Open etr450b opened 3 years ago
This PoC (part 2) only works for devices that have the attacker as a contact.
Workaround would be to spoof a fake number that the victim should have in their contacts (i.g. : voicemail...) or to try every existing number (as a sender) but would require a lot of time, am I right ?
No that does not work as the receiver will check the contact identifiers in your Apple-signed certificate. And you have to prove ownership of the phone number or email address to Apple before they are included in your certificate.
Thanks for the info. Had the same problem here.
Hi, I wanted to try the PoC which leaks phone numbers. After following the instructions and extracted the certificates I became able to identify devices that are in contacts only (but in my contacts) and extract their number but not the ones who are not in my contacts. When I try to do a:
python3 -m opendrop find
on those devices I got :2021-05-17 17:15:15,764 DEBUG opendrop.client: /Discover request successful {'ReceiverComputerName': 'MacBook Pro of Joe'} Exception in thread Thread-3: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 954, in _bootstrap_inner self.run() File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 892, in run self._target(*self._args, **self._kwargs) File "/phone-number-opendrop/opendrop/opendrop/cli.py", line 152, in _send_discover receiver_name = client.send_discover() File "/phone-number-opendrop/opendrop/opendrop/client.py", line 148, in send_discover validation_record = response["ReceiverRecordData"] KeyError: 'ReceiverRecordData'
I modified the script to output the response (plistlib.loads(response_bytes)) but only get the ReceiverComputerName and nothing else.
Is there an issue with my certificates ? How can I fix this error.
Kindly