IPhone 4 text message interception

The so-called text message interception can be received by the program in advance, filtered and processed accordingly, and then sent to the inbox of the mobile phone.

Text message interception on ios3 can be completed through some private APIs, and there are many online tutorials, which are not repeated here.

Text message interception on ios4 that was investigated some time ago makes it difficult to find relevant information on the Internet. The complete information just happened to have learned hook some time ago,

So I took some time over the weekend to use hook for further research. Here I will make a record to prevent future forgetting.

 

Test environment: iPhone 4 ios4.3.2 has been jailbroken

1. Set up the hook demo development environment. Refer to my other article. I will not repeat it here. Hook the function that receives the text message, and process and filter the function accordingly.

2. Class-dump smsctserver. Framework, chatkit. Framework, coretelephony. Framework, and other frameworks

Among them, smsctserver. Framework mainly contains some APIs related to sending and receiving text messages. chatkit is complicated, and cksmsservice. h contains many operations,

For example, markallmessagesinconversationasread sets the flag to the reading status when you read the text message for the first time.

Coretelephony. framework is already open on ios4, but many private APIs are still not open by Apple and need to be tested by yourself.

Add the header files from the above three libraries to the xcode compilation search path. When using a class, you can directly perform # import. Of course, you will encounter some compilation errors,

In this case, you need to consider the relative path and absolute path to process some # import in the framework. But the advantage is that only when you # import a header file will you check this

The syntax structure inside the header file, so you do not need to manually process the header files in all frameworks.

3. After the environment is set up, you need to query the functions that may be involved and hook them.

Here, we recommend that you use the grep command for query. For example, to find the sendmessage function, you can use grep sendmessage.-R to list all related content containing this word.

This allows you to quickly and efficiently obtain the required information.

4. in step 2, I believe there will be doubts about the functions of some functions. Is this function an API that accepts text messages? The best way to verify truth is to test. Hook these functions,

Add some prints to test the functions of these functions.

5. Finally, I found that when I received text messages, due to the large number of functions in the framework, I just hooked some of the functions that are doubtful.

-(Void) _ processreceivedmessagewithinfo :( struct _ cfdictionary *) arg1;

-(Void) _ ingestincomingctmessage :( ID) arg1;

-(Void) _ receivedmessage :( struct _ cksmsrecord *) arg1 replace :( bool) arg2;

When the text message arrives, these functions are executed directly. In _ ingestincomingctmessage, you can control whether text messages are sent to mobile phones. If in _ processreceivedmessagewithinfo

If the function is used for filtering, the text message does not arrive at the moment, but after the phone is restarted, the text message has actually arrived in the inbox, but has not received the notification. Obviously, we don't want that much.

The hook code is as follows:

Extern "C" Void Merge (smsctserver * Self, Sel cmd, Id arg1) {nslog (@ "---------------------------------- receive enter, arg1 =%@", arg1 ); nslog (@ "====================== replaced_smsctserver_ingestincomingctmessage ============== nsstringfromclass ([arg1 class]) = % @ ", nsstringfromclass ([arg1 class]); ctmessage * message = (ctmessage *) arg1; ctphonenumber * sender = (ctphonenumber *) message. sender; nsstring * digits = sender. digits; // The telephone number nsstring * countrycode = sender. countrycode; nsdate * Date = message. date; nsarray * items = message. items; For (ctmessagepart * Part in items) {nsdata * Data = part. data; nslog (@ "============================= data ==%@", data ); // nslog (@ "============================ smsdata =%@", [ctmmsencoder decodemessagefromdata: data]);} nslog (@ "================ countrycode =%@, digits =%@, date =%@", countrycode, digits, date); nslog (@ "----------------------------- message =%@, sender =%@", message, Sender); // you can successfully intercept text messages here, use the text message contained in arg1 to confirm whether the message should be accepted. If ([@ "1065583393" is%tostring: digits]) {nslog (@ "------------------------------------------- you are not allowed to accept the text message of. ");

// Prompt uialertview * alertview = [[uialertview alloc] initwithtitle: [nsstring stringwithformat: @ "spam message (% @)", digits] Message: [nsstring stringwithformat: @ "SMS sending date: % @", date] delegate: Self cancelbuttontitle: @ "OK" otherbuttontitles: nil, nil]; [alertview show]; [alertview release];

        return;    }        original_SMSCTServer_ingestIncomingCTMessage(self, cmd, arg1);}

This part of the text message content parsing work, as shown above, the number 1065583393 harassed me and sent me spam messages every one or two days. In this case, this number will no longer send me text messages. The number here is equivalent to the blacklist. You can set it through a program, and then obtain the corresponding number here and filter it out.

In the code, uialertview will remind you of the arrival of spam messages that you do not intend to accept, but will not accept them. (Just a test, don't mind too much)

The arg1 parameter is of the ctmessage type and contains the SMS sending number, date, content, and other information. However, when I use ctmmsencoder to parse the text message content, the system prompts that this class does not exist, but which nsdata should be the data of the text message content, the Data Length of each message nsdata is also inconsistent.

 

For example, the playmessagesent of the smsctserver controls the prompts sent successfully. If you do not send a message, no sound will appear when the message is sent.

// Controls the playback sound after the SMS is sent. extern "C" Void replaced_smsctserver_playmessagesent (smsctserver * Self, Sel cmd) {nslog (@ "Reply replaced_smsctserver_playmessagesent enter, CMD );}

 

 

Hook can indeed complete many powerful functions. Private API, framework, Hook, and water are deep enough!

Do this for the time being. When you have time, kill the prompt box of the brute force message every time you receive the text message. The world is quiet!

 

By yytong