So many people have been asking me for info on how the fake sms vulnerability works on the Iphone4 that has been in the news as of late. I will post here what I have found out there. Hope this helps.

About a week ago, the famous iOS hacker Pod2g, released public source codes of an exploit, for the iPhone 4. The exploit enabled users to send PDU files (SMS messages) through the network, bypassing their baseband's PDU check. Anyone who knows how PDU information is read, knows that this can be a great problem. And with this exploit, many things can be done. So I will demonstrate how to use it, along with the codes for a few of them.

One big vulnerability is SMS Spoofing, and this tutorial will show you how to do it using the sendrawpdu exploit. 

First, make sure to have a jailbroken iPhone 4. This exploit only works on the iPhone 4 basebands. First, download a program called PDUspy. Which can be directly downloaded from http://www.nobbi.com/download/pduspy.zip and only works on windows OS. Now, on the iPhone 4, go to Cydia. Add the xsellize repo, and search in cydia for "Sendrawpdu". Download this file, along with Mobile terminal, and OpenSSH if not already installed. 

Next, after installation of all the programs and packages, run PDUspy on the computer. A program with many tabs will appear.
Click on the tab saying "Settings". Make sure everything looks similar to this: [Spoiler]http://i.imgur.com/1SA3z.png

Now click on the next tab called "Create". In the field with Destination Address (TP-DA), enter the phone number that you wish to send the text message to, including the area code. ex 123-456-7890. Then for the Message Text (TP-UD) field, insert the text you would like to send. http://i.imgur.com/d97d3.png

After that, click on the UDH II Tab. Click the box for "Create a reply address field" Fill in field that says "Use as user reply message" Fill this field in with the number that you want to show up when the receiver receives this text. And make the rest of the options look like this: http://i.imgur.com/7uIii.png

The final step is to click on the "Create" tab, and click "Create" on the bottom left. This will open the tab saying "Manual". The program just coded the information you inserted into a PDU format (Binary). Copy this, and save it for now. http://i.imgur.com/dM8h5.png 

Download a program for windows to SSH into the device and to send commands via terminal. (Please note, that this is not necessary. You can send the PDU information via text/email/ anything else, and copy it into terminal, but for simplicity, i suggest this SSH method.) Putty will work, but I suggest http://www.i-funbox.com/ to SSH into the iPhone. Download the free program, and plug the jailbroken iPhone 4 in. Again, be sure to have OpenSSH installed, along with terminal. Now start up iFunbox, and click the "SSH Terminal" branch. type "sendrawpdu" (this calls the scripts/ exploit that Pod2g has made) after "sendrawpdu" paste the PDU code.

sendrawpdu 00C1000A81214365871900001B00D0F0ED3ECBC3F4390B947FD741E4F2F84D2E9341697A08

Now hit enter, which will send the command, which will then send the SMS.

Note: SMS Spoofing can be illegal in some states, along with other options that are possible with this exploit. Please use responsibly, and send at your own risk

I have no information on the original author, but thanks to him/her for this detailed tut.

Google+: View post on Google+

Post imported by Google+Blog. Created By Daniel Treadwell.