Hi all! I'd like to test the "transport part" of some service that accepts SMS as input. It was noted, that after the first testing it had some problems with multipart sms, it couldn't accept sms if the number of parts exceed 12 (but we managed to send at least 32 parts), resulting in "transport part" spamming some other components of the service by some requests with total number much more than 32 parts of multipart SMS. That challenged as to look for some possible vulnerabilities in multipart SMS handling, since we realized that one multipart sms can paralyze the whole service.
The possible attack vector is to send several "parts" with the same IED1 and the same TP-MR. Or, to send several messages with the same IED1 and incrementing TP-MR, but some TP-MRs missed, to check that "transport part" doesn't hang when processing such "multiparts". The first question is what happens, when we send the long SMS via Service.getInstance().sendMessage(msg); ? As I see as it implemented in code, It just converts the long text to long PDu and writes it to port, with no attempt to divide it into several parts messages. If I understand it right, parts are formed by the modem itself? The second question is how can I emulate the sending multiple parts "of the same multipart messages" using SMSlib? Unfortunately, PDUutils doesn't present any pretty API for managing IED1 and TP-MR (and some other) bytes before sending the message. If some java tools to handle it are know, please let me know! Thnx! -- You received this message because you are subscribed to the Google Groups "SMSLib Discussion Group" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msg/smslib/-/725VzDJpxoEJ. For more options, visit https://groups.google.com/groups/opt_out.
