Now it is almost impossible to find a service or website that does not require a mobile phone confirmation. This can be an SMS with a numeric code or the last few digits of the phone number that you will be called from. The trend, in my opinion, is disgusting, but this is not what we are talking about today. It seems to confirm the number once and use it as much as you want, since there are still enough left sim cards. But you're not. Particularly repulsed services when trying to enter from each new device require re-authorization with mandatory confirmation via SMS or control call. Like security, like data protection, like everything is done in our own interests and all that. Sometimes re-authorization with a phone code is required when the service considers requests to it suspicious or just because it wanted to. However, there are tasks where information from the service should be processed automatically without human intervention. Authorization with entering a username and password is easy to emulate, the bells and whistles on the client side are also successfully bypassed in most cases, but what about the phone? The device (server) is actually new and unauthorized, PHP has not yet learned how to read SMS and pick up the phone.
So, the whole solution boils down to ensuring that the script running on the server that performs automatic authorization receives information about the content of the SMS or the incoming call number as quickly as possible in order to continue confirming the account. A regular smartphone and tablet comes to the rescue the MacroDroid program. To describe all the features of the MacroDroid program, this article is definitely not enough, I can only say that it is designed to automate the execution of various actions by the device when certain events occur. As I said before, the necessary event can be receiving an SMS or an incoming call, and the action can be transmitting data to a remote server via an HTTP request. Any frail Android device is enough for MacroDroid to work, they are like dirt on any avito, and you probably have some hopelessly outdated gadget lying around. The main thing is that it can receive calls and messages and has Internet access.
Screenshot of the MacroDroid program
How to create macros MacroDroid has separate detailed instructions, but I won't duplicate them here. Just trust that even a person who is far from programming can handle them. And if you write server-side scripts, then this task is definitely up to you.
Configuring the trigger
Let's assume that the service uses SMS messages sent from a specific phone number for authorization. As a trigger in the macro, we use an incoming SMS event. For more accurate processing, we specify the number or name of the sending service, and for even more detailed filtering, you can add some string that occurs in messages with a numeric code. However, you can send everything in a row, and work on sorting information can be implemented already on the server.
Configuring an HTTP request
Now actions. The first and most important thing is to send data to the server. This is done via an HTTP request, but there are some special features. As it turned out in practice, MacroDroid can only send GET requests, despite the fact that POSTS are declared. This bug has been dragging on for many versions and still hasn't been fixed. But it's okay, a GET request, even in the most sad execution, can transmit thousands of characters of information, and a short SMS is not a problem at all. We must pass the message text as parameters. To determine the target service, it is also advisable to pass the sender's number or name, and in the case of multiple devices, you will also need the name of the handler phone or some other unique identifier.
Configuring notification clearing
The second useful action is to clear notifications from incoming SMS messages. You don't have to do this if your phone is a business phone, but for a personal gadget, it's best not to block the notification curtain. Thus, for example, I made friends with the AnyBalance program and some of my "capricious" MTS numbers. Everything works in the background and nothing interferes.
A customized smartphone with an authorized SIM card and MacroDroid is constantly connected to the charger, switched to silent mode, and generally put in the closet out of sight.
Now the algorithm of the receiver script, at least as it works for me. After receiving the request, the numeric code or the last digits of the phone number or some other information sent from the smartphone is extracted from its parameters. The extracted data is written to the corresponding text file or database. This is the end of the receiver's operation.
The automatic authorization script reaches the confirmation page, and then goes into a loop that checks the presence and contents of the file with the extracted code or an entry in the database. If there is any data, it is read, sent further, and then the file or entry in the database is necessarily deleted. You also need to check that the saved data is up-to-date, so that you don't accidentally use "rotten" ones if at some stage the previous request didn't process them and didn't delete them. The loop runs for a fixed time, for example, one minute, after which it is assumed that the SMS was not received and further authorization does not make sense. Here we write logs, notify interested parties, sound an alarm, and so on. Or we don't do anything if one missed iteration doesn't affect the final result.
Here is a solution for bypassing services that somehow use SMS authorization or confirmation by incoming call number. It has been tested in practice and is guaranteed to work around the clock for automatic data collection. I also met some bastard services in general, when a robot calls and pronounces a certain code in its voice. Fortunately, so far I haven't had to work with such devices in automatic mode, but the principle of their circumvention, as it seems to me, will be similar. On a rooted smartphone, a program is installed to record a conversation from the line, with the help of MacroDroid, the file with the call recording is sent to the server, where it is fed to some bot for translating voice messages into text, and then according to what is written.
• Author: ManHunter
So, the whole solution boils down to ensuring that the script running on the server that performs automatic authorization receives information about the content of the SMS or the incoming call number as quickly as possible in order to continue confirming the account. A regular smartphone and tablet comes to the rescue the MacroDroid program. To describe all the features of the MacroDroid program, this article is definitely not enough, I can only say that it is designed to automate the execution of various actions by the device when certain events occur. As I said before, the necessary event can be receiving an SMS or an incoming call, and the action can be transmitting data to a remote server via an HTTP request. Any frail Android device is enough for MacroDroid to work, they are like dirt on any avito, and you probably have some hopelessly outdated gadget lying around. The main thing is that it can receive calls and messages and has Internet access.
Screenshot of the MacroDroid program
How to create macros MacroDroid has separate detailed instructions, but I won't duplicate them here. Just trust that even a person who is far from programming can handle them. And if you write server-side scripts, then this task is definitely up to you.
Configuring the trigger
Let's assume that the service uses SMS messages sent from a specific phone number for authorization. As a trigger in the macro, we use an incoming SMS event. For more accurate processing, we specify the number or name of the sending service, and for even more detailed filtering, you can add some string that occurs in messages with a numeric code. However, you can send everything in a row, and work on sorting information can be implemented already on the server.
Configuring an HTTP request
Now actions. The first and most important thing is to send data to the server. This is done via an HTTP request, but there are some special features. As it turned out in practice, MacroDroid can only send GET requests, despite the fact that POSTS are declared. This bug has been dragging on for many versions and still hasn't been fixed. But it's okay, a GET request, even in the most sad execution, can transmit thousands of characters of information, and a short SMS is not a problem at all. We must pass the message text as parameters. To determine the target service, it is also advisable to pass the sender's number or name, and in the case of multiple devices, you will also need the name of the handler phone or some other unique identifier.
Configuring notification clearing
The second useful action is to clear notifications from incoming SMS messages. You don't have to do this if your phone is a business phone, but for a personal gadget, it's best not to block the notification curtain. Thus, for example, I made friends with the AnyBalance program and some of my "capricious" MTS numbers. Everything works in the background and nothing interferes.
A customized smartphone with an authorized SIM card and MacroDroid is constantly connected to the charger, switched to silent mode, and generally put in the closet out of sight.
Now the algorithm of the receiver script, at least as it works for me. After receiving the request, the numeric code or the last digits of the phone number or some other information sent from the smartphone is extracted from its parameters. The extracted data is written to the corresponding text file or database. This is the end of the receiver's operation.
PHP:
$sms=isset($_GET['sms'])?trim($_GET['sms']):'';
$from=isset($_GET['from'])?trim($_GET['from']):'';
if ($sms!='' && $from!='') {
$sms_data='saved_sms_data_'.md5($from).'.txt';
if (preg_match('/[^\d]([\d]{4,10})[^\d]/is', $sms, $matches)) {
if ($f=fopen($sms_data,'w+')) {
fwrite($f,$matches[1]);
fclose($f);
}
}
}The automatic authorization script reaches the confirmation page, and then goes into a loop that checks the presence and contents of the file with the extracted code or an entry in the database. If there is any data, it is read, sent further, and then the file or entry in the database is necessarily deleted. You also need to check that the saved data is up-to-date, so that you don't accidentally use "rotten" ones if at some stage the previous request didn't process them and didn't delete them. The loop runs for a fixed time, for example, one minute, after which it is assumed that the SMS was not received and further authorization does not make sense. Here we write logs, notify interested parties, sound an alarm, and so on. Or we don't do anything if one missed iteration doesn't affect the final result.
PHP:
$service='SomeService';
$sms_data='saved_sms_data_'.md5($service).'.txt';
// Wait 30 seconds
$code='';
for ($i=0; $i<30; $i++) {
if (file_exists($sms_data) && filesize($sms_data)>0 &&
((time()-filemtime($sms_path))<120)) {
if ($f=fopen($sms_data,'r')) {
$code=fread($f,filesize($sms_data));
fclose($f);
unlink($sms_data);
break;
}
}
else {
sleep(1);
}
}
if ($code!='') {
// continuation of authorization
}
else {
// alarm, SMS not processed
}Here is a solution for bypassing services that somehow use SMS authorization or confirmation by incoming call number. It has been tested in practice and is guaranteed to work around the clock for automatic data collection. I also met some bastard services in general, when a robot calls and pronounces a certain code in its voice. Fortunately, so far I haven't had to work with such devices in automatic mode, but the principle of their circumvention, as it seems to me, will be similar. On a rooted smartphone, a program is installed to record a conversation from the line, with the help of MacroDroid, the file with the call recording is sent to the server, where it is fed to some bot for translating voice messages into text, and then according to what is written.
• Author: ManHunter
