frida-rcs-hack/scripts/spoof_phone.js

class Log {
    static TAG = '[Phone]'
    static Debug = true
    static format(...msg) {
        let m = []
        for (let i = 0; i < msg.length; i++) {
            if (typeof msg[i] === 'object') {
                m.push(JSON.stringify(msg[i]))
            } else {
                m.push(msg[i])
            }
        }
        m = m.join(' ')
        return m
    }
    static i(...msg) {
        if (!this.Debug) return
        console.log(`\x1b[30m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static w(...msg) {
        console.log(`\x1b[33m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static e(...msg) {
        console.log(`\x1b[31m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
    static s(...msg) {
        console.log(`\x1b[32m${this.TAG} ${this.format(...msg)}\x1b[0m`)
    }
}

function trace(tag) {
    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
}

const config = {
    "mcc": "310",
    "mnc": "240",
    "iccid": "15003704960405101503",
    "number": "4432486416",
    "imei": "359028036674149",
    "imsi": "310240158368215",
    "country": "us"
}
setImmediate(() => {
    Java.perform(function () {
        function checkPackage(name) {
            // return (
            //     name.startsWith('com.google.android.gsf') ||
            //     name.startsWith('com.google.android.gms') ||
            //     name.startsWith('com.google.android.apps') ||
            //     name.startsWith('com.example')
            // )
            return true
        }
        const PhoneInterfaceManager = Java.use('com.android.phone.PhoneInterfaceManager')

        PhoneInterfaceManager.getLine1NumberForDisplay.overload(
            'int',
            'java.lang.String',
            'java.lang.String'
        ).implementation = function (subId, callingPackage, callingFeatureId) {
            const res = this.getLine1NumberForDisplay(subId, callingPackage, callingFeatureId)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(
                `spoof PhoneInterfaceManager.getLine1NumberForDisplay(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.number}`
            )
            return config.number
        }

        PhoneInterfaceManager.getNetworkCountryIsoForPhone.overload('int').implementation = function (phoneId) {
            const res = this.getNetworkCountryIsoForPhone(phoneId)
            Log.i(`spoof PhoneInterfaceManager.getNetworkCountryIsoForPhone(${phoneId}): ${res} -> ${config.country}`)
            return config.country
        }

        PhoneInterfaceManager.getImeiForSlot.overload('int', 'java.lang.String', 'java.lang.String').implementation =
            function (slotId, callingPackage, callingFeatureId) {
                const res = this.getImeiForSlot(slotId, callingPackage, callingFeatureId)
                if (!checkPackage(callingPackage)) {
                    return res
                }
                Log.i(
                    `spoof PhoneInterfaceManager.getImeiForSlot(${slotId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.imei}`
                )
                return config.imei
            }

        const SystemProperties = Java.use('android.os.SystemProperties')
        SystemProperties.get.overload('java.lang.String').implementation = function (key) {
            if ('gsm.sim.operator.iso-country' === key) {
                Log.i(`spoof SystemProperties.get(${key}): ${config.countryIso}`)
                return config.country
            }
            if ('gsm.sim.operator.numeric' === key) {
                Log.i(`spoof SystemProperties.get(${key}): ${config.mcc + config.mnc}`)
                return config.mcc + config.mnc
            }
            if ('gsm.operator.numeric' === key) {
                Log.i(`spoof SystemProperties.get(${key}): ${config.mcc + config.mnc}`)
                return config.mcc + config.mnc
            }
            return this.get(key)
        }

        const SubscriptionController = Java.use('com.android.internal.telephony.SubscriptionController')
        SubscriptionController.getSimStateForSlotIndex.overload('int').implementation = function (slotIndex) {
            const res = this.getSimStateForSlotIndex(slotIndex)
            Log.i(`spoof SubscriptionController.getSimStateForSlotIndex(${slotIndex}): ${res} -> 5`)
            return 5
        }
        SubscriptionController.getPhoneNumberFromFirstAvailableSource.overload(
            'int',
            'java.lang.String',
            'java.lang.String'
        ).implementation = function (subId, callingPackage, callingFeatureId) {
            const res = this.getPhoneNumberFromFirstAvailableSource(subId, callingPackage, callingFeatureId)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(
                `spoof SubscriptionController.getPhoneNumberFromFirstAvailableSource(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.number}`
            )
            return config.number
        }
        const SubscriptionInfo = Java.use('android.telephony.SubscriptionInfo')
        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
            callingPackage
        ) {
            const res = this.getActiveSubscriptionInfoList(callingPackage)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
            for (let i = 0; i < res.size(); i++) {
                const info = Java.cast(res.get(i), SubscriptionInfo)
                info.mMcc.value = config.mcc
                info.mMnc.value = config.mnc
                info.mCountryIso.value = config.country
                info.mIccId.value = config.iccid
            }
            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
            return res
        }

        SubscriptionController.getActiveSubscriptionInfoList.overload(
            'java.lang.String',
            'java.lang.String'
        ).implementation = function (callingPackage, callingFeatureId) {
            const res = this.getActiveSubscriptionInfoList(callingPackage, callingFeatureId)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage}, ${callingFeatureId})`)
            for (let i = 0; i < res.size(); i++) {
                const info = Java.cast(res.get(i), SubscriptionInfo)
                info.mMcc.value = config.mcc
                info.mMnc.value = config.mnc
                info.mCountryIso.value = config.country
                info.mIccId.value = config.iccid
            }
            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
            return res
        }

        SubscriptionController.getActiveSubscriptionInfoList.overload('java.lang.String').implementation = function (
            callingPackage
        ) {
            const res = this.getActiveSubscriptionInfoList(callingPackage)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(`spoof SubscriptionController.getActiveSubscriptionInfoList(${callingPackage})`)
            for (let i = 0; i < res.size(); i++) {
                const info = Java.cast(res.get(i), SubscriptionInfo)
                info.mMcc.value = config.mcc
                info.mMnc.value = config.mnc
                info.mCountryIso.value = config.country
                info.mIccId.value = config.iccid
            }
            SystemProperties.set('gsm.sim.operator.iso-country', config.country)
            SystemProperties.set('gsm.sim.operator.numeric', config.mcc + config.mnc)
            SystemProperties.set('gsm.operator.numeric', config.mcc + config.mnc)
            return res
        }

        const PhoneSubInfoController = Java.use('com.android.internal.telephony.PhoneSubInfoController')
        PhoneSubInfoController.getIccSerialNumberForSubscriber.overload(
            'int',
            'java.lang.String',
            'java.lang.String'
        ).implementation = function (subId, callingPackage, callingFeatureId) {
            const res = this.getIccSerialNumberForSubscriber(subId, callingPackage, callingFeatureId)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(
                `spoof PhoneInterfaceManager.getIccSerialNumberForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.iccid}`
            )
            return config.iccid
        }
        PhoneSubInfoController.getSubscriberIdForSubscriber.overload(
            'int',
            'java.lang.String',
            'java.lang.String'
        ).implementation = function (subId, callingPackage, callingFeatureId) {
            const res = this.getSubscriberIdForSubscriber(subId, callingPackage, callingFeatureId)
            if (!checkPackage(callingPackage)) {
                return res
            }
            Log.i(
                `spoof PhoneInterfaceManager.getSubscriberIdForSubscriber(${subId}, ${callingPackage}, ${callingFeatureId}): ${res} -> ${config.imsi}`
            )
            return config.imsi
        }
    })
})