{"id":13791162,"url":"https://github.com/mnemonic-no/ScapySMS","last_synced_at":"2025-05-12T09:34:08.520Z","repository":{"id":46666839,"uuid":"408388478","full_name":"mnemonic-no/ScapySMS","owner":"mnemonic-no","description":"Complete SMS packet manipulation","archived":false,"fork":false,"pushed_at":"2021-10-01T06:46:00.000Z","size":26,"stargazers_count":105,"open_issues_count":0,"forks_count":18,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-11-18T05:38:41.734Z","etag":null,"topics":["scapy","sms"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mnemonic-no.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-20T09:49:55.000Z","updated_at":"2024-10-10T12:39:24.000Z","dependencies_parsed_at":"2022-09-04T07:32:41.498Z","dependency_job_id":null,"html_url":"https://github.com/mnemonic-no/ScapySMS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnemonic-no%2FScapySMS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnemonic-no%2FScapySMS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnemonic-no%2FScapySMS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnemonic-no%2FScapySMS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mnemonic-no","download_url":"https://codeload.github.com/mnemonic-no/ScapySMS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253709556,"owners_count":21951180,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["scapy","sms"],"created_at":"2024-08-03T22:00:56.779Z","updated_at":"2025-05-12T09:34:08.165Z","avatar_url":"https://github.com/mnemonic-no.png","language":"Python","funding_links":[],"categories":["SIMCards"],"sub_categories":[],"readme":"# ScapySMS\nA Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.\n\nThis framework is designed to assist with fuzzing SIM card applications and, more generally, SMS systems as a whole. Because this project uses the [Scapy framework](https://scapy.readthedocs.io/en/latest/index.html), it's possible to have control over the *entire* packet. This was the key feature that inspired the creation of this project.\n\nFunctionality for sending SMS messages via AT commands to a modem is also included.\n\n# Install\n```python3\npip install /directory/with/ScapySMS/\n```\n\n# How to use\nIt is nearly impossible to use this framework without having the GSM specification side by side as a reference. Some notes on the relevant GSM documents can be found in this packages's source. Though you'll probably want to start here:\n\n* https://en.wikipedia.org/wiki/GSM_03.40 - SMS specification summarized\n* [GSM 03.40](https://www.etsi.org/deliver/etsi_gts/03/0340/05.03.00_60/gsmts_0340v050300p.pdf) - Official SMS specification\n* [ETSI TS 102 225](https://www.etsi.org/deliver/etsi_ts/102200_102299/102225/09.00.00_60/ts_102225v090000p.pdf) - (U)SIM Application Toolkit command packets\n\n## Building a SMS-SUBMIT PDU\n```python3\nimport ScapySMS\n\nsms = ScapySMS.SMSSubmit()\nsms.TP_RP = 0\nsms.TP_UDHI = 0\nsms.TP_SRR = 0\nsms.TP_VPF = 10\nsms.TP_RD = 0\nsms.TP_MTI = 1\nsms.TP_MR = 0\n\nmyaddr = ScapySMS.Address()\nmyaddr.Type_of_number = 1 # International format, includes country code\nmyaddr.Digits = '15558675309'\nsms.TP_DA = myaddr\n\nsms.TP_PID = 0\nsms.TP_DCS = 8 # UTF-16\nsms.TP_VP = b'\\x00' # 5 minutes\nsms.TP_UD = 'Hello world ✌️'.encode('utf-16')\nsms.show2()\n\nprint('PDU hex: {}'.format(bytes(sms).hex()))\n```\n\n```\n###[ SMS-SUBMIT ]### \n  TP_RP     = 0: TP-Reply-Path parameter is not set in this SMS-SUBMIT/DELIVER\n  TP_UDHI   = 0: The TP-UD field contains only the short message\n  TP_SRR    = 0: A status report is not requested\n  TP_VPF    = 10: Relative format\n  TP_RD     = 0: Instruct the SC to accept an SMS-SUBMIT for an SM still held in the SC which has the same TP-MR and the same TP-DA as a previously submitted SM from the same OA.\n  TP_MTI    = 01: SMS-SUBMIT (in the direction MS to SC)\n  TP_MR     = 0\n  \\TP_DA     \\\n   |###[ Address ]###\n   |  Length    = 11\n   |  Extension = No extension\n   |  Type_of_number= International number\n   |  Numbering_plan= ISDN/telephone numbering plan (E.164/E.163)\n   |  Digits    = 15558675309\n  TP_PID    = 0\n  TP_DCS    = 8\n  TP_VP     = 00\n  TP_UDL    = 30\n  TP_UD     = fffe480065006c006c006f00200077006f0072006c00640020000c270ffe\n\nPDU hex: 11000b915155685703f90008001efffe480065006c006c006f00200077006f0072006c00640020000c270ffe\n```\n\n## Sending a SMS to a modem\n```python3\nm = ScapySMS.Modem('/dev/ttyUSB2')\nm.sendPDU(sms)\n```\n\n## (U)SIM Application Toolkit command packets\nI don't have any good examples to show here, but you can decode a packet from hex like this:\n\n```python3\nbytes = bytes.fromhex(yourhex)\np = ScapySMS.CommandPacket(bytes)\np.show2()\n```\n\n# Testbed suggestions\nI recommend checking out the [QCSuper](https://github.com/P1sec/QCSuper) project. Paired with the right Qualcomm USB modem / Android phone you can use this to create GSM packet captures. This is extremely helpful for seeing how data is sent out from your modem, as well as seeing what the data looks like when it's received.\n\n[SCAT](https://github.com/fgsect/scat) is another tool that works similarly.\n\n# Learn more\nAdaptive Mobile's [Simjacker technical report](https://simjacker.com/) is a good practical example of what can be found when digging into these old technologies.\n\nAlso:\n* https://opensource.srlabs.de/projects/simtester/\n* https://www.youtube.com/watch?v=DHhYz9euDB8\n* https://media.defcon.org/DEF%20CON%2021/DEF%20CON%2021%20presentations/DEF%20CON%2021%20-%20Bogdan-Alecu-Attacking-SIM-Toolkit-with-SMS-WP.pdf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmnemonic-no%2FScapySMS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmnemonic-no%2FScapySMS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmnemonic-no%2FScapySMS/lists"}