A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

Related tags

Networkingsmsscapy
Overview

ScapySMS

A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

This framework is designed to assist with fuzzing SIM card applications and, more generally, SMS systems as a whole. Because this project uses the Scapy framework, it's possible to have control over the entire packet. This was the key feature that inspired the creation of this project.

Functionality for sending SMS messages via AT commands to a modem is also included.

How to use

It is nearly impossible to use this framework without having the GSM specification side by side as a reference. Some notes on the relevant GSM documents can be found in the scapysms.py file itself. Though you'll probably want to start here:

Building a SMS-SUBMIT PDU

import scapysms

sms = scapysms.SMSSubmit()
sms.TP_RP = 0
sms.TP_UDHI = 0
sms.TP_SRR = 0
sms.TP_VPF = 10
sms.TP_RD = 0
sms.TP_MTI = 1
sms.TP_MR = 0

myaddr = scapysms.Address()
myaddr.Type_of_number = 1 # International format, includes country code
myaddr.Digits = '15558675309'
sms.TP_DA = myaddr

sms.TP_PID = 0
sms.TP_DCS = 8 # UTF-16
sms.TP_VP = b'\x00' # 5 minutes
sms.TP_UD = 'Hello world ✌️'.encode('utf-16')
sms.show2()

print('PDU hex: {}'.format(bytes(sms).hex()))
###[ SMS-SUBMIT ]### 
  TP_RP     = 0: TP-Reply-Path parameter is not set in this SMS-SUBMIT/DELIVER
  TP_UDHI   = 0: The TP-UD field contains only the short message
  TP_SRR    = 0
  TP_VPF    = 10: Relative format
  TP_RD     = 0
  TP_MTI    = 1
  TP_MR     = 0
  \TP_DA     \
   |###[ Address ]### 
   |  Length    = 11
   |  Extension = No extension
   |  Type_of_number= International number
   |  Numbering_plan= ISDN/telephone numbering plan (E.164/E.163)
   |  Digits    = 15558675309
  TP_PID    = 0
  TP_DCS    = 8
  TP_VP     = 00
  TP_UDL    = 30
  TP_UD     = fffe480065006c006c006f00200077006f0072006c00640020000c270ffe

PDU hex: 11000b915155685703f90008001efffe480065006c006c006f00200077006f0072006c00640020000c270ffe

Sending a SMS to a modem

m = scapysms.Modem('/dev/ttyUSB2')
m.sendPDU(sms)

(U)SIM Application Toolkit command packets

I don't have any good examples to show here, but you can decode a packet from hex like this:

bytes = bytes.fromhex(yourhex)
p = scapysms.CommandPacket(bytes)
p.show2()

Testbed suggestions

I recommend checking out the QCSuper project. Paired with the right Qualcomm USB modem / Android phone you can use this to create GSM packet captures. This is extremely helpful for seeing how data is sent out from your modem, as well as seeing what the data looks like when it's received.

Learn more

Adaptive Mobile's Simjacker technical report is a good practical example of what can be found when digging into these old technologies.

Also:

Owner
mnemonic
mnemonic - Defining cybersecurity
mnemonic
🔥 Minimal performant package to asynchronously make GET requests.

Minimal performant package to asynchronously make GET requests without any dependencies other than asyncio.

Yannick Perrenet 1 Jun 01, 2022
VRF-StarkNet - Contracts for verifiable randomness on StarkNet

VRF-StarkNet Contracts for verifiable randomness on StarkNet Motivation Deployed

Non 32 Oct 30, 2022
BlueHawk is an HTTP/1.1 compliant web server developed in python

This project is done as a part of Computer Networks course. It aims at the implementation of the HTTP/1.1 Protocol based on RFC 2616 and includes the basic HTTP methods of GET, POST, PUT, DELETE and

2 Nov 11, 2022
PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected

LoveBoxer PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected. This PoC was is what I used in this blogpost Usage

Graham Helton 10 May 24, 2022
Juniper SNMP Migrations For Python

Juniper SNMP Migrations This example will show how to use the PyEZ plugin for Nornir to build a NETCONF connection to a remote device validate that SN

Calvin Remsburg 1 Jan 07, 2022
Tsunami-Fi is simple multi-tool bash application for Wi-Fi attacks

🪴 Tsunami-Fi 🪴 Русская версия README 🌿 Description 🌿 Tsunami-Fi is simple multi-tool bash application for Wi-Fi WPS PixieDust and NullPIN attack,

【Kiko】 35 Dec 09, 2022
TradingView Interactive Brokers Integration using Webhooks

TradingView Interactive Brokers Integration using Webhooks

84 Dec 19, 2022
WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

Rivane Rasetiansyah 3 Apr 01, 2022
openPortScanner is a port scanner made with Python!

Port Scanner made with python • Installation • Usage • Commands Installation Run this to install: $ git clone https://github.com/Miguel-Galdin0/openPo

Miguel Galdino 7 Jan 09, 2022
This tool is for finding more detailed information of an IP Address.

This tool is for finding more detailed information of an IP Address.

3 Oct 08, 2021
Use Raspberry Pi and CircuitSetup's power monitor hardware to publish electrical usage to MQTT

This repo has code and notes for whole home electrical power monitoring using a Raspberry Pi and CircuitSetup modules. Beyond just collecting data, it

Eric Tsai 10 Jul 25, 2022
Lets you remove all friends, leave GCs, and leave servers, in an instant!

anonymity Lets you remove all friends, leave GCs, and leave servers, in an instant! You can also do each of them by themselves. First, you need to get

1 Dec 07, 2021
A library of functions that can be used to manage the download of claims from the LBRY network.

lbrytools A library of functions that can be used to manage the download of claims from the LBRY network. It includes methods to download claims by UR

13 Dec 03, 2022
D-dos attack GUI tool written in python using tkinter module

ddos D-dos attack GUI tool written in python using tkinter module #to use this tool on android, do the following on termux. *. apt update *. apt upgra

6 Feb 05, 2022
Ping IP addresses and domains in parallel to find the accessible and inaccessible ones.

🚀 IPpy Parallel testing of IP addresses and domains in python. Reads IP addresses and domains from a CSV file and gives two lists of accessible and i

Shivam Mathur 54 May 21, 2022
Burp Extension that copies a request and builds a FFUF skeleton

ffuf is gaining a lot of traction within the infosec community as a fast portable web fuzzer. It has been compared and aligned (kinda) to Burp's Intruder functionality. Thus, Copy As FFUF is trying t

Desmond Miles 81 Dec 22, 2022
Home Assistant integration for MyEnergi devices

myenergi for Home Assistant myenergi custom component for Home Assistant This is a very early release, will add more documentations soon! This compone

Johan Isacsson 70 Dec 18, 2022
A lightweight python script that can monitor the T-Mobile Home Internet Nokia 5G Gateway for band and connectivity and reboot as needed.

tmo-monitor A lightweight Python 3 script that can monitor the T-Mobile Home Internet Nokia 5G Gateway for band and connectivity and reboot as needed.

61 Dec 17, 2022
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface

1.6k Jan 01, 2023
forward several ports into a single port

port forwarding Multi-Input-Single-Output forward several ports into a single one this tool forwards packets from several ports into one single port.

Erfan Kheyrollahi Qaroğlu 3 Sep 11, 2021