Mobile Network Assessment Tools » History » Revision 2
« Previous |
Revision 2/32
(diff)
| Next »
Linus, 12/19/2013 03:10 PM
Overview¶
This is a collection of tools for the assessment of mobile network security.It includes:
- SIMtester
Find signature & encryption give-away bugs as well es unprotected or hidden TARs - xgoldscanner:
Actively collect 2G and 3G data with Samsung Galaxy phones - cell-logger:
Passively capture 2G data using osmocom phones - catcher catcher:
Detect fake 2G base stations - GSMmap-apk:
An Android app to test 2G and 3G networks using Samsung Galaxy phones
All command-line tools are provided in the GSMmap-live system, which auto-submits data to https://GSMmap.org
SIMtester¶
Assess SIM card security in 3 dimensions:
- Cryptanalytic attack surface
Collect signature giveaways
Collect encryption giveaways - Security level
Detect "unprotected" TARs accepting unauthenticated commands (MSL=0) - Spec. compliance
Create a comprehensive overview of all available TARs
Requirements:¶
- PC/SC reader –or–
- Osmocom phone
- SOFTWARE JAVA? todo
Download¶
- Pre-compiled .jar
- Source Code
- Live System
Instructions¶
- Download
- unpack
- run: TODO call
- TODO command line parameters
xgoldscanner¶
Actively collect 2G and 3G traces using Samsung Android phones.
Requirements:¶
- Samsung Galaxy S2 / S3 phone
- Micro-USB cable
- Linux Computer
Download:¶
- Source Code (bash)
- Live System
Instructions¶
- Download
- unpack
- run: TODO call
- TODO command line parameters
Advanced usage¶
Use Tobias Engel's xgoldmon tool to analyze log files.
https://github.com/2b-as/xgoldmon
catcher catcher¶
Display mobile network irregularities hinting at fake base station activity.
Requirements:¶
- Osmocom phone
- Osmocom serial cable
- Linux Computer
Download:¶
- Source Code
- Live System
Instructions¶
- Download
- unpack
- run: TODO call
- TODO command line parameters
GSMmap-apk¶
Actively collect 2G and 3G traces using Samsung Android phones.
Requirements:¶
- Samsung Galaxy S2 / S3 phone
Download:¶
- Pre-compiled .apk
- Source Code
Instructions¶
- Install application from App Store
- Run
GSMmap-live¶
This live linux system is equipped with all the assessment tools listed below.
It facilitates their use and automatically uploads logs to GSMmap.org
Requirements:¶
- 64bit-compatible Computer
- For each test: Requirements listed above
Download:¶
- Live system image
- Source Code
Instructions¶
- Download
- Unpack:
tar xvzf gsmmap-live.img.tar.gz
- Write to stick
dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]
- Boot from stick
Updated by Linus about 11 years ago · 2 revisions