We are preparing Yandex cards: "They put you to eavesdrop, and you are peeping here." Wi-fi hotspot information used to determine location

    This article is mostly not about Yandex maps, but about the method of wiretapping traffic on symbian 9.
    So, I didn’t find sniffers for 9 sims, but there was a sharp sew .... I didn’t leave the desire to dig into location technology without GPS .

    Experiment technology


    At first I decided to chop everything down to the root, i.e. under DNS.
    Namely: register your left DNS in the properties of the MTS-Internet connection, which will give the same IP with a proxy and sniffer to all hosts.
    But in the process of registering the left resolvers, a pleasant surprise awaited me, I came across the opportunity to directly register proxies, which I gladly did.

    Since I have white IP, the proxy and sniffer setup procedure did not take a lot of time and did not require third-party servers, but came down to only port transfer from the access point to the laptop. Freeproxy

    was chosen as a proxy , and wireshark was chosen as a sniffer .

    Freeproxy suddenly turned out to be not at all complicated, the whole procedure was reduced to registering the desired port and “from any to any” and did not even require opening a help.

    Transmitted data


    So, let's begin.

    Immediately after the start, the program sends everything about the device.
    GET /startup?app_version=370&app_platform=s60v3&screen_w=240&screen_h=320&manufacturer=Nokia&model=E52-1&utf&uuid=222afe80620551cf7f03f33f44e28ba0&clid=43593 HTTP/1.1\r\n
    To which it receives an answer. The response contains: information about the application version and a link to its download, information about changing the map, server, the coordinates on which the application was closed last time. Nothing interesting so far. Further: And here the application sends nothing but the MAC of the nearest access points. // “for the sake of this line, everything else was written” What come the long-awaited coordinates The source of their receipt is visible, and the coordinates themselves. Next, categories of icons are requested (repair work and accident in the vicinity of the user). Then comes the sending of an incomprehensible cryptographic bundle. Apparently the way, the answer is not interesting. error = 0



    0
    m.ya.ru/download/maps/update-mts/yandexmaps-s60v3.sisx



    1
    1249254602
    222afe80620551cf7f03f33f44e28ba0


    {бинарные данные}


    mts.mobile-partners.maps.yandex.net


    * This source code was highlighted with Source Code Highlighter.







    GET /cellid_location/?lac=6315&cellid=54105&operatorid=01&countrycode=250&signalstrength=83&wifinetworks=0022B03EE503:-83,0022158EBB72:-43,0022154880FF:-75,0016B6AC649B:-91,00221548159C:-89&uuid=222afe80620551cf7f03f33f44e28ba0 HTTP/1.1\\r\\n










    * This source code was highlighted with Source Code Highlighter.






    GET /userpoi/getcatlist?uuid=222afe80620551cf7f03f33f44e28ba0&ver=1 HTTP/1.1\\r\\n

     

    * This source code was highlighted with Source Code Highlighter.




    (Chat/Sequence): POST /uiactionslog HTTP/1.1\r\n

    Further, the exchange of information turns into something completely not informative.
    Sending coordinates> OK> query POI> POI> sending statistics (speed coordinates)> OK> query POI> ...
    Well, sometimes map sections are loaded.

    Actually in the remainder:
    • Yandex collects data about wifi and uses it to determine the location
    • It was not possible to find out how to determine one’s position by the operator’s BS; maybe the position is not determined by the BS at all?
    • There were questions.


    Questions:
    How to simulate a phone with a SIM card inserted or listen to traffic on a sim or a phone with java?
    How to use, and most importantly, receive data about the BS?
    Where does the application for converting BS information to coordinates go?

    Hope to hear interesting questions and even more interesting answers.

    Also popular now: