IPhone text message-related research

SMS sending and Interception

Method 1:

Dozen
Open/dev/tty. debug and use the AT command. This type of code was first found in some open-source projects and can be used for modification. The existing version uses this method.

Missing
Point: The machine must be cracked and installed in/application. The IPA installation method cannot be used and should be a permission issue.

It is not stable, and the speed is a little slow. It may also be caused by a problem in code writing. This type of code can be found on code.google.com and won't be posted;

Method 2:

Straight
Using Apple's private library (coretelephony) for operations, someone has actually made it out (don't ask who I am, I don't know if your software is illegal), but you don't mean
I hope I can find any information on the Internet. I still haven't gotten it out after reading IDA for two days. Instead, 3.0 of sdks can get 3.0 of text messages immediately.

Disadvantage: The only drawback is
You don't know when Apple modified the API again. Private APIs do not need to be compatible with you. Another drawback is that the appstore signature may be troublesome;

1. X,
2. x, 3. x iPhone should be able to support the method, just define the head file, copy the following, and add coretelephony
Framework

Extern nsstring * const
Kctsmessagereceivednotification;
Extern nsstring * const
Kctsmessagereplacereceivednotification;
Extern nsstring * const
Kctsimsuppsimsimstatusnotinserted;
Extern nsstring * const
Kctsimsuppsimsimstatusready;

ID
Cttelephonycentergetdefault (void );
Void
Cttelephonycenteraddobserver (ID, ID, cfnotificationcallback, nsstring *, void *, INT );
Void
Cttelephonycenterremoveobserver (ID, ID, nsstring *, void *);
Int
Ctsmessagegetunreadcount (void );

Int
Ctsmessagegetrecordidentifier (void * MSG );
Nsstring *
Ctsimsupportgetsimstatus ();
// Get the SIM card status. kctsimsupportsimstatusnotinserted indicates no SIM card
Nsstring *
Ctsimsuppcopycopymobilesubscriberidentity ();
// Get the imsi number. I used to use at + CCID to get the iccid to identify the user.

ID
Ctsmessagecreate (void * unknow/* always 0 */, nsstring * number, nsstring *
Text );
Void * ctsmessagecreatereply (void * unknow/* always 0 */, void *
Forwardto, nsstring * text );

Void * ctsmessagesend (ID server, ID
MSG );

Nsstring * ctsmessagecopyaddress (void *, void *);
Nsstring
* Ctsmessagecopytext (void *, void *);

/* There are many APIs, such as hanging up, dialing, and obtaining
Iccid, imsi, Cell ID, and bootload/fireware versions. If they are not available for the time being, they will not be released one by one */

Obtain imsi
Number:

Nsstring * imsi =
Ctsimsuppcopycopymobilesubscriberidentity (/* nil */);

Get SIM card status:

Nsstring
* Simstatus = ctsimsupportgetsimstatus ();

Text message interception (3.0 has expired temporarily ):

Void
Smscallback (
Cfnotificationcenterref center,
Void
* Observer,
Cfstringref name,
Const void * object,

Cfdictionaryref userinfo
)
{

NSAID utoreleasepool * Pool =
[[NSAID utoreleasepool alloc] init];
If (! Userinfo) return;
If
([[(Nsdictionary *) userinfo allkeys]

Containsobject: @ "kctsmessage"]) // SMS message
{
Void
* Message = (void *)
[(Nsdictionary *) userinfo
Objectforkey: @ "kctsmessage"];
Nsstring * address =
Ctsmessagecopyaddress (null, message );
Nsstring * text =
Ctsmessagecopytext (null, message );

Nslog (@ "address = % @, text
= % @ ", Address, text
);

}
}
[Pool release];
}

Id Server =
Cttelephonycentergetdefault ();
Cttelephonycenteraddobserver (server,
Self, smscallback, kctsmessagereceivednotification, null, 4 );

Sending generation
The Code should be (do I make a mistake? Why cannot I send the message ):

Id Server =
Cttelephonycentergetdefault ();

Id MSG =
Ctsmessagecreate (0, @ "10086", @ "fuck ");
ID
Result = ctsmessagesend (server, MSG );

Apple on iPhone
3.0 I made a lot of changes in text messages, and also showed me their plans to open the sms sdk. Now I have a chatkit, And the classdump seems to be quite complex.
Miscellaneous: I still classdump his coretelephony. I was surprised to find that there were a lot more OBJ in it.
C Class, which is roughly like the following, can be used if you just need to copy a head:

@ Interface
Ctmessagecenter: nsobject
{
}

+ (ID) sharedmessagecenter;
-
(ID) Init;
-(ID) sendsms :( ID) FP8;
-(ID) sendmmsfromdata :( ID) FP8
Messageid :( unsigned INT) fp12;
-(ID) sendmms :( ID) FP8;
-
(ID) Send :( ID) FP8;
-(ID) incomingmessagewithid :( unsigned INT) FP8
Telephonycenter :( ID) fp12 isdeferred :( bool) fp16;
-
(INT) incomingmessagecount;
-(ID) allincomingmessages;
-
(Void) acknowledgeincomingmessagewithid :( unsigned INT) FP8;
-
(Void) acknowledgeoutgoingmessagewithid :( unsigned INT) FP8;
-
(ID) incomingmessagewithid :( unsigned INT) FP8;
-
(ID) deferredmessagewithid :( unsigned INT) FP8;
-
(ID) statusofoutgoingmessages;
-(ID) encodemessage :( ID) FP8;
-
(ID) decodemessage :( ID) FP8;
-(Bool) ismmsenabled;
-
(Bool) ismmsconfigured;
-(Bool) sendsmswithtext :( ID) FP8
Servicecenter :( ID) fp12 toaddress :( ID) fp16;

@ End

From the interface, send,
You can handle all interceptions and support MMs.

Sending is simple:

[[Ctmessagecenter
Sharedmessagecenter] sendsmswithtext: @ "1111" servicecenter: Nil
Toaddress: @ "138xxxx0610"];

The interception was very strange. I don't know how he notified me, but I should have used the code in it.
Cttelephonycenteraddobserver, I'm wondering if I can get one from this class? To be tested.

By the way, Ida reversed it.
The arm code of is still very depressing. The key is that it cannot be followed for debugging. ctsmessagesend can certainly be sent, and it is a 2 parameter. What about God, help me ?!