.

gen.js

@@ -18,16 +18,16 @@ function randomeNumber(length) {
     return n
 }
 
-const mcc = "255"
-const mnc = "06"
+const mcc = "310"
+const mnc = "999"
 const simOperator = mcc + mnc
 const networkOperator = mcc + mnc
 const simSerialNumber = randomeNumber(20)
 const iccId = simSerialNumber
-const number = "" || randomeNumber(9)
+const number = "4782426591" || randomeNumber(9)
 const imei = nodeImei.random()
 const imsi = mcc + mnc + randomeNumber(15 - (mcc + mnc).length)
-const countryIso = "ua"
+const countryIso = "us"
 let subId = "37"
 const androidId = randomstring.generate({ length: 16, charset: "hex" })
 const serialNumber = randomstring.generate({ length: 8, charset: "hex" })

injects/all.js

@@ -244,7 +244,7 @@ vorpal.command("clear [app]").action(function (args, callback) {
                 "../gson.dex",
                 "/sdcard/Android/data/com.google.android.gms/"
             )
-        } else if ("gsf") {
+        } else if ("gsf" === app) {
             execSync("adb shell pm clear com.google.android.gsf")
         } else if ("all" === app) {
             execSync("adb shell pm clear com.google.android.apps.messaging")

injects/sendsms.js

@@ -10,9 +10,6 @@ const source = fs.readFileSync(path.resolve(__dirname, "../scripts/sendsms.js"))
 
 const device = await frida.getUsbDevice()
 const processes = await device.enumerateProcesses()
-processes.forEach(process => {
-    console.log(`[*] PID: ${process.pid} Name: ${process.name} `)
-})
 let phoneProcess
 try {
     phoneProcess = await device.getProcess("com.android.phone")

receivesms.js

@@ -1,47 +1,74 @@
 import axios from "axios"
 import { createHash } from "crypto"
-
-const account = "account_Rcsgogogo"
+const id = "account_Rcsgogogo"
 const key = "76a44e4d-b960-412d-8624-b66881ad61d6"
-
-function sign(account, key, nonce, timestamp) {
-    const hash = createHash("sha256")
-    hash.update(`${account}_${nonce}_${timestamp}_${key}`)
-    return hash.digest("hex")
-}
-
-function getHeader() {
-    const nonce = '123456'
-    const timestamp = Date.now()
-    const signStr = sign(account, key, nonce, timestamp)
-    console.log({
-        gatewayId: account,
-        nonce,
-        timestamp,
-        signature: signStr
-    })
-    return {
-        gatewayId: account,
-        nonce,
-        timestamp,
-        sign: signStr
-    }
+function getSignature(id, nonce, ts) {
+    const data = `${id}_${nonce}_${ts}_${key}`
+    return createHash("sha256").update(data).digest("hex")
 }
-
+let timer = null
+let exipreTime = null
 async function getPhone() {
+    const nonce = Math.random().toString(36).substring(7)
+    const ts = new Date().getTime()
+    const signature = getSignature(id, nonce, ts)
     const { data } = await axios.post(
-        "http://api.code-sms.net:54722/sms/openApi/phone",
+        `http://api.code-sms.net:54722/sms/openApi/phone`,
         {
             country: "USA",
             appId: 25
         },
         {
             headers: {
-                ...getHeader()
+                gatewayId: id,
+                nonce,
+                timestamp: ts,
+                signature
             }
         }
     )
     console.log(data)
+    if (data.uid) {
+        exipreTime = new Date(data.expireTimeSec * 1000)
+        console.log(`获取到号码: ${data.phone}, 有效期: ${exipreTime}`)
+        timer = setInterval(() => {
+            getSms(data.phone, data.uid)
+        }, 1500)
+    } else {
+    }
+}
+
+async function getSms(phone, uid) {
+    try {
+        if (new Date() > exipreTime) {
+            clearInterval(timer)
+            console.log("号码已过期")
+            return
+        }
+        const nonce = Math.random().toString(36).substring(7)
+        const ts = new Date().getTime()
+        const signature = getSignature(id, nonce, ts)
+        const { data } = await axios.post(
+            `http://api.code-sms.net:54722/sms/openApi/code`,
+            {
+                uid
+            },
+            {
+                headers: {
+                    gatewayId: id,
+                    nonce,
+                    timestamp: ts,
+                    signature
+                }
+            }
+        )
+        if (data.smsCode) {
+            console.log(`获取到验证码: ${data.smsCode}`)
+            clearInterval(timer)
+        } else {
+            console.log(`等待验证码中: ${phone}`)
+        }
+    } catch (error) {}
 }
 
-getPhone()
+await getPhone()

saved_spoof.txt

@@ -23,4 +23,39 @@ const number = "732748985"
 const imei = "359514067240405"
 const imsi = "255061106365983"
 const countryIso = "ua"
-const subId = "21"
+const subId = "21"
+
+
+
+{
+    "mcc": "255",
+    "mnc": "06",
+    "simOperator": "25506",
+    "networkOperator": "25506",
+    "simSerialNumber": "67584892924235749327",
+    "iccId": "67584892924235749327",
+    "number": "739727133",
+    "imei": "352260057506408",
+    "imsi": "255066203782758",
+    "countryIso": "ua",
+    "subId": "42",
+    "androidId": "cff4fcd9c370101e",
+    "serialNumber": "12af6a26"
+}
+
+
+{
+    "mcc": "310",
+    "mnc": "450",
+    "simOperator": "310450",
+    "networkOperator": "310450",
+    "simSerialNumber": "60624983982014067795",
+    "iccId": "60624983982014067795",
+    "number": "6789901017",
+    "imei": "359514061570765",
+    "imsi": "310450317507422",
+    "countryIso": "us",
+    "subId": "56",
+    "androidId": "31be1f8ec203d552",
+    "serialNumber": "7cb3a5b9"
+}

scripts/_spoof.js

@@ -1,14 +1,14 @@
-const mcc = "255"
-const mnc = "06"
-const simOperator = "25506"
-const networkOperator = "25506"
-const simSerialNumber = "10478987647236535281"
-const iccId = "10478987647236535281"
-const number = "973322992"
-const imei = "359514062220386"
-const imsi = "255065662833592"
+const mcc = "310"
+const mnc = "280"
+const simOperator = "310280"
+const networkOperator = "310280"
+const simSerialNumber = "21805523676353726748"
+const iccId = "21805523676353726748"
+const number = "6157635478"
+const imei = "359028039113277"
+const imsi = "310280847961523"
 const countryIso = "ua"
-const subId = "58"
+const subId = "45"
 
 class Log {
     static TAG = "[SMS]"

scripts/_spoof_gms.js

@@ -1,16 +1,16 @@
-const mcc = "255"
-const mnc = "06"
-const simOperator = "25506"
-const networkOperator = "25506"
-const simSerialNumber = "10478987647236535281"
-const iccId = "10478987647236535281"
-const number = "973322992"
-const imei = "359514062220386"
-const imsi = "255065662833592"
+const mcc = "310"
+const mnc = "280"
+const simOperator = "310280"
+const networkOperator = "310280"
+const simSerialNumber = "21805523676353726748"
+const iccId = "21805523676353726748"
+const number = "6157635478"
+const imei = "359028039113277"
+const imsi = "310280847961523"
 const countryIso = "ua"
-const subId = "58"
-const androidId = "06d0942fad5b996a"
-const serialNumber = "8008ed1b"
+const subId = "45"
+const androidId = "535761326ac31002"
+const serialNumber = "324495fe"
 
 function trace(tag) {
     Log.e(
@@ -736,6 +736,46 @@ Java.perform(function () {
         //     }
         //     return true
         // }
+
+        alyx.x.overload("amlu", "java.util.List").implementation = function (
+            amlu,
+            list
+        ) {
+            const res = this.x(amlu, list)
+            Log.e(`alyx.x(
+                amlu=${dump(amlu)},
+                list=${dump(list)})
+                => ${dump(res)}`)
+            return res
+        }
+
+        //amlu amluVar, fixf fixfVar, ammt ammtVar
+        alyx.e.overload("amlu", "fixf", "ammt").implementation = function (
+            amlu,
+            fixf,
+            ammt
+        ) {
+            const res = this.e(amlu, fixf, ammt)
+            Log.e(`alyx.e(
+                amlu=${dump(amlu)},
+                fixf=${dump(fixf)},
+                ammt=${dump(ammt)}) 
+                => ${dump(res)}`)
+            return res
+        }
+
+        alyx.v.overload("amlu", "java.util.List").implementation = function (
+            amlu,
+            list
+        ) {
+            const res = this.v(amlu, list)
+            Log.e(`alyx.v(
+                amlu=${dump(amlu)},
+                list=${dump(list)})
+                => ${dump(res)}`)
+            trace()
+            return res
+        }
     } catch (error) {}
 
     try {

scripts/sendsms.js

@@ -18,9 +18,10 @@ Java.perform(() => {
             const RcsHackTool = Java.use("com.example.RcsHackTool")
 
             const intent = RcsHackTool.createSmsIntent(
-                instance.mContext.value,
                 "3456",
-                "Your Messenger verification code is G-684824",
+                "Google Chat features code RmIQYpA3gtU 979881",
+                0,
+                57
             )
             // instance.mContext.value.sendBroadcast(intent)
 

scripts/spoof_gms.js

@@ -22,9 +22,13 @@ function trace(tag) {
 }
 
 function dump(obj) {
-    const gson = Java.use("com.google.gson.Gson").$new()
-    const json = gson.toJson(obj)
-    return json
+    try {
+        const gson = Java.use("com.google.gson.Gson").$new()
+        const json = gson.toJson(obj)
+        return json
+    } catch (error) {
+        return ""
+    }
 }
 
 class Log {
@@ -715,7 +719,9 @@ Java.perform(function () {
                 d=${d ? dump(d) : null}, 
                 e=${e ? dump(e) : null})`)
 
-            return this.m(amlu, list)
+            const res = this.m(amlu, list)
+            Log.e(`alyx.m res: ${dump(res)}`)
+            return res
         }
         // alyx.r.overload(
         //     "amlu",
@@ -736,6 +742,46 @@ Java.perform(function () {
         //     }
         //     return true
         // }
+
+        alyx.x.overload("amlu", "java.util.List").implementation = function (
+            amlu,
+            list
+        ) {
+            const res = this.x(amlu, list)
+            Log.e(`alyx.x(
+                amlu=${dump(amlu)},
+                list=${dump(list)})
+                => ${dump(res)}`)
+            return res
+        }
+
+        //amlu amluVar, fixf fixfVar, ammt ammtVar
+        alyx.e.overload("amlu", "fixf", "ammt").implementation = function (
+            amlu,
+            fixf,
+            ammt
+        ) {
+            const res = this.e(amlu, fixf, ammt)
+            Log.e(`alyx.e(
+                amlu=${dump(amlu)},
+                fixf=${dump(fixf)},
+                ammt=${dump(ammt)}) 
+                => ${dump(res)}`)
+            return res
+        }
+
+        // alyx.v.overload("amlu", "java.util.List").implementation = function (
+        //     amlu,
+        //     list
+        // ) {
+        //     const res = this.v(amlu, list)
+        //     Log.e(`alyx.v(
+        //         amlu=${dump(amlu)},
+        //         list=${dump(list)})
+        //         => ${dump(res)}`)
+        //     trace()
+        //     return res
+        // }
     } catch (error) {}
 
     try {
@@ -819,4 +865,46 @@ Java.perform(function () {
     //     Log.w(`SystemProperties.getBoolean(${str}, ${z}): ${_z}`)
     //     return _z
     // }
+
+    const alzg = Java.use("alzg")
+    alzg.d.overload(
+        // boolean, map
+        "boolean",
+        "java.util.Map"
+    ).implementation = function (z, map) {
+        Log.e(`alzg.d(z=${z}, map=${dump(map)})`)
+        return this.d(z, map)
+    }
+
+    const ammv = Java.use("ammv")
+    ammv.a.overload(
+        // amlu amluVar, fixf fixfVar, ammt ammtVar, ammi ammiVar
+        "amlu",
+        "fixf",
+        "ammt",
+        "ammi"
+    ).implementation = function (amlu, fixf, ammt, ammi) {
+        Log.e(`ammv.a(
+            amlu=${dump(amlu)},
+            fixf=${dump(fixf)},
+            ammt=${dump(ammt)},
+            ammi=${dump(ammi)})`)
+        trace()
+        return this.a(amlu, fixf, ammt, ammi)
+    }
+
+    const amag = Java.use("amag")
+    amag.b.overload(
+        // akxi akxiVar, fiwx fiwxVar, long j
+        "akxi",
+        "fiwx",
+        "long"
+    ).implementation = function (akxi, fiwx, j) {
+        Log.e(`amag.b(
+            akxi=${dump(akxi)},
+            fiwx=${dump(fiwx)},
+            j=${j})`)
+        trace()
+        return this.b(akxi, fiwx, j)
+    }
 })

vars.json

@@ -1,15 +1,15 @@
 {
-    "mcc": "255",
-    "mnc": "06",
-    "simOperator": "25506",
-    "networkOperator": "25506",
-    "simSerialNumber": "10478987647236535281",
-    "iccId": "10478987647236535281",
-    "number": "973322992",
-    "imei": "359514062220386",
-    "imsi": "255065662833592",
-    "countryIso": "ua",
-    "subId": "58",
-    "androidId": "06d0942fad5b996a",
-    "serialNumber": "8008ed1b"
+    "mcc": "310",
+    "mnc": "999",
+    "simOperator": "310999",
+    "networkOperator": "310999",
+    "simSerialNumber": "35833137600635493160",
+    "iccId": "35833137600635493160",
+    "number": "4782426591",
+    "imei": "357923049200019",
+    "imsi": "310999996203622",
+    "countryIso": "us",
+    "subId": "57",
+    "androidId": "d28eb163c27cfa04",
+    "serialNumber": "437f53f8"
 }