I know that looking for this answer has bugged me for the past few years, so figured I'd x-post from Stack Overflow. I have found the solution to switching either SIM off in the Mi6 automatically. Will likely work with other phones.
The whole question and answer you can find on Stack Overflow here.
For Nougat
To get the required index out of your device, you'll need to run the following commands from command prompt:
Download jadx from here
ADB pull the devices framework.jar (adb pull /system/framework/framework.jar)
Open the .jar file with 7-Zip and extract the *.dex files.
Open each .dex file with jadx-gui until you find the one with the following tree: com.android.internal.telephony.ITelephony
Search for the item TRANSACTION_setSimPowerStateForSlot. Note the = x after it; this is the index number.
Click to expand...
Click to collapse
For Oreo it's slightly different...
projection said:
TL;DR:
You need:
1. vdexExtractor from BatchApkTool
2. jadx
Step by step:
1. Pull /system/framework/arm64/boot-framework.vdex
2. extract it with vdexExtractor.
(ed: you can find vdexExtractor in the bin\bin64 folder in BatchApkTool. Use the syntax "vdexExtractor.exe -i path_to_vdex --ignore-crc-error")
3. Open the resulting class files with jadx and find the one that contains com.android.internal.telephony.ITelephony (ed: for Mi6 it was in classes2.dex)
4. Navigate to the class with jadx and locate the value of TRANSACTION_setSimPowerStateForSlot, this is your magic number. (ed: for Mi6 8.1 it's 163)
After you have the command you can use for example Tasker to enable and disable the SIM card.
The only downside of using this method is that major Android version bumps will most likely break this, as the numbers vary from android build to android build.
Click to expand...
Click to collapse
Using the output
Now you have the index number you can test the following command in adb shell (or Tasker, with the "run shell" function). You will need to "su" in shell, or set Tasker to "Use Root".
service call phone x i32 y i32 z
Where:
x = index number you fetched previously,
y = your subscription ID (generally, SIM1 = 0, SIM2 = 1)
z = whether on (1) or off (0)
For example, to switch SIM2 off on my Mi6 the command on Nougat was service call phone 159 i32 1 i32 0 and for Oreo it was service call phone 163 i32 1 i32 0
Click to expand...
Click to collapse
Of course, now that you can execute it in Tasker you can now switch either SIM off at specific times.
I've verified that it does indeed switch the SIM off (calls go straight to voicemail right after this command is executed) but I'm unsure of any further effects this switch has.
Enjoy!
Tried this on Mi Max 2 on xiaomi.eu (China Developer ROM), but 'TRANSACTION_setSimPowerStateForSlot' is nowhere to be found..
public static abstract class Stub
extends Binder
implements ITelephony
{
private static final String DESCRIPTOR = "com.android.internal.telephony.ITelephony";
static final int TRANSACTION_answerRingingCall = 5;
static final int TRANSACTION_answerRingingCallForSubscriber = 6;
static final int TRANSACTION_call = 2;
static final int TRANSACTION_canChangeDtmfToneLength = 117;
static final int TRANSACTION_carrierActionSetMeteredApnsEnabled = 146;
static final int TRANSACTION_carrierActionSetRadioEnabled = 147;
static final int TRANSACTION_checkCarrierPrivilegesForPackage = 101;
static final int TRANSACTION_checkCarrierPrivilegesForPackageAnyPhone = 102;
static final int TRANSACTION_dial = 1;
static final int TRANSACTION_disableDataConnectivity = 38;
static final int TRANSACTION_disableLocationUpdates = 35;
static final int TRANSACTION_disableLocationUpdatesForSubscriber = 36;
static final int TRANSACTION_disableVisualVoicemailSmsFilter = 61;
static final int TRANSACTION_enableDataConnectivity = 37;
static final int TRANSACTION_enableLocationUpdates = 33;
static final int TRANSACTION_enableLocationUpdatesForSubscriber = 34;
static final int TRANSACTION_enableVideoCalling = 115;
static final int TRANSACTION_enableVisualVoicemailSmsFilter = 60;
static final int TRANSACTION_endCall = 3;
static final int TRANSACTION_endCallForSubscriber = 4;
static final int TRANSACTION_factoryReset = 132;
static final int TRANSACTION_getActivePhoneType = 46;
static final int TRANSACTION_getActivePhoneTypeForSlot = 47;
static final int TRANSACTION_getAidForAppType = 140;
static final int TRANSACTION_getAllCellInfo = 73;
static final int TRANSACTION_getAllowedCarriers = 145;
static final int TRANSACTION_getAtr = 139;
static final int TRANSACTION_getCalculatedPreferredNetworkType = 87;
static final int TRANSACTION_getCallState = 42;
static final int TRANSACTION_getCallStateForSlot = 43;
static final int TRANSACTION_getCarrierPackageNamesForIntentAndPhone = 103;
static final int TRANSACTION_getCarrierPrivilegeStatus = 100;
static final int TRANSACTION_getCdmaEriIconIndex = 48;
static final int TRANSACTION_getCdmaEriIconIndexForSubscriber = 49;
static final int TRANSACTION_getCdmaEriIconMode = 50;
static final int TRANSACTION_getCdmaEriIconModeForSubscriber = 51;
static final int TRANSACTION_getCdmaEriText = 52;
static final int TRANSACTION_getCdmaEriTextForSubscriber = 53;
static final int TRANSACTION_getCdmaMdn = 98;
static final int TRANSACTION_getCdmaMin = 99;
static final int TRANSACTION_getCdmaPrlVersion = 142;
static final int TRANSACTION_getCellLocation = 40;
static final int TRANSACTION_getCellNetworkScanResults = 91;
static final int TRANSACTION_getDataActivity = 44;
static final int TRANSACTION_getDataEnabled = 95;
static final int TRANSACTION_getDataNetworkType = 66;
static final int TRANSACTION_getDataNetworkTypeForSubscriber = 67;
static final int TRANSACTION_getDataState = 45;
static final int TRANSACTION_getDefaultSim = 75;
static final int TRANSACTION_getDeviceId = 128;
static final int TRANSACTION_getDeviceSoftwareVersionForSlot = 130;
static final int TRANSACTION_getEsn = 141;
static final int TRANSACTION_getImeiForSlot = 129;
static final int TRANSACTION_getLine1AlphaTagForDisplay = 106;
static final int TRANSACTION_getLine1NumberForDisplay = 105;
static final int TRANSACTION_getLocaleFromDefaultSim = 133;
static final int TRANSACTION_getLteOnCdmaMode = 71;
static final int TRANSACTION_getLteOnCdmaModeForSubscriber = 72;
static final int TRANSACTION_getMergedSubscriberIds = 107;
static final int TRANSACTION_getNeighboringCellInfo = 41;
static final int TRANSACTION_getNetworkType = 64;
static final int TRANSACTION_getNetworkTypeForSubscriber = 65;
static final int TRANSACTION_getPackagesWithCarrierPrivileges = 138;
static final int TRANSACTION_getPcscfAddress = 96;
static final int TRANSACTION_getPreferredNetworkType = 88;
static final int TRANSACTION_getRadioAccessFamily = 114;
static final int TRANSACTION_getServiceStateForSubscriber = 135;
static final int TRANSACTION_getSubIdForPhoneAccount = 131;
static final int TRANSACTION_getSystemVisualVoicemailSmsFilterSettings = 63;
static final int TRANSACTION_getTelephonyHistograms = 143;
static final int TRANSACTION_getTetherApnRequired = 89;
static final int TRANSACTION_getVisualVoicemailSmsFilterSettings = 62;
static final int TRANSACTION_getVoiceMessageCount = 56;
static final int TRANSACTION_getVoiceMessageCountForSubscriber = 57;
static final int TRANSACTION_getVoiceNetworkTypeForSubscriber = 68;
static final int TRANSACTION_getVoicemailRingtoneUri = 136;
static final int TRANSACTION_getVtDataUsage = 148;
static final int TRANSACTION_handlePinMmi = 24;
static final int TRANSACTION_handlePinMmiForSubscriber = 25;
static final int TRANSACTION_hasIccCard = 69;
static final int TRANSACTION_hasIccCardUsingSlotId = 70;
static final int TRANSACTION_iccCloseLogicalChannel = 78;
static final int TRANSACTION_iccExchangeSimIO = 81;
static final int TRANSACTION_iccOpenLogicalChannel = 76;
static final int TRANSACTION_iccOpenLogicalChannelWithP2 = 77;
static final int TRANSACTION_iccTransmitApduBasicChannel = 80;
static final int TRANSACTION_iccTransmitApduLogicalChannel = 79;
static final int TRANSACTION_invokeOemRilRequestRaw = 110;
static final int TRANSACTION_isDataConnectivityPossible = 39;
static final int TRANSACTION_isHearingAidCompatibilitySupported = 120;
static final int TRANSACTION_isIdle = 12;
static final int TRANSACTION_isIdleForSubscriber = 13;
static final int TRANSACTION_isImsRegistered = 121;
static final int TRANSACTION_isImsRegisteredForSubscriber = 122;
static final int TRANSACTION_isOffhook = 8;
static final int TRANSACTION_isOffhookForSubscriber = 9;
static final int TRANSACTION_isRadioOn = 14;
static final int TRANSACTION_isRadioOnForSubscriber = 15;
static final int TRANSACTION_isRinging = 11;
static final int TRANSACTION_isRingingForSubscriber = 10;
static final int TRANSACTION_isTtyModeSupported = 119;
static final int TRANSACTION_isVideoCallingEnabled = 116;
static final int TRANSACTION_isVideoTelephonyAvailable = 126;
static final int TRANSACTION_isVideoTelephonyWifiCallingAvailableForSubscriber = 127;
static final int TRANSACTION_isVisualVoicemailEnabled = 59;
static final int TRANSACTION_isVoWifiCallingAvailableForSubscriber = 124;
static final int TRANSACTION_isVoicemailVibrationEnabled = 137;
static final int TRANSACTION_isVolteAvailable = 125;
static final int TRANSACTION_isWifiCallingAvailable = 123;
static final int TRANSACTION_isWorldPhone = 118;
static final int TRANSACTION_needMobileRadioShutdown = 111;
static final int TRANSACTION_needsOtaServiceProvisioning = 54;
static final int TRANSACTION_nvReadItem = 83;
static final int TRANSACTION_nvResetConfig = 86;
static final int TRANSACTION_nvWriteCdmaPrl = 85;
static final int TRANSACTION_nvWriteItem = 84;
static final int TRANSACTION_requestModemActivityInfo = 134;
static final int TRANSACTION_sendEnvelopeWithStatus = 82;
static final int TRANSACTION_setAllowedCarriers = 144;
static final int TRANSACTION_setCellInfoListRate = 74;
static final int TRANSACTION_setDataEnabled = 94;
static final int TRANSACTION_setImsRegistrationState = 97;
static final int TRANSACTION_setLine1NumberForDisplayForSubscriber = 104;
static final int TRANSACTION_setNetworkSelectionModeAutomatic = 90;
static final int TRANSACTION_setNetworkSelectionModeManual = 92;
static final int TRANSACTION_setOperatorBrandOverride = 108;
static final int TRANSACTION_setPolicyDataEnabled = 149;
static final int TRANSACTION_setPreferredNetworkType = 93;
static final int TRANSACTION_setRadio = 28;
static final int TRANSACTION_setRadioCapability = 113;
static final int TRANSACTION_setRadioForSubscriber = 29;
static final int TRANSACTION_setRadioPower = 30;
static final int TRANSACTION_setRoamingOverride = 109;
static final int TRANSACTION_setVisualVoicemailEnabled = 58;
static final int TRANSACTION_setVoiceMailNumber = 55;
static final int TRANSACTION_shutdownMobileRadios = 112;
static final int TRANSACTION_silenceRinger = 7;
static final int TRANSACTION_supplyPin = 16;
static final int TRANSACTION_supplyPinForSubscriber = 17;
static final int TRANSACTION_supplyPinReportResult = 20;
static final int TRANSACTION_supplyPinReportResultForSubscriber = 21;
static final int TRANSACTION_supplyPuk = 18;
static final int TRANSACTION_supplyPukForSubscriber = 19;
static final int TRANSACTION_supplyPukReportResult = 22;
static final int TRANSACTION_supplyPukReportResultForSubscriber = 23;
static final int TRANSACTION_toggleRadioOnOff = 26;
static final int TRANSACTION_toggleRadioOnOffForSubscriber = 27;
static final int TRANSACTION_updateServiceLocation = 31;
static final int TRANSACTION_updateServiceLocationForSubscriber = 32;
Sorry for not updating this - I have discovered this method only works on Nougat ROMs. Haven't looked into a fix for Oreo yet, but I will soon.
Thanks for the quick reply, My Mi Max 2 is currently on xiaomi.eu ROM based on Android 7.1.1 .
Edit :
Tried with RN5 on xiaomi.eu Android 8.1 ROM and found TRANSACTION_setSimPowerStateForSlot value (163) as per your guide in the OP, wonder where does Xiaomi store that TRANSACTION_setSimPowerStateForSlot on Android 7.x ROM?
Use Tasker with code 'service call phone 163 i32 1 i32 0' turn off SIM 2 on Redmi Note 5.
Edit 3 : with the SIM 2 power off using this code, turning off the airplane mode caused default mobile data switched to SIM 1, guess when Airplane mode OFF the phone think there is no SIM CARD in SIM 2 slot.
A workaround is by using this code ''service call phone 163 i32 1 i32 1' to power SIM 2 on, then turn OFF Airplane Mode.
Thanks a lot
Good that my findings were of some use to you. I initially found this guide, but realized Oreo is different, and then hacked at it for a bit until I found the solution.
Thank you very much. Mi6 with Lineage 15.1 had code 162 and after switching the second sim off and on there was no change in default data sim.
Excellent work!!!
Many Thanks.
Do you know to toggle PreferredNetworkType?
static final int TRANSACTION_setPreferredNetworkType = 105;
Click to expand...
Click to collapse
I tried to switch the preferred network type from card 1 to card 0 using "service phone 105 i32 0 i32 1", but it's not work well.
Thanks.
@kylemd thanks for your contribution and testing. I was testing this on the latest Pie updates on my OnePlus 2. I transferred both framework.jar and boot-framework.vdex to my pc to handle following your procedure. If I vdex boot-framework.vdex I get files named .cdex as in the second screenshot. If I unzip framework I get .dex files as in the first screenshot. However if I import those into jadx-gui I get errors, see the log. Any idea what's happening here??
jadx LOG after importing:
ERROR: Error load file: C:\Users\JC\Downloads\New\classes.dex
jadx.core.utils.exceptions.JadxRuntimeException: Error load file: C:\Users\JC\Downloads\New\classes.dex
at jadx.api.JadxDecompiler.loadFiles(JadxDecompiler.java:125)
at jadx.api.JadxDecompiler.load(JadxDecompiler.java:87)
at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:34)
at jadx.gui.ui.MainWindow.openFile(MainWindow.java:177)
at jadx.gui.ui.MainWindow.openFile(MainWindow.java:170)
at jadx.gui.ui.MainWindow$3.actionPerformed(MainWindow.java:340)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: com.android.dex.DexException: Unexpected magic: [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x39, 0x00]
at com.android.dex.TableOfContents.readHeader(TableOfContents.java:86)
at com.android.dex.TableOfContents.readFrom(TableOfContents.java:72)
at com.android.dex.Dex.loadFrom(Dex.java:142)
at com.android.dex.Dex.<init>(Dex.java:121)
at jadx.core.utils.files.InputFile.searchDexFiles(InputFile.java:51)
at jadx.core.utils.files.InputFile.addFilesFrom(InputFile.java:36)
at jadx.api.JadxDecompiler.loadFiles(JadxDecompiler.java:123)
... 43 common frames omitted
help
kylemd said:
I know that looking for this answer has bugged me for the past few years, so figured I'd x-post from Stack Overflow. I have found the solution to switching either SIM off in the Mi6 automatically. Will likely work with other phones.
The whole question and answer you can find on Stack Overflow here.
For Nougat
For Oreo it's slightly different...
Using the output
Now you have the index number you can test the following command in adb shell (or Tasker, with the "run shell" function). You will need to "su" in shell, or set Tasker to "Use Root".
Of course, now that you can execute it in Tasker you can now switch either SIM off at specific times.
I've verified that it does indeed switch the SIM off (calls go straight to voicemail right after this command is executed) but I'm unsure of any further effects this switch has.
Enjoy!
Click to expand...
Click to collapse
sorry to bother but i cant seems to find TRANSACTION_SetSimPowerStateForSlot even in Nougat.... i could find other things but just cant find that
---------- Post added at 02:42 PM ---------- Previous post was at 02:38 PM ----------
CounterC said:
@kylemd thanks for your contribution and testing. I was testing this on the latest Pie updates on my OnePlus 2. I transferred both framework.jar and boot-framework.vdex to my pc to handle following your procedure. If I vdex boot-framework.vdex I get files named .cdex as in the second screenshot. If I unzip framework I get .dex files as in the first screenshot. However if I import those into jadx-gui I get errors, see the log. Any idea what's happening here??
jadx LOG after importing:
ERROR: Error load file: C:\Users\JC\Downloads\New\classes.dex
jadx.core.utils.exceptions.JadxRuntimeException: Error load file: C:\Users\JC\Downloads\New\classes.dex
at jadx.api.JadxDecompiler.loadFiles(JadxDecompiler.java:125)
at jadx.api.JadxDecompiler.load(JadxDecompiler.java:87)
at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:34)
at jadx.gui.ui.MainWindow.openFile(MainWindow.java:177)
at jadx.gui.ui.MainWindow.openFile(MainWindow.java:170)
at jadx.gui.ui.MainWindow$3.actionPerformed(MainWindow.java:340)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: com.android.dex.DexException: Unexpected magic: [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x39, 0x00]
at com.android.dex.TableOfContents.readHeader(TableOfContents.java:86)
at com.android.dex.TableOfContents.readFrom(TableOfContents.java:72)
at com.android.dex.Dex.loadFrom(Dex.java:142)
at com.android.dex.Dex.<init>(Dex.java:121)
at jadx.core.utils.files.InputFile.searchDexFiles(InputFile.java:51)
at jadx.core.utils.files.InputFile.addFilesFrom(InputFile.java:36)
at jadx.api.JadxDecompiler.loadFiles(JadxDecompiler.java:123)
... 43 common frames omitted
Click to expand...
Click to collapse
You can try online converter to convert it into java. after that, try opening it using notepad++. its easier this way.
@kylemd
I use Redmi 5 Plus Vince and Android 7.1.2 Nougat. I pulled /system/framework/framework.jar but framework.jar is only 318 bytes. There is no .dex files in it. It only contains META-INF folder and MANIFEST.MF file in it.
I am searching this for days, i don't know what to do.
I just used this method on Redmit Note 8 with Lineage Android 11. Works perfectly.
For anyone who might run into the issue, this is, how I did it:
first using "adb pull /sdcard/Download/framework.jar"
extracting the .jar file using 7-zip
opening the .dex files with Windows GUI version from jadx-github page
found the entry in third .dex file after looking for string: "TRANSACTION_setSimPowerStateForSlot"
used the following shell command in tasker to toggle the sim state:
env -i USER=shell "$(PATH=/system/xbin:/system/bin:/su/bin:/sbin:/magisk/.core/bin which su)" shell --context u:r:shell:s0 --shell /system/bin/sh --command service call phone 181 i32 1 i32 0
This turns off SIM 2. To turn on SIM 1 use the above + "...service call phone 181 i32 0 i32 1" and so on.
Swap "181" for whatever you read from the .dex entry.
Related
Hello,
I have written a DLL on eVC++. And now I want to use this DLL in a .NET program. But by "Add Reference" I got an error, that says:
This is not a .NET assembly.
So my question is, is it possible to using a eVC++ DLL on .NET?
If yes, what should I do, and if not, is there another way to do with this problem?
Thanks all
from http://www.csharphelp.com/archives/archive52.html
Code:
Call Unmanaged Code. Part 1 - Simple DLLImport
By Vyacheslav Biktagirov
Managed world is beautiful, I have all classes I want in FrameWork.. But what if I want call some unmanaged code? For instance, I have DLL written in C++, and want use it from C#.
Let's look some code. Our DLL exports some function, in CDecl convention, that sums two integers:
extern "C" __declspec(dllexport) __cdecl int sum(int a,int b);
And, of course, we want reuse this code in C#. We must recall, that it is no "direct" way to call unmanaged code, but we must inform the compiler, what we want to call, how, and where is needed code located.
[DllImport("TestDll.dll", EntryPoint="sum",
ExactSpelling=false,CallingConvention=CallingConvention.Cdecl)]
static extern int sum(int a,int b);
and now we can call it like normal C# function.
x=5;
y=7;
z=sum(x,y); // x will receive 12
Here is full C# client code - tested for Beta2.
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Runtime.InteropServices;
namespace WindowsApplication6
{
///
/// Summary description for Form1.
///
public class Form1 : System.Windows.Forms.Form
{
private System.Windows.Forms.Button button1;
private System.Windows.Forms.TextBox textBox1;
private System.Windows.Forms.Label label1;
private System.Windows.Forms.TextBox textBox2;
private System.Windows.Forms.Label label2;
private System.Windows.Forms.TextBox textBox3;
///
/// Required designer variable.
///
private System.ComponentModel.Container components = null;
public Form1()
{
//
// Required for Windows Form Designer support
//
InitializeComponent();
//
// TODO: Add any constructor code after InitializeComponent call
//
}
///
/// Clean up any resources being used.
///
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///
private void InitializeComponent()
{
this.button1 = new System.Windows.Forms.Button();
this.textBox1 = new System.Windows.Forms.TextBox();
this.label1 = new System.Windows.Forms.Label();
this.textBox2 = new System.Windows.Forms.TextBox();
this.label2 = new System.Windows.Forms.Label();
this.textBox3 = new System.Windows.Forms.TextBox();
this.SuspendLayout();
//
// button1
//
this.button1.Location = new System.Drawing.Point(64, 192);
this.button1.Name = "button1";
this.button1.Size = new System.Drawing.Size(144, 64);
this.button1.TabIndex = 0;
this.button1.Text = "call sum";
this.button1.Click += new System.EventHandler(this.button1_Click);
//
// textBox1
//
this.textBox1.Location = new System.Drawing.Point(40, 120);
this.textBox1.Name = "textBox1";
this.textBox1.Size = new System.Drawing.Size(72, 22);
this.textBox1.TabIndex = 1;
this.textBox1.Text = "2";
//
// label1
//
this.label1.Location = new System.Drawing.Point(128, 128);
this.label1.Name = "label1";
this.label1.Size = new System.Drawing.Size(16, 16);
this.label1.TabIndex = 2;
this.label1.Text = "+";
//
// textBox2
//
this.textBox2.Location = new System.Drawing.Point(152, 120);
this.textBox2.Name = "textBox2";
this.textBox2.Size = new System.Drawing.Size(56, 22);
this.textBox2.TabIndex = 3;
this.textBox2.Text = "3";
//
// label2
//
this.label2.Location = new System.Drawing.Point(224, 120);
this.label2.Name = "label2";
this.label2.Size = new System.Drawing.Size(24, 23);
this.label2.TabIndex = 4;
this.label2.Text = "=";
//
// textBox3
//
this.textBox3.Location = new System.Drawing.Point(248, 120);
this.textBox3.Name = "textBox3";
this.textBox3.Size = new System.Drawing.Size(112, 22);
this.textBox3.TabIndex = 5;
this.textBox3.Text = "5";
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(6, 15);
this.ClientSize = new System.Drawing.Size(576, 322);
this.Controls.AddRange(new System.Windows.Forms.Control[] {this.textBox3,this.label2,this.textBox2,this.label1,this.textBox1,this.button1});
this.Name = "Form1";
this.Text = "Form1";
this.ResumeLayout(false);
}
#endregion
///
/// The main entry point for the application.
///
[STAThread]
static void Main()
{
Application.Run(new Form1());
}
#region My Code
#region Dll Imports
[DllImport("TestDll.dll", EntryPoint="sum",
ExactSpelling=false,CallingConvention=CallingConvention.Cdecl)]
static extern int sum(int a,int b);
#endregion
#region Button Click Events
private void button1_Click(object sender, System.EventArgs e)
{
textBox3.Text=(int.Parse(textBox1.Text)+int.Parse(textBox2.Text)).ToString();
}
#endregion
#endregion
}
}
It sounds very simple, becouse "int" is isomorphic type, says, int in C# and ind C++ is identical. What we can do, when we want operate non-isomorhic types, like String? Recall, that .NET string is some Class, while C++ string is char*,or wchar_t*,or BSTR, .. String may be embedded in a structure, or pointed by pointer, or even something more exotic. Let's call some string function.
[DllImport("Advapi32.dll", EntryPoint="GetUserName", ExactSpelling=false,
SetLastError=true)]
static extern bool GetUserName(
[MarshalAs(UnmanagedType.LPArray)] byte[] lpBuffer,
[MarshalAs(UnmanagedType.LPArray)] Int32[] nSize );
This function receives two parameters: char* and int*. Becouse we must allocate char* buffer and receive string by pointer, we can't use UnmanagedType.LPStr attribute, so we pass ANSI string as byte array. int* is more simple-it's 1-element Int32 array. Let's call it:
private void button2_Click(object sender, System.EventArgs e)
{
byte[] str=new byte[20];
Int32[] len=new Int32[1];
len[0]=20;
GetUserName(str,len);
MessageBox.Show(System.Text.Encoding.ASCII.GetString(str));
}
We allocate 20 bytes for receiving ANSI string,one element in Int32 array, set 20 as max string length and call it. For receiving string from byte array I used Text.Encoding.ASCII class.
Hey guys I can't figure out the method name of this code block.
There are 2 more methods jus before it with the same "public BatteryMeterView".
the part in red what I want to change. Am using xposed code for it. Plz help asap.
Code:
public BatteryMeterView(Context context, AttributeSet attrs, int defStyle) {
super(context, attrs, defStyle);
final Resources res = context.getResources();
TypedArray levels = res.obtainTypedArray(R.array.batterymeter_color_levels);
TypedArray colors = res.obtainTypedArray(R.array.batterymeter_color_values);
final int N = levels.length();
mColors = new int[2*N];
for (int i=0; i<N; i++) {
mColors[2*i] = levels.getInt(i, 0);
mColors[2*i+1] = colors.getColor(i, 0);
}
levels.recycle();
colors.recycle();
mShowPercent = ENABLE_PERCENT && 0 != Settings.System.getInt(
[COLOR=Red][B]context.getContentResolver(), "status_bar_show_battery_percent", 0);[/B][/COLOR]
mWarningString = context.getString(R.string.battery_meter_very_low_overlay_symbol);
mFramePaint = new Paint(Paint.ANTI_ALIAS_FLAG);
mFramePaint.setColor(res.getColor(R.color.batterymeter_frame_color));
mFramePaint.setDither(true);
mFramePaint.setStrokeWidth(0);
mFramePaint.setStyle(Paint.Style.FILL_AND_STROKE);
mFramePaint.setXfermode(new PorterDuffXfermode(PorterDuff.Mode.DST_ATOP));
mBatteryPaint = new Paint(Paint.ANTI_ALIAS_FLAG);
mBatteryPaint.setDither(true);
mBatteryPaint.setStrokeWidth(0);
mBatteryPaint.setStyle(Paint.Style.FILL_AND_STROKE);
mTextPaint = new Paint(Paint.ANTI_ALIAS_FLAG);
[COLOR=Red][B] mTextPaint.setColor(0xFFFFFFFF);[/B][/COLOR]
Typeface font = Typeface.create("sans-serif-condensed", Typeface.NORMAL);
mTextPaint.setTypeface(font);
mTextPaint.setTextAlign(Paint.Align.CENTER);
mWarningTextPaint = new Paint(Paint.ANTI_ALIAS_FLAG);
mWarningTextPaint.setColor(mColors[1]);
font = Typeface.create("sans-serif", Typeface.BOLD);
mWarningTextPaint.setTypeface(font);
mWarningTextPaint.setTextAlign(Paint.Align.CENTER);
mChargeColor = getResources().getColor(R.color.batterymeter_charge_color);
mBoltPaint = new Paint();
mBoltPaint.setAntiAlias(true);
mBoltPaint.setColor(res.getColor(R.color.batterymeter_bolt_color));
mBoltPoints = loadBoltPoints(res);
setLayerType(View.LAYER_TYPE_SOFTWARE, null);
}
SArnab©® said:
Hey guys I can't figure out the method name of this code block.
There are 2 more methods jus before it with the same "public BatteryMeterView".
the part in red what I want to change. Am using xposed code for it. Plz help asap.
Click to expand...
Click to collapse
Well the method is the constructor of the View, so it's name is exactly
Code:
BatteryMeterView(Context context, AttributeSet attrs, int defStyle)[\CODE]
Make sure you have the parameters as well since Java methods are only identical if they have the same return type, name and parameters. Not so sure how you would hook that method with xposed since I never did anything with it, but my guess would be to just copy the code from here to the method that runs before the hooked method, and then don't call that method at all. That way your method is larger but as the variables which you want to change are initialized right there it's the only way to do it.
Hello
In a folder of an app i want to edit, there is a class file that includes the following code:
PHP:
public final void onPause()
{
if (this.e != null)
this.e.g();
if (this.f != null)
this.f.a();
super.onPause();
}
public final void onResume()
{
super.onResume();
if (this.e != null)
this.e.f();
}
In the same folder the e class has the following
PHP:
public static final int a = 2130968608;
public static final int b = 2130968609;
and the f
PHP:
public static final int a = 2131427546;
public static final int b = 2131427544;
public static final int c = 2131427545;
public static final int d = 2131427551;
public static final int e = 2131427549;
public static final int f = 2131427548;
public static final int g = 2131427554;
public static final int h = 2131427552;
public static final int i = 2131427547;
public static final int j = 2131427550;
public static final int k = 2131427553;
public static final int l = 2131427499;
public static final int m = 2131427523;
public static final int n = 2131427464;
In Android studio, in the first class it saws the following:
PHP:
public final void onPause() { /* compiled code */ }
public final void onResume() { /* compiled code */ }
What does that mean?
nobody?
hi,
the code is compiled so not readable. its binary like
Hi,
I think you decompile from an APK file. This APK file can be used proguard so it can not be decompile.
You can try another tool to decompile it! Good luck!
If you try to decompile a proguarded apk you cannot see all classes or names correctly. Thats the idea of the proguard tool
Greetings to all!
Later my phone was locked to a Japan carrier NTT Docomo, but it was officially unlocked in the Docomo shop at Japan. As I saw in the Internet, this could be done by an sim unlocking code. In the phone I've found special application which is intended to show sim lock status and to unlock it with a code.
Name of this application is SimlockUnlockApp.apk. I've decompile this app and start to find a way how this unlocking code is calculated from IMEI.
In SIMLockUtils.java there are three interesting functions:
Code:
public static byte[] disableSimLock(QcRilHook paramQcRilHook, byte[] paramArrayOfByte)
public static void updateLockStatus(int[] paramArrayOfInt, int paramInt, QcRilHook paramQcRilHook)
public static void updateRemainingAttempts(int[] paramArrayOfInt, int paramInt, QcRilHook paramQcRilHook)
This functions call other function from com.qualcomm.qcrilhook.QcRilHook class:
Code:
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589834, paramArrayOfByte);
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589829, 0);
paramQcRilHook = paramQcRilHook.sendQcRilHookMsg(589830, 0);
Numbers 589834, 589829, 589830 referencing to this declarations:
Code:
public static final int QCRIL_EVT_SEMC_DISABLE_SIMLOCK = 589834;
public static final int QCRIL_EVT_SEMC_PERSO_INDICATOR = 589829;
public static final int QCRIL_EVT_SEMC_DCK_NUM_RETRIES = 589830;
sendQcRilHookMsg have a two variants:
Code:
public abstract AsyncResult sendQcRilHookMsg(int paramInt1, int paramInt2);
public AsyncResult sendQcRilHookMsg(int paramInt1, int paramInt2)
{
byte[] arrayOfByte = new byte[this.mHeaderSize + 4];
ByteBuffer localByteBuffer = createBufferWithNativeByteOrder(arrayOfByte);
addQcRilHookHeader(localByteBuffer, paramInt1, 4);
localByteBuffer.putInt(paramInt2);
return sendRilOemHookMsg(paramInt1, arrayOfByte);
}
public abstract AsyncResult sendQcRilHookMsg(int paramInt, byte[] paramArrayOfByte);
public AsyncResult sendQcRilHookMsg(int paramInt, byte[] paramArrayOfByte)
{
byte[] arrayOfByte = new byte[this.mHeaderSize + paramArrayOfByte.length];
ByteBuffer localByteBuffer = createBufferWithNativeByteOrder(arrayOfByte);
addQcRilHookHeader(localByteBuffer, paramInt, paramArrayOfByte.length);
localByteBuffer.put(paramArrayOfByte);
return sendRilOemHookMsg(paramInt, arrayOfByte);
}
and now we go to sendRilOemHookMsg:
Code:
private AsyncResult sendRilOemHookMsg(int paramInt, byte[] paramArrayOfByte)
{
return sendRilOemHookMsg(paramInt, paramArrayOfByte, 0);
}
private AsyncResult sendRilOemHookMsg(int paramInt1, byte[] paramArrayOfByte, int paramInt2)
{
byte[] arrayOfByte = new byte['а*Ђ'];
Log.v("QC_RIL_OEM_HOOK", "sendRilOemHookMsg: Outgoing Data is " + IccUtils.bytesToHexString(paramArrayOfByte));
if (mSemcPhoneInterfaceManager == null)
{
Log.e("QC_RIL_OEM_HOOK", "SemcPhoneInterfaceManager object is not instantiated!");
Log.e("QC_RIL_OEM_HOOK", "Use QcRilHook(Context, IQcSemcServiceConnected)");
}
for (paramInt1 = -1; paramInt1 >= 0; paramInt1 = mSemcPhoneInterfaceManager.sendOemRilRequestRaw(paramArrayOfByte, arrayOfByte))
{
paramArrayOfByte = null;
if (paramInt1 > 0)
{
paramArrayOfByte = new byte[paramInt1];
System.arraycopy(arrayOfByte, 0, paramArrayOfByte, 0, paramInt1);
}
return new AsyncResult(Integer.valueOf(paramInt1), paramArrayOfByte, null);
}
return new AsyncResult(paramArrayOfByte, null, CommandException.fromRilErrno(paramInt1 * -1));
}
And then I can not understand how sendOemRilRequestRaw work.
I could provide a full decompiled sources of SimlockUnlockApp.apk, qcrilhook.jar, qcsemcserviceif.jar, semcrilextension.jar, telephony-common.jar, framework2.jar
I'am not a Java programmer and don't know Android internals in deep, so any help would be very appreciated!
Question is Sony specific, so place it in this section.
Hmm, it looks like network depersonalization code is passed to the RIL, which check it in the modem firmware. Am I right?
And a modem firmware is check the inserted SIM-card, probably by IMSI or something like that and allow this SIM to connect to the GSM network.
Closed per OPs request.
Regards,
XDA-Staff
I've started to work on this lib for our current project. But, maybe gamedev community will be interested in it.
Assume, you want to get your game version name and code. Yes, you will write something like this using AndroidJavaClass and AndroidJavaObject:
Code:
public static int GetVersionCode() {
AndroidJavaClass contextCls = new AndroidJavaClass("com.unity3d.player.UnityPlayer");
AndroidJavaObject context = contextCls.GetStatic<AndroidJavaObject>("currentActivity");
AndroidJavaObject packageMngr = context.Call<AndroidJavaObject>("getPackageManager");
string packageName = context.Call<string>("getPackageName");
AndroidJavaObject packageInfo = packageMngr.Call<AndroidJavaObject>("getPackageInfo", packageName, 0);
return packageInfo.Get<int>("versionCode");
}
public static string GetVersionName() {
AndroidJavaClass contextCls = new AndroidJavaClass("com.unity3d.player.UnityPlayer");
AndroidJavaObject context = contextCls.GetStatic<AndroidJavaObject>("currentActivity");
AndroidJavaObject packageMngr = context.Call<AndroidJavaObject>("getPackageManager");
string packageName = context.Call<string>("getPackageName");
AndroidJavaObject packageInfo = packageMngr.Call<AndroidJavaObject>("getPackageInfo", packageName, 0);
return packageInfo.Get<string>("versionName");
}
With this lib you can do same thing like this:
Code:
var activity = Internal.GetCurrentActivity();
var pm = activity.GetPackageManager();
var pi = pm.GetPackageInfo(activity.GetPackageName(), 0);
int code = pi.VersionCode;
string name = pi.VersionName;
There are not much you can do with this lib right now. But I'm going add new classes/methods from time to time.
I appreciate any feedback. Also, would be great if you star this repo :fingers-crossed: