How to do SMS Spoofing using iPhone 4 and SendRawPDU Script by Pod2g

Few days ago I wrote you news that famous French hacker Pod2g found exploit in iPhone SMS security which allowed one people to send text messages to others but with wrong address.

To perform this you need to use CLI tool to send raw SMS PDU data to the iPhone 4 baseband. This tool is called sendrawpdu and you can find info about it here because in this article we will talk how to make it works on your iPhone 4.

First you need to compile sendrawpdu file on your iPhone 4 and only then to use it. But before we start you need to comply with the requirements given below:

Note: We are not responsible for those who will use this spoofing method in illegal way. We just sharing our first time experience of using this tool.

How to spoof SMS on iPhone 4

Requirements

  • Mac OS X 10.6 and higher.
  • Xcode 4.0 and higher.
  • iosopendev package (you can use this link to download it).

If you don’t have MacOS X and couldn’t compile this script by your own then use download link bellow.

Download Compiled SendRawPDU for iPhone 4 / 4s (link updated)

Now please upload sendrawpdu file to /usr/bin/ directory so the final location would be /usr/bin/sendrawpdu

How to Use Sendrawpdu to Send Spoofing SMS

Note: You must be acquainted with Mobile Terminal or SSH conection between computer and your iPhone.

Step one: open terminal and navigate to the folder where sendrawpdu is located. Then type the next command:

sudo chmod +x sendrawpdu

Now we are ready to lanch this CLI tool and try to send some data.

Step two: Launch this script by typping

./sendrawpdu YOUR PDU DATA

Step three: What PDU data should I put there and what does it looks like? To answer this questions you have to learn some info about SMS technology.

SMS (Short Message Service) is specified by the ETSI (standards GSM 03.401 and 03.382 ). It can contain up to 160 characters, where each character is written according to the 7-bits GSM default alphabet (7 bits default table)

SMS also contains some meta-data

  • Info about the senders ( Service center number, sender number)
  • Protocol information (Protocol identifier, Data coding scheme)
  • Timestamp

There are 2 ways to receive and send SMS messages a, PDU (protocol discription unit) and Text mode. So as you see sendrawpdu is designed to use PDU data for sending text messages. PDU format can be used on any encoding and it is all in the form of hexa-decimal octets or decimal semi-octets.

Here is the example of “How are you” message in PDU:

069110090000F111000C918390831470380000AA0CC8F71D14969741F977FD07

You need Open Source decoder/encoder for PDU so you can easily decode text string into PDU data format.

Update: If you are on Windows PC you can use PDUSpy software and my guide to generate your  RAW PDU data

So the final command for sending spoofing text messages would be like:

./sendrawpdu 069110090000F111000C918390831470380000AA0CC8F71D14969741F977FD07

You should see your iPhone 4 baseband has been sending PDU RAW Data:

AT
OK
AT+CMGF=0
OK
AT+CMGS=31

And that’s it. Now you know how to do this. But I advice you to find out if you break the law of your country sending spoofing text messages. It can be illegal. We are not responsible for your following actions.

Update: If you have errors with Send Raw PDU then go and fix it.

Also you can read the article on how to prevent sending spoof SMS. This advice came straight from Apple company. If there are some questions feel free to use comment section below to put them all. Also don’t forget to share this essential info using share buttons bellow.