frida-rcs-hack/scripts/_spoof_gms.js

const mcc = "310"
const mnc = "630"
const simOperator = "310630"
const networkOperator = "310630"
const simSerialNumber = "89380062300689131123"
const iccId = "89380062300689131123"
const number = "6183592513"
const imei = "864929043714851"
const imsi = "3106306433246456"
const countryIso = "us"
const subId = ""
function trace() {
    console.log(
        Java.use("android.util.Log").getStackTraceString(
            Java.use("java.lang.Throwable").$new()
        )
    )
}
Java.perform(function () {
    const SmsManager = Java.use("android.telephony.SmsManager")
    SmsManager.getSmsManagerForSubscriptionId.overload("int").implementation =
        function (i) {
            const _smsManager = this.getSmsManagerForSubscriptionId(i)
            console.log(`SmsManager.getSmsManagerForSubscriptionId: ${i}`)
            return _smsManager
        }

    SmsManager.getDefault.overload().implementation = function () {
        const _smsManager = this.getDefault(i)
        console.log(`SmsManager.getDefault`)
        return _smsManager
    }

    SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
        function () {
            const _subId = this.getDefaultSmsSubscriptionId()
            console.log(`SmsManager.getDefaultSmsSubscriptionId: ${_subId}`)
            return _subId
        }

    SmsManager.getSubscriptionId.overload().implementation = function () {
        const _subId = this.getSubscriptionId()
        console.log(`SmsManager.getSubscriptionId: ${_subId}`)
        return _subId
    }

    const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
    SubscriptionInfo.getMcc.overload().implementation = function () {
        const _mcc = this.getMcc()
        console.log(`spoof SubscriptionInfo.getMcc: ${_mcc} -> ${mcc}`)
        return parseInt(mcc)
    }

    SubscriptionInfo.getMnc.overload().implementation = function () {
        const _mnc = this.getMnc()
        console.log(`spoof SubscriptionInfo.getMnc: ${_mnc} -> ${mnc}`)
        return parseInt(mnc)
    }

    SubscriptionInfo.getMccString.overload().implementation = function () {
        const _mccString = this.getMccString()
        console.log(
            `spoof SubscriptionInfo.getMccString: ${_mccString} -> ${mcc}`
        )
        return mcc
    }

    SubscriptionInfo.getMncString.overload().implementation = function () {
        const _mncString = this.getMncString()
        console.log(
            `spoof SubscriptionInfo.getMncString: ${_mncString} -> ${mnc}`
        )
        return mnc
    }

    SubscriptionInfo.getNumber.overload().implementation = function () {
        const _number = this.getNumber()
        console.log(`spoof SubscriptionInfo.getNumber: ${_number} -> ${number}`)
        return number
    }

    SubscriptionInfo.getIccId.overload().implementation = function () {
        const _iccId = this.getIccId()
        console.log(`spoof SubscriptionInfo.getIccId: ${_iccId} -> ${iccId}`)
        return iccId
    }

    SubscriptionInfo.getCountryIso.overload().implementation = function () {
        const _countryIso = this.getCountryIso()
        console.log(
            `spoof SubscriptionInfo.getCountryIso: ${_countryIso} -> ${countryIso}`
        )
        return countryIso
    }

    SubscriptionInfo.getSubscriptionId.overload().implementation = function () {
        const _subId = this.getSubscriptionId()
        if (!subId) {
            console.log(_subId)
            return _subId
        }
        console.log(
            `spoof SubscriptionInfo.getSubscriptionId: ${_subId} -> ${subId}`
        )
        return parseInt(subId)
    }

    const TelephonyManager = Java.use("android.telephony.TelephonyManager")
    TelephonyManager.getLine1Number.overload().implementation = function () {
        const _number = this.getLine1Number()
        console.log(
            `spoof TelephonyManager.getLine1Number: ${_number} -> ${number}`
        )
        return number
    }

    TelephonyManager.getSimOperator.overload().implementation = function () {
        const _simOperator = this.getSimOperator()
        console.log(
            `spoof TelephonyManager.getSimOperator: ${_simOperator} -> ${simOperator}`
        )
        return simOperator
    }

    TelephonyManager.getNetworkOperator.overload().implementation =
        function () {
            const _networkOperator = this.getNetworkOperator()
            console.log(
                `spoof TelephonyManager.getNetworkOperator: ${_networkOperator} -> ${networkOperator}`
            )
            return networkOperator
        }

    TelephonyManager.getSimSerialNumber.overload().implementation =
        function () {
            const _simSerialNumber = this.getSimSerialNumber()
            console.log(
                `spoof TelephonyManager.getSimSerialNumber: ${_simSerialNumber} -> ${simSerialNumber}`
            )
            return simSerialNumber
        }

    TelephonyManager.getSubscriberId.overload().implementation = function () {
        const _imsi = this.getSubscriberId()
        console.log(
            `spoof TelephonyManager.getSubscriberId: ${_imsi} -> ${imsi}`
        )
        return imsi
    }

    TelephonyManager.getImei.overload().implementation = function () {
        const _imei = this.getImei()
        console.log(`spoof TelephonyManager.getImei: ${_imei} -> ${imei}`)
        return imei
    }

    TelephonyManager.getNetworkCountryIso.overload().implementation =
        function () {
            const _countryIso = this.getNetworkCountryIso()
            console.log(
                `spoof TelephonyManager.getNetworkCountryIso: ${_countryIso} -> ${countryIso}`
            )
            return countryIso
        }

    TelephonyManager.getSimCountryIso.overload().implementation = function () {
        const _countryIso = this.getSimCountryIso()
        console.log(
            `spoof TelephonyManager.getSimCountryIso: ${_countryIso} -> ${countryIso}`
        )
        return countryIso
    }

    TelephonyManager.getSubscriptionId.overload().implementation = function () {
        const _subId = this.getSubscriptionId()
        if (!subId) {
            console.log(_subId)
            return _subId
        }
        console.log(
            `spoof TelephonyManager.getSubscriptionId: ${_subId} -> ${subId}`
        )
        return parseInt(subId)
    }

    const PhoneNumberVerification = Java.use(
        "com.google.android.gms.constellation.PhoneNumberVerification"
    )
    PhoneNumberVerification.$init.overload(
        "java.lang.String",
        "long",
        "int",
        "int",
        "java.lang.String",
        "android.os.Bundle",
        "int",
        "long"
    ).implementation = function (str, j, i, i2, str2, bundle, i3, l) {
        console.log("PhoneNumberVerification.$init")

        console.log(
            `str: ${str}, j: ${j}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l: ${l}`
        )
        // print bundle
        const keySet = bundle.keySet().toArray()

        for (let i = 0; i < keySet.length; i++) {
            const key = keySet[i]
            console.log(`key: ${key}, value: ${bundle.get(key)}`)
        }

        return this.$init(str, j, i, i2, str2, bundle)
    }

    const SetAsterismConsentRequest = Java.use(
        "com.google.android.gms.asterism.SetAsterismConsentRequest"
    )
    SetAsterismConsentRequest.$init.overload(
        "int",
        "int",
        "int",
        "[I",
        "java.lang.Long",
        "int",
        "android.os.Bundle",
        "int",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "java.lang.String",
        "int"
    ).implementation = function (
        i,
        i2,
        i3,
        iArr,
        l,
        i4,
        bundle,
        i5,
        str,
        str2,
        str3,
        str4,
        str5,
        str6,
        str7,
        str8,
        i6
    ) {
        console.log("SetAsterismConsentRequest.$init")

        console.log(
            `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}, i6: ${i6}`
        )
        // print bundle
        const keySet = bundle.keySet().toArray()
        for (let i = 0; i < keySet.length; i++) {
            const key = keySet[i]
            console.log(`key: ${key}, value: ${bundle.get(key)}`)
        }

        return this.$init(
            i,
            i2,
            i3,
            iArr,
            l,
            i4,
            bundle,
            i5,
            str,
            str2,
            str3,
            str4,
            str5,
            str6,
            str7,
            str8,
            i6
        )
    }

    const SetAsterismConsentResponse = Java.use(
        "com.google.android.gms.asterism.SetAsterismConsentResponse"
    )
    SetAsterismConsentResponse.$init.overload(
        "int",
        "java.lang.String",
        "java.lang.String"
    ).implementation = function (i, str, str2) {
        console.log("SetAsterismConsentResponse.$init")
        console.log(`i: ${i}, str: ${str}, str2: ${str2}`)
        return this.$init(i, str, str2)
    }

    const amac = Java.use("amac")
    const amlo = Java.use("amlo")
    const emiy = Java.use("emiy")
    const emiz = Java.use("emiz")
    const emis = Java.use("emis")
    const fiwu = Java.use("fiwu")
    const ambs = Java.use("ambs")
    const emkm = Java.use("emkm")
    const fivh = Java.use("fivh")
    const fivk = Java.use("fivk")
    const fivn = Java.use("fivn")
    const emjr = Java.use("emjr")
    const amag = Java.use("amag")
    const ftha = Java.use("ftha")
    const ftgy = Java.use("ftgy")
    const fuem = Java.use("fuem")
    const fiwt = Java.use("fiwt")
    const TimeUnit = Java.use("java.util.concurrent.TimeUnit")
    const ambi = Java.use("ambi")
    const fivj = Java.use("fivj")
    amac.o.overload("amlu", "boolean", "boolean", "fiwt").implementation =
        function (amluVar, z, z2, fiwtVar) {
            console.log("amac.o", amluVar, z, z2, fiwtVar)
            try {
                var z3
                var z4
                const eq = fiwtVar.eQ()
                const arr0 = Java.array("java.lang.Object", [this.z(eq)])
                this._a.value.d("SetConsentRequest: %s", arr0)

                var amloVar = this._d.value
                var emiyVar = Java.cast(emiz.h.value.eV(), emiy)

                if (!emiyVar._b.value.fm()) {
                    emiyVar.O()
                }
                var emizVar = Java.cast(emiyVar._b.value, emiz)
                emizVar.b = emkm.a(10)
                console.log(emizVar, emizVar.b, emizVar.a)

                emizVar.a = emizVar.a | 1
                var eV = emis.d.value.eV()

                if ((fiwtVar.a.value & 2) != 0) {
                    var fivnVar = fiwtVar.e.value
                    if (fivnVar == null) {
                        fivnVar = fivn.c.value
                    }
                    var b = fivh.b(fivnVar.a.value)
                    if (b == 0) {
                        z3 = false
                    } else if (b == 3) {
                        z3 = true
                    } else {
                        z3 = false
                    }
                    if (!eV._b.value.fm()) {
                        eV.O()
                    }
                    var fbzbVar = eV._b.value
                    var emisVar = Java.cast(fbzbVar, emis)
                    emisVar.a |= 1
                    emisVar.b = z3
                    var fivnVar2 = fiwtVar.e.value
                    if (fivnVar2 == null) {
                        fivnVar2 = fivn.c.value
                    }
                    var a2 = fivk.a(fivnVar2.b.value)
                    if (a2 == 0) {
                        z4 = false
                    } else if (a2 == 3) {
                        z4 = true
                    } else {
                        z4 = false
                    }
                    if (!fbzbVar.fm()) {
                        eV.O()
                    }
                    var emisVar2 = Java.cast(eV._b.value, emis)
                    emisVar2.a |= 2
                    emisVar2.c = z4
                }
                if (!emiyVar._b.value.fm()) {
                    emiyVar.O()
                }
                var emizVar2 = Java.cast(emiyVar._b.value, emiz)
                var emisVar3 = Java.cast(eV.K(), emis)
                emisVar3.getClass()
                emizVar2.c = emisVar3
                emizVar2.a |= 2
                amloVar.A(amluVar, emjr.b(5), Java.cast(emiyVar.K(), emiz))

                var v = this.v()
                var akxiVar = this._c.value
                var j = this._e.value
                if (amag._a.value == null) {
                    amag._a.value = ftha.b(
                        ftgy._a.value,
                        "google.internal.communications.phonedeviceverification.v1.PhoneDeviceVerification/SetConsent",
                        fuem.a(fiwt.k.value),
                        fuem.a(fiwu.a.value)
                    )
                }
                // const vdg = v.d.value.g(
                //     amag._a.value,
                //     akxiVar,
                //     fiwtVar,
                //     Java.use('java.lang.Long').valueOf(j).longValue(),
                //     TimeUnit.MILLISECONDS.value,
                //     v.e.value
                // )
                // console.log("aaaaa")
                // const eqres = Java.cast(vdg, fiwu).eQ()
                // console.log("bbbbb")
                // const res = this.z(eqres)
                // console.log("SetConsentResponse: ", res)
                // const arr = Java.array("java.lang.Object", [res])
                // this._a.value.d("SetConsentResponse: %s", arr)
                var amloVar2 = this._d.value
                var emiyVar2 = Java.cast(emiz.h.value.eV(), emiy)
                if (!emiyVar2._b.value.fm()) {
                    emiyVar2.O()
                }
                var emizVar3 = Java.cast(emiyVar2._b.value, emiz)

                emizVar3.b = emkm.a(10)
                emizVar3.a |= 1
                amloVar2.A(amluVar, emjr.b(6), Java.cast(emiyVar2.K(), emiz))
                var a3 = ambi.b().a(this._b.value.getApplicationContext())
                a3.n(z)
                a3.m(Java.use("java.lang.Boolean").valueOf(z2))
                var b2 = fivj.b(fiwtVar.g.value)
                if (b2 == 0) {
                    b2 = 1
                }
                var a4 = fivj.a(b2)
                var edit = Java.cast(a3, ambs)._c.value.edit()
                edit.putInt("device_consent_version", a4)
                edit.apply()
                console.log("oooooooooo")
            } catch (e) {
                console.log("2222222", e)
                trace()
            }
            // this.o(amluVar, z, z2, fiwtVar)
        }

    const ConscryptFileDescriptorSocket = Java.use(
        "com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket"
    )
    ConscryptFileDescriptorSocket.setSoWriteTimeout.overload(
        "int"
    ).implementation = function (i) {
        console.log("ConscryptFileDescriptorSocket.setSoWriteTimeout: ", i)
        return this.setSoWriteTimeout(i)
    }
    ConscryptFileDescriptorSocket.verifyCertificateChain.overload('[[B', 'java.lang.String').implementation = function (bArr, str) {
        console.log(
            "[*] ConscryptFileDescriptorSocket.verifyCertificateChain: ",
            bArr,
            str
        )
    }

    const cvgy = Java.use("cvgy")
    cvgy.g.overload().implementation = function () {
        const g = this.g()
        console.log("cvgy.g", g)
        trace()
        return g
    }

    cvgy.createSocket.overload().implementation = function () {
        const createSocket = this.createSocket()
        console.log("cvgy.createSocket", createSocket)
        trace()
        return createSocket
    }
})