MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • # DISCLAIMER #
  • Origin
  • Only Time Use
  • Impact
  • Overview
  • Process
  • Breakdown
  • Current Status
  • Example

Was this helpful?

  1. Software

Tracking Phone

# DISCLAIMER #

The following information could be illegal and very sensitive. If you are by any means a sensitive person, please do not read. If you want to proceed anyway don't say I didn't warn you.

Origin

For a part of my life, I moved for the first time and was afraid of losing my friends. After 2 years I did in fact lose them and when I made new friends I made it where if I needed I could find you. At first, I had in mind evil but eventually, it turned into good as I knew it was illegal to do [well kind of] and only used if 100% necessary.

Only Time Use

I have only used the program once EVER [besides the test]. It was a "normal" day as I was working on the computer and just about to pack up for school when I get a knock on the door. I open it a little thrown off when it is the police. Which went like this

Police: Hello, we have reason that [Person 1] is in danger. Do you know where they are? Me: No not really, who referred to contact me Police: I can't say more than someone in [Town], but [Person 2] said you could help us. Me: Well sure thing, come in and we can boot back up the software.

I load up the computer and launch the software and get a call from my mom who was just notified of the situation. I have the police catch them up on my alternate phone. I get a call from Dad to have other police take that call while I am tracing the phone. I narrow it down and send police in that area to know I am accurate because those dispatched find [Person 1] car. I then pinpoint closer based on longer time tracing to find [Person 1]. After they found [Person 1] everyone left the house and later on during my time out at lunch with my friends I get a call. I get the full story and couldn't believe what actually was happening. A lot of What If.. go through my head but it is ok due to the final result.

Impact

The software saved someone's life as they were going to commit suicide, and I didn't even know it at the time. I won't forget that day and it took me a day to process once I was told the full story.

Overview

It would find the IP of close servers to a phone and triangulate the location based on response time.

Process

The program would send an MX packet to a target phone number as each phone number could have a corresponding email address. A packet with information in the header gives information about the server which is what I am signifying below

Delivered-To: ezekielsmith14007@gmail.com
Received: by 2002:aa7:c993:0:0:0:0:0 with SMTP id c19csp1516712edt;
        Sun, 8 Aug 2021 15:46:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyoAOVPp9jtnyi0W916dzDsTCffQvlzF5d45Fs5ezqjM8tzJ87DMvPfuz43kR7RfyIguzzp
X-Received: by 2002:a92:d483:: with SMTP id p3mr167064ilg.50.1628462776857;
        Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628462776; cv=none;
        d=google.com; s=arc-20160816;
        b=fUNmX3T65km3+kXwftmZGU1v+jdNlrxWHgH9ConFlQYP8jPng8URq0eOQT4XigCj5b
         b7F24jee6QL0jHwWbMSHs3CyjetL0FncvSmXRr2UiwXmTo+G7/I/VIMV7EOtrlv/32YW
         4TsLFz4RjdYrWQaSjpcmEFnUVzRiCevOOY9c22Zgp+PsD1jfjk3KYchDduP+M6bli7ru
         r4eQ17mDADf7wE+ufce9EH3o75ZOKNG0NEf/NYuoX15i1WGzaUBzg9Z1vuHbD6AXXfkB
         uwry4KJo2BzWZkC+vRtAGpWndgDea+8aau92uh7t+BIX0Qw4VyDHEjH96cY5Xy/tY8jd
         UucA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=dkim-signature:mime-version:date:from:to:in-reply-to:message-id;
        bh=sydMyzUCE8MwZdWe16SmWbGQLXGqwGuAe0F4J5eXAfI=;
        b=zqq97C9iB5Ek1l5vCvlOtdjW6as1y9IMeU6UOdD4/TouyOJHMz2zzEWml7TnuHfI75
         kf68z54ObijZple81mOZiKnM2LtFM5KLZNFvyBBGraBvgSqvE/COSChd5n/qpaJPnaY5
         I4kkYhhhFjnK8lgdgZXgWGpgi+vKwmlkuYpbOSv0Pic7rS7p5suk9M5/ZeZJpW8YrWNQ
         PdwpjGLLqKabZw/z7/rspwjwVQhZqh3mvJq8yxDNSOQxnPB/20iHUyyas6K1Xyixfi7p
         KkVHhw0SJC4BVHvv8SibJC6NYM+ItEiqmWw24VDBK6hS0kmLGerfU8cGkU3/quGtykhX
         kw3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mms.att.net header.s=EMG20171113 header.b=FswNGpoq;
       spf=neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) smtp.mailfrom=5555555555@mms.att.net
Return-Path: <5555555555@mms.att.net>
Received: from gate.forward.smtp.ord1c.emailsrvr.com (gate.forward.smtp.ord1c.emailsrvr.com. [108.166.43.128])
        by mx.google.com with ESMTPS id q12si16586335jas.12.2021.08.08.15.46.16
        for <ezekielsmith14007@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
Received-SPF: neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) client-ip=108.166.43.128;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mms.att.net header.s=EMG20171113 header.b=FswNGpoq;
       spf=neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) smtp.mailfrom=5555555555@mms.att.net
Return-Path: <5555555555@mms.att.net>
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: jake@thewardserver.com
X-Originating-Ip: [166.216.152.40]
Authentication-Results: smtp19.gate.ord1c.rsapps.net; iprev=pass policy.iprev="166.216.152.40"; spf=pass smtp.mailfrom="55555555555@mms.att.net" smtp.helo="stcceg-mtmta04.wnsnet.attws.com"; dkim=pass header.d=mms.att.net; dmarc=none (p=nil; dis=none) header.from=mms.att.net
X-Suspicious-Flag: NO
X-Classification-ID: 70385464-f89a-11eb-b6f9-bc305bf036e4-1-1
Received: from [166.216.152.40] ([166.216.152.40:43175] helo=stcceg-mtmta04.wnsnet.attws.com) by smtp19.gate.ord1c.rsapps.net (envelope-from <5555555555@mms.att.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES128-SHA) id 8E/33-30853-7BE50116; Sun, 08 Aug 2021 18:46:15 -0400
Received: from ZAKR1BMMSC01NFE002.wnsnet.attws.com ([107.79.70.27]) by stcceg-mtmta04.wnsnet.attws.com with bizsmtp id f7sG2500m0bJV4j01AmFAm; Sun, 08 Aug 2021 17:46:15 -0500
Message-ID: <f7sG2500m0bJV4j01AmFAm@txt.att.net>
In-Reply-To: 730187161.42157016.1628462775442.JavaMail.nems@ZAKR1BMMSC01NFE002
X-Mms-Message-Type: m-send-req
X-Mms-Transaction-Id: 1628462773-2
X-Mms-MMS-Version: 1.2
To: jake@thewardserver.com
From: 5555555555@mms.att.net
Date: Sun, 8 Aug 2021 22:46:15 +0000 (UTC)
X-Mms-Sender-Visibility: Show
Content-Type: multipart/mixed; boundary="----=_Part_42157015_1530013835.1628462775441"
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mms.att.net; s=EMG20171113; t=1628462775; bh=sydMyzUCE8MwZdWe16SmWbGQLXGqwGuAe0F4J5eXAfI=; h=In-Reply-To:To:From:Date; b=FswNGpoq+rxOG3+IluSwroD8x2EDZsYHSCT0OzM+Nrj4Q3Bk+J3CDW5+Drake4xyi
	 BPBIyeoRl9hw6a1ST401rBEuefzKEvN6UdcYrtLmXw9dVvJ9O4yG6PROkRrSAJ2dRk
	 N3dbtt5tmqHr8rgzq4ubGSkToWM1thPSr+Eh+z12JL5Srk5SOKnck+AKKqY5YYoyiX
	 ZSPcastJI0aapdclWgeEin3hFU1+HFZy/JY1srXJgTdda4JYQQMk5OeICl9ziMW6Fh
	 TM6BXHJ2Gq5jVLGU3UyFSSy5XLNh1wlK8W+bFzaEstXW42V1OJcQqa+ecXKCzdK5h0
	 H7xZYD/6CkVPw==

Sending 10 packets would get a good set of times and various close DNS servers that the packet made through before making it to the phone.

With the location and time [strength] of each response, we can calculate the phone location by triangulation

Breakdown

So if you don't know all these technologies right now it is an oh fuck moment. So back from the beginning.

When sending this it would look like this from a protocol standpoint

In my program, we are focusing on the target server right before it switches protocols.

The response would look like above which removing some information as from the time I wrote the program improvements have been made to this process. (I wrote it 5 years or so ago)

Delivered-To: ezekielsmith14007@gmail.com
Received: by 2002:aa7:c993:0:0:0:0:0 with SMTP id c19csp1516712edt;
        Sun, 8 Aug 2021 15:46:17 -0700 (PDT)
X-Received: by 2002:a92:d483:: with SMTP id p3mr167064ilg.50.1628462776857;
        Sun, 08 Aug 2021 15:46:16 -0700 (PDT)
Return-Path: <5555555555@mms.att.net>
Received-SPF: neutral (google.com: 108.166.43.128 is neither permitted nor denied by domain of 5555555555@mms.att.net) client-ip=108.166.43.128;
Return-Path: <5555555555@mms.att.net>
X-Orig-To: jake@thewardserver.com
X-Originating-Ip: [166.216.152.40]
Authentication-Results: smtp19.gate.ord1c.rsapps.net; iprev=pass policy.iprev="166.216.152.40"; 
        spf=pass smtp.mailfrom="5555555555@mms.att.net" smtp.helo="stcceg-mtmta04.wnsnet.attws.com"; 
        dkim=pass header.d=mms.att.net; dmarc=none (p=nil; dis=none) header.from=mms.att.net
Received: from [166.216.152.40] ([166.216.152.40:43175] helo=stcceg-mtmta04.wnsnet.attws.com) by smtp19.gate.ord1c.rsapps.net 
        (envelope-from <5555555555@mms.att.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES128-SHA) 
        id 8E/33-30853-7BE50116; Sun, 08 Aug 2021 18:46:15 -0400
Received: from ZAKR1BMMSC01NFE002.wnsnet.attws.com ([107.79.70.27]) by stcceg-mtmta04.wnsnet.attws.com with bizsmtp 
        id f7sG2500m0bJV4j01AmFAm; Sun, 08 Aug 2021 17:46:15 -0500
To: jake@thewardserver.com
From: 5555555555@mms.att.net
Date: Sun, 8 Aug 2021 22:46:15 +0000 (UTC)
X-Mms-Sender-Visibility: hidden

From this data, we can grab the different IP of servers nearby which using some IP tracking software get Longitude and Latitude location which repeating this process gives more accuracy

Current Status

Due to Anycast in DNS, this method does not work anymore. I can still get the IP address, but it is not going to be accurate. The IP address for the google servers are all the same so I could be getting the same IP address but different servers.

Example

So run through the program we send 10 packets. And receive [x packets] from [address] [average response time] 5 from 2.2.2.2 4.2 ms 1 from 2.2.2.3 5 ms 2 from 3.3.2.1 4.5 ms 2 from 3.3.4.4 7.5 ms

From this, we could draw a rough draft of what the program things it would be doing

This could be the case if there are less servers, but nowadays, 6 years later it would most likely look more like this

Which is significantly different. We still get a rough area but we are considering in this grid that the time is also average so it could also be a little skewed. For the most part, it was a good algorithm until a lot more of it changed.

PreviousTOBIASNextImage Compression

Last updated 3 years ago

Was this helpful?

Using python I sent a packet with the From and To. From was my email and To was the target phone. I used the translation by searching . More specifically it is the phone number in my example I use 555-555-5555 and the knowledge of the target phone is using AT&T.

emailing a phone