Friday, November 18, 2022

Bridging Mobile-Sms with XMPP-Instant-Messaging


When on a international travel - have you ever come across a situation where you could not receive an sms sent by your bank or any other online service for 2FA(user-verification-code)? Did you miss to enable international-roaming? or was there any limitation on using your local sim card abroad?

One of the work-arounds for such a situation is to leave your phone at home-network and ask a trusted person to read-out the 2FA verification code for you over the phone - Ever wondered how many times you had to disturb someone off hours for reading out the verification code? how's about having an online machine to do this for you 24/7?

I know it sounds like a bad idea to to bypass 2FA security mechanism by connecting your sim-card to internet, but this is the real problem many of us might be facing and continue to rely on someone in a remote location to read out the 2FA verification code during the international travel.

Using encrypted Xmpp or mqtt connection, it is possible to deliver an sms over the internet in a secure way to a remote location. Here is an example where xmpp instant messaging agent is used on raspberry-pi with Huawei-E173 3g USB dongle.

All the code presented here in this setup is opensource and you are free to decide any of the xmpp servers available on the internet(or you could deploy your own xmpp server using opensource projects like prosody). In this example I have created two accounts on jabber.de and prepared them to send/receive messages to each other(just login using both accounts on xabber-android-app and send friend requests between both accounts and accept the requests - messages can be sent/received between these two accounts now)

How to prepare sdcard for raspberry pi?

  1. Download Raspberry Pi Imager application
  2. Open the Raspberry Pi Imager application ==> CHOOSE OS ==> Raspberry pi OS(Other) ==> Raspberry Pi OS Lite(32-bit)
  3. Insert the sdcard on your PC and select the sdcard by clicking "CHOOSE STORAGE" button on Raspberry pi Imager Application
  4. press "CTRL + Shift + X" to open the advanced options
  5. In advanced options, set your hostname/enable-ssh/username/pw/local-time-settings as shown in the picture below and click SAVE button.
  6. When done, click on the WRITE button to start creating the bootable sdcard for raspberry pi.

Next Steps:
  1. Insert your local SIM card(ensure that it is not pin locked) in Huawei-E173(or Huawei-E303) usb-dongle and connect it to Raspberry-PI and keep the Raspberry-Pi powered ON and connected to your home internet 24/7.
  2. Once the Raspberry-pi has done booting, login using ssh or putty.exe "ssh pi@my-raspi-001" (you should know your hostname and login pw which was set during image creation)
  3. On Linux shell terminal of raspberry pi, run following commands,
  • sudo apt-get install -y git
  • git clone --recursive https://github.com/hackboxguy/xmpp-remote-agent.git
  • cd xmpp-remote-agent
  • ./setup.sh -u raspi-sim-1@jabber.de -p my-raspi-xmpp-secret-pw
  • sudo reboot;exit
Please note, in the setup.sh command above, replace example xmpp username/pw with your custom created username and pw (setup.sh command may take 10 to 15 minutes on Raspberry-pi-1 to complete the installation).

On your android(or ios) xabber app, login using your account(e.g john.doe@jabber.de) and you will see raspberry pi being online - send "help" message and you will get an auto reply with all available commands.

How to Read SMS?
From your xabber xmpp app, send following commands to raspberry-pi-xmpp-client
  • smsupdate  (wait for return=Success : result=taskID=x )
  • smstotal (shall return the number of sms read to the local cache)
  • smsget 0 (will show the 1st sms from the local cache)

How to Send SMS?
From your xabber xmpp app, send following commands to raspberry-pi-xmpp-client

  • smssend +919876543210 this is a test message

How to Delete SMS?
Depending on the sim card size, when it is full, you will have to delete old messages to make room for new ones else you would stop receiving the new messages, following is the command to delete all messages from your SIM-card memory
  • smsdeleteall

Functional details: How does an SMS-Read flow work?
  • When you initiate an online transactions(e.g banking), as a 2FA mechanism, banking server (1)would send a security code to your registered mobile phone number(as shown in the 1st picture above, sms would flow from component 1==>2==>3==>5)
  • 5th component in the picture above is a 3g-gsm-modem which stores incoming sms messages in the sim memory
  • 6th component which is a Linux machine is running a service called bboxsmsrv which is based on libgammu - a mobile phone access library.
  • 6th component as a Linux machine is also running a service called xmproxysrv based on libgloox library and acts as a "headless xmpp client service", this client service logs into xmpp server(9) using provided username/password(e.g raspi-sim-1@jabber.de) and continues to send heartbeats to xmpp-server(9) to show its online status.
  • Xabber app on component 13 is also an xmpp client, but it has an UI where user can "chat" with friends just like whatsapp/telegram/sygnal/etc. Xabber-xmpp-client-app when connected to xmpp-server(9), will continue to show its online status through heart-beat packets.
  • when xmpp-clients (component 13 and 6) initiates a connection to xmpp-server(9), this server would pass on the roster data(contacts) to both xmpp-clients - this way xmpp clients know their "friends" and their online status and are able to send/receive message between them
  • when user sends "smsupdate" message from 13 to 6(through 9), xmproxysrv on 6, will parse this messages and asks bboxsmssrv to fetch all available sms from simcard memory through USB interface of the 3g-gsm-modem.
  • bboxsmsrv - after reading all sms messages, sends and event to xmproxysrv to notify the completion of last request, and then xmproxysrv woud forward this notification(return=Success : result=taskID=x) to xabber-xmpp-client-app(13)
  • In the next step, 13 would send "smstotal" to 6(through 9) and 6(with help of bboxsmsrv) would count number of sms messages in the cache and returns the total-sms-message-count back to 13.
  • 13 would send "smsget 0" to 6(through 9) for fetching the 1st message from bboxsmsrv's cache.

Functional details: How does an SMS-Send flow work?
Lets say, you want to send an sms to an international phone(component-4 as shown in the 1st picture) from component 13 or 15(both 13 and 15 are xmpp client apps with human interface) - e.g : when 13 sends a message(smssend +919876543210 this is test) - this message would flow as.. 13==>12==>10==>9==>8==>7==>6==>5==>3==>4, this means, 13(from a different country) was able to deliver an sms to 4 without paying any premium roaming charges.


Can Xmpp-xabber-app(13) ring a gsm-phone(4)?
Yes, using "dialvoice +919876543210" from 13, gsm-phone(4) would start ringing with called id of SIM-1 on component-5, other than just ringing a number, there is no functionality for dialvoice command.


Can Xmpp-Xabber-app(13) be able to send usdd-code to the provider(3) for reading the balance amount(incase if SIM-1 on 5 is a prepaid plan)?
Yes, using "dialussd" and "readussd" it is possible to send ussd-code and readback the response, here is an example to read prepaid balance of fonic-lidl sim card.
  • dialussd *100# (wait till response is received i.e: return=Success : result=taskID=x)
  • readussd (would show the balance amount received on this SIM-1)


Posted by at 1 comment:
Subscribe to: Posts (Atom)