New Spoofer Version

[steveostop]

hey all, I read through the better part of this entire thread last night and decided to give it a shot, I had a lot of little stupid mistakes that lead to the spoofer not working for me. I got to thinking and sent MagicHack an email and he was kind enough to furnish me with the source of his app. One thing led to another and I made a good amount of additions including:

*Drop down of last 10 numbers used for spoofings
*Per-dialed custom spoof setup
*Selected proxy from drop-down or type in and software does the rest
*Disable/Enable the Auto-hide on apply
*hosts file update via Enable Spoofer check box, no more manual edits

It been working great for me but I don't have a lot of testing abilities at the moment, so let me know of any bugs.

Here is the download link: http://rapidshare.com/files/114916121/CallerIDSpoof.exe.html

Thanks to MagicHack for the original program and source!
Thanks to Stewart for the pearl version and his creative genius!

P.S. Let me know of any other improvements/add-ons you may be interested in and I'll see what I can do...

[magicJon]

Very cool, thanks for your work and for sharing!

I get mixed results with it. Calls to cellular, real landline, and PBX numbers do not get spoofed - they see my MJ number. Calls to VoIP lines see my spoofed number. Fun to play with nonetheless.

Might want to let folks know they must have .NET v2 or higher installed on their PC for your app to run.

[Stewart]

I get mixed results with it. Calls to cellular, real landline, and PBX numbers do not get spoofed - they see my MJ number.

Try again, dialing e.g. 212-867-5309 as *672*128675309 .

If this works consistently, perhaps the number rewrite can be added to the spoofer.

[Darkman90808]

Try again, dialing e.g. 212-867-5309 as *672*128675309 .

This has consistently worked for me, even allowing me to spoof the 800# I used to pay my electric bill this morning.

[magicJon]

What is the significance of the asterisk between the first two digits of the area code?

[Pismire]

Working great. Nice, much needed iimprovements. Thank you.

[Darkman90808]

Can't seem to make the new version work; getting the dreaded error 3 message. I'll keep fooling with it... any suggestions? I've tried it on two machines and two different MJ devices.

[Stewart]

Can't seem to make the new version work; getting the dreaded error 3 message. I'll keep fooling with it... any suggestions? I've tried it on two machines and two different MJ devices.

You are probably on Los Angeles proxy. Is that what you're trying? Use Wireshark to see where it tries to connect, with and without spoofer.

[Stewart]

What is the significance of the asterisk between the first two digits of the area code?

I believe what's happening is that the MJ server looks at the first 3 (possibly 6) digits of the number to decide what is the best routing for the call. Some routes are via carriers that don't honor the spoof, either intentionally or because they don't implement the header. When you throw a * in there, it doesn't match any of the special cases, and falls through to a 'default' route. That carrier evidently ignores non-numeric data in the destination, so they see a proper 10-digit number and complete the call.

The above is just speculation on my part, trying to form a theory to match observations.

[Darkman90808]

Good guess! How did you know? Lemme change it and see what happens. Thanx...

NOTE: Duh! I guess the 90808 might have been a clue, huh?

[magicJon]

What is the significance of the asterisk between the first two digits of the area code?

I believe what's happening is that the MJ server looks at the first 3 (possibly 6) digits of the number to decide what is the best routing for the call. Some routes are via carriers that don't honor the spoof, either intentionally or because they don't implement the header. When you throw a * in there, it doesn't match any of the special cases, and falls through to a 'default' route. That carrier evidently ignores non-numeric data in the destination, so they see a proper 10-digit number and complete the call.

The above is just speculation on my part, trying to form a theory to match observations.

Huh, sounds good to me, I'll buy that answer!

The modified dialstring now works flawlessly on all of my outgoing calls too. The spoofed number now shows correctly on the cellular, LL and PBX phones.

Cool stuff, thanks again for sharing!

[Darkman90808]

Touchdown! Don't have Wireshark on this machine (it's not mine) and I wasn't comfortable installing it without permission. However, the blunt axe approach worked just fine. Got it working and the new version is too cool for school. Thanks...

[snowigloo]

is the rapidshare file still working?

[Pismire]

is the rapidshare file still working?

Yep, make sure you choose all the kitties.

[snowigloo]

ok thanks i got it

[steveostop]

Thanks for the feedback so far. I forgot to mention, as it was pointed out I should, You need the .net 2 framework for better installed to use the app . The newest version is available here: http://www.microsoft.com/downloads/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6&DisplayLang=en

As well, I put up the source on rapidshare: http://rapidshare.com/files/114979452/CallerIDSpoof_1.1s.zip.html

I am going to add at least the option to always use Stewart's star fix trick when spoofing, any other ideas for improvements??

[magicJon]

Can your tool sniff out and display the MJ's SIP credentials? That might come in handy for those who are experimenting with ATAs (even though that's against the TOS )

[steveostop]

Can your tool sniff out and display the MJ's SIP credentials? That might come in handy for those who are experimenting with ATAs (even though that's against the TOS )

It could, I think i'll add that as well in the next version I post, maybe in a day or two, along with the star fix/workaround Stewart came up with that seems to work well; so long as no one says I made the software edit I'm not too concerned about the TOS

[Stewart]

Can your tool sniff out and display the MJ's SIP credentials? That might come in handy for those who are experimenting with ATAs (even though that's against the TOS )

Say what??? It's not possible (in our lifetimes) to get the password from the SIP traffic, because it uses an encrypted hash. While of course it would be possible for the tool to get the data by some other means (e.g. extracting it from magicjack.exe memory image, or reading and decrypting it from provisioning server), that would be totally unrelated to spoofing; putting in the same program would IMO have no benefit.

[steveostop]

Can your tool sniff out and display the MJ's SIP credentials? That might come in handy for those who are experimenting with ATAs (even though that's against the TOS )

Say what??? It's not possible (in our lifetimes) to get the password from the SIP traffic, because it uses an encrypted hash. While of course it would be possible for the tool to get the data by some other means (e.g. extracting it from magicjack.exe memory image, or reading and decrypting it from provisioning server), that would be totally unrelated to spoofing; putting in the same program would IMO have no benefit.

I agree with that, I was just looking into that a little more deeply as I wasn't 100% sure what it was at the time of my last post. I had only head other people ask for the same thing but I don't think its going to be in the next update. Your star fix idea will be though

[magicJon]

It's not possible (in our lifetimes) to get the password from the SIP traffic, because it uses an encrypted hash.

I thought that's what fiddler already does successfully today? The other threads discussing fiddler and setting up & using different softphone software all seem to mention that this can, and has, been done.

[steveostop]

It's not possible (in our lifetimes) to get the password from the SIP traffic, because it uses an encrypted hash.

I thought that's what fiddler already does successfully today? The other threads discussing fiddler and setting up & using different softphone software all seem to mention that this can, and has, been done.

I haven't done much research on SIP credentials so I honestly have no idea. It is something that interests me and I'll be looking into it but as for being added to the Spoofer Util who knows... No time soon anyways. I hope to have the star fix built in by tonight; I'm unfortunately doing real work at the moment.

[magicJon]

I'm unfortunately doing real work at the moment.

*gasp* I find that procrastination works best in those circumstances

[runitragged]

Apparently, I don't know a Kitty from a squiggle. So I got kicked. I guess my life as a computer phishing program has come to an end.

[runitragged]

Got It!

[TMikk]

Works great, including calls to POTS and cells, but only on our local proxy (Portland), and only for spoofed numbers matching local area codes and prefixes. I wasn't able to test a toll free number.

*67?* dialing did not work. It appears there is still some kind of protocol going on with regard to proxy access. Either by using the local MJ IP for proxy routing, or assigned, actual, MJ area code to proxy... ??

I tried selecting a Boston and New York proxy, with corresponding area codes and prefixes, to no avail.

Quite cool at any rate though. Thanks for the kicks!

[runitragged]

OK........... How is installed? Stick it in the program file or just use my magic witchie woo stick?
Thanks. Your help is greatly appreciated.

[Stewart]

It's not possible (in our lifetimes) to get the password from the SIP traffic, because it uses an encrypted hash.

I thought that's what fiddler already does successfully today? The other threads discussing fiddler and setting up & using different softphone software all seem to mention that this can, and has, been done.

Fiddler is a Web debugger; it cannot view SIP traffic at all. In the old days (prior to Oct. 2007), Fiddler could show credentials by decrypting the HTTPS communication with the provisioning servers. Later, another layer of encryption was added, so Fiddler just displays garbage.

[GuyOnTheAir]

With my setup, phone number, and location, this new one seems a bit picky as to which proxy I'm using. But, at the end of the day, it does work. Woohoo! Good work!

[Darkman90808]

With my setup, phone number, and location, this new one seems a bit picky as to which proxy I'm using. But, at the end of the day, it does work. Woohoo! Good work!

I'm on the Los Angeles area as well and having some issues at present. Not sure if it's 'cause I moved to the new and improved 'Spoofer or if it's system related but I'm having some sketchy performance the last two days.

[EagleBoy]

Ok. Rapidshare's captcha just sucks. I can't tell the cats apart. Gonna keep trying. Really annoying......

Might I suggest mediafire.com?

Thanks

[Darkman90808]

With my setup, phone number, and location, this new one seems a bit picky as to which proxy I'm using. But, at the end of the day, it does work. Woohoo! Good work!

Just dl'd the latest version of Microsoft .NET Framework 3.5 as suggested earlier in the thread. Thought I had the most recent version but mebbe not. In any event, early results with the new 'Spoofer seem promising since the download.

[Pismire]

I got the error 3 after about 20 hours. What causes this?

[Pismire]

I switched proxies and all is ok again. Heard talk in another thread that west coast proxies aren't working right now.

[ThaWiz]

The program is missing the Proxy IP for proxy1.washington.talk4free.com
It puts 127.0.0.1 there instead of 67.90.177.70. Can't edit or paste the right numbers in.

[tarheelbuc]

Working so far on my new MJ!

Glad to have it working too. Being a new MJ user, this was one of the very first things I needed taken care of and sure enough, so far it has.

Appreciate the effort, keep up the good work!

[rezilient]

I get mixed results with it. Calls to cellular, real landline, and PBX numbers do not get spoofed - they see my MJ number.

Try again, dialing e.g. 212-867-5309 as *672*128675309 .

If this works consistently, perhaps the number rewrite can be added to the spoofer.

Is that tweak in the works? When it try dialing 2*128675309 with my regular telephone it doesnt work, although it works with the soft phone.

Thanks for this great app.

[rajeshvb]

until last week I tried with older application and spoofing was working, suddenly i tried today its not spoofing, with old as well version & even perl prg,

what may be the issue?

[SpamBox]

Nice work on the new spoofer. The new features are ones I've wanted! Thanks!

[technoweenie]

that would be really really apprieciated.

TW

[Stewart]

that would be really really apprieciated.

TW

I would expect the original perl code to run ok on a Mac. Have you tried it?

[evilmonkey1987]

Hi folks,

Spoofing doesn't work here at all. I set it to the default nashville proxy, put in my MJ number and everything, and still no dice. Also, after I hit "apply changes", do I need to restart MJ? Thanks.

[astro46]

i just tried the spoofer, downloaded from rapidshare, from the link on the first page of this thread. i presume that this is newest version? started spoofer first, then mj. spoofer did change settings in host file, i entered my mj number and the number i want it to spoof. call to my cell gave the mj number, not the spoofed number. calling from chicago.

is there something that i need to do differently?

[Darkman90808]

I noticed with the new Spoofer, often times the MJ proxy id and the local MJ id will be the same until I click the "Enable Spoofer" box off and then on again. It's easy to miss and could be the source of the problem. It usually happens when I change proxys; I find I have to go back and manually check the box.

[astro46]

my local shows local machine 127.0.0.1, and mj proxy is different. spoofer still doesn't work however.

[Darkman90808]

astro46... I know the other day, I went back to using the "old" one because the new one just wouldn't work for me. I would test it against 712-580-9999 and it would come back with my true MJ number. As soon as I switched back, it tested just fine. Can't explain why, but today it's working (spoofing) just fine.

I've never really kept track of the circumstances under which they work or don't work. Usually, I just keep fooling around till I get it working. Also, I've found clearing the Host file seems to help when nothing else does.

[miker1emu]

I used my cell phone and placed a *67 call to my MJ number and it showed on the MJ caller Id as Anonymous even though i had the option on caller id spoofer for incoming calls "show Anonymous..." checked. Any thoughts to why it didnt decode the number?

Also i have had times that the spoofer screws up MJ for what ever reason and i get error code 3 or i cant dial out and have to shutdown and restart all..Any comments about what may be causing this?

[TRoN]

How does the spoofer reveal anonymous calls? I thought when you dial *67(or #31# from gsm cell phone) it does not send your caller id. I called my MJ from cell phone(#31#) and my number showed up. Was up with that? I thought I was safe when I made those "anonymous" calls

[Stewart]

How does the spoofer reveal anonymous calls? I thought when you dial *67(or #31# from gsm cell phone) it does not send your caller id. I called my MJ from cell phone(#31#) and my number showed up. Was up with that? I thought I was safe when I made those "anonymous" calls

When things are working properly, a request to block caller ID causes the orginating carrier to flag the number as 'private', but it is still sent. The terminating carrier, when seeing the private flag, should not deliver the number to the called party, though there are sometimes bugs and the number gets through anyway. Also, when you call a toll-free number, blocking has no effect; the recipient paying for the call has a right to see who's calling before accepting it.

[leons]

Does any one know if there is a "proper" way to spoof an International Number. If I spoof a number, say from China, that starts with "86", the spoofer will pass the number, but the Caller ID on the recipient phone will not say "China" as it usually does if it gets a call from there. Is there a special format or prefix I should use to get the Caller ID to reflect the country I am trying to spoof?