Arise瑶瑶
2024-12-24 00:17:50
最佳回答
手机使用imei和imsi登录gsm网络的,由gsm网络侧负责将imsi和映射成手机号(ms**dn),以及执行相反方向的映射。(一)、sim card 号的修改:sim card号就是印制在sim上的一串数字。读sim card号的at命令为:at+crsm=176,12258,0,0,10因此在andorid模拟其源码中找到该at命令——在sim_card.c中:const char*asimcard_io( asimcard sim, const char* cmd ){int nn;#if enable_dynamic_recordsint command, id, p1, p2, p3;#endifstatic const struct { const char* cmd; const char* answer; } answers[] ={{ "+crsm=192,28436,0,0,15", "+crsm: 144,0,000000146f1404001aa0aa01020000" },{ "+crsm=176,28436,0,0,20", "+crsm: 144,0,416e64726f6964ffffffffffffffffffffffffff" },{ "+crsm=192,28433,0,0,15", "+crsm: 144,0,000000016f11040011a0aa01020000" },{ "+crsm=176,28433,0,0,1", "+crsm: 144,0,55" },{ "+crsm=192,12258,0,0,15", "+crsm: 144,0,0000000a2fe204000fa0aa01020000" },{ "+crsm=176,12258,0,0,10", "+crsm: 144,0,98101430121181157002" },......因此用ue二进制方式打开emulator-arm.exe 或 emulator-x86.exe,并搜索字符串“98101430121181157002”,然后将其修改成需要的sim card号。比如:00209a00h: 31 30 00 00 2b 43 52 53 4d 3a 20 31 34 34 2c 30 ; 10..+crsm: 144,000209a10h: 2c 39 38 31 30 31 34 33 30 31 32 31 31 38 31 31 ; ,98101430121181100209a20h: 35 37 30 30 32 00 2b 43 52 53 4d 3d 31 39 32 2c ; 57002.+crsm=192,(二)、imei、imsi号的修改:j**a代码中获取手机的imei号与**mi号途径为:telephonymanager manager = (telephonymanager)getsystemservice(telephony_service);string imei = manager.getdeviceid();string imsi = manager.getsubscriberid();在android的源码树中找到类telephonymanager的实现:成员函数getdeviceid:/*** returns the unique device id, for example, the imei for gsm and the meid* or esn for cdma phones. return ** if device id ** not **ailable.** <p>requires perm**sion:* {@link android.manifest.perm**sion#read_phone_state read_phone_state}*/public string getdeviceid() {try {return getsubscriber**().getdeviceid();} catch (remoteexception ex) {return **;} catch (**pointerexception ex) {return **;}}成员函数getsubscriberid:/*** returns the unique subscriber id, for example, the imsi for a gsm phone.* return ** if it ** un**ailable.* <p>* requires perm**sion:* {@link android.manifest.perm**sion#read_phone_state read_phone_state}*/public string getsubscriberid() {try {return getsubscriber**().getsubscriberid();} catch (remoteexception ex) {return **;} catch (**pointerexception ex) {// th** could happen before phone restarts due to crashingreturn **;}}上面两个成员函数最终调用共同的一个私有成员函数getsubscriber**():private iphonesub** getsubscriber**() {// get it each time because that process crashes a lotreturn iphonesub**.stub.asinterface(servicemanager.getservice("iphonesub**"));}而上面私有函数getsubscriber**获取的手机imsi和imei号被硬编码在文件android_modem.c中:/* the android gsm stack checks that the operator's name has changed* when roaming ** on. if not, it will not update the roaming status icon** th** means that we need to emulate two d**tinct operators:* - the first one for the 'home' reg**tration state, must also correspond* to the emulated user's imei** - the second one for the 'roaming' reg**tration state, must h**e a* different name and mcc/mnc*/#define operator_home_index 0#define operator_home_mcc 310#define operator_home_mnc 260#define operator_home_name "android"#define operator_home_mccmnc stringify(operator_home_mcc) \stringify(operator_home_mnc)#define operator_roaming_index 1#define operator_roaming_mcc 310#define operator_roaming_mnc 295#define operator_roaming_name "telkila"#define operator_roaming_mccmnc stringify(operator_roaming_mcc) \stringify(operator_roaming_mnc)/* a function used to deal with a non-trivial request */typedef const char* (*responsehandler)(const char* cmd, amodem modem);static const struct {const char* cmd; /* command coming from libreference-ril.so, if firstcharacter ** '!', then the rest ** a prefix only */const char* answer; /* default answer, ** if needs specific handling orif ok ** good enough */responsehandler handler; /* specific handler, ignored if 'answer' ** not **,** if ok ** good enough */} sdefaultresponses[] ={/* see onradiopoweron() */{ "%cphs=1", **, ** },{ "%ctzv=1", **, ** },...{ "!+vts=", **, handlesetdialtone },{ "+cimi", operator_home_mccmnc "000000000", ** }, /* request internation subscriber identification number */{ "+cgsn", "000000000000000", ** }, /* request model version */{ "+cusd=2",**, ** }, /* cancel ussd */.../* end of l**t */{**, **, **}};因此用ue二进制方式打开emulator-arm.exe 或 emulator-x86.exe,并搜索字符串"+cgsn"修改为需要的imei号;搜索"+cimi"修改为需要的imsi号。需要注意的是 imsi 号的头六个数字"310260"不能修改,否则模拟器无法与网络连接。例如:001fc700h: 33 00 41 00 48 00 21 2b 56 54 53 3d 00 2b 43 49 ; 3.a.h.!+vts=.+ci001fc710h: 4d 49 00 33 31 30 32 36 30 30 30 30 30 30 30 30 ; mi.3102600000000001fc720h: 30 30 00 2b 43 47 53 4e 00 30 30 30 30 30 30 30 ; 00.+cgsn.0000000001fc730h: 30 30 30 30 30 30 30 30 00 2b 43 55 53 44 3d 32 ; 00000000.+cusd=2 20210311