xiongzhu
/
frida-sms-hook


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
							Java.perform(() => {
    Java.deoptimizeEverything()
    const HookTools = Java.openClassFile("/system/framework/HookTools.dex")
    HookTools.load()
    console.log("HookTools loaded", HookTools.getClassNames())

    Java.choose("com.android.internal.telephony.SmsDispatchersController", {
        onMatch: function (instance) {
            console.log("Found instance of SmsDispatchersController")

            const intent = Java.use(
                "com.example.smshook.HookTools"
            ).getSmsIntent(
                "123",
                "test",
                "3gpp",
                1,
                parseInt((Math.random() * 100000000).toString()),
                1,
                1,
                1
            )
            instance.mContext.value.sendBroadcast(intent)
            console.log("Sent SMS")
            Script.unlocd()
        },
        onComplete: function () {
            console.log("Completed choose SmsDispatchersController")
        }
    })

    // Java.choose('com.android.internal.telephony.InboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of InboundSmsHandler")
    //         instance.processMessagePart()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose InboundSmsHandler")
    //     }
    // })

    // Java.choose('com.android.internal.telephony.cdma.CdmaInboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of CdmaInboundSmsHandler")
    //         instance.dispatchMessage()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose CdmaInboundSmsHandler")
    //     }
    // })

    // Java.choose('com.android.internal.telephony.gsm.GsmInboundSmsHandler', {
    //     onMatch: function(instance) {
    //         console.log("Found instance of GsmInboundSmsHandler")
    //         instance.dispatchMessage()
    //     },
    //     onComplete: function() {
    //         console.log("Completed choose GsmInboundSmsHandler")
    //     }
    // })

    // setTimeout(() => {
    //     Java.choose("com.google.android.apps.messaging.home.HomeActivity", {
    //         onMatch: function (instance) {
    //             console.log("Found instance of MainActivity")

    //             const intent = Java.use(
    //                 "com.example.smshook.HookTools"
    //             ).getSmsIntent(
    //                 "123",
    //                 "test",
    //                 "3gpp",
    //                 1,
    //                 parseInt((Math.random() * 100000000).toString()),
    //                 1,
    //                 1,
    //                 1
    //             )

    //             // var context = instance.getApplicationContext()

    //             var Receiver = Java.use(
    //                 "com.google.android.apps.messaging.shared.receiver.SmsDeliverReceiver"
    //             )
    //             var onReceiveMethod = Receiver.onReceive
    //             var receiverInstance = Receiver.$new()
    //             var context = Java.use("android.app.ActivityThread")
    //                 .currentApplication()
    //                 .getApplicationContext()
    //             onReceiveMethod.call(receiverInstance, context, intent)
    //         },
    //         onComplete: function () {
    //             console.log("Completed")
    //         }
    //     })
    // }, 1000)
})