iOS Jailbreak How Do Intercept Sms/Text Messages

IOS Jailbreak How do intercept SMS / Text Messages

This code snippet should intercept SMS messages- You can extend it for other kinds of notifications. Will work on iOS 5.0.1 as well. Does not work with iMessages though. Link with CoreTelephony framework (there are bunch of private headers there which you'd can class-dump)

#include <dlfcn.h>

#define CORETELPATH "/System/Library/PrivateFrameworks/CoreTelephony.framework/CoreTelephony"
id(*CTTelephonyCenterGetDefault)();

void (*CTTelephonyCenterAddObserver) (id,id,CFNotificationCallback,NSString*,void*,int);

static void telephonyEventCallback(CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo)
{
    NSString *notifyname=(NSString *)name;
    if ([notifyname isEqualToString:@"kCTMessageReceivedNotification"])//received SMS
    {
        NSLog(@" SMS Notification Received :kCTMessageReceivedNotification");
        // Do blocking here. 
    }
}

-(void) registerCallback {

 void *handle = dlopen(CORETELPATH, RTLD_LAZY);
    CTTelephonyCenterGetDefault = dlsym(handle, "CTTelephonyCenterGetDefault");
    CTTelephonyCenterAddObserver = dlsym(handle,"CTTelephonyCenterAddObserver");
    dlclose(handle);
    id ct = CTTelephonyCenterGetDefault();

    CTTelephonyCenterAddObserver(
                                 ct, 
                                 NULL, 
                                 telephonyEventCallback,
                                 NULL,
                                 NULL,
                                 CFNotificationSuspensionBehaviorDeliverImmediately);
}

SMS Interception in Jailbreak iOS 7

Try uncommenting if ([[bundle bundleIdentifier] isEqualToString:@"com.apple.imservice.sms"] && [bundle isLoaded]) check.

The reason is loadServiceBundle is called multiple times - there're several imagent plugins. Every time it's called you hook _processReceivedMessage: again and again rewriting your previous hooks. Because it all happens inside a single imagent process original _processReceivedMessage: implementation will be lost. As a result you recursively call your hooked function.

Also you using wrong NSBundle instance. [NSBundle mainBundle] returns you bundle of yourself i.e. com.apple.imagent daemon. You need NSBundle of the plugin being loaded. I covered that in my answer - you need to use IMDService -(NSBundle*)bundle. In your case, it will be [self bundle].

iOS - intercept outgoing SMS messages

First, you need to inject your code in MobileSMS application.

Now you can hook -send: method in CKTranscriptController. This method is called when you press "Send" button in MobileSMS. It's argument doesn't contain any information about message being sent so we need to find it manually:

1) Text and subject. CKTranscriptController has instance variable CKMessageEntryView *_entryView.

CKContentEntryView *contentEntryView = [_entryView entryField];
CKMessageStandaloneComposition *composition = [contentEntryView messageComposition];
NSString* subject = [composition subject];
NSString* text = [composition textString];

2) Recipients. CKTranscriptController has instance variable CKRecipientSelectionView *_recipientSelectionView. It's -recipients method returns array of MFComposeRecipient objects. Call MFComposeRecipient instance method -rawAddress to get address string.

Most of the classes can be found in private ChatKit.framework. MFComposeRecipient located in private 'MessageUI.framework'.