Mobile Network Assessment Tools » History » Revision 2
Revision 1 (Linus, 12/18/2013 03:35 PM) → Revision 2/32 (Linus, 12/19/2013 03:10 PM)
h1. Mobile Network Assessment Tools h2. Overview This is a collection of tools for the assessment of mobile network security. It includes: * *SIMtester* *SIMtester:* Find signature & encryption give-away bugs as well es unprotected or hidden TARs * *xgoldscanner:* Actively collect 2G and 3G data with Samsung Galaxy phones * *cell-logger:* Passively capture 2G data using osmocom phones * *catcher catcher:* Detect fake 2G base stations * *GSMmap-apk:* An Android app to test 2G and 3G networks using Samsung Galaxy phones All command-line tools are provided in the *GSMmap-live* system, which auto-submits data to https://GSMmap.org ***** h2. SIMtester Assess SIM card security in 3 dimensions: * *Cryptanalytic attack surface* Collect signature giveaways Collect encryption giveaways * *Security level* Detect "unprotected" TARs accepting unauthenticated commands (MSL=0) * *Spec. compliance* Create a comprehensive overview of all available TARs h3. Requirements: * PC/SC reader –or– * Osmocom phone * SOFTWARE JAVA? todo h3. Download * Pre-compiled .jar * Source Code * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters ***** h2. xgoldscanner Actively collect 2G and 3G traces using Samsung Android phones. h3. Requirements: * Samsung Galaxy S2 / S3 phone * Micro-USB cable * Linux Computer h3. Download: * Source Code (bash) * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Advanced usage Use Tobias Engel's xgoldmon tool to analyze log files. https://github.com/2b-as/xgoldmon ***** h2. catcher catcher Display mobile network irregularities hinting at fake base station activity. h3. Requirements: * Osmocom phone * Osmocom serial cable * Linux Computer h3. Download: * Source Code * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters ***** h2. GSMmap-apk Actively collect 2G and 3G traces using Samsung Android phones. h3. Requirements: * Samsung Galaxy S2 / S3 phone h3. Download: * Pre-compiled .apk * Source Code h3. Instructions # Install application from App Store # Run ***** h2. GSMmap-live This live linux system is equipped with all the assessment tools listed below. It facilitates their use and automatically uploads logs to GSMmap.org h3. Requirements: * 64bit-compatible Computer * For each test: Requirements listed above h3. Download: * Live system image * Source Code h3. Instructions # Download # Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre> # Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre> # Boot from stick