We are preparing the Yandex-cards: “You have been eavesdropped, and you are here peeping.” Wi-fi access point information is used to determine the location
This article is to a large extent not at all about Yandex cards, but about the method of eavesdropping traffic on symbian 9.So, I did not find any sniffers for 9 Simba, however, the sharp
Experimental Technology
At first I decided to chop everything under the root, that is, under the DNS.
Namely: register in your MTS-Internet connection properties your left DNS, which will give the same IP to all hosts with a proxy and sniffer.
But in the process of registering left resolvers a pleasant surprise was waiting for me, I came across the opportunity to directly register a proxy, which I gladly did.
Since my IP is white, the procedure for setting up a proxy and a sniffer did not take much time and did not require third-party servers, but was reduced only to transferring ports from the access point to the laptop.
Freeproxy was chosen as a proxy, and wireshark was chosen as a sniffer.
')
Freeproxy suddenly turned out to be not at all complicated, the whole procedure was reduced to the registration of the desired port and “from any to any” and did not even require opening the help.
Transmitted data
So, let's begin.
Immediately after the start, the program sends everything about the device
GET /startup?app_version=370&app_platform=s60v3&screen_w=240&screen_h=320&manufacturer=Nokia&model=E52-1&utf&uuid=222afe80620551cf7f03f33f44e28ba0&clid=43593 HTTP/1.1\r\nWhat gets the answer
<? xml version ="1.0" encoding ="UTF-8" ? >
< startup >
< wap_warning > 0 </ wap_warning >
< app cur_app_version ="347" min_app_version ="200" > m.ya.ru/download/maps/update-mts/yandexmaps-s60v3.sisx </ app >
< changelog >
</ changelog >
< hellostr timeout ="5" ></ hellostr >
< ui_actions_log events ="0,1,4,5,6,7,8,9" > 1 </ ui_actions_log >
< banner timeout ="5" url_text ="" phone_text ="" action_url ="" action_phone ="" call_warning ="" call_counter ="" banner_timeout ="32000" user_inactive ="32000" first_timeout ="32000" ></ banner >< maps_updated > 1249254602 </ maps_updated >
< uuid > 222afe80620551cf7f03f33f44e28ba0 </ uuid >
< operator ></ operator >
< maps min_map_version ="1" cur_map_version ="5" >
< changes version ="5" > { } </ changes >
< changes version ="1" ></ changes >
</ maps >
< openpos lat ="55.454039" lon ="37.3190485" zoomid ="12" success ="0" />< query_hosts >< host type ="default" > mts.mobile-partners.maps.yandex.net </ host ></ query_hosts >< objectshowintervals >< interval object ="semaphores" min_zoom ="7" max_zoom ="17" />< interval object ="userpoi" min_zoom ="10" max_zoom ="17" />< interval object ="scaleline" min_zoom ="5" max_zoom ="17" /></ objectshowintervals ></ startup >
* This source code was highlighted with Source Code Highlighter .
<? xml version ="1.0" encoding ="UTF-8" ? >
< startup >
< wap_warning > 0 </ wap_warning >
< app cur_app_version ="347" min_app_version ="200" > m.ya.ru/download/maps/update-mts/yandexmaps-s60v3.sisx </ app >
< changelog >
</ changelog >
< hellostr timeout ="5" ></ hellostr >
< ui_actions_log events ="0,1,4,5,6,7,8,9" > 1 </ ui_actions_log >
< banner timeout ="5" url_text ="" phone_text ="" action_url ="" action_phone ="" call_warning ="" call_counter ="" banner_timeout ="32000" user_inactive ="32000" first_timeout ="32000" ></ banner >< maps_updated > 1249254602 </ maps_updated >
< uuid > 222afe80620551cf7f03f33f44e28ba0 </ uuid >
< operator ></ operator >
< maps min_map_version ="1" cur_map_version ="5" >
< changes version ="5" > { } </ changes >
< changes version ="1" ></ changes >
</ maps >
< openpos lat ="55.454039" lon ="37.3190485" zoomid ="12" success ="0" />< query_hosts >< host type ="default" > mts.mobile-partners.maps.yandex.net </ host ></ query_hosts >< objectshowintervals >< interval object ="semaphores" min_zoom ="7" max_zoom ="17" />< interval object ="userpoi" min_zoom ="10" max_zoom ="17" />< interval object ="scaleline" min_zoom ="5" max_zoom ="17" /></ objectshowintervals ></ startup >
* This source code was highlighted with Source Code Highlighter .
<? xml version ="1.0" encoding ="UTF-8" ? >
< startup >
< wap_warning > 0 </ wap_warning >
< app cur_app_version ="347" min_app_version ="200" > m.ya.ru/download/maps/update-mts/yandexmaps-s60v3.sisx </ app >
< changelog >
</ changelog >
< hellostr timeout ="5" ></ hellostr >
< ui_actions_log events ="0,1,4,5,6,7,8,9" > 1 </ ui_actions_log >
< banner timeout ="5" url_text ="" phone_text ="" action_url ="" action_phone ="" call_warning ="" call_counter ="" banner_timeout ="32000" user_inactive ="32000" first_timeout ="32000" ></ banner >< maps_updated > 1249254602 </ maps_updated >
< uuid > 222afe80620551cf7f03f33f44e28ba0 </ uuid >
< operator ></ operator >
< maps min_map_version ="1" cur_map_version ="5" >
< changes version ="5" > { } </ changes >
< changes version ="1" ></ changes >
</ maps >
< openpos lat ="55.454039" lon ="37.3190485" zoomid ="12" success ="0" />< query_hosts >< host type ="default" > mts.mobile-partners.maps.yandex.net </ host ></ query_hosts >< objectshowintervals >< interval object ="semaphores" min_zoom ="7" max_zoom ="17" />< interval object ="userpoi" min_zoom ="10" max_zoom ="17" />< interval object ="scaleline" min_zoom ="5" max_zoom ="17" /></ objectshowintervals ></ startup >
* This source code was highlighted with Source Code Highlighter .
The answer contains: information about the application version and a link to its download, information about changing the map, the server, the coordinates on which the application was closed last time.
So far, nothing interesting.
Further:
GET /cellid_location/?lac=6315&cellid=54105&operatorid=01&countrycode=250&signalstrength=83&wifinetworks=0022B03EE503:-83,0022158EBB72:-43,0022154880FF:-75,0016B6AC649B:-91,00221548159C:-89&uuid=222afe80620551cf7f03f33f44e28ba0 HTTP/1.1\\r\\nAnd here the application sends nothing more than the MAC of the nearest access points.
// "for the sake of this line everything else was written"
What are the long-awaited coordinates
<? xml version ="1.0" encoding ="UTF-8" ? >
< location source ="FoundByWifi" >
< coordinates latitude ="55.4490813" longitude ="37.1869310" nlatitude ="55.5499704" nlongitude ="37.1885115" />
</ location >
* This source code was highlighted with Source Code Highlighter .
<? xml version ="1.0" encoding ="UTF-8" ? >
< location source ="FoundByWifi" >
< coordinates latitude ="55.4490813" longitude ="37.1869310" nlatitude ="55.5499704" nlongitude ="37.1885115" />
</ location >
* This source code was highlighted with Source Code Highlighter .
<? xml version ="1.0" encoding ="UTF-8" ? >
< location source ="FoundByWifi" >
< coordinates latitude ="55.4490813" longitude ="37.1869310" nlatitude ="55.5499704" nlongitude ="37.1885115" />
</ location >
* This source code was highlighted with Source Code Highlighter .
See the source of their receipt, and the coordinates themselves.
Further categories of badges are requested (repair work and accidents in the vicinity of the user).
GET /userpoi/getcatlist?uuid=222afe80620551cf7f03f33f44e28ba0&ver=1 HTTP/1.1\\r\\n
<? xml version ="1.0" encoding ="windows-1251" ? >< catlist iconsversion ="10" count ="6" > < cat idx ="0" name ="" default_show ="1" editable ="1" ></ cat >< cat idx ="1" name =" " default_show ="1" editable ="1" ></ cat >< cat idx ="2" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="3" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="4" name ="" default_show ="0" editable ="0" ></ cat >< cat idx ="5" name =" " default_show ="0" editable ="0" ></ cat ></ catlist >
* This source code was highlighted with Source Code Highlighter .
GET /userpoi/getcatlist?uuid=222afe80620551cf7f03f33f44e28ba0&ver=1 HTTP/1.1\\r\\n
<? xml version ="1.0" encoding ="windows-1251" ? >< catlist iconsversion ="10" count ="6" > < cat idx ="0" name ="" default_show ="1" editable ="1" ></ cat >< cat idx ="1" name =" " default_show ="1" editable ="1" ></ cat >< cat idx ="2" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="3" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="4" name ="" default_show ="0" editable ="0" ></ cat >< cat idx ="5" name =" " default_show ="0" editable ="0" ></ cat ></ catlist >
* This source code was highlighted with Source Code Highlighter .
GET /userpoi/getcatlist?uuid=222afe80620551cf7f03f33f44e28ba0&ver=1 HTTP/1.1\\r\\n
<? xml version ="1.0" encoding ="windows-1251" ? >< catlist iconsversion ="10" count ="6" > < cat idx ="0" name ="" default_show ="1" editable ="1" ></ cat >< cat idx ="1" name =" " default_show ="1" editable ="1" ></ cat >< cat idx ="2" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="3" name ="" default_show ="0" editable ="1" ></ cat >< cat idx ="4" name ="" default_show ="0" editable ="0" ></ cat >< cat idx ="5" name =" " default_show ="0" editable ="0" ></ cat ></ catlist >
* This source code was highlighted with Source Code Highlighter .
Then there is the sending of a misunderstood scrambled packet. Apparently the way, the answer is not interesting. error = 0
(Chat/Sequence): POST /uiactionslog HTTP/1.1\r\nFurther information exchange turns into something completely non-informative.
Sending coordinates> OK> POI request> POI> sending statistics (speed coordinates)> OK> POI request> ...
Well, sometimes loaded sections of the map.
Actually in the rest:
- Yandex collects wifi data and uses it to determine its location.
- Learn how to determine your position on the operator's BS failed, can the position is determined not at all by the BS?
- There were also questions.
Questions:
How to simulate a phone with a SIM card inserted or listen to traffic on a sim or phone with java?
How to use, and most importantly, receive data about the BS?
Where is knocking applications to convert information about the BS in the coordinates?
Hope to hear interesting questions and even more interesting answers.
Source: https://habr.com/ru/post/102332/
All Articles