Project

General

Profile

Mobile Network Assessment Tools » History » Version 2

« Previous - Version 2/32 (diff) - Next » - Current version
Linus, 12/19/2013 03:10 PM


Overview

This is a collection of tools for the assessment of mobile network security.
It includes:
  • SIMtester
    Find signature & encryption give-away bugs as well es unprotected or hidden TARs
  • xgoldscanner:
    Actively collect 2G and 3G data with Samsung Galaxy phones
  • cell-logger:
    Passively capture 2G data using osmocom phones
  • catcher catcher:
    Detect fake 2G base stations
  • GSMmap-apk:
    An Android app to test 2G and 3G networks using Samsung Galaxy phones

All command-line tools are provided in the GSMmap-live system, which auto-submits data to https://GSMmap.org


SIMtester

Assess SIM card security in 3 dimensions:

  • Cryptanalytic attack surface
    Collect signature giveaways
    Collect encryption giveaways
  • Security level
    Detect "unprotected" TARs accepting unauthenticated commands (MSL=0)
  • Spec. compliance
    Create a comprehensive overview of all available TARs

Requirements:

  • PC/SC reader –or–
  • Osmocom phone
  • SOFTWARE JAVA? todo

Download

  • Pre-compiled .jar
  • Source Code
  • Live System

Instructions

  1. Download
  2. unpack
  3. run: TODO call
    • TODO command line parameters

xgoldscanner

Actively collect 2G and 3G traces using Samsung Android phones.

Requirements:

  • Samsung Galaxy S2 / S3 phone
  • Micro-USB cable
  • Linux Computer

Download:

  • Source Code (bash)
  • Live System

Instructions

  1. Download
  2. unpack
  3. run: TODO call
    • TODO command line parameters

Advanced usage

Use Tobias Engel's xgoldmon tool to analyze log files.
https://github.com/2b-as/xgoldmon


catcher catcher

Display mobile network irregularities hinting at fake base station activity.

Requirements:

  • Osmocom phone
  • Osmocom serial cable
  • Linux Computer

Download:

  • Source Code
  • Live System

Instructions

  1. Download
  2. unpack
  3. run: TODO call
    • TODO command line parameters

GSMmap-apk

Actively collect 2G and 3G traces using Samsung Android phones.

Requirements:

  • Samsung Galaxy S2 / S3 phone

Download:

  • Pre-compiled .apk
  • Source Code

Instructions

  1. Install application from App Store
  2. Run

GSMmap-live

This live linux system is equipped with all the assessment tools listed below.
It facilitates their use and automatically uploads logs to GSMmap.org

Requirements:

  • 64bit-compatible Computer
  • For each test: Requirements listed above

Download:

  • Live system image
  • Source Code

Instructions

  1. Download
  2. Unpack:
    tar xvzf gsmmap-live.img.tar.gz
  3. Write to stick
    dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]
  4. Boot from stick