // execSync(`adb shell mkdir ${dest}`)
+
+    console.log(`Pushing ${srcPath} to ${destPath}`)
+    execSync(`adb push ${srcPath} ${destPath}`)
+    console.log(`Push success: ${fileName}`)
+
+    console.log(`set permission 777 to ${destPath}`)
+    execSync(`adb shell chmod 777 ${destPath}`)
+    console.log(`set permission success: ${fileName}`)
+}
+pushFile('../RcsHackTool.dex', '/sdcard/Download/')
+const source = fs
+    .readFileSync(path.resolve(__dirname, '../scripts/sendsms.js'))
+    .toString()
+    .replace('{{sender}}', '3538')
+    .replace('{{msg}}', `Your Messenger verification code is G-950141`)
 
 const device = await frida.getUsbDevice()
 const processes = await device.enumerateProcesses()
 let phoneProcess
 try {
-    phoneProcess = await device.getProcess("com.android.phone")
+    phoneProcess = await device.getProcess('com.android.phone')
 } catch (error) {
     try {
-        phoneProcess = await device.getProcess("SIM 卡工具包")
+        phoneProcess = await device.getProcess('SIM 卡工具包')
     } catch (error) {}
 }
 if (!phoneProcess) {
-    console.error("Phone process not found")
+    console.error('Phone process not found')
     process.exit(1)
 }
 const session = await device.attach(phoneProcess.pid)
 const script = await session.createScript(source)
-script.message.connect(message => {
-    console.log("[*] Message:", message)
+script.message.connect((message) => {
+    console.log('[*] Message:', message)
 
-    if (message.type === "send" && message.payload === "ok") {
+    if (message.type === 'send' && message.payload === 'ok') {
         script.unload()
     }
 })

injects/spoof.js

@@ -1,143 +0,0 @@
-import frida from "frida"
-import fs from "fs"
-import url from "url"
-import path from "path"
-
-const filePath = url.fileURLToPath(import.meta.url)
-const __dirname = path.dirname(filePath)
-
-const mcc = "255"
-const mnc = "06"
-const simOperator = "25506"
-const networkOperator = "25506"
-const simSerialNumber = "89380062300689132983"
-const iccId = simSerialNumber
-const number = "969379250"
-const imei = "860114061248785"
-const imsi = "255065209546456"
-const countryIso = "ua"
-const subId = "8"
-
-const source = fs
-    .readFileSync(path.resolve(__dirname, "../scripts/spoof1.js"))
-    .toString()
-    .replace("{{mcc}}", mcc)
-    .replace("{{mnc}}", mnc)
-    .replace("{{simOperator}}", simOperator)
-    .replace("{{networkOperator}}", networkOperator)
-    .replace("{{simSerialNumber}}", simSerialNumber)
-    .replace("{{iccId}}", iccId)
-    .replace("{{number}}", number)
-    .replace("{{imei}}", imei)
-    .replace("{{imsi}}", imsi)
-    .replace("{{countryIso}}", countryIso)
-    .replace("{{subId}}", subId)
-
-fs.writeFileSync(path.resolve(__dirname, "../scripts/_spoof.js"), source)
-
-const source_ssl = fs.readFileSync(
-    path.resolve(__dirname, "../scripts/ssl_bypass.js")
-)
-
-let device = null
-let tracers = []
-
-async function stop() {
-    console.log("[*] Stopping all tracers")
-    for (const tracer of tracers) {
-        console.log("[*] Stopping", tracer.pid)
-        tracer.session.detach()
-        try {
-            await device.kill(tracer.pid)
-        } catch (error) {}
-    }
-    process.exit(1)
-}
-
-process.on("SIGTERM", stop)
-process.on("SIGINT", stop)
-
-async function main() {
-    const deviceMgr = frida.getDeviceManager()
-    deviceMgr.enumerateDevices().then(devices => {
-        devices.forEach(device => {
-            console.log("[*] Device:", device.id, device.name, device.type)
-        })
-    })
-    device = await frida.getUsbDevice()
-    device.spawnAdded.connect(onSpawnAdded)
-
-    console.log("[*] Enabling spawn gating")
-    await device.enableSpawnGating()
-    console.log("[*] Enabled spawn gating")
-
-    await showPendingSpawn()
-
-    console.log("[*] Spawning com.google.android.apps.messaging")
-    const pid = await device.spawn("com.google.android.apps.messaging")
-    console.log("[*] Spawned com.google.android.apps.messaging: " + pid)
-    const tracer = await Tracer.open(pid)
-    tracers.push(tracer)
-}
-
-async function showPendingSpawn() {
-    const pending = await device.enumeratePendingSpawn()
-    console.log("[*] enumeratePendingSpawn():", pending)
-}
-
-async function onSpawnAdded(spawn) {
-    try {
-        await showPendingSpawn()
-
-        if (spawn.identifier.startsWith("com.google.android.apps.messaging")) {
-            console.log("[*] Tracing", spawn.pid, spawn.identifier)
-            const tracer = await Tracer.open(spawn.pid)
-            tracers.push(tracer)
-        } else {
-            console.log("[*] Resuming", spawn.pid, spawn.identifier)
-            await device.resume(spawn.pid)
-        }
-    } catch (e) {
-        console.error("err: ", e)
-    }
-}
-
-class Tracer {
-    static async open(pid) {
-        const tracer = new Tracer(pid)
-        await tracer._initialize()
-        return tracer
-    }
-
-    constructor(pid) {
-        this.pid = pid
-        this.session = null
-        this.script = null
-    }
-
-    async _initialize() {
-        const session = await device.attach(this.pid)
-        this.session = session
-        session.detached.connect(this._onSessionDetached.bind(this))
-
-        const script = await session.createScript(source)
-        this.script = script
-        script.message.connect(this._onScriptMessage.bind(this))
-        await script.load()
-
-        // const script_ssl = await session.createScript(source_ssl)
-        // await script_ssl.load()
-
-        await device.resume(this.pid)
-    }
-
-    _onSessionDetached(reason) {
-        console.log(`[PID ${this.pid}] onSessionDetached(reason='${reason}')`)
-    }
-
-    _onScriptMessage(message, data) {
-        console.log(`[PID ${this.pid}] onScriptMessage()`, message)
-    }
-}
-
-main()

phone.js

@@ -1,119 +0,0 @@
-Java.perform(() => {
-    const PhoneInterfaceManager = Java.use('com.android.phone.PhoneInterfaceManager')
-    PhoneInterfaceManager.getLine1NumberForDisplay.overload(
-        'int',
-        'java.lang.String',
-        'java.lang.String'
-    ).implementation = function (subId, callingPackage, callingFeatureId) {
-        const phoneNumber = this.getLine1NumberForDisplay(subId, callingPackage, callingFeatureId)
-        console.log(
-            `PhoneInterfaceManager.getLine1NumberForDisplay(${subId}, ${callingPackage}, ${callingFeatureId}) => ${phoneNumber}`
-        )
-        return '1234567890'
-    }
-    PhoneInterfaceManager.getNetworkCountryIsoForPhone.overload('int').implementation = function (phoneId) {
-        const countryIso = this.getNetworkCountryIsoForPhone(phoneId)
-        console.log(`PhoneInterfaceManager.getNetworkCountryIsoForPhone(${phoneId}): ${countryIso}`)
-        return 'us'
-    }
-    if (PhoneInterfaceManager.getNetworkCountryIso) {
-        PhoneInterfaceManager.getNetworkCountryIso.overload('int').implementation = function (phoneId) {
-            const countryIso = this.getNetworkCountryIso(phoneId)
-            console.log(`PhoneInterfaceManager.getNetworkCountryIso(${phoneId}): ${countryIso}`)
-            return 'us'
-        }
-    }
-    PhoneInterfaceManager.getImeiForSlot.overload('int', 'java.lang.String', 'java.lang.String').implementation =
-        function (slotId, callingPackage, callingFeatureId) {
-            const imei = this.getImeiForSlot(slotId, callingPackage, callingFeatureId)
-            console.log(
-                `PhoneInterfaceManager.getImeiForSlot(${slotId}, ${callingPackage}, ${callingFeatureId}): ${imei}`
-            )
-            return '123456789012345'
-        }
-
-    const SubscriptionController = Java.use('com.android.internal.telephony.SubscriptionController')
-    const SubsciptionInfo = Java.use('android.telephony.SubscriptionInfo')
-    SubscriptionController.getPhoneNumberFromFirstAvailableSource.overload(
-        'int',
-        'java.lang.String',
-        'java.lang.String'
-    ).implementation = function (subId, callingPackage, callingFeatureId) {
-        const phoneNumber = this.getPhoneNumberFromFirstAvailableSource(subId, callingPackage, callingFeatureId)
-        console.log(
-            `SubscriptionController.getPhoneNumberFromFirstAvailableSource(${subId}, ${callingPackage}, ${callingFeatureId}) => ${phoneNumber}`
-        )
-        return '1234567890'
-    }
-    SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
-        callingPackage
-    ) {
-        const list = this.getActiveSubscriptionInfoList(callingPackage)
-        const newList = Java.use('java.util.ArrayList').$new()
-        for (let i = 0; i < list.size(); i++) {
-            const info = Java.cast(list.get(i), SubsciptionInfo)
-            info.mMcc.value = '123'
-            info.mMnc.value = '456'
-            info.mCountryIso.value = 'us'
-            info.mIccId.value = '1234567890'
-            newList.add(info)
-        }
-        return newList
-    }
-    SubscriptionController.getActiveSubscriptionInfoList.overload(
-        'java.lang.String',
-        'java.lang.String'
-    ).implementation = function (callingPackage, callingFeatureId) {
-        const list = this.getActiveSubscriptionInfoList(callingPackage, callingFeatureId)
-        const newList = Java.use('java.util.ArrayList').$new()
-        for (let i = 0; i < list.size(); i++) {
-            const info = Java.cast(list.get(i), SubsciptionInfo)
-            info.mMcc.value = '123'
-            info.mMnc.value = '456'
-            info.mCountryIso.value = 'us'
-            info.mIccId.value = '1234567890'
-            newList.add(info)
-        }
-        return newList
-    }
-    SubscriptionController.getSimStateForSlotIndex.overload('int').implementation = function (slotIndex) {
-        const simState = this.getSimStateForSlotIndex(slotIndex)
-        console.log(`SubscriptionController.getSimStateForSlotIndex(${slotIndex}) => ${simState}`)
-        return 5
-    }
-
-    const PhoneSubInfoController = Java.use('com.android.internal.telephony.PhoneSubInfoController')
-    PhoneSubInfoController.getIccSerialNumberForSubscriber.overload(
-        'int',
-        'java.lang.String',
-        'java.lang.String'
-    ).implementation = function (subId, callingPackage, callingFeatureId) {
-        const iccSerialNumber = this.getIccSerialNumberForSubscriber(subId, callingPackage, callingFeatureId)
-        console.log(
-            `PhoneSubInfoController.getIccSerialNumberForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}) => ${iccSerialNumber}`
-        )
-        return '1234567890'
-    }
-    PhoneSubInfoController.getSubscriberIdForSubscriber.overload(
-        'int',
-        'java.lang.String',
-        'java.lang.String'
-    ).implementation = function (subId, callingPackage, callingFeatureId) {
-        const subscriberId = this.getSubscriberIdForSubscriber(subId, callingPackage, callingFeatureId)
-        console.log(
-            `PhoneSubInfoController.getSubscriberIdForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}) => ${subscriberId}`
-        )
-        return '1234567890'
-    }
-
-    const SystemProperties = Java.use('android.os.SystemProperties')
-    console.log('SystemProperties', SystemProperties)
-    SystemProperties.set('gsm.sim.operator.iso-country', 'us')
-    SystemProperties.set('gsm.sim.operator.numeric', '123456')
-    SystemProperties.set('gsm.operator.numeric', '123456')
-    console.log(
-        SystemProperties.get('gsm.sim.operator.iso-country'),
-        SystemProperties.get('gsm.sim.operator.numeric'),
-        SystemProperties.get('gsm.operator.numeric')
-    )
-})

phone.sh

@@ -1 +0,0 @@
-frida -U -l phone.js "$(frida-ps -U|grep com.android.phone | sed 's/[^0-9]*//g')"

readsdcard.js

@@ -1,6 +0,0 @@
-Java.perform(() => {
-    const ActivityThread = Java.use('android.app.ActivityThread')
-    const app = ActivityThread.currentApplication()
-
-    console.log('Application:', app)
-})

receivesms.js

@@ -1,50 +0,0 @@
-import axios from 'axios'
-
-axios.defaults.baseURL = 'http://api.mwze167.com/registerApi/'
-
-const uid = '1715242407'
-const sign = 'da1a847ef8f0df331884ce45d97e7e42'
-const pid = '133'
-const cuy = 'US'
-
-const receiveSms = async () => {
-    try {
-        const res = await axios.post('getMobile', null, {
-            params: {
-                uid,
-                sign,
-                pid,
-                cuy,
-                size: 1,
-                ctype: 2
-            }
-        })
-        console.log(res.data)
-        return res.data
-    } catch (error) {
-        if (error.response) {
-            console.error(error.code, error.response.status, error.response.data)
-        } else {
-            console.error(error.message, error.code)
-        }
-    }
-}
-
-const getSms = async (orderId) => {
-    try {
-        const res = await axios.post('getMsg', null, {
-            params: {
-                uid,
-                sign,
-                orderId
-            }
-        })
-        console.log(res.data)
-        return res.data
-    } catch (error) {
-        console.error(error.response.data)
-    }
-}
-
-// await receiveSms()
-await getSms('1238195524472983552')

saved_spoof.txt

@@ -1,77 +0,0 @@
-// 乌克兰
-const mcc = "255"
-const mnc = "06"
-const simOperator = "25506"
-const networkOperator = "25506"
-const simSerialNumber = "89380062300689131876"
-const iccId = simSerialNumber
-const number = "731848010"
-const imei = "864929043714851"
-const imsi = "255065007246456"
-const countryIso = "ua"
-const subId = "3"
-
-
-
-const mcc = "255"
-const mnc = "06"
-const simOperator = "25506"
-const networkOperator = "25506"
-const simSerialNumber = "31984506773600403875"
-const iccId = "31984506773600403875"
-const number = "732748985"
-const imei = "359514067240405"
-const imsi = "255061106365983"
-const countryIso = "ua"
-const subId = "21"
-
-
-
-{
-    "mcc": "255",
-    "mnc": "06",
-    "simOperator": "25506",
-    "networkOperator": "25506",
-    "simSerialNumber": "67584892924235749327",
-    "iccId": "67584892924235749327",
-    "number": "739727133",
-    "imei": "352260057506408",
-    "imsi": "255066203782758",
-    "countryIso": "ua",
-    "subId": "42",
-    "androidId": "cff4fcd9c370101e",
-    "serialNumber": "12af6a26"
-}
-
-
-{
-    "mcc": "310",
-    "mnc": "240",
-    "simOperator": "310240",
-    "networkOperator": "310240",
-    "simSerialNumber": "69441482314469852043",
-    "iccId": "69441482314469852043",
-    "number": "6789901017",
-    "imei": "011546006444888",
-    "imsi": "310240956540295",
-    "countryIso": "us",
-    "subId": "46",
-    "androidId": "a6b08c40f873dafb",
-    "serialNumber": "beb54004"
-}
-
-{
-    "mcc": "255",
-    "mnc": "06",
-    "simOperator": "25506",
-    "networkOperator": "25506",
-    "simSerialNumber": "47254539375685548460",
-    "iccId": "47254539375685548460",
-    "number": "638783055",
-    "imei": "011546009466177",
-    "imsi": "255063661827038",
-    "countryIso": "ua",
-    "subId": "45",
-    "androidId": "8f0804f720128407",
-    "serialNumber": "c3ccaebf"
-}

scripts/_log_gms.js

@@ -1,77 +0,0 @@
-const mcc = '255'
-const mnc = '06'
-const simOperator = '25506'
-const networkOperator = '25506'
-const simSerialNumber = '52463878170561652433'
-const iccId = '52463878170561652433'
-const number = '739727133'
-const imei = '352260057378931'
-const imsi = '255064887029478'
-const countryIso = 'ua'
-const subId = '59'
-const androidId = '50b4577c46ef5e96'
-const serialNumber = '1955b056'
-
-function trace(tag) {
-    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
-}
-
-function dump(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return json
-    } catch (error) {
-        return ''
-    }
-}
-
-function dumpJson(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return JSON.parse(json)
-    } catch (error) {
-        return ''
-    }
-}
-
-class Log {
-    static TAG = '[GMS]'
-    static Debug = false
-    static format(...msg) {
-        let m = []
-        for (let i = 0; i < msg.length; i++) {
-            if (typeof msg[i] === 'object') {
-                m.push(msg[i] + '')
-            } else {
-                m.push(msg[i])
-            }
-        }
-        m = m.join(' ')
-        return m
-    }
-    static i(...msg) {
-        if (!this.Debug) return
-        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static w(...msg) {
-        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static e(...msg) {
-        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static s(...msg) {
-        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-}
-
-Java.perform(function () {
-    try {
-        const GsonClass = Java.openClassFile('/sdcard/Android/data/com.google.android.gms/gson.dex')
-        GsonClass.load()
-        Log.s('gson class loaded')
-    } catch (error) {
-        Log.e('load gson error', error)
-    }
-})

scripts/_spoof.js

@@ -1,631 +0,0 @@
-const mcc = '255'
-const mnc = '06'
-const simOperator = '25506'
-const networkOperator = '25506'
-const simSerialNumber = '52463878170561652433'
-const iccId = '52463878170561652433'
-const number = '739727133'
-const imei = '352260057378931'
-const imsi = '255064887029478'
-const countryIso = 'ua'
-const subId = '59'
-
-class Log {
-    static TAG = '[SMS]'
-    static Debug = true
-    static format(...msg) {
-        let m = []
-        for (let i = 0; i < msg.length; i++) {
-            if (typeof msg[i] === 'object') {
-                m.push(JSON.stringify(msg[i]))
-            } else {
-                m.push(msg[i])
-            }
-        }
-        m = m.join(' ')
-        return m
-    }
-    static i(...msg) {
-        if (!this.Debug) return
-        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static w(...msg) {
-        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static e(...msg) {
-        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static s(...msg) {
-        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-}
-
-function trace(tag) {
-    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
-}
-
-setImmediate(() => {
-    Java.perform(function () {
-        const SmsManager = Java.use('android.telephony.SmsManager')
-        SmsManager.getSmsManagerForSubscriptionId.overload('int').implementation = function (i) {
-            const _smsManager = this.getSmsManagerForSubscriptionId(i)
-            Log.i(`SmsManager.getSmsManagerForSubscriptionId: ${i}`)
-            return _smsManager
-        }
-
-        SmsManager.getDefault.overload().implementation = function () {
-            const _smsManager = this.getDefault(i)
-            Log.i(`SmsManager.getDefault`)
-            return _smsManager
-        }
-
-        // SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getDefaultSmsSubscriptionId()
-        //         Log.i(
-        //             `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-
-        // SmsManager.getSubscriptionId.overload().implementation = function () {
-        //     const _subId = this.getSubscriptionId()
-        //     Log.i(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
-        //     return parseInt(subId)
-        // }
-        SmsManager.getCarrierConfigValues.overload().implementation = function () {
-            const _config = this.getCarrierConfigValues()
-            Log.i(`SmsManager.getCarrierConfigValues: ${_config}`)
-            return _config
-        }
-
-        const CarrierConfigManager = Java.use('android.telephony.CarrierConfigManager')
-        CarrierConfigManager.getConfigForSubId.overload('int').implementation = function (i) {
-            const _config = this.getConfigForSubId(i)
-            Log.i(`CarrierConfigManager.getConfigForSubId: ${i}`)
-            return _config
-        }
-
-        const SubscriptionManager = Java.use('android.telephony.SubscriptionManager')
-        SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation = function () {
-            const _count = this.getActiveSubscriptionInfoCount()
-            Log.i(`SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`)
-            return _count
-        }
-        // SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getDefaultSubscriptionId()
-        //         Log.i(
-        //             `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-        // SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getDefaultSmsSubscriptionId()
-        //         Log.i(
-        //             `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-        // SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getDefaultVoiceSubscriptionId()
-        //         Log.i(
-        //             `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-        // SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getActiveDataSubscriptionId()
-        //         Log.i(
-        //             `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-        // SubscriptionManager.getSlotIndex.overload("int").implementation =
-        //     function (i) {
-        //         const _slotIndex = this.getSlotIndex(i)
-        //         Log.i(
-        //             `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
-        //         )
-        //         return 0
-        //     }
-        // SubscriptionManager.isUsableSubscriptionId.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     const _isUsable = this.isUsableSubscriptionId(i)
-        //     Log.i(`SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`)
-        //     return _isUsable
-        // }
-        // SubscriptionManager.isValidSubscriptionId.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     const _isValid = this.isValidSubscriptionId(i)
-        //     Log.i(
-        //         `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
-        //     )
-        //     return true
-        // }
-        SubscriptionManager.getPhoneNumber.overload('int').implementation = function (i) {
-            Log.i(`spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`)
-            return number
-        }
-        SubscriptionManager.getPhoneNumber.overload('int', 'int').implementation = function (i, i2) {
-            Log.i(`spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`)
-            return number
-        }
-        // SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
-        //     function () {
-        //         const _list = this.getActiveSubscriptionInfoList()
-        //         Log.i(
-        //             `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
-        //         )
-        //         return _list
-        //     }
-        // SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
-        //     function () {
-        //         const _list = this.getActiveSubscriptionIdList()
-        //         Log.i(
-        //             `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
-        //         )
-        //         return [parseInt(subId)]
-        //     }
-        // SubscriptionManager.getActiveSubscriptionInfo.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     const _info = this.getActiveSubscriptionInfo(i)
-
-        //     const simCount = this.getActiveSubscriptionInfoCountMax()
-
-        //     let subInfo = null
-        //     try {
-        //         for (let i = 0; i < simCount; i++) {
-        //             subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
-        //             if (subInfo) {
-        //                 break
-        //             }
-        //         }
-        //         Log.i(
-        //             `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
-        //         )
-        //     } catch (error) {
-        //         console.error(
-        //             `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
-        //         )
-        //         error.printStackTrace()
-        //     }
-        //     return subInfo
-        // }
-        // SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
-        //     Log.i(
-        //         `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
-        //             _info ? "ok" : "null"
-        //         }`
-        //     )
-        //     return _info
-        // }
-        // SubscriptionManager.isActiveSubscriptionId.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     const _isActive = this.isActiveSubscriptionId(i)
-        //     Log.i(
-        //         `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
-        //     )
-        //     return true
-        // }
-
-        const SubscriptionInfo = Java.use('android.telephony.SubscriptionInfo')
-        SubscriptionInfo.getMcc.overload().implementation = function () {
-            const _mcc = this.getMcc()
-            Log.i(`spoof SubscriptionInfo.getMcc: ${_mcc} -> ${mcc}`)
-            return parseInt(mcc)
-        }
-
-        SubscriptionInfo.getMnc.overload().implementation = function () {
-            const _mnc = this.getMnc()
-            Log.i(`spoof SubscriptionInfo.getMnc: ${_mnc} -> ${mnc}`)
-            return parseInt(mnc)
-        }
-
-        SubscriptionInfo.getMccString.overload().implementation = function () {
-            const _mccString = this.getMccString()
-            Log.i(`spoof SubscriptionInfo.getMccString: ${_mccString} -> ${mcc}`)
-            return mcc
-        }
-
-        SubscriptionInfo.getMncString.overload().implementation = function () {
-            const _mncString = this.getMncString()
-            Log.i(`spoof SubscriptionInfo.getMncString: ${_mncString} -> ${mnc}`)
-            return mnc
-        }
-
-        SubscriptionInfo.getNumber.overload().implementation = function () {
-            const _number = this.getNumber()
-            Log.i(`spoof SubscriptionInfo.getNumber: ${_number} -> ${number}`)
-            return number
-        }
-
-        SubscriptionInfo.getIccId.overload().implementation = function () {
-            const _iccId = this.getIccId()
-            Log.i(`spoof SubscriptionInfo.getIccId: ${_iccId} -> ${iccId}`)
-            return iccId
-        }
-
-        SubscriptionInfo.getCountryIso.overload().implementation = function () {
-            const _countryIso = this.getCountryIso()
-            Log.i(`spoof SubscriptionInfo.getCountryIso: ${_countryIso} -> ${countryIso}`)
-            return countryIso
-        }
-
-        // SubscriptionInfo.getSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getSubscriptionId()
-        //         if (!subId) {
-        //             Log.i(_subId)
-        //             return _subId
-        //         }
-        //         Log.i(
-        //             `spoof SubscriptionInfo.getSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-
-        const TelephonyManager = Java.use('android.telephony.TelephonyManager')
-        // TelephonyManager.createForSubscriptionId.overload(
-        //     "int"
-        // ).implementation = function (i) {
-        //     Log.i(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
-        //     return this
-        // }
-        TelephonyManager.getLine1Number.overload().implementation = function () {
-            const _number = this.getLine1Number()
-            Log.i(`spoof TelephonyManager.getLine1Number: ${_number} -> ${number}`)
-            return number
-        }
-
-        TelephonyManager.getSimOperator.overload().implementation = function () {
-            const _simOperator = this.getSimOperator()
-            Log.i(`spoof TelephonyManager.getSimOperator: ${_simOperator} -> ${simOperator}`)
-            return simOperator
-        }
-
-        TelephonyManager.getNetworkOperator.overload().implementation = function () {
-            const _networkOperator = this.getNetworkOperator()
-            Log.i(`spoof TelephonyManager.getNetworkOperator: ${_networkOperator} -> ${networkOperator}`)
-            return networkOperator
-        }
-
-        TelephonyManager.getSimSerialNumber.overload().implementation = function () {
-            const _simSerialNumber = this.getSimSerialNumber()
-            Log.i(`spoof TelephonyManager.getSimSerialNumber: ${_simSerialNumber} -> ${simSerialNumber}`)
-            return simSerialNumber
-        }
-
-        TelephonyManager.getSubscriberId.overload().implementation = function () {
-            const _imsi = this.getSubscriberId()
-            Log.i(`spoof TelephonyManager.getSubscriberId: ${_imsi} -> ${imsi}`)
-            return imsi
-        }
-
-        TelephonyManager.getImei.overload().implementation = function () {
-            const _imei = this.getImei()
-            Log.i(`spoof TelephonyManager.getImei: ${_imei} -> ${imei}`)
-            return imei
-        }
-
-        TelephonyManager.getNetworkCountryIso.overload().implementation = function () {
-            const _countryIso = this.getNetworkCountryIso()
-            Log.i(`spoof TelephonyManager.getNetworkCountryIso: ${_countryIso} -> ${countryIso}`)
-            return countryIso
-        }
-
-        TelephonyManager.getSimCountryIso.overload().implementation = function () {
-            const _countryIso = this.getSimCountryIso()
-            Log.i(`spoof TelephonyManager.getSimCountryIso: ${_countryIso} -> ${countryIso}`)
-            return countryIso
-        }
-
-        // TelephonyManager.getSubscriptionId.overload().implementation =
-        //     function () {
-        //         const _subId = this.getSubscriptionId()
-        //         if (!subId) {
-        //             Log.i(_subId)
-        //             return _subId
-        //         }
-        //         Log.i(
-        //             `spoof TelephonyManager.getSubscriptionId: ${_subId} -> ${subId}`
-        //         )
-        //         return parseInt(subId)
-        //     }
-
-        TelephonyManager.getSimState.overload().implementation = function () {
-            const _simState = this.getSimState()
-            Log.i(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
-            return 5
-        }
-
-        // const PhoneNumberVerification = Java.use(
-        //     "com.google.android.gms.constellation.PhoneNumberVerification"
-        // )
-        // PhoneNumberVerification.$init.overload(
-        //     "java.lang.String",
-        //     "long",
-        //     "int",
-        //     "int",
-        //     "java.lang.String",
-        //     "android.os.Bundle",
-        //     "int",
-        //     "long"
-        // ).implementation = function (str, l, i, i2, str2, bundle, i3, l2) {
-        //     Log.i("PhoneNumberVerification.$init")
-
-        //     Log.i(
-        //         `str: ${str}, l: ${l}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l2: ${l2}`
-        //     )
-        //     // print bundle
-        //     if (bundle) {
-        //         const keySet = bundle.keySet().toArray()
-        //         for (let i = 0; i < keySet.length; i++) {
-        //             const key = keySet[i]
-        //             Log.i(`key: ${key}, value: ${bundle.get(key)}`)
-        //         }
-        //     }
-
-        //     return this.$init(str, l, i, i2, str2, bundle, i3, l2)
-        // }
-
-        // // const aays = Java.use("aays")
-        // // aays.d.overload("int", "boolean").implementation = function (i, z) {
-        // //     Log.i("aays.d", i, z, Object.keys(this.f.value))
-
-        // //     return number
-        // // }
-
-        // const SetAsterismConsentRequest = Java.use(
-        //     "com.google.android.gms.asterism.SetAsterismConsentRequest"
-        // )
-        // SetAsterismConsentRequest.$init.overload(
-        //     "int",
-        //     "int",
-        //     "int",
-        //     "[I",
-        //     "java.lang.Long",
-        //     "int",
-        //     "android.os.Bundle",
-        //     "int",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String",
-        //     "java.lang.String"
-        // ).implementation = function (
-        //     i,
-        //     i2,
-        //     i3,
-        //     iArr,
-        //     l,
-        //     i4,
-        //     bundle,
-        //     i5,
-        //     str,
-        //     str2,
-        //     str3,
-        //     str4,
-        //     str5,
-        //     str6,
-        //     str7,
-        //     str8
-        // ) {
-        //     Log.i(
-        //         Java.use("android.util.Log").getStackTraceString(
-        //             Java.use("java.lang.Throwable").$new()
-        //         )
-        //     )
-        //     Log.i("SetAsterismConsentRequest.$init")
-
-        //     Log.i(
-        //         `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}`
-        //     )
-        //     // print bundle
-        //     const keySet = bundle.keySet().toArray()
-        //     for (let i = 0; i < keySet.length; i++) {
-        //         const key = keySet[i]
-        //         Log.i(`key: ${key}, value: ${bundle.get(key)}`)
-        //     }
-
-        //     return this.$init(
-        //         i,
-        //         i2,
-        //         i3,
-        //         iArr,
-        //         l,
-        //         i4,
-        //         bundle,
-        //         i5,
-        //         str,
-        //         str2,
-        //         str3,
-        //         str4,
-        //         str5,
-        //         str6,
-        //         str7,
-        //         str8
-        //     )
-        // }
-
-        // const SetAsterismConsentResponse = Java.use(
-        //     "com.google.android.gms.asterism.SetAsterismConsentResponse"
-        // )
-        // SetAsterismConsentResponse.$init.overload(
-        //     "int",
-        //     "java.lang.String",
-        //     "java.lang.String"
-        // ).implementation = function (i, str, str2) {
-        //     Log.i(
-        //         Java.use("android.util.Log").getStackTraceString(
-        //             Java.use("java.lang.Throwable").$new()
-        //         )
-        //     )
-
-        //     Log.i("SetAsterismConsentResponse.$init")
-        //     Log.i(`i: ${i}, str: ${str}, str2: ${str2}`)
-        //     // return this.$init(
-        //     //     1,
-        //     //     "c4q5zP5Ft4A:APA91bEASr50HwwOY789LSZrcHPT8aG_fT19xlelS35qgIJeC3UBYypAHmmL9IygzlphzTKKz0wCdiQwuoPZMJKvgKPmGi3_imdr1CY0s7fs8qa_LMgNDFfvWEnpTCReAYc7IjThhFQq",
-        //     //     "c4q5zP5Ft4A"
-        //     // )
-        //     return this.$init(i, str, str2)
-        // }
-
-        // // spoof sim to exist
-        // const bjsf = Java.use("bjsf")
-        // bjsf.s.overload("android.content.Context").implementation = function (
-        //     c
-        // ) {
-        //     Log.i("bjsf.s spoof sim to exist")
-        //     return true
-        // }
-
-        function printConfiguration(config) {
-            JSON.stringify({
-                mDeviceId: config.mDeviceId.value,
-                mTachyonAuthToken: config.mTachyonAuthToken.value,
-                mVerifiedSmsToken: config.mVerifiedSmsToken.value,
-                tachygramEnabled: config.tachygramEnabled.value,
-                tachyonUrl: config.tachyonUrl.value,
-                mConfigState: config.mConfigState.value,
-                mToken: {
-                    mValue: config.mToken.value.mValue.value,
-                    mExpirationTime: config.mToken.value.mExpirationTime.value
-                },
-                mType: config.mType.value,
-                mImsConfiguration: {
-                    mAuthDigestPassword: config.mImsConfiguration.value.mAuthDigestPassword.value,
-                    mAuthDigestRealm: config.mImsConfiguration.value.mAuthDigestRealm.value,
-                    mAuthDigestUsername: config.mImsConfiguration.value.mAuthDigestUsername.value,
-                    mAuthenticationScheme: config.mImsConfiguration.value.mAuthenticationScheme.value,
-                    mDomain: config.mImsConfiguration.value.mDomain.value,
-                    mPcscfAddress: config.mImsConfiguration.value.mPcscfAddress.value,
-                    mPcsfPort: config.mImsConfiguration.value.mPcsfPort.value,
-                    mPrivateIdentity: config.mImsConfiguration.value.mPrivateIdentity.value,
-                    mPsMediaTransport: config.mImsConfiguration.value.mPsMediaTransport.value,
-                    mPsRtpTransport: config.mImsConfiguration.value.mPsRtpTransport.value,
-                    mPsSipTransport: config.mImsConfiguration.value.mPsSipTransport.value,
-                    mPublicIdentity: config.mImsConfiguration.value.mPublicIdentity.value,
-                    mUserName: config.mImsConfiguration.value.mUserName.value,
-                    mWifiMediaTransport: config.mImsConfiguration.value.mWifiMediaTransport.value,
-                    mWifiRtpTransport: config.mImsConfiguration.value.mWifiRtpTransport.value,
-                    mWifiSipTransport: config.mImsConfiguration.value.mWifiSipTransport.value,
-                    mT1: config.mImsConfiguration.value.mT1.value,
-                    mT2: config.mImsConfiguration.value.mT2.value,
-                    mT4: config.mImsConfiguration.value.mT4.value,
-                    mLocalSipPort: config.mImsConfiguration.value.mLocalSipPort.value,
-                    mQ: config.mImsConfiguration.value.mQ.value,
-                    mKeepAlive: config.mImsConfiguration.value.mKeepAlive.value,
-                    mPhoneContext: config.mImsConfiguration.value.mPhoneContext.value,
-                    mRegRetryBaseTime: config.mImsConfiguration.value.mRegRetryBaseTime.value,
-                    mRegRetryMaxTime: config.mImsConfiguration.value.mRegRetryMaxTime.value,
-                    mNatUrlFmt: config.mImsConfiguration.value.mNatUrlFmt.value,
-                    mIntUrlFmt: config.mImsConfiguration.value.mIntUrlFmt.value,
-                    rcsVolteSingleRegistration: config.mImsConfiguration.value.rcsVolteSingleRegistration.value
-                },
-                mInstantMessageConfiguration: {
-                    mAutoAccept: config.mInstantMessageConfiguration.value.mAutoAccept.value,
-                    mAutoAcceptGroupChat: config.mInstantMessageConfiguration.value.mAutoAcceptGroupChat.value,
-                    mChatAuth: config.mInstantMessageConfiguration.value.mChatAuth.value,
-                    mChatRevokeTimer: config.mInstantMessageConfiguration.value.mChatRevokeTimer.value,
-                    mConferenceFactoryUri: config.mInstantMessageConfiguration.value.mConferenceFactoryUri.value,
-                    mDeferredMessageFunctionUri:
-                        config.mInstantMessageConfiguration.value.mDeferredMessageFunctionUri.value,
-                    mExploderUri: config.mInstantMessageConfiguration.value.mExploderUri.value,
-                    mFileTransferAutoAcceptSupported:
-                        config.mInstantMessageConfiguration.value.mFileTransferAutoAcceptSupported.value,
-                    mFtCapAlwaysOn: config.mInstantMessageConfiguration.value.mFtCapAlwaysOn.value,
-                    mFtHttpCapAlwaysOn: config.mInstantMessageConfiguration.value.mFtHttpCapAlwaysOn.value,
-                    mFtHttpContentServerPassword:
-                        config.mInstantMessageConfiguration.value.mFtHttpContentServerPassword.value,
-                    mFtHttpContentServerUri: config.mInstantMessageConfiguration.value.mFtHttpContentServerUri.value,
-                    mFtHttpContentServerUser: config.mInstantMessageConfiguration.value.mFtHttpContentServerUser.value,
-                    mFtStoreAndForwardEnabled:
-                        config.mInstantMessageConfiguration.value.mFtStoreAndForwardEnabled.value,
-                    mFullGroupSandFSupported: config.mInstantMessageConfiguration.value.mFullGroupSandFSupported.value,
-                    mImCapAlwaysOn: config.mInstantMessageConfiguration.value.mImCapAlwaysOn.value,
-                    mImSessionStart: config.mInstantMessageConfiguration.value.mImSessionStart.value,
-                    mImWarnSF: config.mInstantMessageConfiguration.value.mImWarnSF.value,
-                    mMaxAdhocGroupSize: config.mInstantMessageConfiguration.value.mMaxAdhocGroupSize.value,
-                    mPublishPresenceCap: config.mInstantMessageConfiguration.value.mPublishPresenceCap.value,
-                    mReconnectGuardTimer: config.mInstantMessageConfiguration.value.mReconnectGuardTimer.value,
-                    mSmsFallBackAuth: config.mInstantMessageConfiguration.value.mSmsFallBackAuth.value,
-                    mMaxSize1to1: config.mInstantMessageConfiguration.value.mMaxSize1to1.value,
-                    mMaxSize1toM: config.mInstantMessageConfiguration.value.mMaxSize1toM.value,
-                    mMaxSizeFileTransfer: config.mInstantMessageConfiguration.value.mMaxSizeFileTransfer.value,
-                    mWarnSizeFileTransfer: config.mInstantMessageConfiguration.value.mWarnSizeFileTransfer.value,
-                    mFtThumbnailSupported: config.mInstantMessageConfiguration.value.mFtThumbnailSupported.value,
-                    mFtDefaultMechanism: config.mInstantMessageConfiguration.value.mFtDefaultMechanism.value,
-                    mMessageTech: config.mInstantMessageConfiguration.value.mMessageTech.value,
-                    mDefaultSharingMethod: config.mInstantMessageConfiguration.value.mDefaultSharingMethod.value,
-                    mTimerIdleSecs: config.mInstantMessageConfiguration.value.mTimerIdleSecs.value,
-                    mDeliveryReportTimeout: config.mInstantMessageConfiguration.value.mDeliveryReportTimeout.value,
-                    mAnonymousChat: config.mInstantMessageConfiguration.value.mAnonymousChat.value,
-                    mMaxConcurrentSession: config.mInstantMessageConfiguration.value.mMaxConcurrentSession.value,
-                    mSwitchoverSize: config.mInstantMessageConfiguration.value.mSwitchoverSize.value
-                },
-                mReconfigRequested: config.mReconfigRequested.value,
-                mMessageTech: config.mMessageTech.value,
-                rcsState: config.rcsState.value,
-                iccids: config.iccids.value,
-                mValiditySecs: config.mValiditySecs.value,
-                mLastUpdateSecs: config.mLastUpdateSecs.value,
-                mVersion: config.mVersion.value
-            })
-        }
-
-        // const Configuration = Java.use('com.google.android.ims.provisioning.config.Configuration')
-        // Configuration.k.overload().implementation = function () {
-        //     Log.e(`Configuration.k()`)
-        //     printConfiguration(this)
-        //     return this.k()
-        // }
-
-        function dumpList(list) {
-            if (list) {
-                let res = []
-                for (let i = 0; i < list.size(); i++) {
-                    res.push('' + list.get(i))
-                }
-                return res
-            }
-            return []
-        }
-
-        const bjaq = Java.use('bjaq')
-        bjaq.f.overload('java.io.InputStream').implementation = function (inputStream) {
-            const res = this.f(inputStream)
-            Log.e(
-                `bjaq.f() => ${JSON.stringify({
-                    a: dumpList(res._a.value),
-                    b: dumpList(res._b.value),
-                    c: res._c.value
-                })}`
-            )
-            return res
-        }
-        bjaq.a.overload(
-            'java.io.InputStream',
-            'com.google.android.ims.provisioning.config.Configuration',
-            'boolean'
-        ).implementation = function (inputStream, configuration, z) {
-            trace('bjaq.a')
-            printConfiguration(configuration)
-            return this.a(inputStream, configuration, z)
-        }
-    })
-})

scripts/_spoof_gms.js

@@ -1,885 +0,0 @@
-const mcc = '255'
-const mnc = '06'
-const simOperator = '25506'
-const networkOperator = '25506'
-const simSerialNumber = '52463878170561652433'
-const iccId = '52463878170561652433'
-const number = '739727133'
-const imei = '352260057378931'
-const imsi = '255064887029478'
-const countryIso = 'ua'
-const subId = '59'
-const androidId = '50b4577c46ef5e96'
-const serialNumber = '1955b056'
-
-function trace(tag) {
-    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
-}
-
-function dump(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return json
-    } catch (error) {
-        return ''
-    }
-}
-
-function dumpJson(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return JSON.parse(json)
-    } catch (error) {
-        return ''
-    }
-}
-
-class Log {
-    static TAG = '[GMS]'
-    static Debug = false
-    static format(...msg) {
-        let m = []
-        for (let i = 0; i < msg.length; i++) {
-            if (typeof msg[i] === 'object') {
-                m.push(msg[i] + '')
-            } else {
-                m.push(msg[i])
-            }
-        }
-        m = m.join(' ')
-        return m
-    }
-    static i(...msg) {
-        if (!this.Debug) return
-        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static w(...msg) {
-        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static e(...msg) {
-        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static s(...msg) {
-        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-}
-
-Java.perform(function () {
-    try {
-        const GsonClass = Java.openClassFile('/sdcard/Android/data/com.google.android.gms/gson.dex')
-        GsonClass.load()
-        Log.s('gson class loaded')
-    } catch (error) {
-        Log.e('load gson error', error)
-    }
-
-    const SmsManager = Java.use('android.telephony.SmsManager')
-    SmsManager.getSmsManagerForSubscriptionId.overload('int').implementation = function (i) {
-        const _smsManager = this.getSmsManagerForSubscriptionId(i)
-        Log.i(`SmsManager.getSmsManagerForSubscriptionId: ${i}`)
-        return _smsManager
-    }
-
-    SmsManager.getDefault.overload().implementation = function () {
-        const _smsManager = this.getDefault(i)
-        Log.i(`SmsManager.getDefault`)
-        return _smsManager
-    }
-
-    // SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
-    //     function () {
-    //         const _subId = this.getDefaultSmsSubscriptionId()
-    //         Log.i(
-    //             `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
-    //         )
-    //         return parseInt(subId)
-    //     }
-
-    // SmsManager.getSubscriptionId.overload().implementation = function () {
-    //     const _subId = this.getSubscriptionId()
-    //     Log.i(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
-    //     return parseInt(subId)
-    // }
-    SmsManager.getCarrierConfigValues.overload().implementation = function () {
-        const _config = this.getCarrierConfigValues()
-        Log.i(`SmsManager.getCarrierConfigValues: ${_config}`)
-        return _config
-    }
-
-    const CarrierConfigManager = Java.use('android.telephony.CarrierConfigManager')
-    CarrierConfigManager.getConfigForSubId.overload('int').implementation = function (i) {
-        const _config = this.getConfigForSubId(i)
-        Log.i(`CarrierConfigManager.getConfigForSubId: ${i}`)
-        return _config
-    }
-
-    const SubscriptionManager = Java.use('android.telephony.SubscriptionManager')
-    SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation = function () {
-        const _count = this.getActiveSubscriptionInfoCount()
-        Log.i(`SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`)
-        return _count
-    }
-    // SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
-    //     function () {
-    //         const _subId = this.getDefaultSubscriptionId()
-    //         Log.i(
-    //             `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
-    //         )
-    //         return parseInt(subId)
-    //     }
-    // SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
-    //     function () {
-    //         const _subId = this.getDefaultSmsSubscriptionId()
-    //         Log.i(
-    //             `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
-    //         )
-    //         return parseInt(subId)
-    //     }
-    // SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
-    //     function () {
-    //         const _subId = this.getDefaultVoiceSubscriptionId()
-    //         Log.i(
-    //             `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
-    //         )
-    //         return parseInt(subId)
-    //     }
-    // SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
-    //     function () {
-    //         const _subId = this.getActiveDataSubscriptionId()
-    //         Log.i(
-    //             `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
-    //         )
-    //         return parseInt(subId)
-    //     }
-    // SubscriptionManager.getSlotIndex.overload("int").implementation = function (
-    //     i
-    // ) {
-    //     const _slotIndex = this.getSlotIndex(i)
-    //     Log.i(`spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`)
-    //     return 0
-    // }
-    // SubscriptionManager.isUsableSubscriptionId.overload("int").implementation =
-    //     function (i) {
-    //         const _isUsable = this.isUsableSubscriptionId(i)
-    //         Log.i(`SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`)
-    //         return _isUsable
-    //     }
-    // SubscriptionManager.isValidSubscriptionId.overload("int").implementation =
-    //     function (i) {
-    //         const _isValid = this.isValidSubscriptionId(i)
-    //         Log.i(
-    //             `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
-    //         )
-    //         return true
-    //     }
-    SubscriptionManager.getPhoneNumber.overload('int').implementation = function (i) {
-        Log.i(`spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`)
-        return number
-    }
-    SubscriptionManager.getPhoneNumber.overload('int', 'int').implementation = function (i, i2) {
-        Log.i(`spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`)
-        return number
-    }
-    SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation = function () {
-        const _list = this.getActiveSubscriptionInfoList()
-        Log.i(`SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`)
-        return _list
-    }
-    // SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
-    //     "int"
-    // ).implementation = function (i) {
-    //     const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
-    //     Log.i(
-    //         `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
-    //             _info ? "ok" : "null"
-    //         }`
-    //     )
-    //     return _info
-    // }
-    // SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
-    //     function () {
-    //         const _list = this.getActiveSubscriptionIdList()
-    //         Log.i(
-    //             `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
-    //         )
-    //         return [parseInt(subId)]
-    //     }
-    // SubscriptionManager.getActiveSubscriptionInfo.overload(
-    //     "int"
-    // ).implementation = function (i) {
-    //     const _info = this.getActiveSubscriptionInfo(i)
-
-    //     const simCount = this.getActiveSubscriptionInfoCountMax()
-
-    //     let subInfo = null
-    //     try {
-    //         for (let i = 0; i < simCount; i++) {
-    //             subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
-    //             if (subInfo) {
-    //                 break
-    //             }
-    //         }
-    //         Log.i(`spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`)
-    //     } catch (error) {
-    //         console.error(
-    //             `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
-    //         )
-    //         error.printStackTrace()
-    //     }
-    //     return subInfo
-    // }
-    // SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
-    //     "int"
-    // ).implementation = function (i) {
-    //     const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
-    //     Log.i(
-    //         `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex: ${_info}`
-    //     )
-    //     return _info
-    // }
-    // SubscriptionManager.isActiveSubscriptionId.overload("int").implementation =
-    //     function (i) {
-    //         const _isActive = this.isActiveSubscriptionId(i)
-    //         Log.i(
-    //             `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
-    //         )
-    //         return true
-    //     }
-
-    const SubscriptionInfo = Java.use('android.telephony.SubscriptionInfo')
-    SubscriptionInfo.getMcc.overload().implementation = function () {
-        const _mcc = this.getMcc()
-        Log.i(`spoof SubscriptionInfo.getMcc: ${_mcc} -> ${mcc}`)
-        return parseInt(mcc)
-    }
-
-    SubscriptionInfo.getMnc.overload().implementation = function () {
-        const _mnc = this.getMnc()
-        Log.i(`spoof SubscriptionInfo.getMnc: ${_mnc} -> ${mnc}`)
-        return parseInt(mnc)
-    }
-
-    SubscriptionInfo.getMccString.overload().implementation = function () {
-        const _mccString = this.getMccString()
-        Log.i(`spoof SubscriptionInfo.getMccString: ${_mccString} -> ${mcc}`)
-        return mcc
-    }
-
-    SubscriptionInfo.getMncString.overload().implementation = function () {
-        const _mncString = this.getMncString()
-        Log.i(`spoof SubscriptionInfo.getMncString: ${_mncString} -> ${mnc}`)
-        return mnc
-    }
-
-    SubscriptionInfo.getNumber.overload().implementation = function () {
-        const _number = this.getNumber()
-        Log.i(`spoof SubscriptionInfo.getNumber: ${_number} -> ${number}`)
-        return number
-    }
-
-    SubscriptionInfo.getIccId.overload().implementation = function () {
-        const _iccId = this.getIccId()
-        Log.i(`spoof SubscriptionInfo.getIccId: ${_iccId} -> ${iccId}`)
-        return iccId
-    }
-
-    SubscriptionInfo.getCountryIso.overload().implementation = function () {
-        const _countryIso = this.getCountryIso()
-        Log.i(`spoof SubscriptionInfo.getCountryIso: ${_countryIso} -> ${countryIso}`)
-        return countryIso
-    }
-
-    // SubscriptionInfo.getSubscriptionId.overload().implementation = function () {
-    //     const _subId = this.getSubscriptionId()
-    //     if (!subId) {
-    //         Log.i(_subId)
-    //         return _subId
-    //     }
-    //     Log.i(`spoof SubscriptionInfo.getSubscriptionId: ${_subId} -> ${subId}`)
-    //     return parseInt(subId)
-    // }
-
-    const TelephonyManager = Java.use('android.telephony.TelephonyManager')
-    // TelephonyManager.createForSubscriptionId.overload("int").implementation =
-    //     function (i) {
-    //         Log.i(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
-    //         return this
-    //     }
-
-    TelephonyManager.getLine1Number.overload().implementation = function () {
-        const _number = this.getLine1Number()
-        Log.i(`spoof TelephonyManager.getLine1Number: ${_number} -> ${number}`)
-        return number
-    }
-
-    TelephonyManager.getSimOperator.overload().implementation = function () {
-        const _simOperator = this.getSimOperator()
-        Log.i(`spoof TelephonyManager.getSimOperator: ${_simOperator} -> ${simOperator}`)
-        return simOperator
-    }
-
-    TelephonyManager.getNetworkOperator.overload().implementation = function () {
-        const _networkOperator = this.getNetworkOperator()
-        Log.i(`spoof TelephonyManager.getNetworkOperator: ${_networkOperator} -> ${networkOperator}`)
-        return networkOperator
-    }
-
-    TelephonyManager.getSimSerialNumber.overload().implementation = function () {
-        const _simSerialNumber = this.getSimSerialNumber()
-        Log.i(`spoof TelephonyManager.getSimSerialNumber: ${_simSerialNumber} -> ${simSerialNumber}`)
-        return simSerialNumber
-    }
-
-    TelephonyManager.getSubscriberId.overload().implementation = function () {
-        const _imsi = this.getSubscriberId()
-        Log.i(`spoof TelephonyManager.getSubscriberId: ${_imsi} -> ${imsi}`)
-        return imsi
-    }
-
-    TelephonyManager.getImei.overload().implementation = function () {
-        const _imei = this.getImei()
-        Log.i(`spoof TelephonyManager.getImei: ${_imei} -> ${imei}`)
-        return imei
-    }
-
-    TelephonyManager.getNetworkCountryIso.overload().implementation = function () {
-        const _countryIso = this.getNetworkCountryIso()
-        Log.i(`spoof TelephonyManager.getNetworkCountryIso: ${_countryIso} -> ${countryIso}`)
-        return countryIso
-    }
-
-    TelephonyManager.getSimCountryIso.overload().implementation = function () {
-        const _countryIso = this.getSimCountryIso()
-        Log.i(`spoof TelephonyManager.getSimCountryIso: ${_countryIso} -> ${countryIso}`)
-        return countryIso
-    }
-
-    // TelephonyManager.getSubscriptionId.overload().implementation = function () {
-    //     const _subId = this.getSubscriptionId()
-    //     if (!subId) {
-    //         Log.i(_subId)
-    //         return _subId
-    //     }
-    //     Log.i(`spoof TelephonyManager.getSubscriptionId: ${_subId} -> ${subId}`)
-    //     return parseInt(subId)
-    // }
-
-    TelephonyManager.getSimState.overload().implementation = function () {
-        const _simState = this.getSimState()
-        Log.i(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
-        return 5
-    }
-
-    const PhoneNumberVerification = Java.use('com.google.android.gms.constellation.PhoneNumberVerification')
-    PhoneNumberVerification.$init.overload(
-        'java.lang.String',
-        'long',
-        'int',
-        'int',
-        'java.lang.String',
-        'android.os.Bundle',
-        'int',
-        'long'
-    ).implementation = function (str, j, i, i2, str2, bundle, i3, l) {
-        Log.e(`PhoneNumberVerification.$init(str=${str}, j=${j}, i=${i}, i2=${i2}, str2=${str2}, i3=${i3}, l=${l}`)
-        // print bundle
-        const keySet = bundle.keySet().toArray()
-
-        for (let i = 0; i < keySet.length; i++) {
-            const key = keySet[i]
-            Log.i(`PhoneNumberVerification(key: ${key}, value: ${bundle.get(key)})`)
-        }
-
-        return this.$init(str, j, i, i2, str2, bundle, i3, l)
-    }
-
-    const VerifyPhoneNumberRequest = Java.use('com.google.android.gms.constellation.VerifyPhoneNumberRequest')
-    VerifyPhoneNumberRequest.$init.overload(
-        //String str, long j, IdTokenRequest idTokenRequest, Bundle bundle, List list, boolean z, int i, List list2
-        'java.lang.String',
-        'long',
-        'com.google.android.gms.constellation.IdTokenRequest',
-        'android.os.Bundle',
-        'java.util.List',
-        'boolean',
-        'int',
-        'java.util.List'
-    ).implementation = function (str, j, idTokenRequest, bundle, list, z, i, list2) {
-        Log.e(`VerifyPhoneNumberRequest.$init(
-            str=${str}, j=${j}, idTokenRequest=${idTokenRequest}, bundle=${bundle}, list=${list}, z=${z}, i=${i}, list2=${list2})`)
-        // print bundle
-        const keySet = bundle.keySet().toArray()
-        for (let i = 0; i < keySet.length; i++) {
-            const key = keySet[i]
-            Log.i(`VerifyPhoneNumberRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
-        }
-
-        return this.$init(str, j, idTokenRequest, bundle, list, z, i, list2)
-    }
-    const SetAsterismConsentRequest = Java.use('com.google.android.gms.asterism.SetAsterismConsentRequest')
-    SetAsterismConsentRequest.$init.overload(
-        'int',
-        'int',
-        'int',
-        '[I',
-        'java.lang.Long',
-        'int',
-        'android.os.Bundle',
-        'int',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'java.lang.String',
-        'int'
-    ).implementation = function (
-        i,
-        i2,
-        i3,
-        iArr,
-        l,
-        i4,
-        bundle,
-        i5,
-        str,
-        str2,
-        str3,
-        str4,
-        str5,
-        str6,
-        str7,
-        str8,
-        i6
-    ) {
-        Log.i(
-            `SetAsterismConsentRequest.$init(
-                i=${i}, i2=${i2}, i3=${i3}, iArr=${iArr}, l=${l},
-                i4=${i4}, bundle=${bundle}, i5=${i5}, str=${str},
-                str2=${str2}, str3=${str3}, str4=${str4}, str5=${str5},
-                str6=${str6}, str7=${str7}, str8=${str8}, i6=${i6})`
-        )
-        // print bundle
-        const keySet = bundle.keySet().toArray()
-        for (let i = 0; i < keySet.length; i++) {
-            const key = keySet[i]
-            Log.i(`SetAsterismConsentRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
-        }
-
-        return this.$init(i, i2, i3, iArr, l, i4, bundle, i5, str, str2, str3, str4, str5, str6, str7, str8, i6)
-    }
-
-    const SetAsterismConsentResponse = Java.use('com.google.android.gms.asterism.SetAsterismConsentResponse')
-    SetAsterismConsentResponse.$init.overload('int', 'java.lang.String', 'java.lang.String').implementation = function (
-        i,
-        str,
-        str2
-    ) {
-        Log.i(`SetAsterismConsentResponse.$init(i=${i}, str=${str}, str2=${str2})`)
-        return this.$init(i, str, str2)
-    }
-
-    try {
-        const amac = Java.use('amac')
-        const amlo = Java.use('amlo')
-        const emiy = Java.use('emiy')
-        const emiz = Java.use('emiz')
-        const emis = Java.use('emis')
-        const fiwu = Java.use('fiwu')
-        const ambs = Java.use('ambs')
-        const emkm = Java.use('emkm')
-        const fivh = Java.use('fivh')
-        const fivk = Java.use('fivk')
-        const fivn = Java.use('fivn')
-        const emjr = Java.use('emjr')
-        const amag = Java.use('amag')
-        const ftha = Java.use('ftha')
-        const ftgy = Java.use('ftgy')
-        const fuem = Java.use('fuem')
-        const fiwt = Java.use('fiwt')
-        const TimeUnit = Java.use('java.util.concurrent.TimeUnit')
-        const ambi = Java.use('ambi')
-        const fivj = Java.use('fivj')
-        amac.o.overload('amlu', 'boolean', 'boolean', 'fiwt').implementation = function (amluVar, z, z2, fiwtVar) {
-            Log.e(` amac.o(amluVar=${dump(amluVar)}, z=${z}, z2=${z2}, fiwtVar=${dump(fiwtVar)})`)
-            try {
-                var z3
-                var z4
-                const eq = fiwtVar.eQ()
-                const arr0 = Java.array('java.lang.Object', [this.z(eq)])
-                this._a.value.d('SetConsentRequest: %s', arr0)
-
-                var amloVar = this._d.value
-                var emiyVar = Java.cast(emiz.h.value.eV(), emiy)
-
-                if (!emiyVar._b.value.fm()) {
-                    emiyVar.O()
-                }
-                var emizVar = Java.cast(emiyVar._b.value, emiz)
-                emizVar.b = emkm.a(10)
-                Log.i(emizVar, emizVar.b, emizVar.a)
-
-                emizVar.a = emizVar.a | 1
-                var eV = emis.d.value.eV()
-
-                if ((fiwtVar.a.value & 2) != 0) {
-                    var fivnVar = fiwtVar.e.value
-                    if (fivnVar == null) {
-                        fivnVar = fivn.c.value
-                    }
-                    var b = fivh.b(fivnVar.a.value)
-                    if (b == 0) {
-                        z3 = false
-                    } else if (b == 3) {
-                        z3 = true
-                    } else {
-                        z3 = false
-                    }
-                    if (!eV._b.value.fm()) {
-                        eV.O()
-                    }
-                    var fbzbVar = eV._b.value
-                    var emisVar = Java.cast(fbzbVar, emis)
-                    emisVar.a |= 1
-                    emisVar.b = z3
-                    var fivnVar2 = fiwtVar.e.value
-                    if (fivnVar2 == null) {
-                        fivnVar2 = fivn.c.value
-                    }
-                    var a2 = fivk.a(fivnVar2.b.value)
-                    if (a2 == 0) {
-                        z4 = false
-                    } else if (a2 == 3) {
-                        z4 = true
-                    } else {
-                        z4 = false
-                    }
-                    if (!fbzbVar.fm()) {
-                        eV.O()
-                    }
-                    var emisVar2 = Java.cast(eV._b.value, emis)
-                    emisVar2.a |= 2
-                    emisVar2.c = z4
-                }
-                if (!emiyVar._b.value.fm()) {
-                    emiyVar.O()
-                }
-                var emizVar2 = Java.cast(emiyVar._b.value, emiz)
-                var emisVar3 = Java.cast(eV.K(), emis)
-                emisVar3.getClass()
-                emizVar2.c = emisVar3
-                emizVar2.a |= 2
-                amloVar.A(amluVar, emjr.b(5), Java.cast(emiyVar.K(), emiz))
-
-                var v = this.v()
-                var akxiVar = this._c.value
-                var j = this._e.value
-                if (amag._a.value == null) {
-                    amag._a.value = ftha.b(
-                        ftgy._a.value,
-                        'google.internal.communications.phonedeviceverification.v1.PhoneDeviceVerification/SetConsent',
-                        fuem.a(fiwt.k.value),
-                        fuem.a(fiwu.a.value)
-                    )
-                }
-                // const vdg = v.d.value.g(
-                //     amag._a.value,
-                //     akxiVar,
-                //     fiwtVar,
-                //     Java.use('java.lang.Long').valueOf(j).longValue(),
-                //     TimeUnit.MILLISECONDS.value,
-                //     v.e.value
-                // )
-                // Log.i("aaaaa")
-                // const eqres = Java.cast(vdg, fiwu).eQ()
-                // Log.i("bbbbb")
-                // const res = this.z(eqres)
-                // Log.i("SetConsentResponse: ", res)
-                // const arr = Java.array("java.lang.Object", [res])
-                // this._a.value.d("SetConsentResponse: %s", arr)
-                var amloVar2 = this._d.value
-                var emiyVar2 = Java.cast(emiz.h.value.eV(), emiy)
-                if (!emiyVar2._b.value.fm()) {
-                    emiyVar2.O()
-                }
-                var emizVar3 = Java.cast(emiyVar2._b.value, emiz)
-
-                emizVar3.b = emkm.a(10)
-                emizVar3.a |= 1
-                amloVar2.A(amluVar, emjr.b(6), Java.cast(emiyVar2.K(), emiz))
-                var a3 = ambi.b().a(this._b.value.getApplicationContext())
-                a3.n(z)
-                a3.m(Java.use('java.lang.Boolean').valueOf(z2))
-                var b2 = fivj.b(fiwtVar.g.value)
-                if (b2 == 0) {
-                    b2 = 1
-                }
-                var a4 = fivj.a(b2)
-                var edit = Java.cast(a3, ambs)._c.value.edit()
-                edit.putInt('device_consent_version', a4)
-                edit.apply()
-                Log.i('oooooooooo')
-            } catch (e) {
-                Log.i('2222222', e)
-                trace()
-            }
-            // this.o(amluVar, z, z2, fiwtVar)
-        }
-    } catch (error) {}
-
-    const alyx = Java.use('alyx')
-    alyx.a.overload('fixf').implementation = function (fixf) {
-        const b = this.a(fixf)
-        const keySet = b.keySet().toArray()
-        for (let i = 0; i < keySet.length; i++) {
-            const key = keySet[i]
-            Log.w(`alyx.a::key: ${key}, value: ${b.get(key)}`)
-        }
-        return b
-    }
-    alyx.m.overload('amlu', 'java.util.List').implementation = function (amlu, list) {
-        const a = amlu._a.value // string
-        const f = amlu.f.value // string
-        const g = amlu.g.value // list
-        const h = amlu.h.value // list
-        const HashMap = Java.use('java.util.HashMap')
-        const d = Java.cast(amlu.d.value, HashMap) // map
-        const e = Java.cast(amlu.e.value, HashMap) // map
-
-        Log.e(
-            `alyx.m(${JSON.stringify({
-                a,
-                f,
-                g: g ? JSON.parse(dump(g)) : null,
-                h: h ? JSON.parse(dump(h)) : null,
-                d: d ? JSON.parse(dump(d)) : null,
-                e: e ? JSON.parse(dump(e)) : null
-            })})`
-        )
-
-        const res = this.m(amlu, list)
-        Log.e(`alyx.m res: ${dump(res)}`)
-        return res
-    }
-    alyx.r.overload('amlu', 'java.util.List', 'java.lang.String', 'java.lang.String').implementation = function (
-        amlu,
-        list,
-        str,
-        str2
-    ) {
-        Log.e(
-            `alyx.r(${JSON.stringify({
-                amlu: dumpJson(amlu),
-                list: dumpJson(list),
-                str,
-                str2
-            })})`
-        )
-        try {
-            const res = this.r(amlu, list, str, str2)
-            Log.e(`alyx.r res: ${res}`)
-            return res
-        } catch (error) {
-            Log.e(`alyx.r error: ${error}`)
-        }
-        return false
-    }
-
-    alyx.x.overload('amlu', 'java.util.List').implementation = function (amlu, list) {
-        const res = this.x(amlu, list)
-        Log.e(`alyx.x(
-                amlu=${dump(amlu)},
-                list=${dump(list)})
-                => ${dump(res)}`)
-        return res
-    }
-
-    //amlu amluVar, fixf fixfVar, ammt ammtVar
-    alyx.e.overload('amlu', 'fixf', 'ammt').implementation = function (amlu, fixf, ammt) {
-        const res = this.e(amlu, fixf, ammt)
-        Log.e(`alyx.e(
-                amlu=${dump(amlu)},
-                fixf=${dump(fixf)},
-                ammt=${dump(ammt)}) 
-                => ${dump(res)}`)
-        return res
-    }
-
-    // alyx.v.overload("amlu", "java.util.List").implementation = function (
-    //     amlu,
-    //     list
-    // ) {
-    //     const res = this.v(amlu, list)
-    //     Log.e(`alyx.v(
-    //         amlu=${dump(amlu)},
-    //         list=${dump(list)})
-    //         => ${dump(res)}`)
-    //     trace()
-    //     return res
-    // }
-
-    const ftit = Java.use('ftit')
-    const ftgv = Java.use('ftgv')
-    ftit.h.overload('ftgv').implementation = function (ftgvVar) {
-        try {
-            Log.e(`ftit.h(
-                    this=${dump(this)},
-                    ftgvVar=${dump(ftgvVar)})`)
-            return Java.use('ftiu').$new(this, ftgvVar)
-        } catch (e) {
-            e.printStackTrace()
-            Log.e(`ftit.h exception: ${e}`)
-        }
-    }
-
-    const Secure = Java.use('android.provider.Settings$Secure')
-    Secure.getString.overload('android.content.ContentResolver', 'java.lang.String').implementation = function (
-        contentResolver,
-        str
-    ) {
-        const _str = this.getString(contentResolver, str)
-        if (str === 'android_id') {
-            Log.w(`spoof Secure.getString(android_id): ${_str} -> ${androidId}`)
-            return androidId
-        }
-        return _str
-    }
-
-    const Build = Java.use('android.os.Build')
-    Build.getString.overload('java.lang.String').implementation = function (str) {
-        const _str = this.getString(str)
-        Log.w(`Build.getString(${str}): ${_str}`)
-        return _str
-    }
-
-    Build.getSerial.overload().implementation = function () {
-        const _serial = this.getSerial()
-        Log.w(`spoof Build.getSerial: ${_serial} -> ${serialNumber}`)
-        return serialNumber
-    }
-
-    const SystemProperties = Java.use('android.os.SystemProperties')
-    const props = []
-    SystemProperties.get.overload('java.lang.String').implementation = function (str) {
-        const _str = this.get(str)
-        Log.w(`SystemProperties.get(${str}): ${_str}`)
-        return _str
-    }
-    SystemProperties.get.overload('java.lang.String', 'java.lang.String').implementation = function (str, str2) {
-        const _str = this.get(str, str2)
-        if ('ro.boot.vr' === str) return _str
-
-        // if ('ro.vendor.build.fingerprint' === str) {
-        //     Log.w(`spoof SystemProperties.get(${str}, ${str2}): ${_str} -> fingerprint`)
-        //     return 'google/redfin/redfin:11/RQ3A.210905.001/7511028:user/release-keys'
-        // }
-        // if ('ro.kernel.qemu' === str) {
-        //     Log.w(`spoof SystemProperties.get(${str}, ${str2}): ${_str} -> 0`)
-        //     return '0'
-        // }
-        // if ('ro.product.device' === str) {
-        //     Log.w(`spoof SystemProperties.get(${str}, ${str2}): ${_str} -> redfin`)
-        //     return 'redfin'
-        // }
-        // if ('ro.board.platform' === str) {
-        //     Log.w(`spoof SystemProperties.get(${str}, ${str2}): ${_str} -> redfin`)
-        //     return 'redfin'
-        // }
-
-        Log.w(`SystemProperties.get(${str}, ${str2}): ${_str}`)
-        return _str
-    }
-    SystemProperties.getInt.overload('java.lang.String', 'int').implementation = function (str, i) {
-        const _i = this.getInt(str, i)
-        if ('ro.boot.flash.locked' === str) {
-            Log.w(`spoof SystemProperties.get(${str}, ${i}): ${_i} -> 1`)
-            return 1
-        }
-        Log.w(`SystemProperties.getInt(${str}, ${i}): ${_i}`)
-        return _i
-    }
-    SystemProperties.getLong.overload('java.lang.String', 'long').implementation = function (str, l) {
-        const _l = this.getLong(str, l)
-        Log.w(`SystemProperties.getLong(${str}, ${l}): ${_l}`)
-        return _l
-    }
-    SystemProperties.getBoolean.overload('java.lang.String', 'boolean').implementation = function (str, z) {
-        const _z = this.getBoolean(str, z)
-        Log.w(`SystemProperties.getBoolean(${str}, ${z}): ${_z}`)
-        return _z
-    }
-    // const OSBuild = Java.use('android.os.Build')
-    // OSBuild.PRODUCT.value = 'redfin'
-    // OSBuild.DEVICE.value = 'redfin'
-    // OSBuild.MANUFACTURER.value = 'Google'
-    // OSBuild.BOARD.value = 'redfin'
-    // OSBuild.BRAND.value = 'google'
-    // OSBuild.MODEL.value = 'Pixel 5'
-    // OSBuild.FINGERPRINT.value = 'google/redfin/redfin:11/RQ3A.210905.001/7511028:user/release-keys'
-    // OSBuild.TYPE.value = 'user'
-    // OSBuild.TAGS.value = 'release-keys'
-
-    const alzg = Java.use('alzg')
-    alzg.d.overload(
-        // boolean, map
-        'boolean',
-        'java.util.Map'
-    ).implementation = function (z, map) {
-        Log.e(`alzg.d(z=${z}, map=${dump(map)})`)
-        return this.d(z, map)
-    }
-
-    // const ammv = Java.use("ammv")
-    // ammv.a.overload(
-    //     // amlu amluVar, fixf fixfVar, ammt ammtVar, ammi ammiVar
-    //     "amlu",
-    //     "fixf",
-    //     "ammt",
-    //     "ammi"
-    // ).implementation = function (amlu, fixf, ammt, ammi) {
-    //     Log.e(`ammv.a(
-    //         amlu=${dump(amlu)},
-    //         fixf=${dump(fixf)},
-    //         ammt=${dump(ammt)},
-    //         ammi=${dump(ammi)})`)
-    //     trace()
-    //     return this.a(amlu, fixf, ammt, ammi)
-    // }
-
-    // const amag = Java.use("amag")
-    // amag.b.overload(
-    //     // akxi akxiVar, fiwx fiwxVar, long j
-    //     "akxi",
-    //     "fiwx",
-    //     "long"
-    // ).implementation = function (akxi, fiwx, j) {
-    //     Log.e(`amag.b(
-    //         akxi=${dump(akxi)},
-    //         fiwx=${dump(fiwx)},
-    //         j=${j})`)
-    //     trace()
-    //     return this.b(akxi, fiwx, j)
-    // }
-
-    // const Configuration = Java.use(
-    //     "com.google.android.ims.provisioning.config.Configuration"
-    // )
-    // Configuration.k.overload().implementation = function () {
-    //     Log.e(`Configuration.k() ${dump(this)}`)
-    //     return this.k()
-    // }
-
-    const amky = Java.use('amky')
-    amky.a.overload('android.content.Context', 'java.lang.String', 'java.lang.String').implementation = function (
-        context,
-        str,
-        str2
-    ) {
-        Log.e(`amky.a(${str}, ${str2})`)
-        return this.a(context, str, str2)
-    }
-})

scripts/log_gms.js

@@ -1,77 +0,0 @@
-const mcc = '{{mcc}}'
-const mnc = '{{mnc}}'
-const simOperator = '{{simOperator}}'
-const networkOperator = '{{networkOperator}}'
-const simSerialNumber = '{{simSerialNumber}}'
-const iccId = '{{iccId}}'
-const number = '{{number}}'
-const imei = '{{imei}}'
-const imsi = '{{imsi}}'
-const countryIso = '{{countryIso}}'
-const subId = '{{subId}}'
-const androidId = '{{androidId}}'
-const serialNumber = '{{serialNumber}}'
-
-function trace(tag) {
-    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
-}
-
-function dump(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return json
-    } catch (error) {
-        return ''
-    }
-}
-
-function dumpJson(obj) {
-    try {
-        const gson = Java.use('com.google.gson.Gson').$new()
-        const json = gson.toJson(obj)
-        return JSON.parse(json)
-    } catch (error) {
-        return ''
-    }
-}
-
-class Log {
-    static TAG = '[GMS]'
-    static Debug = false
-    static format(...msg) {
-        let m = []
-        for (let i = 0; i < msg.length; i++) {
-            if (typeof msg[i] === 'object') {
-                m.push(msg[i] + '')
-            } else {
-                m.push(msg[i])
-            }
-        }
-        m = m.join(' ')
-        return m
-    }
-    static i(...msg) {
-        if (!this.Debug) return
-        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static w(...msg) {
-        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static e(...msg) {
-        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static s(...msg) {
-        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-}
-
-Java.perform(function () {
-    try {
-        const GsonClass = Java.openClassFile('/sdcard/Android/data/com.google.android.gms/gson.dex')
-        GsonClass.load()
-        Log.s('gson class loaded')
-    } catch (error) {
-        Log.e('load gson error', error)
-    }
-})

scripts/log_sms.js

@@ -1,59 +0,0 @@
-const mcc = '{{mcc}}'
-const mnc = '{{mnc}}'
-const simOperator = '{{simOperator}}'
-const networkOperator = '{{networkOperator}}'
-const simSerialNumber = '{{simSerialNumber}}'
-const iccId = '{{iccId}}'
-const number = '{{number}}'
-const imei = '{{imei}}'
-const imsi = '{{imsi}}'
-const countryIso = '{{countryIso}}'
-const subId = '{{subId}}'
-
-class Log {
-    static TAG = '[SMS]'
-    static Debug = true
-    static format(...msg) {
-        let m = []
-        for (let i = 0; i < msg.length; i++) {
-            if (typeof msg[i] === 'object') {
-                m.push(JSON.stringify(msg[i]))
-            } else {
-                m.push(msg[i])
-            }
-        }
-        m = m.join(' ')
-        return m
-    }
-    static i(...msg) {
-        if (!this.Debug) return
-        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static w(...msg) {
-        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static e(...msg) {
-        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-    static s(...msg) {
-        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
-    }
-}
-
-function trace(tag) {
-    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
-}
-
-setImmediate(() => {
-    Java.perform(function () {
-        const biyg = Java.use('biyg')
-        biyg.al.overload('int').implementation = function (a) {
-            const res = this.al(a)
-            Log.w(`biyg.al(${a}) => ${res}`)
-            if ('Config document received' === res) {
-                trace('biyg.al')
-            }
-            return this.al(a)
-        }
-    })
-})

scripts/sendsms1.js

@@ -0,0 +1,57 @@
+Java.perform(() => {
+    Java.deoptimizeEverything()
+
+    let found = false
+    Java.choose('com.android.internal.telephony.SmsDispatchersController', {
+        onMatch: function (instance) {
+            if (found) {
+                return
+            }
+            found = true
+
+            const Intent = Java.use('android.content.Intent')
+            const SubscriptionManager = Java.use('android.telephony.SubscriptionManager')
+            const Base64 = Java.use('java.util.Base64')
+
+            let subId = 0
+            let slot = 0
+
+            const subscriptionManager = SubscriptionManager.from(instance.mContext.value)
+            for (let i = 0; i < subscriptionManager.getActiveSubscriptionInfoCountMax(); i++) {
+                const subInfo = subscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(i)
+                if (subInfo != null) {
+                    subId = subInfo.getSubscriptionId()
+                    slot = subInfo.getSimSlotIndex()
+                    break
+                }
+            }
+
+            const Integer = Java.use('java.lang.Integer')
+            subId = Integer.valueOf(subId + '')
+            slot = Integer.valueOf(slot + '')
+
+            const intent = Intent.$new()
+            intent.putExtra('android.telephony.extra.SUBSCRIPTION_INDEX', subId)
+
+            intent.putExtra('messageId', Java.use('java.lang.Long').parseLong('' + parseInt(Math.random() * 100000000)))
+
+            const pdu = Base64.getDecoder().decode('{pduBase64}')
+            const pdus = Java.array('[B', [pdu])
+            intent.putExtra.overload('java.lang.String', 'java.io.Serializable').call(intent, 'pdus', pdus.$w)
+            intent.putExtra('format', '3gpp')
+            intent.putExtra('android.telephony.extra.SLOT_INDEX', slot)
+            intent.putExtra('phone', slot)
+            intent.putExtra('subscription', subId)
+            // instance.mContext.value.sendBroadcast(intent)
+
+            intent.setAction('android.provider.Telephony.SMS_RECEIVED')
+            instance.mContext.value.sendBroadcast(intent)
+
+            intent.setAction('android.provider.Telephony.SMS_DELIVER')
+            instance.mContext.value.sendBroadcast(intent)
+
+            console.log('OK')
+        },
+        onComplete: function () {}
+    })
+})

scripts/spoof_phone.js

@@ -32,66 +32,191 @@ function trace(tag) {
     Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
 }
 
+const config = {
+    "mcc": "310",
+    "mnc": "240",
+    "iccid": "15003704960405101503",
+    "number": "4432486416",
+    "imei": "359028036674149",
+    "imsi": "310240158368215",
+    "country": "us"
+}
 setImmediate(() => {
     Java.perform(function () {
-        const SmsController = Java.use('com.android.internal.telephony.SmsController')
-        Log.i('SmsController:', SmsController)
-        SmsController.sendTextForSubscriber.overload(
-            // int subId, String callingPackage,
-            // String callingAttributionTag, String destAddr, String scAddr, String text,
-            // PendingIntent sentIntent, PendingIntent deliveryIntent,
-            // boolean persistMessageForNonDefaultSmsApp, long messageId
+        function checkPackage(name) {
+            // return (
+            //     name.startsWith('com.google.android.gsf') ||
+            //     name.startsWith('com.google.android.gms') ||
+            //     name.startsWith('com.google.android.apps') ||
+            //     name.startsWith('com.example')
+            // )
+            return true
+        }
+        const PhoneInterfaceManager = Java.use('com.android.phone.PhoneInterfaceManager')
+
+        PhoneInterfaceManager.getLine1NumberForDisplay.overload(
             'int',
             'java.lang.String',
-            'java.lang.String',
-            'java.lang.String',
-            'java.lang.String',
-            'java.lang.String',
-            'android.app.PendingIntent',
-            'android.app.PendingIntent',
-            'boolean',
-            'long'
-        ).implementation = function (
-            subId,
-            callingPackage,
-            callingAttributionTag,
-            destAddr,
-            scAddr,
-            text,
-            sentIntent,
-            deliveryIntent,
-            persistMessageForNonDefaultSmsApp,
-            messageId
-        ) {
-            Log.i('sendTextForSubscriber', subId, callingPackage, callingAttributionTag, destAddr, scAddr, text)
-            return this.sendTextForSubscriber(
-                subId,
-                callingPackage,
-                callingAttributionTag,
-                destAddr,
-                scAddr,
-                text,
-                sentIntent,
-                deliveryIntent,
-                persistMessageForNonDefaultSmsApp,
-                messageId
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getLine1NumberForDisplay(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getLine1NumberForDisplay(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.number}`
             )
+            return config.number
         }
 
-        const RcsFeatureConnection = Java.use('com.android.ims.RcsFeatureConnection')
-        Log.i('RcsFeatureConnection:', RcsFeatureConnection)
-        const RcsFeatureManager = Java.use('com.android.ims.RcsFeatureManager')
-        Log.i('RcsFeatureManager:', RcsFeatureManager)
+        PhoneInterfaceManager.getNetworkCountryIsoForPhone.overload('int').implementation = function (phoneId) {
+            const res = this.getNetworkCountryIsoForPhone(phoneId)
+            Log.i(`spoof PhoneInterfaceManager.getNetworkCountryIsoForPhone(${phoneId}): ${res} -> ${config.country}`)
+            return config.country
+        }
 
-        const PhoneGlobals = Java.use('com.android.phone.PhoneGlobals')
-        Log.i('PhoneGlobals:', PhoneGlobals)
+        PhoneInterfaceManager.getImeiForSlot.overload('int', 'java.lang.String', 'java.lang.String').implementation =
+            function (slotId, callingPackage, callingFeatureId) {
+                const res = this.getImeiForSlot(slotId, callingPackage, callingFeatureId)
+                if (!checkPackage(callingPackage)) {
+                    return res
+                }
+                Log.i(
+                    `spoof PhoneInterfaceManager.getImeiForSlot(${slotId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.imei}`
+                )
+                return config.imei
+            }
 
-        const RcsProvisioningMonitor = Java.use('com.android.phone.RcsProvisioningMonitor')
-        Log.i('RcsProvisioningMonitor:', RcsProvisioningMonitor)
+        const SystemProperties = Java.use('android.os.SystemProperties')
+        SystemProperties.get.overload('java.lang.String').implementation = function (key) {
+            if ('gsm.sim.operator.iso-country' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${config.countryIso}`)
+                return config.country
+            }
+            if ('gsm.sim.operator.numeric' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${config.mcc + config.mnc}`)
+                return config.mcc + config.mnc
+            }
+            if ('gsm.operator.numeric' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${config.mcc + config.mnc}`)
+                return config.mcc + config.mnc
+            }
+            return this.get(key)
+        }
 
-        RcsProvisioningMonitor.requestReconfig.overload('int').implementation = function (subId) {
-            Log.i('requestReconfig', subId)
-            return this.requestReconfig(subId)
+        const SubscriptionController = Java.use('com.android.internal.telephony.SubscriptionController')
+        SubscriptionController.getSimStateForSlotIndex.overload('int').implementation = function (slotIndex) {
+            const res = this.getSimStateForSlotIndex(slotIndex)
+            Log.i(`spoof SubscriptionController.getSimStateForSlotIndex(${slotIndex}): ${res} -> 5`)
+            return 5
+        }
+        SubscriptionController.getPhoneNumberFromFirstAvailableSource.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getPhoneNumberFromFirstAvailableSource(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof SubscriptionController.getPhoneNumberFromFirstAvailableSource(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.number}`
+            )
+            return config.number
+        }
+        const SubscriptionInfo = Java.use('android.telephony.SubscriptionInfo')
+        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
+            callingPackage
+        ) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = config.mcc
+                info.mMnc.value = config.mnc
+                info.mCountryIso.value = config.country
+                info.mIccId.value = config.iccid
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
+            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
+            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
+            return res
+        }
+
+        SubscriptionController.getActiveSubscriptionInfoList.overload(
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (callingPackage, callingFeatureId) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage}, ${callingFeatureId})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = config.mcc
+                info.mMnc.value = config.mnc
+                info.mCountryIso.value = config.country
+                info.mIccId.value = config.iccid
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
+            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
+            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
+            return res
+        }
+
+        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
+            callingPackage
+        ) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = config.mcc
+                info.mMnc.value = config.mnc
+                info.mCountryIso.value = config.country
+                info.mIccId.value = config.iccid
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
+            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
+            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
+            return res
+        }
+
+        const PhoneSubInfoController = Java.use('com.android.internal.telephony.PhoneSubInfoController')
+        PhoneSubInfoController.getIccSerialNumberForSubscriber.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getIccSerialNumberForSubscriber(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getIccSerialNumberForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.iccid}`
+            )
+            return config.iccid
+        }
+        PhoneSubInfoController.getSubscriberIdForSubscriber.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getSubscriberIdForSubscriber(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getSubscriberIdForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.imsi}`
+            )
+            return config.imsi
         }
     })
 })

scripts/spoof_phone1.js

@@ -0,0 +1,65 @@
+class Log {
+    static TAG = '[Phone]'
+    static Debug = true
+    static format(...msg) {
+        let m = []
+        for (let i = 0; i < msg.length; i++) {
+            if (typeof msg[i] === 'object') {
+                m.push(JSON.stringify(msg[i]))
+            } else {
+                m.push(msg[i])
+            }
+        }
+        m = m.join(' ')
+        return m
+    }
+    static i(...msg) {
+        if (!this.Debug) return
+        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static w(...msg) {
+        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static e(...msg) {
+        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static s(...msg) {
+        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+}
+
+function trace(tag) {
+    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
+}
+
+const config = {
+    "mcc": "310",
+    "mnc": "240",
+    "iccid": "15946952472810582287",
+    "number": "3145612379",
+    "imei": "011546001540649",
+    "imsi": "310240325454398",
+    "country": "us"
+}
+setImmediate(() => {
+    Java.perform(function () {
+        function checkPackage(name) {
+            // return (
+            //     name.startsWith('com.google.android.gsf') ||
+            //     name.startsWith('com.google.android.gms') ||
+            //     name.startsWith('com.google.android.apps') ||
+            //     name.startsWith('com.example')
+            // )
+            return true
+        }
+       
+
+        const SubscriptionController = Java.use('com.android.internal.telephony.SubscriptionController')
+        SubscriptionController.getSimStateForSlotIndex.overload('int').implementation = function (slotIndex) {
+            const res = this.getSimStateForSlotIndex(slotIndex)
+            Log.i(`spoof SubscriptionController.getSimStateForSlotIndex(${slotIndex}): ${res} -> 5`)
+            return 5
+        }
+       
+    })
+})

scripts/spoof_phone2.js

@@ -0,0 +1,214 @@
+class Log {
+    static TAG = '[Phone]'
+    static Debug = true
+    static format(...msg) {
+        let m = []
+        for (let i = 0; i < msg.length; i++) {
+            if (typeof msg[i] === 'object') {
+                m.push(JSON.stringify(msg[i]))
+            } else {
+                m.push(msg[i])
+            }
+        }
+        m = m.join(' ')
+        return m
+    }
+    static i(...msg) {
+        if (!this.Debug) return
+        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static w(...msg) {
+        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static e(...msg) {
+        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+    static s(...msg) {
+        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
+    }
+}
+
+function trace(tag) {
+    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
+}
+
+setImmediate(() => {
+    Java.perform(function () {
+        function checkPackage(name) {
+            // return (
+            //     name.startsWith('com.google.android.gsf') ||
+            //     name.startsWith('com.google.android.gms') ||
+            //     name.startsWith('com.google.android.apps') ||
+            //     name.startsWith('com.example')
+            // )
+            return true
+        }
+
+        const SystemProperties = Java.use('android.os.SystemProperties')
+
+        const PhoneInterfaceManager = Java.use('com.android.phone.PhoneInterfaceManager')
+        PhoneInterfaceManager.getLine1NumberForDisplay.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getLine1NumberForDisplay(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getLine1NumberForDisplay(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${SystemProperties.get('persist.spoof.number')}`
+            )
+            return SystemProperties.get('persist.spoof.number')
+        }
+
+        PhoneInterfaceManager.getNetworkCountryIsoForPhone.overload('int').implementation = function (phoneId) {
+            const res = this.getNetworkCountryIsoForPhone(phoneId)
+            Log.i(`spoof PhoneInterfaceManager.getNetworkCountryIsoForPhone(${phoneId}): ${res} -> ${SystemProperties.get('persist.spoof.country')}`)
+            return SystemProperties.get('persist.spoof.country')
+        }
+
+        PhoneInterfaceManager.getImeiForSlot.overload('int', 'java.lang.String', 'java.lang.String').implementation =
+            function (slotId, callingPackage, callingFeatureId) {
+                const res = this.getImeiForSlot(slotId, callingPackage, callingFeatureId)
+                if (!checkPackage(callingPackage)) {
+                    return res
+                }
+                Log.i(
+                    `spoof PhoneInterfaceManager.getImeiForSlot(${slotId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${SystemProperties.get('persist.spoof.imei')}`
+                )
+                return SystemProperties.get('persist.spoof.imei')
+            }
+
+        SystemProperties.get.overload('java.lang.String').implementation = function (key) {
+            if ('gsm.sim.operator.iso-country' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${SystemProperties.get('persist.spoof.country')}`)
+                return SystemProperties.get('persist.spoof.country')
+            }
+            if ('gsm.sim.operator.numeric' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc')}`)
+                return SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc')
+            }
+            if ('gsm.operator.numeric' === key) {
+                Log.i(`spoof SystemProperties.get(${key}): ${SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc')}`)
+                return SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc')
+            }
+            return this.get(key)
+        }
+
+        const SubscriptionController = Java.use('com.android.internal.telephony.SubscriptionController')
+        SubscriptionController.getSimStateForSlotIndex.overload('int').implementation = function (slotIndex) {
+            const res = this.getSimStateForSlotIndex(slotIndex)
+            Log.i(`spoof SubscriptionController.getSimStateForSlotIndex(${slotIndex}): ${res} -> 5`)
+            return 5
+        }
+        SubscriptionController.getPhoneNumberFromFirstAvailableSource.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getPhoneNumberFromFirstAvailableSource(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof SubscriptionController.getPhoneNumberFromFirstAvailableSource(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${SystemProperties.get('persist.spoof.number')}`
+            )
+            return SystemProperties.get('persist.spoof.number')
+        }
+        const SubscriptionInfo = Java.use('android.telephony.SubscriptionInfo')
+        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
+            callingPackage
+        ) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = SystemProperties.get('persist.spoof.mcc')
+                info.mMnc.value = SystemProperties.get('persist.spoof.mnc')
+                info.mCountryIso.value = SystemProperties.get('persist.spoof.country')
+                info.mIccId.value = SystemProperties.get('persist.spoof.iccid')
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', SystemProperties.get('persist.spoof.country'))
+            SystemProperties.set('gsm.sim.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            SystemProperties.set('gsm.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            return res
+        }
+
+        SubscriptionController.getActiveSubscriptionInfoList.overload(
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (callingPackage, callingFeatureId) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage}, ${callingFeatureId})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = SystemProperties.get('persist.spoof.mcc')
+                info.mMnc.value = SystemProperties.get('persist.spoof.mnc')
+                info.mCountryIso.value = SystemProperties.get('persist.spoof.country')
+                info.mIccId.value = SystemProperties.get('persist.spoof.iccid')
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', SystemProperties.get('persist.spoof.country'))
+            SystemProperties.set('gsm.sim.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            SystemProperties.set('gsm.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            return res
+        }
+
+        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
+            callingPackage
+        ) {
+            const res = this.getActiveSubscriptionInfoList(callingPackage)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
+            for (let i = 0; i < res.size(); i++) {
+                const info = Java.cast(res.get(i), SubscriptionInfo)
+                info.mMcc.value = SystemProperties.get('persist.spoof.mcc')
+                info.mMnc.value = SystemProperties.get('persist.spoof.mnc')
+                info.mCountryIso.value = SystemProperties.get('persist.spoof.country')
+                info.mIccId.value = SystemProperties.get('persist.spoof.iccid')
+            }
+            SystemProperties.set('gsm.sim.operator.iso-country', SystemProperties.get('persist.spoof.country'))
+            SystemProperties.set('gsm.sim.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            SystemProperties.set('gsm.operator.numeric', SystemProperties.get('persist.spoof.mcc') + SystemProperties.get('persist.spoof.mnc'))
+            return res
+        }
+
+        const PhoneSubInfoController = Java.use('com.android.internal.telephony.PhoneSubInfoController')
+        PhoneSubInfoController.getIccSerialNumberForSubscriber.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getIccSerialNumberForSubscriber(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getIccSerialNumberForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${SystemProperties.get('persist.spoof.iccid')}`
+            )
+            return SystemProperties.get('persist.spoof.iccid')
+        }
+        PhoneSubInfoController.getSubscriberIdForSubscriber.overload(
+            'int',
+            'java.lang.String',
+            'java.lang.String'
+        ).implementation = function (subId, callingPackage, callingFeatureId) {
+            const res = this.getSubscriberIdForSubscriber(subId, callingPackage, callingFeatureId)
+            if (!checkPackage(callingPackage)) {
+                return res
+            }
+            Log.i(
+                `spoof PhoneInterfaceManager.getSubscriberIdForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${SystemProperties.get('persist.spoof.imsi')}`
+            )
+            return SystemProperties.get('persist.spoof.imsi')
+        }
+    })
+})

scripts/ssl_bypass.js

@@ -1,66 +0,0 @@
-/* 
-   Android SSL Re-pinning frida script v0.2 030417-pier 
-
-   $ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt
-   $ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause
-
-   https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
-   
-   UPDATE 20191605: Fixed undeclared var. Thanks to @oleavr and @ehsanpc9999 !
-*/
-
-setTimeout(function(){
-    Java.perform(function (){
-    	console.log("");
-	    console.log("[.] Cert Pinning Bypass/Re-Pinning");
-
-	    var CertificateFactory = Java.use("java.security.cert.CertificateFactory");
-	    var FileInputStream = Java.use("java.io.FileInputStream");
-	    var BufferedInputStream = Java.use("java.io.BufferedInputStream");
-	    var X509Certificate = Java.use("java.security.cert.X509Certificate");
-	    var KeyStore = Java.use("java.security.KeyStore");
-	    var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory");
-	    var SSLContext = Java.use("javax.net.ssl.SSLContext");
-
-	    // Load CAs from an InputStream
-	    console.log("[+] Loading our CA...")
-	    var cf = CertificateFactory.getInstance("X.509");
-	    
-	    try {
-	    	var fileInputStream = FileInputStream.$new("/data/local/tmp/cert-der.crt");
-	    }
-	    catch(err) {
-	    	console.log("[o] " + err);
-	    }
-	    
-	    var bufferedInputStream = BufferedInputStream.$new(fileInputStream);
-	  	var ca = cf.generateCertificate(bufferedInputStream);
-	    bufferedInputStream.close();
-
-		var certInfo = Java.cast(ca, X509Certificate);
-	    console.log("[o] Our CA Info: " + certInfo.getSubjectDN());
-
-	    // Create a KeyStore containing our trusted CAs
-	    console.log("[+] Creating a KeyStore for our CA...");
-	    var keyStoreType = KeyStore.getDefaultType();
-	    var keyStore = KeyStore.getInstance(keyStoreType);
-	    keyStore.load(null, null);
-	    keyStore.setCertificateEntry("ca", ca);
-	    
-	    // Create a TrustManager that trusts the CAs in our KeyStore
-	    console.log("[+] Creating a TrustManager that trusts the CA in our KeyStore...");
-	    var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
-	    var tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
-	    tmf.init(keyStore);
-	    console.log("[+] Our TrustManager is ready...");
-
-	    console.log("[+] Hijacking SSLContext methods now...")
-	    console.log("[-] Waiting for the app to invoke SSLContext.init()...")
-
-	   	SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").implementation = function(a,b,c) {
-	   		console.log("[o] App invoked javax.net.ssl.SSLContext.init...");
-	   		SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").call(this, a, tmf.getTrustManagers(), c);
-	   		console.log("[+] SSLContext initialized with our custom TrustManager!");
-	   	}
-    });
-},0);

testgson.js

@@ -1,11 +0,0 @@
-Java.perform(function () {
-    try {
-        const GsonClass = Java.openClassFile(
-            "/sdcard/Download/gson.dex"
-        )
-        GsonClass.load()
-       console.log("gson class loaded")
-    } catch (error) {
-        console.log("load gson error", error)
-    }
-})

vars.json

@@ -1,15 +1,9 @@
 {
-    "mcc": "255",
-    "mnc": "06",
-    "simOperator": "25506",
-    "networkOperator": "25506",
-    "simSerialNumber": "52463878170561652433",
-    "iccId": "52463878170561652433",
-    "number": "739727133",
-    "imei": "352260057378931",
-    "imsi": "255064887029478",
-    "countryIso": "ua",
-    "subId": "59",
-    "androidId": "50b4577c46ef5e96",
-    "serialNumber": "1955b056"
+    "mcc": "310",
+    "mnc": "240",
+    "iccid": "15003704960405101503",
+    "number": "6980256107",
+    "imei": "359028036674149",
+    "imsi": "310240158368215",
+    "country": "us"
 }