The following information could be illegal and very sensitive. If you are by any means a sensitive person, please do not read. If you want to proceed anyway don't say I didn't warn you.
Origin
For a part of my life, I moved for the first time and was afraid of losing my friends. After 2 years I did in fact lose them and when I made new friends I made it where if I needed I could find you. At first, I had in mind evil but eventually, it turned into good as I knew it was illegal to do [well kind of] and only used if 100% necessary.
Only Time Use
I have only used the program once EVER [besides the test]. It was a "normal" day as I was working on the computer and just about to pack up for school when I get a knock on the door. I open it a little thrown off when it is the police. Which went like this
Police: Hello, we have reason that [Person 1] is in danger. Do you know where they are?
Me: No not really, who referred to contact me
Police: I can't say more than someone in [Town], but [Person 2] said you could help us.
Me: Well sure thing, come in and we can boot back up the software.
I load up the computer and launch the software and get a call from my mom who was just notified of the situation. I have the police catch them up on my alternate phone. I get a call from Dad to have other police take that call while I am tracing the phone. I narrow it down and send police in that area to know I am accurate because those dispatched find [Person 1] car. I then pinpoint closer based on longer time tracing to find [Person 1]. After they found [Person 1] everyone left the house and later on during my time out at lunch with my friends I get a call. I get the full story and couldn't believe what actually was happening. A lot of What If.. go through my head but it is ok due to the final result.
Impact
The software saved someone's life as they were going to commit suicide, and I didn't even know it at the time. I won't forget that day and it took me a day to process once I was told the full story.
Overview
It would find the IP of close servers to a phone and triangulate the location based on response time.
Process
The program would send an MX packet to a target phone number as each phone number could have a corresponding email address.
A packet with information in the header gives information about the server which is what I am signifying below
Delivered-To: ezekielsmith14007@gmail.com
Received: by 2002:aa7:c993:0:0:0:0:0 with SMTP id c19csp1516712edt;
Sun, 8 Aug 2021 15:46:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyoAOVPp9jtnyi0W916dzDsTCffQvlzF5d45Fs5ezqjM8tzJ87DMvPfuz43kR7RfyIguzzp
X-Received: by 2002:a92:d483:: with SMTP id p3mr167064ilg.50.1628462776857;
Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628462776; cv=none;
d=google.com; s=arc-20160816;
b=fUNmX3T65km3+kXwftmZGU1v+jdNlrxWHgH9ConFlQYP8jPng8URq0eOQT4XigCj5b
b7F24jee6QL0jHwWbMSHs3CyjetL0FncvSmXRr2UiwXmTo+G7/I/VIMV7EOtrlv/32YW
4TsLFz4RjdYrWQaSjpcmEFnUVzRiCevOOY9c22Zgp+PsD1jfjk3KYchDduP+M6bli7ru
r4eQ17mDADf7wE+ufce9EH3o75ZOKNG0NEf/NYuoX15i1WGzaUBzg9Z1vuHbD6AXXfkB
uwry4KJo2BzWZkC+vRtAGpWndgDea+8aau92uh7t+BIX0Qw4VyDHEjH96cY5Xy/tY8jd
UucA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=dkim-signature:mime-version:date:from:to:in-reply-to:message-id;
bh=sydMyzUCE8MwZdWe16SmWbGQLXGqwGuAe0F4J5eXAfI=;
b=zqq97C9iB5Ek1l5vCvlOtdjW6as1y9IMeU6UOdD4/TouyOJHMz2zzEWml7TnuHfI75
kf68z54ObijZple81mOZiKnM2LtFM5KLZNFvyBBGraBvgSqvE/COSChd5n/qpaJPnaY5
I4kkYhhhFjnK8lgdgZXgWGpgi+vKwmlkuYpbOSv0Pic7rS7p5suk9M5/ZeZJpW8YrWNQ
PdwpjGLLqKabZw/z7/rspwjwVQhZqh3mvJq8yxDNSOQxnPB/20iHUyyas6K1Xyixfi7p
KkVHhw0SJC4BVHvv8SibJC6NYM+ItEiqmWw24VDBK6hS0kmLGerfU8cGkU3/quGtykhX
kw3Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@mms.att.net header.s=EMG20171113 header.b=FswNGpoq;
spf=neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) smtp.mailfrom=5555555555@mms.att.net
Return-Path: <5555555555@mms.att.net>
Received: from gate.forward.smtp.ord1c.emailsrvr.com (gate.forward.smtp.ord1c.emailsrvr.com. [108.166.43.128])
by mx.google.com with ESMTPS id q12si16586335jas.12.2021.08.08.15.46.16
for <ezekielsmith14007@gmail.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
Received-SPF: neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) client-ip=108.166.43.128;
Authentication-Results: mx.google.com;
dkim=pass header.i=@mms.att.net header.s=EMG20171113 header.b=FswNGpoq;
spf=neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) smtp.mailfrom=5555555555@mms.att.net
Return-Path: <5555555555@mms.att.net>
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: jake@thewardserver.com
X-Originating-Ip: [166.216.152.40]
Authentication-Results: smtp19.gate.ord1c.rsapps.net; iprev=pass policy.iprev="166.216.152.40"; spf=pass smtp.mailfrom="55555555555@mms.att.net" smtp.helo="stcceg-mtmta04.wnsnet.attws.com"; dkim=pass header.d=mms.att.net; dmarc=none (p=nil; dis=none) header.from=mms.att.net
X-Suspicious-Flag: NO
X-Classification-ID: 70385464-f89a-11eb-b6f9-bc305bf036e4-1-1
Received: from [166.216.152.40] ([166.216.152.40:43175] helo=stcceg-mtmta04.wnsnet.attws.com) by smtp19.gate.ord1c.rsapps.net (envelope-from <5555555555@mms.att.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES128-SHA) id 8E/33-30853-7BE50116; Sun, 08 Aug 2021 18:46:15 -0400
Received: from ZAKR1BMMSC01NFE002.wnsnet.attws.com ([107.79.70.27]) by stcceg-mtmta04.wnsnet.attws.com with bizsmtp id f7sG2500m0bJV4j01AmFAm; Sun, 08 Aug 2021 17:46:15 -0500
Message-ID: <f7sG2500m0bJV4j01AmFAm@txt.att.net>
In-Reply-To: 730187161.42157016.1628462775442.JavaMail.nems@ZAKR1BMMSC01NFE002
X-Mms-Message-Type: m-send-req
X-Mms-Transaction-Id: 1628462773-2
X-Mms-MMS-Version: 1.2
To: jake@thewardserver.com
From: 5555555555@mms.att.net
Date: Sun, 8 Aug 2021 22:46:15 +0000 (UTC)
X-Mms-Sender-Visibility: Show
Content-Type: multipart/mixed; boundary="----=_Part_42157015_1530013835.1628462775441"
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mms.att.net; s=EMG20171113; t=1628462775; bh=sydMyzUCE8MwZdWe16SmWbGQLXGqwGuAe0F4J5eXAfI=; h=In-Reply-To:To:From:Date; b=FswNGpoq+rxOG3+IluSwroD8x2EDZsYHSCT0OzM+Nrj4Q3Bk+J3CDW5+Drake4xyi
BPBIyeoRl9hw6a1ST401rBEuefzKEvN6UdcYrtLmXw9dVvJ9O4yG6PROkRrSAJ2dRk
N3dbtt5tmqHr8rgzq4ubGSkToWM1thPSr+Eh+z12JL5Srk5SOKnck+AKKqY5YYoyiX
ZSPcastJI0aapdclWgeEin3hFU1+HFZy/JY1srXJgTdda4JYQQMk5OeICl9ziMW6Fh
TM6BXHJ2Gq5jVLGU3UyFSSy5XLNh1wlK8W+bFzaEstXW42V1OJcQqa+ecXKCzdK5h0
H7xZYD/6CkVPw==
Sending 10 packets would get a good set of times and various close DNS servers that the packet made through before making it to the phone.
With the location and time [strength] of each response, we can calculate the phone location by triangulation
Breakdown
So if you don't know all these technologies right now it is an oh fuck moment. So back from the beginning.
Using python I sent a packet with the From and To. From was my email and To was the target phone. I used the translation by searching emailing a phone. More specifically it is the phone number in my example I use 555-555-5555 and the knowledge of the target phone is using AT&T.
When sending this it would look like this from a protocol standpoint
In my program, we are focusing on the target server right before it switches protocols.
The response would look like above which removing some information as from the time I wrote the program improvements have been made to this process. (I wrote it 5 years or so ago)
Delivered-To: ezekielsmith14007@gmail.com
Received: by 2002:aa7:c993:0:0:0:0:0 with SMTP id c19csp1516712edt;
Sun, 8 Aug 2021 15:46:17 -0700 (PDT)
X-Received: by 2002:a92:d483:: with SMTP id p3mr167064ilg.50.1628462776857;
Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
Return-Path: <5555555555@mms.att.net>
Received-SPF: neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) client-ip=108.166.43.128;
Return-Path: <5555555555@mms.att.net>
X-Orig-To: jake@thewardserver.com
X-Originating-Ip: [166.216.152.40]
Authentication-Results: smtp19.gate.ord1c.rsapps.net; iprev=pass policy.iprev="166.216.152.40";
spf=pass smtp.mailfrom="5555555555@mms.att.net" smtp.helo="stcceg-mtmta04.wnsnet.attws.com";
dkim=pass header.d=mms.att.net; dmarc=none (p=nil; dis=none) header.from=mms.att.net
Received: from [166.216.152.40] ([166.216.152.40:43175] helo=stcceg-mtmta04.wnsnet.attws.com) by smtp19.gate.ord1c.rsapps.net
(envelope-from <5555555555@mms.att.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES128-SHA)
id 8E/33-30853-7BE50116; Sun, 08 Aug 2021 18:46:15 -0400
Received: from ZAKR1BMMSC01NFE002.wnsnet.attws.com ([107.79.70.27]) by stcceg-mtmta04.wnsnet.attws.com with bizsmtp
id f7sG2500m0bJV4j01AmFAm; Sun, 08 Aug 2021 17:46:15 -0500
To: jake@thewardserver.com
From: 5555555555@mms.att.net
Date: Sun, 8 Aug 2021 22:46:15 +0000 (UTC)
X-Mms-Sender-Visibility: hidden
From this data, we can grab the different IP of servers nearby which using some IP tracking software get Longitude and Latitude location which repeating this process gives more accuracy
Current Status
Due to Anycast in DNS, this method does not work anymore. I can still get the IP address, but it is not going to be accurate. The IP address for the google servers are all the same so I could be getting the same IP address but different servers.
Example
So run through the program we send 10 packets. And receive
[x packets] from [address] [average response time]
5 from 2.2.2.2 4.2 ms
1 from 2.2.2.3 5 ms
2 from 3.3.2.1 4.5 ms
2 from 3.3.4.4 7.5 ms
From this, we could draw a rough draft of what the program things it would be doing
This could be the case if there are less servers, but nowadays, 6 years later it would most likely look more like this
Which is significantly different. We still get a rough area but we are considering in this grid that the time is also average so it could also be a little skewed. For the most part, it was a good algorithm until a lot more of it changed.
