Project

General

Profile

Mobile Network Assessment Tools » History » Version 11

Karsten, 12/23/2013 05:02 PM

1 1 Linus
h2. Overview
2 1 Linus
3 1 Linus
This is a collection of tools for the assessment of mobile network security.
4 1 Linus
It includes:
5 3 Linus
6 3 Linus
* *[[SIMtester]]*
7 8 Karsten
Finds configuration bugs in SIM cards
8 1 Linus
9 8 Karsten
* *[[GSMmap-apk]]*
10 8 Karsten
Android application that collects 2G and 3G network traces from Samsung Galaxy phones
11 8 Karsten
12 3 Linus
* *[[xgoldscanner]]*
13 8 Karsten
Linux application that collects 2G and 3G network traces from Samsung Galaxy phones
14 2 Linus
15 10 Karsten
* *[[CatcherCatcher]]*
16 8 Karsten
Collect evidence of 2G fake base station activity (requires Osmocom phone)
17 1 Linus
18 1 Linus
19 8 Karsten
The tools are included in the *GSMmap-live* system, which auto-submits data for analysis at "GSMmap.org":https://GSMmap.org
20 1 Linus
21 1 Linus
*****
22 2 Linus
23 2 Linus
h2. SIMtester
24 2 Linus
25 8 Karsten
Assess SIM card security in two dimensions:
26 2 Linus
27 8 Karsten
* *Cryptanalytic attack surface.* Collect cryptographic signatures and encryptions of known plaintexts
28 1 Linus
29 9 Karsten
* *Application attack surface.* Generate a list of all application identifiers (TAR) and find "unprotected" (NSL=0) applications
30 2 Linus
31 2 Linus
h3. Requirements:
32 2 Linus
33 8 Karsten
* Java (TODO: Which Java edition/version?)
34 2 Linus
* PC/SC reader –or–
35 2 Linus
* Osmocom phone
36 2 Linus
37 1 Linus
h3. Download
38 1 Linus
39 3 Linus
Pre-compiled .jar TODO
40 3 Linus
Source Code TODO
41 2 Linus
Live System TODO
42 2 Linus
43 2 Linus
h3. Instructions
44 2 Linus
45 2 Linus
# Download
46 1 Linus
# unpack
47 3 Linus
# run: TODO call
48 3 Linus
* TODO command line parameters
49 3 Linus
50 1 Linus
h3. Mailing list
51 3 Linus
52 9 Karsten
A public mailing list for announcements and discussion can be found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/simsec
53 2 Linus
54 2 Linus
*****
55 2 Linus
56 1 Linus
h2. xgoldscanner
57 2 Linus
58 3 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
59 2 Linus
Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
60 2 Linus
61 2 Linus
h3. Requirements:
62 2 Linus
63 2 Linus
* Samsung Galaxy S2 / S3  phone
64 2 Linus
* Micro-USB cable
65 2 Linus
* Linux Computer
66 1 Linus
67 2 Linus
h3. Download:
68 1 Linus
69 1 Linus
* Source Code (bash)
70 1 Linus
* Live System
71 6 Linus
72 6 Linus
h3. Disclaimer
73 7 Karsten
74 6 Linus
The active tests include an active part. First, your phone will place outgoing calls
75 6 Linus
to a dedicated number. This number will always be busy and never answer in order
76 6 Linus
to rule out voice charges as best as we can.
77 6 Linus
78 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
79 6 Linus
an invalid number.
80 6 Linus
81 6 Linus
During our tests we have not found a European network that charges for these
82 6 Linus
transactions. However, we can not rule out that you may be charged in specific
83 6 Linus
settings.
84 6 Linus
85 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
86 6 Linus
pre-paid SIM card for these tests.
87 1 Linus
88 1 Linus
h3. Instructions
89 2 Linus
90 4 Linus
# Download
91 4 Linus
# unpack
92 4 Linus
# run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
93 4 Linus
Optional parameters:
94 4 Linus
*  -g  conduct GPRS test
95 4 Linus
*  -d  display debug messages
96 4 Linus
*  -o  offline mode [skip log upload for manual submission]
97 4 Linus
*  -3  conduct 3G tests only [skip 2G tests]
98 2 Linus
*  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
99 2 Linus
*  -i  <n> repeat each test <n> times (default is 5)
100 2 Linus
101 3 Linus
h3. Advanced usage
102 2 Linus
103 3 Linus
Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
104 3 Linus
105 3 Linus
h3. Mailing list
106 3 Linus
107 11 Karsten
A public mailing list for discussions and occasional announcements is found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
108 2 Linus
109 2 Linus
*****
110 1 Linus
111 10 Karsten
h2. CatcherCatcher
112 2 Linus
113 2 Linus
Display mobile network irregularities hinting at fake base station activity.
114 2 Linus
115 2 Linus
h3. Requirements:
116 2 Linus
117 2 Linus
* Osmocom phone
118 1 Linus
* Osmocom serial cable
119 1 Linus
* Linux Computer
120 1 Linus
121 1 Linus
h3. Download:
122 1 Linus
123 2 Linus
* Source Code
124 2 Linus
* Live System
125 2 Linus
126 2 Linus
h3. Instructions
127 2 Linus
128 2 Linus
# Download
129 2 Linus
# unpack
130 2 Linus
# run: TODO call
131 2 Linus
* TODO command line parameters
132 3 Linus
133 1 Linus
h3. Mailing list
134 5 Ben
135 11 Karsten
A public mailing list discussion is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/catchercatcher
136 1 Linus
137 1 Linus
*****
138 2 Linus
139 2 Linus
h2. GSMmap-apk
140 2 Linus
141 2 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
142 1 Linus
143 1 Linus
h3. Requirements:
144 1 Linus
145 1 Linus
* Samsung Galaxy S2 / S3 phone
146 1 Linus
147 2 Linus
h3. Download:
148 2 Linus
149 1 Linus
* Pre-compiled .apk
150 1 Linus
* Source Code
151 6 Linus
152 6 Linus
h3. Disclaimer
153 6 Linus
154 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
155 6 Linus
to a dedicated number. This number will always be busy and never answer in order
156 6 Linus
to rule out voice charges as best as we can.
157 6 Linus
158 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
159 6 Linus
an invalid number.
160 6 Linus
161 6 Linus
During our tests we have not found a European network that charges for these
162 6 Linus
transactions. However, we can not rule out that you may be charged in specific
163 6 Linus
settings.
164 6 Linus
165 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
166 6 Linus
pre-paid SIM card for these tests.
167 2 Linus
168 2 Linus
h3. Instructions
169 2 Linus
170 2 Linus
# Install application from App Store
171 1 Linus
# Run
172 2 Linus
173 3 Linus
h3. Mailing list
174 5 Ben
175 11 Karsten
A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
176 2 Linus
177 2 Linus
*****
178 1 Linus
179 2 Linus
h2. GSMmap-live
180 3 Linus
181 3 Linus
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
182 2 Linus
It facilitates their use and automatically uploads logs to GSMmap.org.
183 1 Linus
184 1 Linus
h3. Requirements:
185 1 Linus
186 1 Linus
* 64bit-compatible Computer
187 1 Linus
* For each test: Requirements listed above
188 2 Linus
189 2 Linus
h3. Download:
190 2 Linus
191 1 Linus
* Live system image
192 6 Linus
* Source Code
193 6 Linus
194 6 Linus
h3. Disclaimer
195 6 Linus
196 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
197 6 Linus
to a dedicated number. This number will always be busy and never answer in order
198 6 Linus
to rule out voice charges as best as we can.
199 6 Linus
200 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
201 6 Linus
an invalid number.
202 6 Linus
203 6 Linus
During our tests we have not found a European network that charges for these
204 6 Linus
transactions. However, we can not rule out that you may be charged in specific
205 6 Linus
settings.
206 6 Linus
207 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
208 2 Linus
pre-paid SIM card for these tests.
209 2 Linus
210 2 Linus
h3. Instructions
211 2 Linus
212 2 Linus
# Download
213 1 Linus
# Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
214 2 Linus
# Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
215 2 Linus
# Boot from stick
216 3 Linus
217 3 Linus
h3. Mailing list
218 3 Linus
219 11 Karsten
A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
220 1 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.