Project

General

Profile

Mobile Network Assessment Tools » History » Version 12

Karsten, 12/23/2013 05:06 PM

1 1 Linus
h2. Overview
2
3
This is a collection of tools for the assessment of mobile network security.
4
It includes:
5 3 Linus
6 12 Karsten
* "*SIMtester*":https://opensource.srlabs.de/projects/simtester/wiki
7 8 Karsten
Finds configuration bugs in SIM cards
8 1 Linus
9 8 Karsten
* *[[GSMmap-apk]]*
10
Android application that collects 2G and 3G network traces from Samsung Galaxy phones
11
12 3 Linus
* *[[xgoldscanner]]*
13 8 Karsten
Linux application that collects 2G and 3G network traces from Samsung Galaxy phones
14 2 Linus
15 10 Karsten
* *[[CatcherCatcher]]*
16 8 Karsten
Collect evidence of 2G fake base station activity (requires Osmocom phone)
17 1 Linus
18
19 8 Karsten
The tools are included in the *GSMmap-live* system, which auto-submits data for analysis at "GSMmap.org":https://GSMmap.org
20 1 Linus
21 9 Karsten
22 2 Linus
23
*****
24
25 1 Linus
h2. xgoldscanner
26 2 Linus
27 3 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
28 2 Linus
Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
29
30
h3. Requirements:
31
32
* Samsung Galaxy S2 / S3  phone
33
* Micro-USB cable
34
* Linux Computer
35 1 Linus
36 2 Linus
h3. Download:
37 1 Linus
38
* Source Code (bash)
39
* Live System
40 6 Linus
41
h3. Disclaimer
42 7 Karsten
43 6 Linus
The active tests include an active part. First, your phone will place outgoing calls
44
to a dedicated number. This number will always be busy and never answer in order
45
to rule out voice charges as best as we can.
46
47
Secondly, your phone will send SMS short messages via an invalid SMS-C to
48
an invalid number.
49
50
During our tests we have not found a European network that charges for these
51
transactions. However, we can not rule out that you may be charged in specific
52
settings.
53
54
To control for involuntary charges, we strongly advise the use of a dedicated
55
pre-paid SIM card for these tests.
56 1 Linus
57
h3. Instructions
58 2 Linus
59 4 Linus
# Download
60
# unpack
61
# run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
62
Optional parameters:
63
*  -g  conduct GPRS test
64
*  -d  display debug messages
65
*  -o  offline mode [skip log upload for manual submission]
66
*  -3  conduct 3G tests only [skip 2G tests]
67 2 Linus
*  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
68
*  -i  <n> repeat each test <n> times (default is 5)
69
70 3 Linus
h3. Advanced usage
71 2 Linus
72 3 Linus
Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
73
74
h3. Mailing list
75
76 11 Karsten
A public mailing list for discussions and occasional announcements is found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
77 2 Linus
78
*****
79 1 Linus
80 10 Karsten
h2. CatcherCatcher
81 2 Linus
82
Display mobile network irregularities hinting at fake base station activity.
83
84
h3. Requirements:
85
86
* Osmocom phone
87 1 Linus
* Osmocom serial cable
88
* Linux Computer
89
90
h3. Download:
91
92 2 Linus
* Source Code
93
* Live System
94
95
h3. Instructions
96
97
# Download
98
# unpack
99
# run: TODO call
100
* TODO command line parameters
101 3 Linus
102 1 Linus
h3. Mailing list
103 5 Ben
104 11 Karsten
A public mailing list discussion is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/catchercatcher
105 1 Linus
106
*****
107 2 Linus
108
h2. GSMmap-apk
109
110
Actively collect 2G and 3G traces using Samsung Android phones.
111 1 Linus
112
h3. Requirements:
113
114
* Samsung Galaxy S2 / S3 phone
115
116 2 Linus
h3. Download:
117
118 1 Linus
* Pre-compiled .apk
119
* Source Code
120 6 Linus
121
h3. Disclaimer
122
123
Our 3G tests include an active part. First, your phone will place outgoing calls
124
to a dedicated number. This number will always be busy and never answer in order
125
to rule out voice charges as best as we can.
126
127
Secondly, your phone will send SMS short messages via an invalid SMS-C to
128
an invalid number.
129
130
During our tests we have not found a European network that charges for these
131
transactions. However, we can not rule out that you may be charged in specific
132
settings.
133
134
To control for involuntary charges, we strongly advise the use of a dedicated
135
pre-paid SIM card for these tests.
136 2 Linus
137
h3. Instructions
138
139
# Install application from App Store
140 1 Linus
# Run
141 2 Linus
142 3 Linus
h3. Mailing list
143 5 Ben
144 11 Karsten
A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
145 2 Linus
146
*****
147 1 Linus
148 2 Linus
h2. GSMmap-live
149 3 Linus
150
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
151 2 Linus
It facilitates their use and automatically uploads logs to GSMmap.org.
152 1 Linus
153
h3. Requirements:
154
155
* 64bit-compatible Computer
156
* For each test: Requirements listed above
157 2 Linus
158
h3. Download:
159
160 1 Linus
* Live system image
161 6 Linus
* Source Code
162
163
h3. Disclaimer
164
165
Our 3G tests include an active part. First, your phone will place outgoing calls
166
to a dedicated number. This number will always be busy and never answer in order
167
to rule out voice charges as best as we can.
168
169
Secondly, your phone will send SMS short messages via an invalid SMS-C to
170
an invalid number.
171
172
During our tests we have not found a European network that charges for these
173
transactions. However, we can not rule out that you may be charged in specific
174
settings.
175
176
To control for involuntary charges, we strongly advise the use of a dedicated
177 2 Linus
pre-paid SIM card for these tests.
178
179
h3. Instructions
180
181
# Download
182 1 Linus
# Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
183 2 Linus
# Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
184
# Boot from stick
185 3 Linus
186
h3. Mailing list
187
188 11 Karsten
A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
189 1 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.