Working with text messages / SMS in one core part of testing cellular devices. Running an own network, there are different approaches for sending text messages. This page shows a few.

Manually, via Phone

The most obvious approach for sending text messages will be using a simple phone. When the phone is connected to the cellular network it can simply send text messages to other devices.

Via openBSC

openBSC has a control interface listening on port 4242 / TCP which supports sending text messages.

subscriber id 1 sms sender id 3 send test

This line will send a text message to the subscriber with the id 1 from the subscriber with the id 3 containing “test”.

subscriber extension 1234 sms sender extension 5678 send test

This line will send a text message to the subscriber with the extension 1234 to the subscriber with the extension 5678 containing “test”.

As source/target openBSC is able to work with id, extension, imsi and tmsi.

As this interface can be accessed via telnet, it is also possible to simply automate sending messages in a simply python script as shown below.

import telnetlib
import time

Host="127.0.0.1"
Port="4242"

tn = telnetlib.Telnet(Host,Port)

tn.write("subscriber id 1 sms sender id 1 send starting test\n")

pins=["%04d" % x for x in range(10000)]
for pin in pins:
  cmd = "subscriber id 2 sms sender id 1 send " + pin + "\n"
  print cmd
  tn.write(cmd)
  time.sleep(1)
tn.write("exit")
tn.write("exit")

This script will send text messages to the subscriber with the id 2 from the subscriber with the id 1. The content of the text message is iterated by the for loop from “0000” to “9999”. As such this also is the quickest way of implementing a bruteforcer.

Via SMPP

SMPP or Short Message Peer to Peer is a protocol used for transporting text messages / SMS within backend systems or between different SMSCs. openBSC offers an SMPP interface which can easily be access with a simple Python script.

You will need smpplib for python

pip install smpplib

import smpplib

ip="127.0.0.1"
port=2775
user="admin"
password="admin"
source="909099992"
destination="909099991"
message="test"

print user
print password
print "kekse"

client = None
try:
        client = smpplib.client.Client(ip, port)
        client.connect()
        try:
                client.bind_transmitter(system_id=user, password=password)

                client.send_message(source_addr_ton=smpplib.command.SMPP_TON_INTL,
                        source_addr_npi=smpplib.command.SMPP_NPI_ISDN,
                        source_addr=source,
                        dest_addr_ton=smpplib.command.SMPP_TON_INTL,
                        dest_addr_npi=smpplib.command.SMPP_NPI_ISDN,
                        destination_addr=destination,
                        short_message=message,
                        esm_class=smpplib.command.SMPP_MSGMODE_FORWARD,
                        )

        finally:  
                if client.state in [smpplib.client.SMPP_CLIENT_STATE_BOUND_TX]:
                        try:
                                client.unbind()
                        except smpplib.exceptions.UnknownCommandError as ex:
                                #https://github.com/podshumok/python-smpplib/issues/2
                                try:
                                        client.unbind()
                                except smpplib.exceptions.PDUError as ex:
                                        pass
finally:
        if client:
                client.disconnect()