Mobile Network Assessment Tools » History » Version 12
Karsten, 12/23/2013 05:06 PM
1 | 1 | Linus | h2. Overview |
---|---|---|---|
2 | |||
3 | This is a collection of tools for the assessment of mobile network security. |
||
4 | It includes: |
||
5 | 3 | Linus | |
6 | 12 | Karsten | * "*SIMtester*":https://opensource.srlabs.de/projects/simtester/wiki |
7 | 8 | Karsten | Finds configuration bugs in SIM cards |
8 | 1 | Linus | |
9 | 8 | Karsten | * *[[GSMmap-apk]]* |
10 | Android application that collects 2G and 3G network traces from Samsung Galaxy phones |
||
11 | |||
12 | 3 | Linus | * *[[xgoldscanner]]* |
13 | 8 | Karsten | Linux application that collects 2G and 3G network traces from Samsung Galaxy phones |
14 | 2 | Linus | |
15 | 10 | Karsten | * *[[CatcherCatcher]]* |
16 | 8 | Karsten | Collect evidence of 2G fake base station activity (requires Osmocom phone) |
17 | 1 | Linus | |
18 | |||
19 | 8 | Karsten | The tools are included in the *GSMmap-live* system, which auto-submits data for analysis at "GSMmap.org":https://GSMmap.org |
20 | 1 | Linus | |
21 | 9 | Karsten | |
22 | 2 | Linus | |
23 | ***** |
||
24 | |||
25 | 1 | Linus | h2. xgoldscanner |
26 | 2 | Linus | |
27 | 3 | Linus | Actively collect 2G and 3G traces using Samsung Android phones. |
28 | 2 | Linus | Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner. |
29 | |||
30 | h3. Requirements: |
||
31 | |||
32 | * Samsung Galaxy S2 / S3 phone |
||
33 | * Micro-USB cable |
||
34 | * Linux Computer |
||
35 | 1 | Linus | |
36 | 2 | Linus | h3. Download: |
37 | 1 | Linus | |
38 | * Source Code (bash) |
||
39 | * Live System |
||
40 | 6 | Linus | |
41 | h3. Disclaimer |
||
42 | 7 | Karsten | |
43 | 6 | Linus | The active tests include an active part. First, your phone will place outgoing calls |
44 | to a dedicated number. This number will always be busy and never answer in order |
||
45 | to rule out voice charges as best as we can. |
||
46 | |||
47 | Secondly, your phone will send SMS short messages via an invalid SMS-C to |
||
48 | an invalid number. |
||
49 | |||
50 | During our tests we have not found a European network that charges for these |
||
51 | transactions. However, we can not rule out that you may be charged in specific |
||
52 | settings. |
||
53 | |||
54 | To control for involuntary charges, we strongly advise the use of a dedicated |
||
55 | pre-paid SIM card for these tests. |
||
56 | 1 | Linus | |
57 | h3. Instructions |
||
58 | 2 | Linus | |
59 | 4 | Linus | # Download |
60 | # unpack |
||
61 | # run: <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre> |
||
62 | Optional parameters: |
||
63 | * -g conduct GPRS test |
||
64 | * -d display debug messages |
||
65 | * -o offline mode [skip log upload for manual submission] |
||
66 | * -3 conduct 3G tests only [skip 2G tests] |
||
67 | 2 | Linus | * -y assume "yes" to questions and confirmation dialogues [for automated testing] |
68 | * -i <n> repeat each test <n> times (default is 5) |
||
69 | |||
70 | 3 | Linus | h3. Advanced usage |
71 | 2 | Linus | |
72 | 3 | Linus | Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files. |
73 | |||
74 | h3. Mailing list |
||
75 | |||
76 | 11 | Karsten | A public mailing list for discussions and occasional announcements is found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap |
77 | 2 | Linus | |
78 | ***** |
||
79 | 1 | Linus | |
80 | 10 | Karsten | h2. CatcherCatcher |
81 | 2 | Linus | |
82 | Display mobile network irregularities hinting at fake base station activity. |
||
83 | |||
84 | h3. Requirements: |
||
85 | |||
86 | * Osmocom phone |
||
87 | 1 | Linus | * Osmocom serial cable |
88 | * Linux Computer |
||
89 | |||
90 | h3. Download: |
||
91 | |||
92 | 2 | Linus | * Source Code |
93 | * Live System |
||
94 | |||
95 | h3. Instructions |
||
96 | |||
97 | # Download |
||
98 | # unpack |
||
99 | # run: TODO call |
||
100 | * TODO command line parameters |
||
101 | 3 | Linus | |
102 | 1 | Linus | h3. Mailing list |
103 | 5 | Ben | |
104 | 11 | Karsten | A public mailing list discussion is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/catchercatcher |
105 | 1 | Linus | |
106 | ***** |
||
107 | 2 | Linus | |
108 | h2. GSMmap-apk |
||
109 | |||
110 | Actively collect 2G and 3G traces using Samsung Android phones. |
||
111 | 1 | Linus | |
112 | h3. Requirements: |
||
113 | |||
114 | * Samsung Galaxy S2 / S3 phone |
||
115 | |||
116 | 2 | Linus | h3. Download: |
117 | |||
118 | 1 | Linus | * Pre-compiled .apk |
119 | * Source Code |
||
120 | 6 | Linus | |
121 | h3. Disclaimer |
||
122 | |||
123 | Our 3G tests include an active part. First, your phone will place outgoing calls |
||
124 | to a dedicated number. This number will always be busy and never answer in order |
||
125 | to rule out voice charges as best as we can. |
||
126 | |||
127 | Secondly, your phone will send SMS short messages via an invalid SMS-C to |
||
128 | an invalid number. |
||
129 | |||
130 | During our tests we have not found a European network that charges for these |
||
131 | transactions. However, we can not rule out that you may be charged in specific |
||
132 | settings. |
||
133 | |||
134 | To control for involuntary charges, we strongly advise the use of a dedicated |
||
135 | pre-paid SIM card for these tests. |
||
136 | 2 | Linus | |
137 | h3. Instructions |
||
138 | |||
139 | # Install application from App Store |
||
140 | 1 | Linus | # Run |
141 | 2 | Linus | |
142 | 3 | Linus | h3. Mailing list |
143 | 5 | Ben | |
144 | 11 | Karsten | A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap |
145 | 2 | Linus | |
146 | ***** |
||
147 | 1 | Linus | |
148 | 2 | Linus | h2. GSMmap-live |
149 | 3 | Linus | |
150 | This live linux system is equipped with all the assessment tools listed above. It furthermore includes |
||
151 | 2 | Linus | It facilitates their use and automatically uploads logs to GSMmap.org. |
152 | 1 | Linus | |
153 | h3. Requirements: |
||
154 | |||
155 | * 64bit-compatible Computer |
||
156 | * For each test: Requirements listed above |
||
157 | 2 | Linus | |
158 | h3. Download: |
||
159 | |||
160 | 1 | Linus | * Live system image |
161 | 6 | Linus | * Source Code |
162 | |||
163 | h3. Disclaimer |
||
164 | |||
165 | Our 3G tests include an active part. First, your phone will place outgoing calls |
||
166 | to a dedicated number. This number will always be busy and never answer in order |
||
167 | to rule out voice charges as best as we can. |
||
168 | |||
169 | Secondly, your phone will send SMS short messages via an invalid SMS-C to |
||
170 | an invalid number. |
||
171 | |||
172 | During our tests we have not found a European network that charges for these |
||
173 | transactions. However, we can not rule out that you may be charged in specific |
||
174 | settings. |
||
175 | |||
176 | To control for involuntary charges, we strongly advise the use of a dedicated |
||
177 | 2 | Linus | pre-paid SIM card for these tests. |
178 | |||
179 | h3. Instructions |
||
180 | |||
181 | # Download |
||
182 | 1 | Linus | # Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre> |
183 | 2 | Linus | # Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre> |
184 | # Boot from stick |
||
185 | 3 | Linus | |
186 | h3. Mailing list |
||
187 | |||
188 | 11 | Karsten | A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap |
189 | 1 | Linus | Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. |