Hey! Hows it going bros? Today I am gonna tell you about something I have innovated. Its a technique by which you can accurately guess someone’s phone number. It involves social engineering, maths and common sense. Lets go!
A phone number has 10 digits. Last 2 digits are revealed often by password reset forms and first 3-4 digits are assigned according to the region and carrier or user. That means there are just 4 unknown digits in the number but there are still 10,000 unique combinations. I managed to reduce the total number of combination to 2-8% and created a tool named infinity which can generate all the possible combinations and check them for user info.
The last 2 digits
We all know that facebook and other popular sites provide a password reset form which discloses the last 2 digits of the number for the sake of identification.
So we have 2 digits and just need to find the rest of them i.e. 8.
For 8 digits, 10,00,00,000 combinations are possible.
The first 4 digits
I am from India and here we have 10 digits phone numbers where the group of first 4 digits is called a series. A series is based on in which state you live and which carrier (telecom operator or SIM) you use. I don’t know about other countries, maybe you guys have some kind of area code I guess? Anyways, take a look at the series alloted to my carrier in my state:
There are 8 possible series. How to pick the right one? Listen to your heart and you can always select another one if the chosen one doesn’t lead you to results.
But how to we get the location and carrier name of victim? In most cases you already know where victim lives. If you don’t, do some OSINT or just try asking them. It would be easier if you can just obtain their IP address and perform an IP lookup.
The middle 4 digits
So now we have the first 4 digits and the last 2 digits, now all we need to do is to find the middle four digits. If we try to bruteforce them, there will be 10,000 possible combinations.
When I was thinking of this I thought this is where brute forcing is the only option but then I got an idea.
About 4-5 years ago, my dad showed me a magic trick. He asked me to bring a matchbox and count the amount of matchsticks in it. After I finished counting, he asked me to add the digits of number of matchsticks. For example, if there are 42 matchsticks, the sum of their digits will be 4 + 2 = 6. I said alright, I added them as well. Now what? Then he said remove the matchsticks equal to the sum you got. I did that. Then he asked me to show the remaining matchsticks for a fraction of second and he claimed that he will guess the number of remaining matchsticks. So I quickly opened and closed the box and in a deep voice he said there are 36 matchsticks. His answer was correct I was wondering how he did that. He explained when we subtract the sum of digits of a number from itself, the resulted number is always a multiple of 9. So the possible numbers of matchsticks in the matchbox could have been 9, 18, 27, 36, 45 up to so on…So in the part where he asked me to show him the remaining matchsticks, he roughly guessed the answer. He said this trick works all the time because its Maths.
It was boring, wasn’t it? Anyways, a idea sparked into my mind. All I had to do was to convince the victim into giving me sum of digits of his number. Somewhat like this:
You: Hey, I have an awesome trick to show you. Wanna see?
Victim: Yeah sure.
You: Add all the digits of your phone number.
Victim: Ummmm alright….
You: Whats the result?
You: Now subtract it from your phone number.
Victim: WTF? Alright wait a sec…
You: Yeah. Now whatever the number you get will be divisible by 9. You
can try it with any number, the result will be same.
Victim: That’s it? Fucking nerd.
You: So what we were talking about? :’)
I played this game with some of my friends and they gave me this magic sum without any doubt. So I don’t think you will be having problems to get this from someone you know. And remember, this isn’t necessary. We just need to reduce the brute force time. Lets say each attempt requires 3 seconds, then 10,000 combinations will need 8.33 hours. If that fails, we will need to try another series. So on an average, it will take 2-3 days to check all the possible combinations.
But if you have the magic sum, you can make a list of only those combinations whose sum of digits is equal to the sum we got from victim. On an average, it can reduce the combinations to 2-8% or you can say we will need to brute force around 200-800 combinations.
Brute Force? How? Where? You can enter these combinations one by one in facebook’s password reset page till the victim’s profile pops up and again…..
So ladies and gentlemen, here’s infinity
The screenshot above clearly describes what infinity does.
Before I end this article, let me answer some of the common questions.
- I know how to improve the infinity. How do I contact you? If you are a programmer and you want to contribute to the project you can submit a pull request at github. If you don’t know programming but have an idea you can contact us here
- I am a skid, what if I copy your code and tell people I wrote it to look cool? infinity is released under Creative Commons license which allows anyone to modify and redistribute the product but you must give credits to the original author. So if you don’t give us the credit, Team Ultimate will……don’t you know what happened with Baba Karan Suryavanshi? lmao
- I am a creep. Can I extract number of girls and get laid? No! You should respect wamen! Just ask her for a coffee or something and if she says no, appreciate her decision and move on.
- Between Marvel and DC, which one is better? Marvel.
- So that’s it about infinity? No. I am looking forward to add support for brute forcing emails. If you know how to make it better, let me know.
That’s it guys! I hope you enjoyed reading this article. Keep Learning! Keep Hacking!
Also Read: TCP Header and 3-Way Handshake