Skip to content

Instantly share code, notes, and snippets.

@zr0n

zr0n/spoof_didi.js

Last active January 6, 2026 00:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save zr0n/724b35e1a02e92c19ac4db4aa55b0e6f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save zr0n/724b35e1a02e92c19ac4db4aa55b0e6f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
spoof_didi.js
Java.perform(function() {
var ByteArrayOutputStream = Java.use('java.io.ByteArrayOutputStream');
var InputStreamReader = Java.use('java.io.InputStreamReader');
var BufferedReader = Java.use('java.io.BufferedReader');
var StringBuilder = Java.use('java.lang.StringBuilder');
var HttpURLConnection = Java.use('java.net.HttpURLConnection');
HttpURLConnection.getOutputStream.implementation = function() {
var outputStream = this.getOutputStream();
var method = this.getRequestMethod();
if (method.toUpperCase() === "POST") {
var os = ByteArrayOutputStream.$new();
var buffer = Java.array('byte', [128]);
var bytesRead;
var connection = this;
Java.scheduleOnMainThread(function() {
try {
var url = connection.getURL().toString();
if (url.indexOf('risk_newton_sdk_config_get_v3') !== -1) {
var originalBytes = os.toByteArray();
var originalBody = String(Java.use('java.lang.String').$new(originalBytes));
var newUid = (Math.random() * 1000000000).toString().split('.')[0];
var newTimestamp = Date.now().toString();
var modifiedBody = originalBody
.replace(/"uid":"-1"/, '"uid":"' + newUid + '"')
.replace(/"uid":"[^"]*"/, '"uid":"' + newUid + '"')
.replace(/"brand":"[^"]*"/, '"brand":"Samsung"')
.replace(/"model":"[^"]*"/, '"model":"SM-G973F"')
.replace(/"timestamp":"[^"]*"/, '"timestamp":"' + newTimestamp + '"')
.replace(/"osversion":"[^"]*"/, '"osversion":"10"')
.replace(/"arch":"[^"]*"/, '"arch":"armeabi-v7a"');
outputStream.write(modifiedBody.getBytes());
outputStream.flush();
}
} catch(e) {}
});
}
return outputStream;
};
var RequestBuilder = Java.use('okhttp3.Request$Builder');
if (RequestBuilder) {
RequestBuilder.build.implementation = function() {
var request = this.build();
var url = request.url().toString();
if (url.indexOf('risk_newton_sdk_config_get_v3') !== -1) {
var newUid = (Math.random() * 1000000000).toString().split('.')[0];
var newTimestamp = Date.now().toString();
var newRequest = request.newBuilder()
.header('wsgsig', 'mocked_signature_' + newUid)
.header('User-Agent', 'Dalvik/2.1.0 (Linux; U; Android 10; SM-G973F Build/TP1A)')
.build();
return newRequest;
}
return request;
};
}
});
Raw
spoof_didi2.js
Java.perform(function() {
var String = Java.use('java.lang.String');
setImmediate(function() {
Java.choose('com.didi.security.dynamic.utils.SecurityUtils', {
onMatch: function(instance) {
var getUidMethod = instance.getClass().getDeclaredMethod('getUid');
if (getUidMethod) {
getUidMethod.setAccessible(true);
getUidMethod.invoke = function() {
return (Math.random() * 1000000000).toString().split('.')[0];
};
}
},
onComplete: function() {}
});
});
var System = Java.use('java.lang.System');
System.currentTimeMillis.implementation = function() {
var original = System.currentTimeMillis();
return original + (Math.random() * 10000);
};
var Build = Java.use('android.os.Build');
Build.BRAND.value = "Samsung";
Build.MODEL.value = "SM-G973F";
Build.VERSION.RELEASE.value = "10";
Build.SUPPORTED_ABIS.value = Java.array('java.lang.String', ['armeabi-v7a', 'armeabi']);
var SettingsSecure = Java.use('android.provider.Settings$Secure');
var AndroidId = Java.use('android.provider.Settings$Secure').getString;
AndroidId.implementation = function(contentResolver, name) {
if (name === "android_id") {
return "0000000000000000";
}
return AndroidId.call(this, contentResolver, name);
};
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment