.

scripts/spoof_sms.js

@@ -32,8 +32,18 @@ function trace(tag) {
     Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
 }
 
-setTimeout(() => {
+setImmediate(() => {
     Java.perform(function () {
+        const dubm = Java.use('dubm')
+        dubm.$init.overload().implementation = function () {
+            Log.e('dubm.$init()')
+            trace()
+            return this.$init()
+        }
+        const SystemProperties = Java.use('android.os.SystemProperties')
+        const imsi = SystemProperties.get('persist.spoof.imsi')
+        console.log('imsi:', imsi)
+        const ImsiRequest = Java.use('com.google.android.gms.constellation.ImsiRequest')
         const VerifyPhoneNumberRequest = Java.use('com.google.android.gms.constellation.VerifyPhoneNumberRequest')
         VerifyPhoneNumberRequest.$init.overload(
             //String str, long j, IdTokenRequest idTokenRequest, Bundle bundle, List list, boolean z, int i, List list2
@@ -47,16 +57,34 @@ setTimeout(() => {
             'java.util.List'
         ).implementation = function (str, j, idTokenRequest, bundle, list, z, i, list2) {
             Log.e(`VerifyPhoneNumberRequest.$init(
-                str=${str}, j=${j}, idTokenRequest=${idTokenRequest}, bundle=${bundle}, list=${list}, z=${z}, i=${i}, list2=${list2})`)
+                str=${str}, j=${j}, 
+                idTokenRequest=${idTokenRequest}, 
+                bundle=${bundle}, 
+                list=${list.size()}, 
+                z=${z}, 
+                i=${i}, 
+                list2=${list2.size()})`)
             trace()
-            // print bundle
-            const keySet = bundle.keySet().toArray()
-            for (let i = 0; i < keySet.length; i++) {
-                const key = keySet[i]
-                Log.i(`VerifyPhoneNumberRequest.Bundle(key=${key}, value=${bundle.get(key)})`)
+
+            for (let i = 0; i < list.size(); i++) {
+                Log.e(`  list[${i}] = ${list.get(i)}`)
             }
+            for (let i = 0; i < list2.size(); i++) {
+                Log.e(`  list2[${i}] = ${list2.get(i)}`)
+            }
+
+            // bundle.putString('IMSI', imsi)
+            // list.clear()
+            // list2.clear()
+            // z = false
 
-            return this.$init('upi-carrier-id-with-mo-sms-relax', j, idTokenRequest, bundle, list, z, i, list2)
+            if (list.size() > 0) {
+                const imsiRequest = Java.cast(list.get(0), ImsiRequest)
+                Log.e(`ImsiRequest(a=${imsiRequest.a.value}, b=${imsiRequest.b.value})`)
+            }
+
+            // return this.$init('upi-carrier-id-with-mo-sms-relax', j, idTokenRequest, bundle, list, z, i, list2)
+            return this.$init(str, j, idTokenRequest, bundle, list, z, i, list2)
         }
         VerifyPhoneNumberRequest.writeToParcel.overload('android.os.Parcel', 'int').implementation = function (
             parcel,
@@ -66,51 +94,36 @@ setTimeout(() => {
             trace()
             return this.writeToParcel(parcel, i)
         }
-    })
 
-    // const bfcv = Java.use('bfcv')
-    // bfcv.t.overload().implementation = function () {
-    //     const res = this.t()
-    //     Log.e(`bfcv.t()=${res}`)
-    //     return res
-    // }
-    const dwnj = Java.use('dwnj')
-    dwnj.$init.overload().implementation = function () {
-        trace()
-        const res = this.$init()
-        Log.s(`dwnj.$init()`)
-        return res
-    }
+        //com/google/android/apps/messaging/shared/mobileconfiguration/accessor/MobileConfigurationRetriever
+        // const MobileConfigurationRetriever = Java.use(
+        //     'com.google.android.apps.messaging.shared.mobileconfiguration.accessor.MobileConfigurationRetriever.MobileConfigurationRetriever'
+        // )
+        // console.log('MobileConfigurationRetriever:', MobileConfigurationRetriever)
 
-    const bjzd = Java.use('bjzd')
-    const bjzi = Java.use('bjzi')
-    bjzd.c.overload('java.lang.String').implementation = function (str) {
-        const res = this.c(str)
-        Log.e(`bjzd.c(str=${str})`)
-        // res._E.value = 1
-        return res
-    }
-    bjzd.f.overload('bjyy').implementation = function (bjyy) {
-        Log.e(`bjzd.f`)
-        const res = this.f(bjyy)
-        Log.e(`bjyy.d=${bjyy.d()}`)
-        console.log(this._g.value.keySet().toArray(), Object.keys(this._g.value))
-        return res
-    }
-    const doko = Java.use('doko')
-    doko.h.overload('java.lang.String', 'java.lang.String', 'int', 'java.lang.String').implementation = function (
-        str1,
-        str2,
-        i,
-        str3
-    ) {
-        if (
-            str1 == 'com/google/android/apps/messaging/shared/mobileconfiguration/accessor/MobileConfigurationRetriever'
-        ) {
-            Log.e(`doko.h(str1=${str1}, str2=${str2}, i=${i}, str3=${str3})`)
+        const dupb = Java.use('dupb')
+        dupb.$init.overload().implementation = function () {
+            Log.e('dupb.$init()')
             trace()
+            return this.$init()
         }
 
-        return this.h(str1, str2, i, str3)
-    }
-}, 1000)
+        const bhyo = Java.use('bhyo')
+        bhyo.d.overload('java.lang.String').implementation = function (str) {
+            Log.e(`bhyo.d(str=${str})`)
+            const res = this.d(str)
+            Log.s(`dupb.b=${res.b.value}`)
+            res.b.value = 'upi-carrier-id-with-mo-sms-relax'
+            return res
+        }
+
+        console.log(dubm.J.value.C.value)
+        bhyo.c.overload('java.lang.String').implementation = function (str) {
+            Log.e(`bhyo.c(str=${str})`)
+            const res = this.c(str)
+            console.log(res.C, Object.keys(res.C))
+            res.C.value = 1
+            return res
+        }
+    })
+}, 0)