We are preparing Yandex cards: "They put you to eavesdrop, and you are peeping here." Wi-fi hotspot information used to determine location
This article is mostly not about Yandex maps, but about the method of wiretapping traffic on symbian 9.
So, I didn’t find sniffers for 9 sims, but there was a sharpsew .... I didn’t leave the desire to dig into location technology without GPS .
At first I decided to chop everything down to the root, i.e. under DNS.
Namely: register your left DNS in the properties of the MTS-Internet connection, which will give the same IP with a proxy and sniffer to all hosts.
But in the process of registering the left resolvers, a pleasant surprise awaited me, I came across the opportunity to directly register proxies, which I gladly did.
Since I have white IP, the proxy and sniffer setup procedure did not take a lot of time and did not require third-party servers, but came down to only port transfer from the access point to the laptop. Freeproxy
was chosen as a proxy , and wireshark was chosen as a sniffer .
Freeproxy suddenly turned out to be not at all complicated, the whole procedure was reduced to registering the desired port and “from any to any” and did not even require opening a help.
So, let's begin.
Immediately after the start, the program sends everything about the device.
To which it receives an answer. The response contains: information about the application version and a link to its download, information about changing the map, server, the coordinates on which the application was closed last time. Nothing interesting so far. Further: And here the application sends nothing but the MAC of the nearest access points. // “for the sake of this line, everything else was written” What come the long-awaited coordinates The source of their receipt is visible, and the coordinates themselves. Next, categories of icons are requested (repair work and accident in the vicinity of the user). Then comes the sending of an incomprehensible cryptographic bundle. Apparently the way, the answer is not interesting. error = 0
Further, the exchange of information turns into something completely not informative.
Sending coordinates> OK> query POI> POI> sending statistics (speed coordinates)> OK> query POI> ...
Well, sometimes map sections are loaded.
Actually in the remainder:
Questions:
How to simulate a phone with a SIM card inserted or listen to traffic on a sim or a phone with java?
How to use, and most importantly, receive data about the BS?
Where does the application for converting BS information to coordinates go?
Hope to hear interesting questions and even more interesting answers.
So, I didn’t find sniffers for 9 sims, but there was a sharp
Experiment technology
At first I decided to chop everything down to the root, i.e. under DNS.
Namely: register your left DNS in the properties of the MTS-Internet connection, which will give the same IP with a proxy and sniffer to all hosts.
But in the process of registering the left resolvers, a pleasant surprise awaited me, I came across the opportunity to directly register proxies, which I gladly did.
Since I have white IP, the proxy and sniffer setup procedure did not take a lot of time and did not require third-party servers, but came down to only port transfer from the access point to the laptop. Freeproxy
was chosen as a proxy , and wireshark was chosen as a sniffer .
Freeproxy suddenly turned out to be not at all complicated, the whole procedure was reduced to registering the desired port and “from any to any” and did not even require opening a help.
Transmitted data
So, let's begin.
Immediately after the start, the program sends everything about the device.
GET /startup?app_version=370&app_platform=s60v3&screen_w=240&screen_h=320&manufacturer=Nokia&model=E52-1&utf&uuid=222afe80620551cf7f03f33f44e28ba0&clid=43593 HTTP/1.1\r\n
To which it receives an answer. The response contains: information about the application version and a link to its download, information about changing the map, server, the coordinates on which the application was closed last time. Nothing interesting so far. Further: And here the application sends nothing but the MAC of the nearest access points. // “for the sake of this line, everything else was written” What come the long-awaited coordinates The source of their receipt is visible, and the coordinates themselves. Next, categories of icons are requested (repair work and accident in the vicinity of the user). Then comes the sending of an incomprehensible cryptographic bundle. Apparently the way, the answer is not interesting. error = 0
0
m.ya.ru/download/maps/update-mts/yandexmaps-s60v3.sisx
1
1249254602
222afe80620551cf7f03f33f44e28ba0
{бинарные данные}
mts.mobile-partners.maps.yandex.net
* This source code was highlighted with Source Code Highlighter.
GET /cellid_location/?lac=6315&cellid=54105&operatorid=01&countrycode=250&signalstrength=83&wifinetworks=0022B03EE503:-83,0022158EBB72:-43,0022154880FF:-75,0016B6AC649B:-91,00221548159C:-89&uuid=222afe80620551cf7f03f33f44e28ba0 HTTP/1.1\\r\\n
* This source code was highlighted with Source Code Highlighter.
GET /userpoi/getcatlist?uuid=222afe80620551cf7f03f33f44e28ba0&ver=1 HTTP/1.1\\r\\n
* This source code was highlighted with Source Code Highlighter.
(Chat/Sequence): POST /uiactionslog HTTP/1.1\r\n
Further, the exchange of information turns into something completely not informative.
Sending coordinates> OK> query POI> POI> sending statistics (speed coordinates)> OK> query POI> ...
Well, sometimes map sections are loaded.
Actually in the remainder:
- Yandex collects data about wifi and uses it to determine the location
- It was not possible to find out how to determine one’s position by the operator’s BS; maybe the position is not determined by the BS at all?
- There were questions.
Questions:
How to simulate a phone with a SIM card inserted or listen to traffic on a sim or a phone with java?
How to use, and most importantly, receive data about the BS?
Where does the application for converting BS information to coordinates go?
Hope to hear interesting questions and even more interesting answers.