有没有办法使用curl或wget从命令行下载MMS? [英] Is there a way to download an MMS from command line using curl or wget?

问题描述

我正在针对基于MMS的攻击进行一些Android恶意软件研究.我正在寻找一种手动方式来检索或下载收到的MMS消息.我希望找到一些curl或wget行能够做到这一点，但是还没有发现任何有用的东西.

I'm doing some Android malware research for MMS based attacks. And I'm looking for a manual way to retrieve or download a received MMS message. I was hoping to find some curl or wget lines to be able to do so, but have not found anything useful.

到目前为止，我已经从内部数据库中获得了一些彩信信息，这些信息是通过以下方式找到的:

So far I have got some MMS info from the internal databases, found by:

# find / -iname "*.db" |grep -iE "mms|sms"
...
/data/data/com.android.providers.telephony/databases/mmssms.db
/data/data/com.google.android.gms/databases/icing_mmssms.db
/data/data/com.android.mms/databases/message.db
/data/data/com.android.mms/databases/message_glance.db

# cd /data/data/com.android.providers.telephony/databases/
# echo "select * from pdu;" | sqlite3 -header mmssms.db
...
# echo "select date,sub,ct_l,tr_id from pdu;" | sqlite3 -header mmssms.db

  date|sub|ct_l|tr_id
  1495xxxxxx|Download this message|http://mmsc32:10021/mmsc/3_2?Ae_xxxx_xxxxx-xxx|Ae_xxxx_xxxxx-xxx

如何解释mmsc32:10021部分?

然后在MMSC，Proxy和port的消息设置中查找，我想构建一个可运行的CLI单行或浏览器请求，以下载文件进行检查.

Then looking in the message settings for the MMSC, Proxy and port, I want to build a working CLI one-liner or browser request, to download the file for inspection.

在电话设置设置中，我们可以通过以下方式找到MMSC:

In the phone settings settings we can find the MMSC via:

Settings > More > Mobile network > Access Point Names > MMS: <your operator>

MMSC:       http://mms.company.net:8002/
MMS Proxy:  194.xx.xx.xx
MMS Port:   8080

如何从Shell命令行(或外部浏览器)下载MMS文件?

PS.显然，手机已经扎根，并且同时安装了busybox和sqlite3，并且可能还安装了curl或wget. AOS是5.0+.

PS. Obviously the phone is rooted and have both busybox and sqlite3, and perhaps also curl or wget installed. The AOS is 5.0+.

附录: 2017-11-09

从此处:

使用以下方式发送

MMS(多媒体消息服务)消息 SMS和WAP技术的结合.发送彩信后， 移动设备通过SMS接收MMS通知消息.什么时候 该MMS通知消息是由移动设备接收的， 移动设备会自动启动与之的WAP网关连接 下载彩信的内容.

MMS (Multimedia Messaging Service) messages are sent using a combination of SMS and WAP technologies. When an MMS message is sent, a mobile device receives an MMS notification message via SMS. When this MMS notification message is received by the mobile device, the mobile device automatically initiates a WAP gateway connection to download the content of the MMS message.

要发送MMS消息，必须首先创建一个MMS消息文件.这 MMS封装中记录了MMS消息文件的格式 开放移动联盟发布的协议规范 ( http://www.openmobilealliance.org )和/或WAP论坛 ( http://www.wapforum.org ). MMS消息文件格式包含 MMS邮件二进制标头，后跟多段MIME邮件，其中 多部分消息以二进制多部分格式编码为 由WAP无线会话协议(WSP)规范定义.这 二进制MMS消息文件使用MIME类型存储在Web服务器上 application/vnd.wap.mms-message和MMS消息类型为 m-retrieve-conf.二进制MMS标头的子集作为MMS发送 通过SMS发送通知消息(MMS消息类型为m-notification-ind) 移动设备以及指向该位置的URL指针 完整的消息.

To send an MMS message, you must first create an MMS message file. The format of an MMS message file is documented in the MMS Encapsulation Protocol specification published by the Open Mobile Alliance (http://www.openmobilealliance.org) and/or the WAP Forum (http://www.wapforum.org). The MMS message file format consists of an MMS message binary header, followed by a multipart MIME message where the multipart message is encoded in a binary multipart format as defined by the WAP Wireless Session Protocol (WSP) specification. This binary MMS message file is stored on a web server using a MIME type of application/vnd.wap.mms-message and an MMS message type of m-retrieve-conf. A subset of the binary MMS header is sent as an MMS notification message (MMS message type m-notification-ind) via SMS to the mobile device together with a URL pointer to the location of the complete message.

此外，智能手机不再将MMS或SMS内容下载到SIM.这就是功能"手机过去的做法.

Also, smartphones does not download the MMS or SMS content to SIM any more. That is how "feature" phones used to do it.

附录: 2017-11-13

查看，因此我们可以在此处进行搜索.简要总结一下我们的发现:

Looking at the API-23 (M) sources for the SQLite3 tables shown in Telephony.java, we find that CONTENT_LOCATION = "ct_l";, so we can search for its other uses here. To briefly summarize our findings:

date    # The message delivery time.
sub     # The subject of the message, if present.
ct_l    # The Content-Location of the message. A field in interface:Telephony.BaseMmsColumns 
tr_id   # The transaction-id of the message. 

因此，我们可能希望ct_l中的URI可以解释如下:

Thus we might expect that the URI in ct_l can be interpreted as follows:

• http://mmsc32:10021是上面的MMS代理(如图所示)所掩盖的服务器(IP:PORT)
• /mmsc/3_2是消息处理器的WAP URL
• ?Ae_xxxx_xxxxx-xxx告诉消息处理器检索交易ID"给出的消息: Ae_xxxx_xxxxx-xxx`

• http://mmsc32:10021 is the server (IP:PORT) masked by the MMS proxy (shown) above
• /mmsc/3_2 is the WAP URL to the message processor
• ?Ae_xxxx_xxxxx-xxx is telling the message processor to retrieve the message given by the "transaction id": Ae_xxxx_xxxxx-xxx`

因此，使用代理(APN)设置，并使用从消息数据库中提取的URL( mmssms.db )，人们应该能够使用以下方法检索和下载MMS的内容:精心制作的curl语句. 也许像这样:

Therefore, using the proxy (APN) settings, and using the URL extracted from the message DB (mmssms.db), one should be able to retrieve and download the content of the MMS, using a carefully crafted curl statement. Perhaps something like:

# curl -x http://proxy_server:proxy_port --proxy-user username:password -L http://url
curl -v -x http://194.xx.xx.xx:8080 -L http://mmsc32:10021/mmsc/3_2?Ae_xxxx_xxxxx-xxx
# Or from outside local net:
curl -v -x http://mms.company.net:8002 -L http://mmsc32:10021/mmsc/3_2?Ae_xxxx_xxxxx-xxx

第一个显然不能在电话环境之外使用，因为它引用IP类C，仅在移动设备分配的IP中可见.

The first one obviously wouldn't work from outside the phone environment as it refers to an IP class C, only visible within the mobile assigned IP.

推荐答案

我希望您能找到答案.我不是那个人，但会提出我2美分的建议...

I hope you get an answer to this. I'm not the one, but will throw in my 2 cents worth of advice...

简短版本

• 您不能看到跳过发送到" SIM卡并自动转移到某些计算机的文本.

• You can't have texts skipping the "send to" SIM card and auto-diverting to some computer.

要在手机上安装Android应用，并确保其工作是检测新收件箱邮件的副本并将其转移到计算机中.

Make an Android app to install on your phone, make sure its job is to detect and divert copies of new inbox messages to your computer.

为SIM卡使用USB加密狗.插入计算机后，您将直接在计算机上接收消息，而无需使用电话.

Use a USB dongle for the SIM. When plugged into computer, then you're receiving messages directly to your computer without the phone being involved.

长版

最好不要使用命令行工具，而是制作一个实际的应用程序(通过Android SDK)，以检查收到的消息并向您转发一些数据(例如:通过电子邮件或套接字，或者根据您的喜好).同样是某些数据"，意思是消息本身的完整副本，或者只是发送[应用内]的反馈 消息分析(例如:检测到的图像数量，图像字节的十六进制打印输出等).

Rather than command line tools, you're better off making an actual app (via Android SDK) that checks for received messages and forwards some data to you (eg: via email, or sockets, or however you like). Also "some data" meaning either a full copy of the message itself, or just sends feedback of [in-app] message analysis (eg: number of images detected, the hex printout of image bytes and so on).

查看Android的 SmsManager API 它甚至告诉您:

Looking at Android's SmsManager API it even tells you:

有关如何在Android上充当默认SMS应用程序的信息 4.4(API级别19)及更高版本，请参见 电话 .

For information about how to behave as the default SMS app on Android 4.4 (API level 19) and higher, see Telephony.

还要查看该API的 电话 页面包含信息和链接开始，但要撰写独立的博客文章和教程(例如 示例 )也有关于此主题的信息.

Also look at that API's downloadMultimediaMessage command. It's doing what you need. Telephony page has the information and links to start, but independent blog articles and tutorials (one such example) about this topic are out there too.

无论如何，在您的帖子上...

Anyways, onto your post...

(1)

我只想将消息下载到文件中，而不用电话对其进行处理，因为它可能包含恶意软件"

您如何想象无需电话处理" 即可正常工作?手机拥有一个模拟，您的运营商(通过服务中心)将在收到发件人自己的提供商的服务中心后将消息转发到.您和curl不在此循环中.仅当SIM收到文本并且电话OS会提醒您时，您才知道该文本.

How do you imagine "without the phone processing it" to work? The phone holds the sim that your operator (via a service centre) will forward messages to, after receiving from sender's own provider's service centre. You and curl are out of this loop. You'll only know of a text when your SIM receives it and the phone OS alerts you.

从技术上讲，电话已经处理了此消息，您只是还没有打开它.

Technically the phone has processed this message, you just haven't opened it yet.

(2)

如何从Shell命令行或外部浏览器下载MMS文件?"

您必须下载整个mmssms.db文件并从中提取特定消息.您将.db与其他任何在线数据库一样对待(例如:使用SQL/PHP类型查询等).

You have to download that entire mmssms.db file and extract the specific message from it. You treat the .db like any other online database (eg: using SQL/PHP type queries, etc).

请参阅本教程以获取有用的建议: http://cheeky4n6monkey.blogspot. co.uk/2013/02/

See this tutorial for useful advice : http://cheeky4n6monkey.blogspot.co.uk/2013/02/

将来收到的消息的另一种选择是只获得一个(USB)SIM卡，该卡可以将您的卡取走.插入计算机后，由于SIM卡在软件狗中(作为电话的代理)处于活动状态/处于活动状态，因此它可以接收/发送消息.

An alternative for future incoming messages is to just get a (USB) SIM dongle that takes your card. Once plugged into the computer it can receive/send messages since the SIM is live/active inside the dongle (as proxy of phone).

加密狗随附了自己的软件(例如

The dongles come with own software (example image of such) for managing web connections and read/write SMS/MMS messages. It's like just having SIM working not in phone but on desktop.

这篇关于有没有办法使用curl或wget从命令行下载MMS?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！