Hey! Hows it going bros? Today I am gonna tell you about something I have innovated. Its a technique by which you can *accurately guess* someone’s phone number. It involves social engineering, maths and common sense. Lets go!

### Summary

A phone number has 10 digits. Last 2 digits are revealed often by password reset forms and first 3-4 digits are assigned according to the region and carrier or user. That means there are just 4 unknown digits in the number but there are still 10,000 unique combinations. I managed to reduce the total number of combination to 2-8% and created a tool named infinity which can generate all the possible combinations and check them for user info.

### The last 2 digits

We all know that facebook and other popular sites provide a password reset form which discloses the last 2 digits of the number for the sake of identification.

So we have 2 digits and just need to find the rest of them i.e. 8.

For 8 digits, 10,00,00,000 combinations are possible.

### The first 4 digits

I am from India and here we have 10 digits phone numbers where the group of first 4 digits is called a **series**. A series is based on in which state you live and which carrier (telecom operator or SIM) you use. I don’t know about other countries, maybe you guys have some kind of area code I guess? Anyways, take a look at the series alloted to my carrier in my state:

There are 8 possible series. How to pick the right one? Listen to your heart and you can always select another one if the chosen one doesn’t lead you to results.

But how to we get the location and carrier name of victim? In most cases you already know where victim lives. If you don’t, do some OSINT or just try asking them. It would be easier if you can just obtain their IP address and perform an IP lookup.

### The middle 4 digits

So now we have the first 4 digits and the last 2 digits, now all we need to do is to find the middle four digits. If we try to bruteforce them, there will be 10,000 possible combinations.

When I was thinking of this I thought this is where brute forcing is the only option but then I got an idea.

About 4-5 years ago, my dad showed me a magic trick. He asked me to bring a matchbox and count the amount of matchsticks in it. After I finished counting, he asked me to add the digits of number of matchsticks. For example, if there are 42 matchsticks, the sum of their digits will be 4 + 2 = 6. I said alright, I added them as well. Now what? Then he said remove the matchsticks equal to the sum you got. I did that. Then he asked me to show the remaining matchsticks for a fraction of second and he claimed that he will guess the number of remaining matchsticks. So I quickly opened and closed the box and in a deep voice he said there are 36 matchsticks. His answer was correct I was wondering how he did that. He explained when we subtract the sum of digits of a number from itself, the resulted number is always a multiple of 9. So the possible numbers of matchsticks in the matchbox could have been 9, 18, 27, 36, 45 up to so on…So in the part where he asked me to show him the remaining matchsticks, he roughly guessed the answer. He said this trick works all the time because its **Maths**.

It was boring, wasn’t it? Anyways, a idea sparked into my mind. All I had to do was to convince the victim into giving me sum of digits of his number. Somewhat like this:

You: Hey, I have an awesome trick to show you. Wanna see?

Victim: Yeah sure.

You: Add all the digits of your phone number.

Victim: Ummmm alright….

You: Whats the result?

Victim: 42

You: Now subtract it from your phone number.

Victim: WTF? Alright wait a sec…

You: Yeah. Now whatever the number you get will be divisible by 9. You

can try it with any number, the result will be same.

Victim: That’s it? Fucking nerd.

You: So what we were talking about? :’)

I played this game with some of my friends and they gave me this **magic sum** without any doubt. So I don’t think you will be having problems to get this from someone you know. And remember, this isn’t necessary. We just need to reduce the brute force time. Lets say each attempt requires 3 seconds, then 10,000 combinations will need 8.33 hours. If that fails, we will need to try another series. So on an average, it will take 2-3 days to check all the possible combinations.

But if you have the **magic sum**, you can make a list of only those combinations whose sum of digits is equal to the sum we got from victim. On an average, it can reduce the combinations to 2-8% or you can say we will need to brute force around 200-800 combinations.

Brute Force? How? Where? You can enter these combinations one by one in facebook’s password reset page till the victim’s profile pops up and again…..

So ladies and gentlemen, here’s infinity

Github : https://github.com/UltimateHackers/inifinty

The screenshot above clearly describes what infinity does.

Before I end this article, let me answer some of the common questions.

**I know how to improve the infinity. How do I contact you?**If you are a programmer and you want to contribute to the project you can submit a pull request at github. If you don’t know programming but have an idea you can contact us here**I am a skid, what if I copy your code and tell people I wrote it to look cool?**infinity is released under Creative Commons license which allows anyone to modify and redistribute the product but you must give credits to the original author. So if you don’t give us the credit, Team Ultimate will……don’t you know what happened with Baba Karan Suryavanshi? lmao**I am a creep. Can I extract number of girls and get laid?**No! You should respect wamen! Just ask her for a coffee or something and if she says no, appreciate her decision and move on.**Between Marvel and DC, which one is better?**Marvel.**So that’s it about infinity?**No. I am looking forward to add support for brute forcing emails. If you know how to make it better, let me know.

That’s it guys! I hope you enjoyed reading this article. Keep Learning! Keep Hacking!

**Also Read:** TCP Header and 3-Way Handshake

thx this trick really was amazing.

Here is my trick to get all information about the victim.

Dear Ms. ******,

Greetings. I would like to bring to your kind attention that we have been hiring candidate for the post of ****** in our organization. As a our policy, we need your detailed resume to check that you are eligible for working in our organization.If you will eligible for working in our organization than we will inform about the interview through a message on your mobile number.

send your resume at

******@gmail.com

I hope to have a prompt response from you regarding this matter.

Thanking you,

Yours sincerely’

Your name(HR)

organization name

alipur delhi-36

{All of the work above is done by google & T4P4N,}

Totally different from the topic but nice one.

Hey dont you think you should start learning python 3? python 2 trend is gone now, I mean who code in python 2 these days?

They aren’t different languages so one doesn’t really have to “learn” if he/she is used to one of the versions. Just some of the syntax and functions differ.

And yeah, I am a noob and a very bad coder. I know nothing about programming, I believe in getting shit done no matter how and I am actually very good at that.

Hello, i like to know you and run some stuffs together with you!

May be this tool only show name of person who are on Facebook if number is not registered in Facebook it will not show there name by searching through another way like truecaller

Read the title of the article again.

Hello friend… Hello friend, that’s lame. The problem I encountered is with lists of numbers that should have 0s on them, I mean, it doesn’t affect the math game, but it affects the list of combinations, because the places that could have been filled with zeros are filled with numbers from 1-9, how to sort this?

I suppose the fix would be add the 0 to the combinator, but I don’t know how.

If you can explain your problem with a sample phone number and output that would be great.

Hi,

nice post.

I wrote the same kind of code few months ago and I’m still trying to brute force the 99999 possibilities.

Don’t you get blocked after some time sending so many request ?

I added some delay to my script and that makes the progress slow.

Thanks.