手机使用IMEI和IMSI登录到GSM网络的,由GSM网络侧负责将IMSI和映射成手机号(MSISDN),以及执行相反方向的映射。
(一)、SIM card 号的修改:
SIM card号就是印制在SIM上的一串数字。
AT+CRSM=176,12258,0,0,10
因此在andorid模拟其源码中找到该AT命令——在sim_card.c中:
const char*
asimcard_io( ASimCard sim, const char* cmd )
{
int nn;
#if ENABLE_DYNAMIC_RECORDS
int command, id, p1, p2, p3;
#endif
static const struct { const char* cmd; const char* answer; } answers[] =
{
{ "+CRSM=192,28436,0,0,15", "+CRSM: 144,0,000000146f1404001aa0aa01020000" },
{ "+CRSM=176,28436,0,0,20", "+CRSM: 144,0,416e64726f6964ffffffffffffffffffffffffff" },
{ "+CRSM=192,28433,0,0,15", "+CRSM: 144,0,000000016f11040011a0aa01020000" },
{ "+CRSM=176,28433,0,0,1", "+CRSM: 144,0,55" },
{ "+CRSM=192,12258,0,0,15", "+CRSM: 144,0,0000000a2fe204000fa0aa01020000" },
{ "+CRSM=176,12258,0,0,10", "+CRSM: 144,0,98101430121181157002" },
...
...因此用UE二进制方式打开emulator-arm.exe 或 emulator-x86.exe,并搜索字符串“
98101430121181157002”,然后将其修改成需要的SIM card号。
比如:
00209a00h: 31 30 00 00 2B 43 52 53 4D 3A 20 31 34 34 2C 30 ; 10..+CRSM: 144,0
00209a10h: 2C 39 38 31 30 31 34 33 30 31 32 31 31 38 31 31 ; ,981014301211811
00209a20h: 35 37 30 30 32 00 2B 43 52 53 4D 3D 31 39 32 2C ; 57002.+CRSM=192,
(二)、IMEI、IMSI号的修改:
Java代码中获取手机的IMEI号与ISMI号途径为:
TelephonyManager manager = (TelephonyManager)getSystemService(TELEPHONY_SERVICE);
String imei = manager.getDeviceId();
String imsi = manager.getSubscriberId(); 在android的源码树中找到类
TelephonyManager的实现:
成员函数
getDeviceId:
/**
* Returns the unique device ID, for example, the IMEI for GSM and the MEID
* or ESN for CDMA phones. Return null if device ID is not available.
*
* <p>Requires Permission:
* {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE}
*/
public String getDeviceId() {
try {
return getSubscriberInfo().getDeviceId();
} catch (RemoteException ex) {
return null;
} catch (NullPointerException ex) {
return null;
}
}
成员函数
getSubscriberId:
/**
* Returns the unique subscriber ID, for example, the IMSI for a GSM phone.
* Return null if it is unavailable.
* <p>
* Requires Permission:
* {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE}
*/
public String getSubscriberId() {
try {
return getSubscriberInfo().getSubscriberId();
} catch (RemoteException ex) {
return null;
} catch (NullPointerException ex) {
// This could happen before phone restarts due to crashing
return null;
}
}
private IPhoneSubInfo getSubscriberInfo() {
// get it each time because that process crashes a lot
return IPhoneSubInfo.Stub.asInterface(ServiceManager.getService("iphonesubinfo"));
}
而上面私有函数
getSubscriberInfo获取的手机IMSI和IMEI号被硬编码在文件
android_modem.c中:
/* the Android GSM stack checks that the operator's name has changed
* when roaming is on. If not, it will not update the Roaming status icon
*
* this means that we need to emulate two distinct operators:
* - the first one for the 'home' registration state, must also correspond
* to the emulated user's IMEI
*
* - the second one for the 'roaming' registration state, must have a
* different name and MCC/MNC
*/
#define OPERATOR_HOME_INDEX 0
#define OPERATOR_HOME_MCC 310
#define OPERATOR_HOME_MNC 260
#define OPERATOR_HOME_NAME "Android"
#define OPERATOR_HOME_MCCMNC STRINGIFY(OPERATOR_HOME_MCC) \
STRINGIFY(OPERATOR_HOME_MNC)
#define OPERATOR_ROAMING_INDEX 1
#define OPERATOR_ROAMING_MCC 310
#define OPERATOR_ROAMING_MNC 295
#define OPERATOR_ROAMING_NAME "TelKila"
#define OPERATOR_ROAMING_MCCMNC STRINGIFY(OPERATOR_ROAMING_MCC) \
STRINGIFY(OPERATOR_ROAMING_MNC)
/* a function used to deal with a non-trivial request */
typedef const char* (*ResponseHandler)(const char* cmd, AModem modem);
static const struct {
const char* cmd; /* command coming from libreference-ril.so, if first
character is '!', then the rest is a prefix only */
const char* answer; /* default answer, NULL if needs specific handling or
if OK is good enough */
ResponseHandler handler; /* specific handler, ignored if 'answer' is not NULL,
NULL if OK is good enough */
} sDefaultResponses[] =
{
/* see onRadioPowerOn() */
{ "%CPHS=1", NULL, NULL },
{ "%CTZV=1", NULL, NULL },
...
{ "!+VTS=", NULL, handleSetDialTone },
{ "+CIMI", OPERATOR_HOME_MCCMNC "000000000", NULL }, /* request internation subscriber identification number */
{ "+CGSN", "000000000000000", NULL }, /* request model version */
{ "+CUSD=2",NULL, NULL }, /* Cancel USSD */
...
/* end of list */
{NULL, NULL, NULL}
};
因此用UE二进制方式打开emulator-arm.exe 或 emulator-x86.exe,并搜索字符串
"+CGSN"修改为需要的IMEI号;搜索"+CIMI"修改为需要的IMSI号。需要注意的是
IMSI
号的头六个数字"310260"不能修改,否则模拟器无法与网络连接。
例如:
001fc700h: 33 00 41 00 48 00 21 2B 56 54 53 3D 00 2B 43 49 ; 3.A.H.!+VTS=.+CI001fc710h: 4D 49 00 33 31 30 32 36 30 30 30 30 30 30 30 30 ; MI.3102600000000
001fc720h: 30 30 00 2B 43 47 53 4E 00 30 30 30 30 30 30 30 ; 00.+CGSN.0000000
001fc730h: 30 30 30 30 30 30 30 30 00 2B 43 55 53 44 3D 32 ; 00000000.+CUSD=2
附录:
http://blog.codepainters.com/2010/09/06/android-emulator-and-the-sim-card-serial-number/
http://blog.codepainters.com/2009/12/11/android-imei-number-and-the-emulator/
https://www.anywi.com/3g/wiki/AtCommandIccid
AT+CGSN 获取GSM模块的IMEI号(国际移动设备标识)
AT+CIMI 获得ISMI(国际移动签署者标识)
这个是我在老外的博客里翻出来,百度基本找不到,尤其是修改sim卡号(安卓模拟的)和手机号码
用二进制编辑软件打开emulator程序,对应的x86,arm,硬件都是不同的后缀,
寻找sim卡号,模拟器默认的字段98101430121181157002,查询时ascii码选中,安卓模拟器的规则是2个号码为一组,互相换位,比如默认的98101430121181157002,其实sim码是87014103211118510720,要修改成你要的sim码,就先两两换位子再写入。
修改imei,查询 +CGSN,
修改IMSI 查询 +CIMI,模拟器的310260开头不可以改。
修改手机号码 查询515525%d1 同理,手机号码在模拟器里面显示是1555521****,也是两两对换,不过后面四位号码目前不可以改,有检查范围,从5554到5584.改了就无法启动,
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
