Get the perfect Google Voice number, Grep-style!

March 17, 2013

Google Voice is an incredibly useful service, offering numbers from nearly every area code in the US.

It is possible to search for a Google Voice number in their database by area or zip code. You can also enter a word or phrase you’d like to include in the number (exploiting the mnemonic format) from within the Google interface, and a convenient dialog box will show you available numbers that match your criteria.

The Google Voice number choice dialog.

Hackers don’t like limited graphical interfaces. We would love to use regular expressions to find interesting numbers. Our way.

What if we wanted to search for Google Voice numbers with only a limited number of unique digits? Or a palindrome number? Or a binary number, made of just zeroes and ones? The little fancy Google dialog won’t help.

We need to grep!

Greatly inspired by an old blog post, by Privacy Logs, I created a quick and dirty bash script that queries Google for available area codes, then downloads (most of) available numbers, and finally grep’s the hell of out them, finding cool numbers.

Example of cool preset regexes:

  • numbers in pairs
  • digit repeated at least three times
  • various toggles
  • palindromes
  • ABABACDCDC format
  • binary numbers
  • 1337 numbers

You just have to put your Google cookies (simply copy the HTTP header Cookie: <content> when visiting https://www.google.com/voice/b/0/setup/searchnew/ as logged in user into the COOKIES="<content>" variable in the script). You can view cookies with the browser Inspector (for example, in Chrome, use the Network tab) or a Firefox plugin such as Live HTTP headers. Cookies are separated by a semicolon and a space, like this: COOKIES="gv=content1; PREF=content2". Mandatory cookies are gv, PREF, SSID, but you can just copy them all in the variable - it won’t hurt.

Of course, this is just a dirty hack, and a quick Go or Python program can perform much better, maybe making use of multithreading.

Here’s the code (also on Github!):

    #!/bin/bash

    URL="https://www.google.com/voice/b/0/setup/searchnew/"

    # Add your cookies here
    COOKIES="xxx"

    rm -f areacodes || true
    touch areacodes
    rm -f numbers || true
    touch numbers

    # Get area codes
    curl -ks --cookie "$COOKIES" "${URL}?ac=[201-999]&start=0&country=US" | grep -ho "+1[0-9]\{3\}" | cut -b3-5 | sort -u >> areacodes

    # Get numbers (BFS on digits)
    for AREACODE in `cat areacodes`; do
        printf "${AREACODE}0000000\n" > numbers
        printf "Area code: $AREACODE\n";

        echo -n "Progress: 1%... ";

        cut -b1-3 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "10%... ";

        cut -b1-4 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "20%... ";

        cut -b1-5 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "42%... ";

        cut -b1-6 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "60%... ";

        cut -b1-7 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "80%... ";

        cut -b1-8 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=0"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo -n "94%... ";

        cut -b1-8 numbers | sort -u | \
        (while read LINE; do CURL_URL="${URL}?ac=${LINE:0:3}&q=$LINE[0-9]&start=5"; curl -ks --cookie "$COOKIES" "$CURL_URL"; done) | \
        grep -ho '[0-9]\{10\}' | sort -u >> numbers

        echo "Done.";

        sort -u numbers > $AREACODE;
    done

    # Find interesting numbers
    mkdir results || true
    rm -f all || true

    for AREACODE in `cat areacodes`; do
        cat $AREACODE | grep -v "${AREACODE}0000000" >> all;
    done

    grep "\([0-9]\)\1.*\([0-9]\)\2.*\([0-9]\)\3" all > results/pairs
    grep "\([0-9]\)\1\{3\}" all > results/repetitions
    grep "\([0-9]\)\([0-9]\)\([0-9]\)\([0-9]\).?\4\3\2\1" all > results/palindromes
    grep "\([0-9]\)\([0-9]\)\1\2\1\2" all > results/toggle
    grep "\([0-9]\)\([0-9]\)\1\2.*\([0-9]\)\([0-9]\)\3\4\3" all >> results/toggle
    grep "\([0-9]\)\([0-9]\)\(\1|\2\)\{4\}" all > results/twodigits
    grep "\([0-9]\)\([0-9]\)\1\2\1.*\([0-9]\)\([0-9]\)\3\4\3" all > results/ABABACDCDC
    grep "\([0-9]\)\1.*\([0-9]\)\2.*\([0-9]\)\3" all > results/tripledouble
    grep "[0-9][0-9][0-9]\([01]\)\([01]\)\([01]\)\([01]\)\([01]\)\([01]\)\([01]\)" all > results/binary
    grep "[0-9]*1337[0-9]*" all > results/1337
    grep "[0-9]*1337$" all > results/1337_end

    rm -f all

Enjoy, and feel free to comment! :)

Flash-based XSS in Yandex's AmCharts component