Monday, November 17, 2014

BINARY SMSs [PART 2] that cool thing you dint know SMSs could do

Find the XML structure of the message to be sent


Here’s a sample one, I will add the references on how to find the basic XML structure and where to find them,

<?xml version="1.0"?>
<!DOCTYPE si PUBLIC "-//WAPFORUM//DTD SI 1.0//EN" "http://www.wapforum.org/DTD/si.dtd">
<si>
<indication href=http://blog.0x7678.com/ si-id="bin">
hack random
</indication>
</si>


Now to convert to WBXML

HexCode                                                                                                  Meaning
02                                                                                                             WBXML Version 1.2          
05                                                                                                              SI 1.0 Public Identifier  
6A                                                                                                             Charset UTF-8        
00                                                                                                              String table length =   0   
45                                                                                                              <SI>                     
C6                                                                                                             <indication>   
0C                                                                                                              href=”http://     
03                                                                                                              String starts
* 7777772E6465762E6D6F62692F69735F66756E2E68746D6C          www.0x7678.com
00                                                                                                               String ends
07                                                                                                       Action attribute (signal – medium)
01                                                                                                       Ends of attributes, now the content
03                                                                                                       String starts
* 446576446F744D6F62692069732046756E2021                          hack random
00                                                                                                       String ends
01                                                                                                               </indication>
01                                                                                                               </SI>                      

* These are strings used to pass contents to the SI, each character in the string is converted to its hexadecimal representation.
** “6532” is to be considered a string of characters and not a number, so don’t use the calculator to convert this number

Our body is, putting all the numbers together:

02056A0045C60C037777772E6465762E6D6F62692F69735F66756E2E68746D6C0<br/>011033635333200070103446576446F744D6F62692069732046756E2021000101

(which is 130 chars)


PREPARE THE UDH
Preparing the UDH is pretty easy. Just start with “06 05 04” and then add the port numbers. Eg WAP push messages uses “destination port” 2948 while source port is 9200. Convert decimal port numbers to hexadecimal formats, so 2948 becomes 0B84 and 9200 becomes 23F0. Magically, the UDH is : 06 05 04 0B 84 23 F0

SENDS THE SMS AND THE UDH

Now, what you need to do with this? Pretty simple, just put everything together and the SMS is ready to be sent.

                                    <UDH> + <BODY>

UDH: 06 05 04 0B 84 23 F0<br/>BODY: 02056A0045C60C037777772E6465762E6D6F62692F69735F66756E2E68746D6C0
The complete message is then:
<span><strong>0605040B8423F0</strong><br/>02056A0045C60C037777772E6465762E6D6F62692F69735F66756E2E68746D6C0<br/>011033635333200070103446576446F744D6F62692069732046756E2021000101
Which is 137 chars long (hey, it’s a binary SMS, and my favorite language Java uses UTF-8 encoding for binary messages, so the limit for 1 SMS is 140 chars, aren’t we cool?)

For now that’s what I will teach, this however is a beginning to something bigger such as the OpenBTS am optimizing by adding binary SMS support.

NB: the above WBXML is only an example the converted WBXML is not as on my blog (for security purposes, link to original document can be found from the decoded wbxml :) cheers)


1 comment:

cheap resume services said...

this information really takes the texting game to a new level for me. i had no idea an SMS was more than this. thank you for posting about this. keep updating more

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...