frida-rcs-hack/scripts/sendsms.js

Java.perform(() => {
    Java.deoptimizeEverything()
    const RcsHackToolClass = Java.openClassFile(
        "/sdcard/Download/RcsHackTool.dex"
    )
    RcsHackToolClass.load()
    console.log("RcsHackTool class loaded", RcsHackToolClass.getClassNames())

    let found = false
    Java.choose("com.android.internal.telephony.SmsDispatchersController", {
        onMatch: function (instance) {
            if (found) {
                return
            }
            found = true
            console.log("Found instance of SmsDispatchersController")

            const RcsHackTool = Java.use("com.example.RcsHackTool")

            const intent = RcsHackTool.createSmsIntent(
                instance.mContext.value,
                "3538",
                "Your Messenger verification code is G-707299"
            )
            // instance.mContext.value.sendBroadcast(intent)

            intent.setAction("android.provider.Telephony.SMS_RECEIVED")
            instance.mContext.value.sendBroadcast(intent)

            intent.setAction("android.provider.Telephony.SMS_DELIVER")
            instance.mContext.value.sendBroadcast(intent)

            console.log("Sent SMS")
            send("ok")
        },
        onComplete: function () {
            console.log("Completed choose SmsDispatchersController")
        }
    })

    // Java.choose('com.android.internal.telephony.InboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of InboundSmsHandler")
    //         instance.processMessagePart()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose InboundSmsHandler")
    //     }
    // })

    // Java.choose('com.android.internal.telephony.cdma.CdmaInboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of CdmaInboundSmsHandler")
    //         instance.dispatchMessage()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose CdmaInboundSmsHandler")
    //     }
    // })

    // Java.choose('com.android.internal.telephony.gsm.GsmInboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of GsmInboundSmsHandler")
    //         instance.dispatchMessage()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose GsmInboundSmsHandler")
    //     }
    // })

    // setTimeout(() => {
    //     Java.choose("com.google.android.apps.messaging.home.HomeActivity", {
    //         onMatch: function (instance) {
    //             console.log("Found instance of MainActivity")

    //             const intent = Java.use(
    //                 "com.example.smshook.HookTools"
    //             ).getSmsIntent(
    //                 "123",
    //                 "test",
    //                 "3gpp",
    //                 1,
    //                 parseInt((Math.random() * 100000000).toString()),
    //                 1,
    //                 1,
    //                 1
    //             )

    //             // var context = instance.getApplicationContext()

    //             var Receiver = Java.use(
    //                 "com.google.android.apps.messaging.shared.receiver.SmsDeliverReceiver"
    //             )
    //             var onReceiveMethod = Receiver.onReceive
    //             var receiverInstance = Receiver.$new()
    //             var context = Java.use("android.app.ActivityThread")
    //                 .currentApplication()
    //                 .getApplicationContext()
    //             onReceiveMethod.call(receiverInstance, context, intent)
    //         },
    //         onComplete: function () {
    //             console.log("Completed")
    //         }
    //     })
    // }, 1000)
})