frida-rcs-hack/scripts/_spoof.js

const mcc = "310"
const mnc = "999"
const simOperator = "310999"
const networkOperator = "310999"
const simSerialNumber = "35833137600635493160"
const iccId = "35833137600635493160"
const number = "4782426591"
const imei = "357923049200019"
const imsi = "310999996203622"
const countryIso = "us"
const subId = "57"

class Log {
    static TAG = "[SMS]"
    static Debug = false
    static format(...msg) {
        let m = []
        for (let i = 0; i < msg.length; i++) {
            if (typeof msg[i] === "object") {
                m.push(JSON.stringify(msg[i]))
            } else {
                m.push(msg[i])
            }
        }
        m = m.join(" ")
        return m
    }
    static i(...msg) {
        if (!this.Debug) return
        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static w(...msg) {
        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static e(...msg) {
        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static s(...msg) {
        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
}

setImmediate(() => {
    Java.perform(function () {
        const SmsManager = Java.use("android.telephony.SmsManager")
        SmsManager.getSmsManagerForSubscriptionId.overload(
            "int"
        ).implementation = function (i) {
            const _smsManager = this.getSmsManagerForSubscriptionId(i)
            Log.i(`SmsManager.getSmsManagerForSubscriptionId: ${i}`)
            return _smsManager
        }

        SmsManager.getDefault.overload().implementation = function () {
            const _smsManager = this.getDefault(i)
            Log.i(`SmsManager.getDefault`)
            return _smsManager
        }

        SmsManager.getDefaultSmsSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getDefaultSmsSubscriptionId()
                Log.i(
                    `spoof SmsManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }

        SmsManager.getSubscriptionId.overload().implementation = function () {
            const _subId = this.getSubscriptionId()
            Log.i(`SmsManager.getSubscriptionId: ${_subId} -> ${subId}`)
            return parseInt(subId)
        }
        SmsManager.getCarrierConfigValues.overload().implementation =
            function () {
                const _config = this.getCarrierConfigValues()
                Log.i(`SmsManager.getCarrierConfigValues: ${_config}`)
                return _config
            }

        const CarrierConfigManager = Java.use(
            "android.telephony.CarrierConfigManager"
        )
        CarrierConfigManager.getConfigForSubId.overload("int").implementation =
            function (i) {
                const _config = this.getConfigForSubId(i)
                Log.i(`CarrierConfigManager.getConfigForSubId: ${i}`)
                return _config
            }

        const SubscriptionManager = Java.use(
            "android.telephony.SubscriptionManager"
        )
        SubscriptionManager.getActiveSubscriptionInfoCount.overload().implementation =
            function () {
                const _count = this.getActiveSubscriptionInfoCount()
                Log.i(
                    `SubscriptionManager.getActiveSubscriptionInfoCount: ${_count}`
                )
                return _count
            }
        SubscriptionManager.getDefaultSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getDefaultSubscriptionId()
                Log.i(
                    `spoof SubscriptionManager.getDefaultSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }
        SubscriptionManager.getDefaultSmsSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getDefaultSmsSubscriptionId()
                Log.i(
                    `spoof SubscriptionManager.getDefaultSmsSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }
        SubscriptionManager.getDefaultVoiceSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getDefaultVoiceSubscriptionId()
                Log.i(
                    `spoof SubscriptionManager.getDefaultVoiceSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }
        SubscriptionManager.getActiveDataSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getActiveDataSubscriptionId()
                Log.i(
                    `spoof SubscriptionManager.getActiveDataSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }
        SubscriptionManager.getSlotIndex.overload("int").implementation =
            function (i) {
                const _slotIndex = this.getSlotIndex(i)
                Log.i(
                    `spoof SubscriptionManager.getSlotIndex: ${_slotIndex} -> 0`
                )
                return 0
            }
        SubscriptionManager.isUsableSubscriptionId.overload(
            "int"
        ).implementation = function (i) {
            const _isUsable = this.isUsableSubscriptionId(i)
            Log.i(`SubscriptionManager.isUsableSubscriptionId: ${_isUsable}`)
            return _isUsable
        }
        SubscriptionManager.isValidSubscriptionId.overload(
            "int"
        ).implementation = function (i) {
            const _isValid = this.isValidSubscriptionId(i)
            Log.i(
                `spoof SubscriptionManager.isValidSubscriptionId(${i}): ${_isValid} -> true`
            )
            return true
        }
        SubscriptionManager.getPhoneNumber.overload("int").implementation =
            function (i) {
                Log.i(
                    `spoof SubscriptionManager.getPhoneNumber(${i}): -> ${number}`
                )
                return number
            }
        SubscriptionManager.getPhoneNumber.overload(
            "int",
            "int"
        ).implementation = function (i, i2) {
            Log.i(
                `spoof SubscriptionManager.getPhoneNumber(${i},${i2}): -> ${number}`
            )
            return number
        }
        SubscriptionManager.getActiveSubscriptionInfoList.overload().implementation =
            function () {
                const _list = this.getActiveSubscriptionInfoList()
                Log.i(
                    `SubscriptionManager.getActiveSubscriptionInfoList ${_list.size()}`
                )
                return _list
            }
        SubscriptionManager.getActiveSubscriptionIdList.overload().implementation =
            function () {
                const _list = this.getActiveSubscriptionIdList()
                Log.i(
                    `spoof SubscriptionManager.getActiveSubscriptionIdList ${_list} -> ${subId}`
                )
                return [parseInt(subId)]
            }
        SubscriptionManager.getActiveSubscriptionInfo.overload(
            "int"
        ).implementation = function (i) {
            const _info = this.getActiveSubscriptionInfo(i)

            const simCount = this.getActiveSubscriptionInfoCountMax()

            let subInfo = null
            try {
                for (let i = 0; i < simCount; i++) {
                    subInfo = this.getActiveSubscriptionInfoForSimSlotIndex(i)
                    if (subInfo) {
                        break
                    }
                }
                Log.i(
                    `spoof SubscriptionManager.getActiveSubscriptionInfo(${i})`
                )
            } catch (error) {
                console.error(
                    `spoof error SubscriptionManager.getActiveSubscriptionInfo(${i})`
                )
                error.printStackTrace()
            }
            return subInfo
        }
        SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex.overload(
            "int"
        ).implementation = function (i) {
            const _info = this.getActiveSubscriptionInfoForSimSlotIndex(i)
            Log.i(
                `SubscriptionManager.getActiveSubscriptionInfoForSimSlotIndex(${i}): ${
                    _info ? "ok" : "null"
                }`
            )
            return _info
        }
        SubscriptionManager.isActiveSubscriptionId.overload(
            "int"
        ).implementation = function (i) {
            const _isActive = this.isActiveSubscriptionId(i)
            Log.i(
                `spoof SubscriptionManager.isActiveSubscriptionId(${i}): ${_isActive} -> true`
            )
            return true
        }

        const SubscriptionInfo = Java.use("android.telephony.SubscriptionInfo")
        SubscriptionInfo.getMcc.overload().implementation = function () {
            const _mcc = this.getMcc()
            Log.i(`spoof SubscriptionInfo.getMcc: ${_mcc} -> ${mcc}`)
            return parseInt(mcc)
        }

        SubscriptionInfo.getMnc.overload().implementation = function () {
            const _mnc = this.getMnc()
            Log.i(`spoof SubscriptionInfo.getMnc: ${_mnc} -> ${mnc}`)
            return parseInt(mnc)
        }

        SubscriptionInfo.getMccString.overload().implementation = function () {
            const _mccString = this.getMccString()
            Log.i(
                `spoof SubscriptionInfo.getMccString: ${_mccString} -> ${mcc}`
            )
            return mcc
        }

        SubscriptionInfo.getMncString.overload().implementation = function () {
            const _mncString = this.getMncString()
            Log.i(
                `spoof SubscriptionInfo.getMncString: ${_mncString} -> ${mnc}`
            )
            return mnc
        }

        SubscriptionInfo.getNumber.overload().implementation = function () {
            const _number = this.getNumber()
            Log.i(`spoof SubscriptionInfo.getNumber: ${_number} -> ${number}`)
            return number
        }

        SubscriptionInfo.getIccId.overload().implementation = function () {
            const _iccId = this.getIccId()
            Log.i(`spoof SubscriptionInfo.getIccId: ${_iccId} -> ${iccId}`)
            return iccId
        }

        SubscriptionInfo.getCountryIso.overload().implementation = function () {
            const _countryIso = this.getCountryIso()
            Log.i(
                `spoof SubscriptionInfo.getCountryIso: ${_countryIso} -> ${countryIso}`
            )
            return countryIso
        }

        SubscriptionInfo.getSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getSubscriptionId()
                if (!subId) {
                    Log.i(_subId)
                    return _subId
                }
                Log.i(
                    `spoof SubscriptionInfo.getSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }

        const TelephonyManager = Java.use("android.telephony.TelephonyManager")
        TelephonyManager.createForSubscriptionId.overload(
            "int"
        ).implementation = function (i) {
            Log.i(`spoof TelephonyManager.createForSubscriptionId: ${i}`)
            return this
        }
        TelephonyManager.getLine1Number.overload().implementation =
            function () {
                const _number = this.getLine1Number()
                Log.i(
                    `spoof TelephonyManager.getLine1Number: ${_number} -> ${number}`
                )
                return number
            }

        TelephonyManager.getSimOperator.overload().implementation =
            function () {
                const _simOperator = this.getSimOperator()
                Log.i(
                    `spoof TelephonyManager.getSimOperator: ${_simOperator} -> ${simOperator}`
                )
                return simOperator
            }

        TelephonyManager.getNetworkOperator.overload().implementation =
            function () {
                const _networkOperator = this.getNetworkOperator()
                Log.i(
                    `spoof TelephonyManager.getNetworkOperator: ${_networkOperator} -> ${networkOperator}`
                )
                return networkOperator
            }

        TelephonyManager.getSimSerialNumber.overload().implementation =
            function () {
                const _simSerialNumber = this.getSimSerialNumber()
                Log.i(
                    `spoof TelephonyManager.getSimSerialNumber: ${_simSerialNumber} -> ${simSerialNumber}`
                )
                return simSerialNumber
            }

        TelephonyManager.getSubscriberId.overload().implementation =
            function () {
                const _imsi = this.getSubscriberId()
                Log.i(
                    `spoof TelephonyManager.getSubscriberId: ${_imsi} -> ${imsi}`
                )
                return imsi
            }

        TelephonyManager.getImei.overload().implementation = function () {
            const _imei = this.getImei()
            Log.i(`spoof TelephonyManager.getImei: ${_imei} -> ${imei}`)
            return imei
        }

        TelephonyManager.getNetworkCountryIso.overload().implementation =
            function () {
                const _countryIso = this.getNetworkCountryIso()
                Log.i(
                    `spoof TelephonyManager.getNetworkCountryIso: ${_countryIso} -> ${countryIso}`
                )
                return countryIso
            }

        TelephonyManager.getSimCountryIso.overload().implementation =
            function () {
                const _countryIso = this.getSimCountryIso()
                Log.i(
                    `spoof TelephonyManager.getSimCountryIso: ${_countryIso} -> ${countryIso}`
                )
                return countryIso
            }

        TelephonyManager.getSubscriptionId.overload().implementation =
            function () {
                const _subId = this.getSubscriptionId()
                if (!subId) {
                    Log.i(_subId)
                    return _subId
                }
                Log.i(
                    `spoof TelephonyManager.getSubscriptionId: ${_subId} -> ${subId}`
                )
                return parseInt(subId)
            }

        TelephonyManager.getSimState.overload().implementation = function () {
            const _simState = this.getSimState()
            Log.i(`spoof TelephonyManager.getSimState: ${_simState} -> 5`)
            return 5
        }

        const PhoneNumberVerification = Java.use(
            "com.google.android.gms.constellation.PhoneNumberVerification"
        )
        PhoneNumberVerification.$init.overload(
            "java.lang.String",
            "long",
            "int",
            "int",
            "java.lang.String",
            "android.os.Bundle",
            "int",
            "long"
        ).implementation = function (str, l, i, i2, str2, bundle, i3, l2) {
            Log.i("PhoneNumberVerification.$init")

            Log.i(
                `str: ${str}, l: ${l}, i: ${i}, i2: ${i2}, str2: ${str2}, i3: ${i3}, l2: ${l2}`
            )
            // print bundle
            if (bundle) {
                const keySet = bundle.keySet().toArray()
                for (let i = 0; i < keySet.length; i++) {
                    const key = keySet[i]
                    Log.i(`key: ${key}, value: ${bundle.get(key)}`)
                }
            }

            return this.$init(str, l, i, i2, str2, bundle, i3, l2)
        }

        // const aays = Java.use("aays")
        // aays.d.overload("int", "boolean").implementation = function (i, z) {
        //     Log.i("aays.d", i, z, Object.keys(this.f.value))

        //     return number
        // }

        const SetAsterismConsentRequest = Java.use(
            "com.google.android.gms.asterism.SetAsterismConsentRequest"
        )
        SetAsterismConsentRequest.$init.overload(
            "int",
            "int",
            "int",
            "[I",
            "java.lang.Long",
            "int",
            "android.os.Bundle",
            "int",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String",
            "java.lang.String"
        ).implementation = function (
            i,
            i2,
            i3,
            iArr,
            l,
            i4,
            bundle,
            i5,
            str,
            str2,
            str3,
            str4,
            str5,
            str6,
            str7,
            str8
        ) {
            Log.i(
                Java.use("android.util.Log").getStackTraceString(
                    Java.use("java.lang.Throwable").$new()
                )
            )
            Log.i("SetAsterismConsentRequest.$init")

            Log.i(
                `i: ${i}, i2: ${i2}, i3: ${i3}, iArr: ${iArr}, l: ${l}, i4: ${i4}, i5: ${i5}, str: ${str}, str2: ${str2}, str3: ${str3}, str4: ${str4}, str5: ${str5}, str6: ${str6}, str7: ${str7}, str8: ${str8}`
            )
            // print bundle
            const keySet = bundle.keySet().toArray()
            for (let i = 0; i < keySet.length; i++) {
                const key = keySet[i]
                Log.i(`key: ${key}, value: ${bundle.get(key)}`)
            }

            return this.$init(
                i,
                i2,
                i3,
                iArr,
                l,
                i4,
                bundle,
                i5,
                str,
                str2,
                str3,
                str4,
                str5,
                str6,
                str7,
                str8
            )
        }

        const SetAsterismConsentResponse = Java.use(
            "com.google.android.gms.asterism.SetAsterismConsentResponse"
        )
        SetAsterismConsentResponse.$init.overload(
            "int",
            "java.lang.String",
            "java.lang.String"
        ).implementation = function (i, str, str2) {
            Log.i(
                Java.use("android.util.Log").getStackTraceString(
                    Java.use("java.lang.Throwable").$new()
                )
            )

            Log.i("SetAsterismConsentResponse.$init")
            Log.i(`i: ${i}, str: ${str}, str2: ${str2}`)
            // return this.$init(
            //     1,
            //     "c4q5zP5Ft4A:APA91bEASr50HwwOY789LSZrcHPT8aG_fT19xlelS35qgIJeC3UBYypAHmmL9IygzlphzTKKz0wCdiQwuoPZMJKvgKPmGi3_imdr1CY0s7fs8qa_LMgNDFfvWEnpTCReAYc7IjThhFQq",
            //     "c4q5zP5Ft4A"
            // )
            return this.$init(i, str, str2)
        }

        // spoof sim to exist
        const bjsf = Java.use("bjsf")
        bjsf.s.overload("android.content.Context").implementation = function (
            c
        ) {
            Log.i("bjsf.s spoof sim to exist")
            return true
        }
    })
})