Β π How to Bypass Geo Restrictions in Android Apps and Games
π Background:
In Android apps and games, geo-related information is commonly retrieved via TelephonyManager methods such as:
β getNetworkOperatorName() / getSimOperatorName() β Operator/Carrier Name (e.g., βAT&Tβ)
β getNetworkOperator() / getSimOperator() β PLMN (MCC+MNC, e.g., β310410β)
β getNetworkCountryIso() / getSimCountryIso() β Country ISO code (e.g., βUSβ)
π TelephonyManager API:
https://developer.android.com/reference/android/telephony/TelephonyManager
At the smali level we can patch the code right after the invoke-virtual call and the move-result-object so that the register that received the string result is overwritten with a fixed string (dummy/fake values). Below are example regex searches and the replacement snippets to inject constant strings.
π οΈ Smali Patching Instructions
1οΈβ£ Spoofing Carrier Name
π Search Pattern (Regex):
(invoke-virtuals{(?:[pv]d+)},sLandroid/telephony/TelephonyManager;->get(?:Network|Sim)OperatorName()Ljava/lang/String;n(?:s(?:[.#][^n])?n)smove-result-objects([pv]d+))(?:nnsconst-strings2,s".")?
βοΈ R eplace With:
$1nn
tconst-string $2, "AT&T"
This
overrides the result of getNetworkOperatorName() or getSimOperatorName() with a hardcoded carrier name.
2οΈβ£ Spoofing PLMN (MCC+MNC)
π Search Pattern (Regex):
(invok
e-virtuals{(?:[pv]d+)},sLandroid/telephony/TelephonyManager;->get(?:Network|Sim)Operator()Ljava/lang/String;n(?:s(?:[.#][^n])?n)smove-result-objects([pv]d+))(?:nnsconst-strings2,s".")?
βοΈ Replace With:
$1nntcons
t-string $2, "310410"
This sets
the MCC+MNC code to β310410β³ (AT&T USA).
3οΈβ£ Spoofing Country ISO
π Search Pattern (Regex):
(invoke-virt
uals{(?:[pv]d+)},sLandroid/telephony/TelephonyManager;->get(?:Network|Sim)CountryIso()Ljava/lang/String;n(?:s(?:[.#][^n])?n)smove-result-objects([pv]d+))(?:nnsconst-strings2,s".")?
βοΈ Replace With: $1nntconst-stri
ng $2, "US"
This forces the
app to believe the device is located in the United States.
π§ Why These Regex Patterns Are Powerful
These regexes are designed with advanced smali parsing in mind. Hereβs what makes them robust and reliable:
1. β Comprehensive Matching: They capture all possible TelephonyManager calls, even if debug directives, annotations, or comments are present or absent.
2. π Multi-line Resilience: Whether debug info appears single line or across multiple lines, the regex still matches accurately without breaking.
3. π Safe Reapplication: You can apply these regexes repeatedly without stacking duplicate replacements or injecting dummy code fragments.
π Notes:
1. Because this modifies smali code (dex disassembly), it will not work if the app uses native code, runtime-decrypted strings, or has tamper-proofing/encryption/packing that prevents straightforward smali patching.
2. This technique changes only the returned string values at the smali level. It does not handle other checks the app may make (e.g., location APIs, server-side verification, or other device identifiers).
3. To obtain MCC+MNC codes, you can check out the following resources.
β π Website:
https://mcc-mnc.net β A comprehensive database of Mobile Country Codes (MCC) and Mobile Network Codes (MNC).
β π¦ GitHub Repository:
https://github.com/P1sec/MCCMNC β An open-source collection of MCC/MNC data maintained by the community.
βββββββββββββββββββ
π£ Main Channel: @TDOhex
π±Second Channel: @AndroidPatches
π¬ Discussion Group: @TDOhexDiscussion
βββββββββββββββββββ
Β Candace Owens, Ian Carroll & Myron Gaines Absolutely Demolish Rabbi's 'Israel Never Attacks First' Claim…
Β Endless Israeli terrorism: "Several people were injured after Israeli drones launched two missiles at a…
Β VIDEO | Jewish settlers are attempting to set fire to residents' homes in the occupied…
Β VIDEO | US President Donald Trump shared an AI-generated video on his Truth Social account…
Β π¨New: JudicialWatch Out With a Bombshell in their Thomas Crooks FOIA Fight. Records from July…
Β Report: Trump Tells Aides He May Restart Full-Scale Bombing Against Iran If US Troops Are…
This website uses cookies.