Monday, December 8, 2014

SMH here , guess who i mean what << Tracking Android Phones [NO APP] (part 1)

So today I got a rather exciting email, someone (not a regular client / they still state i shouldn't disclose their identity) anyway, they actually gave me consent to publish my methods (per say)

Now heres the conundrum, police shoot down a robber can't question him especially on where his other pals are/ his locations etc, so on and so forth ... So who they call :) regular old* me, why cant they get all this information from a mobile service provider? well apparently it takes time and thats what they want to save on,

Challenge > Track a victims location/hideout/commonly visited places (without target moving with phone, while having targets phone) << well this was going to be fun, and probably difficult , noting that this was not GPS, and no GPS app was running on the android phone, so..... here we go.

The advantage is I had the victims phone, though this was just a tip of the ice berg:

So what do we have to do,

Track a phone with no tracking application, and entirely not on the process of moving around.

So a googling my ass off I came a cross a method Google/Android uses to find the location of a user especially when searching for content using the android OS, this API not known to many even the documentation is a little frail is also quite confidential so Reverse Engineer it? (too much work, so less time)

So while googling I come across this useful piece of info that some logs are contained on the phone that just require a little tweaking to show quite alot :) , so I go at it here are some from my phone,

so next command is pretty much easier done on a computers console via adb
 heres the command.

# cd /dev/log ; for f in *; do logcat ­b $f ­g; done

# hexdump ­C radio | head

# logcat ­v time ­b radio ­d ­s RILJ:D

Now, I will break this commands down for you, but for now, we managed to get LACs from the 3rd command, LAC is a mapping coordinate for BTSs this is unique for every BTS, such as a cell phone has its unique MSISDN a BTS has the following MCC,MNC,LAC and CIDs :)

Now for a small show of what we have (this image is borrowed the real images will be uploaded pending finalizing of the criminal activity burst)

So , in the next part, I will show you how to map the following location with affordable equipments :)
by the meantime :) have more fun , source of reference by the way, "Cheap mans GPS"

No comments:

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...