Saturday, December 05, 2009

DSMP


Don't steal my phone

DSMP is a software you install on your Windows Mobile phone. Once setup, you'll forget it. It will consume only 100kb of Flash, and no memory.

Features

DSMP provides numerous features not seen yet in competitors' products.
Remotely accessible features:
Wipe your phone personal data remotely (call history + contact + SMS + mail + calendar + storage card), so the thief never know the
Reset the phone remotely (with loop mode, displaying a message between each reset)
Slut mode. In this mode, the phone send a bunch of SMS to the given number with the given message
Get the phone GPS position if available, or at least the complete Cell ID
Ring the phone (even if set to silent mode)
Get all the contact in SIM + last call history
Clear the thief's SIM contacts
Make the thief's call you back
Get the owner information + Cell ID
Password isn't saved in clear, so it's quite impossible to see it

Documentation

DSMP is coded in clean and simple C++ using WTL for the only config dialog.
There is only few class used, and it's very easy to improve or enhance.
Here's how you'll use the software:
Step 1

Copy both file from archive (name hidden to avoid Google search) on your storage card, or your phone.
With your phone's file explorer, click on the exe file you've just copied to start setup.
Step 2


Picture 1

Don't show this screen anymore.
When enabled, launching this application won't do anything.
To display this screen again, send a SMS to this device with confdlg command.
Recommended value: On when setup is done and working

Monitor SIM changes
The first time you run the software, the IMSI of your own SIM card is read, and used later on.
When enabled, the application is run once after each reset to check the SIM card number.
If it doesn't match the number set below (current card) then a SMS is send to the number given below, containing the new phone number, GPS coordinates if available, and CellID.
Recommended value: On

On new SIM detection send a SMS to
Enter the phone number you want the software to send SMS to. Don't use your phone number as it'll be probably out-of-service when it should be used.
A list of your contact is displayed, but press enter to make sure it's validated.

GPS tries before giving up
The number of times to try to get GPS position before giving up.
Set to 0 if you don't have a GPS.
Recommended value: 50

Zap
Provided you know the password, you will uninstall the application while pressing this button.

Configuration done
This install the software and register all COM objects deep inside your device.
WARNING: Once this button is pressed, (and "Don't show this screen anymore" is checked) the software is not accessible anymore (it's not visible anywhere). The only way to see this windows again is to send a CONFDLG SMS.
Only do this once you've checked everything is working allright
It's recommended to soft reset your phone to let the phone load the final configuration

Step 3

Once the software is set up (but before clicking "Done or Ok"), you can send a SMS to check it's working

The sms must use the following syntax:
dsmp # COMMAND # password # optional_reply_number
* with no space around "#", this is to avoid a direct Google search if the thief get the SMS message in clear to understand how it works.

COMMAND is any of:
pos : Get the current GPS position and CellID
whereRU : Ring the phone so you can find it. Please notice that the ring runs even if set to silent, and the ring is unstoppable for 60s.
confdlg : If you've set "Don't display this screen anymore", this is the only way to show the config screen. No password is asked on the config screen. For example, if you've sold your phone forgetting to uninstall the software before, sending this SMS will allow the buyer to change the password to whatever he wants.
kill : WARNING This *destroys* all personal data (including call history, contacts, calendar, email, SMS, storage card). Use this if your phone was stolen and you plan to social engineer (see below).
rst : Soft reset the phone
rstl:msg : Reset the phone in loop, display msg for 20s between each reset. msg must not have any # in it
contact : Get all the SIM card contact and the last call history (useful for social engineer)
slut:msg : Send SMS in loop to the given reply number. You must set a number in the optional_reply_number or you'll receive a crazy bench of SMS. This is useful if you failed to get back the phone, you'll send this command with a taxed reply number.
clearsim : Clear the SIM contacts (don't try this on your phone)
call : Place a call to reply number. The call is visible on the phone, so you should make sure the phone isn't used while doing this, and you should send a 'kill' command to remove call history.
owner : Get owner information (likely the thief will change this, you might get his name), and the complete Cell ID of the phone
Best method to get back your phone if it's stolen

So, first don't try the "American methodTM". Your life and health worth more than a stupid electronic toy.
If you loose your phone, first call your operator to close the line. The chance are high it'll be found by a trustworthy person, that will call you back if you've set your owner informations to another phone number than yours. It's a good idea to give back some money to this person. The justice sometimes require sponsors too.
Well, sadly the world isn't perfect, and you might get your phone stolen, in that case, if everything is set up you'll receive a SMS with the new number, GPS pos + Cell ID.
Then don't be overspeeded.
Once you get the phone number, write it on a paper than send a "kill" command (followed by a "rst" command) so the thief won't have any information about you. Remember the game that you will play next is based on the amount of information you'll dig.

In the following paragraph, I'm using "he" for the thief gender, but you could read whatever you prefer.
You must first get the maximum number of informations about your thief first. It's a good idea to get all the current informations ("contact", "owner", some "pos").
You can send some "pos" early in the morning, or late in the day once it's stabilized you'd now where the thief lives.
Then, if you believe the police will do something with this information, go to the police and give them all the informations.
Else, you'll have to social engineer:
Call the thief, from a phone that is not registered in the yellow page
Don't call him "a thief", but ask if he has found this phone recently, and if he can bring it back to a police station in the next minutes
Likely, he'll lie, telling you it's his phone. In that case, call him by his name (if you have received the owner name), tell him you know where he lives (if you get the GPS position), and some interesting contacts (if you received some) with the phone number of those
Then, try to be as convincing as possible, tell him that you could call the police and let them capture him, but you accept to let him free ONLY IF he goes in the next minutes to the police station to give back the phone
Tell him that he must tell the police that the original SIM card wasn't working so he puts his card inside the phone to get the last number and that the last number called is the one you're calling from. The police will likely call this number.
Tell him that you track him, so you know where he goes and if he doesn't goes to the police right now, you'll call them. Similarly, if he destruct the phone, you'll still call the police.
Likely, if you feel he won't go, you can add a time pressure by telling him you'll call back in few minute (2 mn not much) to know his answer. Just before calling, send a "contact" message to see if he called someone.
If that didn't work, then call him back, and also call someone in his contact list so he can hear the conversation, and tell this person something like:
"Hi this is police officer John Doe, we caught 'thief name' while he stole a phone. He asked us to call you. I highly advise you to come here to the police station + address + get him before he tells too much to convict himself.".
The idea is to make the thief furious, and force him to go the police station before this person arrives there. Tell him that if it brings back the phone NOW, you tell him how to justify this call to this person. (The excuse is simple, "this is a very bad joke from my girlfriend's ex boy")
If that didn't work, and the police doesn't do anything, well you can consider your phone is lost. But don't give up.
You will be able to send a "slut:msg" command to an overpriced number. This will send a bunch of SMS to the given number, charging the thief's bill.
You can also clear his SIM contacts with the "clearsim" contact.
You can also "kill" the phone's data at regular intervals.
You can also make the phone place calls to overpriced phone number with "call" command.
Send some "whereRU" command at 3 AM, it's very irritating.
You can call all the contact number and tell them that he is a thief and he doesn't want to give back your phone.
Most likely, he will destruct the phone. But the trust he'll loose from his friend will hopefully teach him the lesson.
Weakness

It's very important to know the weakness of a tool before trusting it.
Unless you cook your own ROM, the software won't survive a hard reset. However, it's unlikely the thief knows how to hard reset a phone
In some countries, the phone are locked to an operator, and you must unlock it to use on another operator. This is usually means flashing a rom, and thus you'll loose the software. A solution for this is to SIM unlock your phone before installing the software, so the phone appears to work on any operator
The thief could be very very smart and find the software on the phone and delete it. In order to do so, he must exactly know the software name, where it is and how to delete it. Please notice that the software doesn't appear in "Windows\Start up" folder, nor in any process list (because it's not RUNNING when it's possible to monitor the process). The software is run while the phone starts (and stops before the phone is fully started), and it's started by Windows Mobile upon SMS receiving (and stops after processing the command). The current version doesn't rename the software binary but any later version could, and hide itself by cloaking the executable name.
Only works on Windows Mobile 5 and 6.
Only available in English for now. As there is not much text, translation is welcome
If HTC or any Windows Mobile vendor can hear us, we would be proud if this software would be included in official ROM (we could re-license the software in whatever see fit). We only need 64 bytes to save the owner's genuine information, that could be in dedicated ROM or EEPROM.

DSMP

2 comments:

4trackmind said...

sir charlie, paano po e2?

The sms must use the following syntax:
dsmp # COMMAND # password # optional_reply_number
* with no space around "#", this is to avoid a direct Google search if the thief get the SMS message in clear to understand how it works.

ex:

dsmp#pos#1234#09*****
or
dsmp # pos # 1234 # 09****

ganito ba?

yung mismong ganitong message recieve ko eh. nakakalito. kelangan ko kc ganitong software, medyo nadala na sa pagkakaholdap ko dati.

4trackmind
jduntalan@digitel.ph

Anonymous said...

People are darn stupid.
Please use your brain, you've just made Google index the message!