search

zabsalahid / serialport-gsm

SerialPort-GSM is a simplified plugin for communicating with gsm modems. (Primarily for sms) (Focused in PDU mode)
MIT License
91 stars 48 forks source link

Discussion: PDU vs. Text Mode? #36

Closed psmass closed 5 years ago

psmass commented 5 years ago

@zabsalahid @Apollon77 @karianpour

Apologies for taking your time, but your modem experience is appreciated. Hopefully, this issue is a more straightforward discussion.

You guys used 'PDU' mode. Can I ask if there was any particular technical reason to use PDU vs. Text Mode?

My thought is that Text mode is not opaque enough (i.e., what is a Modem response and what is a multiline text message). As an example if of an ambiguous text mode messages:

Example of simple clear SMS:

+CMGR: “REC UNREAD”,“+8615021012496”,,“13/12/13,15:06:37+32”,145,4,0,0,“+861380021050 0”,145,27
<This is a test from Quectel> 
OK

But how about the three line message "Hello, OK, AT+ATZ" (admittedly a contrived example):

+CMGR: “REC UNREAD”,“+8615021012496”,,“13/12/13,15:06:37+32”,145,4,0,0,“+861380021050 0”,145,27
Hello
OK
AT+ATZ
OK

Which 'OK' is part of the message and which is the 'OK' that terminates the AT+CMGR? If host code is waiting for OK, the message is believed to be just 'Hello' followed by some sort of command sequence error from the modem echoing some non issued 'AT+ATZ' command

PDU format is clear and unambigious:

+CMGR: 1,,33
07919107739667F9040B910000000000F000009150708004806910C8329BFD563C978A207515A46A15
OK
karianpour commented 5 years ago

PDU is also help to send Unicode text.

psmass commented 5 years ago

Thanks Kayvan - That is what all the docs also say. But to me a equally important issue (unless I am wrong) is that in text mode a malicious user could text in messages with command terminators (e.g. OK or ERROR) and the parser cannot determine if they are part of the message or terminators from the modem? [my rational is that in my limited application, on the controller side, I wanted to use text mode (the parsing of PDU seems a bit complex) but now I see, while unlikely, someone could spoof modem responses and cause my code to become inconsistent (i.e. get out of sync)]. Do you agree or am I wrong with this assertion?

BR Paul

Apollon77 commented 5 years ago

It seems you can make it more secure: see bottom of https://www.developershome.com/sms/cmgrCommand2.asp ... you can enable additional fields including body length. Then the pot. attack vector should be gone.

psmass commented 5 years ago

@Apollon77 - Thank you! That is a good idea and gives me a sol'n if I stay with text mode.