Hacking Book | Free Online Hacking Learning


seeker, hacker and alchemist: you can break 4g, touch your sms, and provide espionage tools for chaoyang people

Posted by forbes at 2020-02-27

We need some editors who are interested in network security, have a spirit of exploration, have a certain understanding of hacker and white hat culture, and join the report team of "home guest channel". Working place: Beijing. Send your resume to [email protected] Welcome to the official account "home user channel".

In a cafe in Shangdi, Beijing, I was waiting for the hacker seeker.

I'm looking forward to seeker. He once gave a speech at the hacker conference kcon "advanced utilization technology of pseudo base station - completely breaking SMS verification code", introducing the use of LTE / 4G pseudo base station + GSM man in the middle attack to break all SMS verification codes. This technology is the same as the LTE pseudo base station technology disclosed by 360 Unicorn security team. Seeker also went to 360's office to communicate with this team. Later, he told me that there are only some differences in code implementation.

Seeker once gave a brief introduction to his ppt:

Entrepreneurial mentors who have failed in continuous entrepreneurship;

Pseudo angel investors;

Founder and President of an unknown private university;

In my spare time, I worked in the communication security laboratory of our school.

His main business is not hacker, which makes me more curious.

I was waiting in the cafe. I didn't know that in a few hours, I would see seeker take out a whole set of hacker equipment that can be used to build a fake base station at any time. Though, he told me - he didn't have a power amplifier, and the range was only a few meters. However, I know that as long as he wants, my mobile phone opposite him can be in his control at any time.

He's the businessman and the hacker

Seeker is late. Before this appointment, we had made several appointments, all of which were stranded because his business trip was too full. Recently, he told me that he would visit a nearby school and finally make a trip. When seeker arrived, I was wearing a suit with a collar pin on it. I felt a bit dazed for a moment. I thought it was the businessman seeker that I saw.

Seeker, 71 years old. He said that his "hacker learning" began in the middle school era, when there was no Internet in China, and he did his best to collect all the information available at that time to learn about computer technology and communication technology.

"That year, I happened to be a junior high school affiliated to Shandong Normal University. Fortunately, I got in touch with the computer, joined the computer interest group to learn programming, and wrote the first code of my life. Since then, I have been unable to receive it. Those Apple computers seem mysterious, but they operate according to strict logic. You give them instructions in a prescribed way, and the instructions can always be executed accurately. Since then, the green characters on the monitor have attracted me. I think of myself as a virtual computer, where the program first runs in my brain, gets the results, and then compares them with the results on the display. This kind of human-computer interaction is a beautiful and tacit feeling. For no other reason, I like computers, research algorithms, programming, analysis, cracking and rewriting other people's software. "

During his study of Computer Science in Shandong University, he joined Shi Yuzhu's giant group, and served as the manager of Technology Department of giant group's Shandong Branch. After graduation, he worked as the general manager of giant group's Beijing R & D center.

By the way, giant group didn't start selling brain platinum at that time.

In 1994, China's first Internet special line was opened in the Institute of high energy physics, Chinese Academy of Sciences. After a 64K international special line and full-featured access to the Internet, China's Internet era began. Seeker said that thanks to his inborn and extraordinary ability of information collection and social interaction, when most of the first Internet users in China were members of the academic department (academicians), he successfully opened an account and "mixed in" because he had made friends with relevant people from the Institute of energy technology of the Chinese Academy of Sciences.

At that time, the way he studied the Internet was to stand at the "tide" of Internet development and enter the top circle.

At the end of 1994, seeker left giant group and started his first business. This business had something to do with his favorite hacker. Seeker told me about setting up a "computer company" in Zhongguancun.

What is it? After several times of questioning, seeker said that it is not a particularly glorious thing, that is, the sale of ordinary computer network equipment, plus the acceptance of technical services that may be located in the "gray area".

His first venture didn't go very well, but he dug up the first pot of gold. At the same time, seeker became the webmaster of one of Huiduo's sites in 1995.

Huiduo. Com is a little ahead. Ma Huateng, Ding Lei and other people who have been resounding through the Internet have been the webmasters of huiduo.com. It was born in the United States in 1984. In 1991, a netizen named Roy Luo set up the first Huiduo Great Wall Station in China in Beijing. One station is usually a computer, a telephone and a modem. Users connect to the server by dialing the phone. In fact, the server is also a very simple computer. Then they download the latest posts in BBS. After offline, they read and reply the letters. The replies are packed and then dialled and uploaded to the server.

At that time, the most grand thing is to contact each site for a gathering. Seeker is also willing to join hands with like-minded people to welcome the waves brought by the Internet to China.

Seeker said that in 1996, he started a second business and opened a computer company. This business has continued to the present. The company's business has experienced ups and downs and developed into many fields, including the establishment of his own private university. During this period, he said that he participated in the construction of China's first generation Internet, including people's daily, tom.com, Lenovo fm365 and other large websites.

Compared with the slogan of "breaking everything", seeker's "little pride" shows that he wants to be a "builder". In his opinion, this is also the biggest difference between the first generation of hackers, or "it veterans", and the young hackers now - because it is the builders who have a deeper understanding of Internet technology and a more holistic view, just like overlooking the difference between the sea and the tip of the iceberg.

Although it seems a little "peer-to-peer light", at this moment, I feel that the characteristics of seeker hackers are breaking away from his suit and collar pin. Once, Zhang Wanqiao, a beautiful hacker from 360 Unicorn security team, stressed many times in the interview. Since entering the hacker circle, I found that everyone has such a little "little pride".

Seeker, however, has always been "rational" and has seen his connection with the hacker technology he loves: he can love, not be a major business.

The reality is - there were few real pure hackers in those days, seeker said, because the industry of cybersecurity was so poor. Those hackers who are not very poor either change their careers or evade the edge of the law to undertake all kinds of "breaking" business abroad.

He is not willing to take such business abroad, nor to directly challenge the "rules" at home. Therefore, seeker's later entrepreneurship has nothing to do with the network security attack and defense technology, but runs all the way on the hacker road as a hobby.

The temptation of grey hat

It is precisely because of this that seeker thinks that his positioning should be "grey hat". According to his point of view, black hat is rampant in the network and has done a lot of destructive things. However, white hat is subject to too many constraints, and the results may also be used commercially, leading to interest disputes, and "most white hats are not worthy of the name".

"I just want to do something fun without being tied down," seeker said

He was also tempted.

Seeker's chat record

After he released a series of ways to use man in the middle attack to break the SMS verification code, heichan began to look for the door.

"They told me that there are tens of millions of yuan of income every year. They offered a minimum of 2 million yuan a month, plus a share, to anyone who could copy my attack. But this attack method can actually blood wash many bank accounts in one second. It is conservatively estimated that it can bring 70 million yuan of black production value in one hour. "                             

So, can we say they give you a dime? I asked, the subtext is: "is it because there are too few?"

Seeker leaned back on the chair, raised his eyebrows, and looked like "you look down on me too much." I didn't care to make money with this.

In fact, seeker said that there has been a way for the middleman to attack. He was just the one who broke the window paper.

Two years ago, the "number collector" was very popular in the black industry. By attracting mobile phone signals to attach to the pseudo base station, many mobile phone numbers can be obtained for precise marketing.

However, the technology he released does have barriers for black products, even if it can be built according to the pictures he provided, it may be a white elephant.

"It doesn't work. LTE open source base station itself has many holes. I have built a communication security technology seminar group with hundreds of people. There are only two people who can successfully build and use it." Seeker said.

Black production has not begun to make large-scale use of LTE pseudo base stations. Seeker analysis shows that black production technicians are unfamiliar with LTE pseudo base stations, and most of them are at the stage of exploration. To put it into practice, they need to master communication protocol and strong programming ability, which is rare.

Now seeker can insert an LTE pseudo base station, a GSM pseudo base station and an attack mobile phone between the operator base station and the target mobile phone, induce the target mobile phone to attach the LTE pseudo base station, and then redirect the target mobile phone to the GSM The mobile phone is mobile phone mobile network. The pseudo base station is then called to attack the mobile phone to register on the carrier network as the target cell identity, so that all incoming and outgoing communications of the target phone are transferred through the pseudo base station and the mobile phone, so he can intercept, modify, and imitate all kinds of communication contents.

That is to say, you can do whatever you want with your mobile communication information. It's not alarmist to break 15-20 mobile phones in one second. The following figure shows the application seeker can break with the verification code. Looking at his mobile phone, it can be said that there are countless shots.

The "crazy consequence" of breaking the SMS verification code on Seeker ppt

What if the black production personnel have mastered the technology? Will not you and my money be stolen?

Seeker said that based on his undercover knowledge of several black production groups and black production, it will not happen in the short term, not because he is more confident in fighting back, but because he believes in the "restraint ability" of black production.

Originally, even if not through this way, the black industry can also obtain many valuable bank accounts, passwords, etc. through the proliferation of mobile Trojans, for example. There are some informants who steal or control a large number of users' bank accounts. There are many informants with a total balance of more than 100 million yuan. They may have 1 billion yuan to steal as early as possible, but the ability of money laundering is limited. In order not to expose their identity and go to jail for large-scale money laundering, the Mafia personnel will not steal account cash so rampantly.

This means that, even without this technology, many people's confidential information should have been leaked for a long time, but only in "restraint".

"They are not a front-line puppet carrying a fake base station to fight guerrilla warfare on the road every day. Their desire for a large amount of money is not so urgent." Seeker said.

But, just in case, in case the horse gets these skills, what can't be restrained?

Seeker, a hacker, now exudes his positive energy of building a harmonious society. He strongly suggests that "institutions with conditions should carry out two factor authentication, and institutions without conditions should cooperate with those with two factor authentication."

What to play next

In seeker's wechat circle, in the middle of March, he wrote a popular science article "GSM Hacking: the application of silent SMS in technical investigation". When I opened it, I found that:

This is the "tragic corpse" left by seeker, a grey hat, after colliding with the rules. What's the offense?

Seeker smiled and described a "thrilling" story to me.

This article was deleted because it exposed the technical investigation methods of "relevant departments". The police maize broke into his door one night and told him that you can't do this. You have exposed our secrets! As a result, his original "trilogy" (three manuscripts) can only be finished ahead of time.

However, seeker is still thinking about this idea, which has excited him for more than half a year. Therefore, he intentionally exposed the "tragic body" in his circle of friends and reminded himself constantly.

Here, I will not give you a detailed description of what this article said. I can only say that it is closely related to Chaoyang people.

Seeker is fond of Chaoyang people, the world's "fifth largest intelligence organization", although it does not seem to directly help build a better world. He wants to provide Chaoyang people with a "field toolbox" and develop low-cost intelligence tools, just like the "pseudo base station equipment" on his back, to locate targets and monitor them, "to help Chaoyang people promote world peace, safeguard national security and supervise public figures through practical actions".

He is also very interested in the anti espionage system. He said that it is completely feasible to use Wi Fi hotspot to implant Trojans into mobile phones for monitoring. In addition to Wi Fi, another effective way is to exploit the loopholes in mobile communication protocol and mobile baseband.

In fact, a few years ago, Jacob Appelbaum, a security expert, pointed out at the chaos communications Congress that the National Security Bureau can handle the Wi Fi in minutes. It is said that in their "toolbox", there is a thing called nightstand, which is based on Linux system and can invade Wi Fi network eight miles (about 13 kilometers) away and implant spyware.

I asked seeker, "have you started? Is there anything in common with your previous research? "

He didn't elaborate, but revealed that he was using some loopholes to "peel off the onion" layer by layer. If it goes well, he should be able to show some results in a few months.

"But you still have a major business. Don't you have a new idea to start building a new school? Do you have the confidence to play your "ashes hobby" in this period? "

Seeker said, "I'm all on the same page." Later, he took out a large black backpack, put out a whole set of pseudo base station equipment, and appeared the scene of the title

"Pay attention to us as soon as you like"


The official account of Lei Feng's industry is reported.

Focus on cutting-edge technology and tell the story behind hackers.

Long press the QR code below and identify the concern