Mobile Network Assessment Tools » History » Revision 3
Revision 2 (Linus, 12/19/2013 03:10 PM) → Revision 3/32 (Linus, 12/19/2013 03:32 PM)
h2. Overview This is a collection of tools for the assessment of mobile network security. It includes: * *[[SIMtester]]* *SIMtester* Find signature & encryption give-away bugs as well es unprotected or hidden TARs * *[[xgoldscanner]]* *xgoldscanner:* Actively collect 2G and 3G logs from data with Samsung Galaxy phones to your computer (Linux application) * *[[catcher catcher]]* *cell-logger:* Passively capture 2G data using osmocom phones * *catcher catcher:* Detect fake 2G base stations * *[[GSMmap-apk]]* *GSMmap-apk:* Actively collect An Android app to test 2G and 3G logs networks using Samsung Galaxy phones (Android application) All command-line tools are provided in the *GSMmap-live* system, which auto-submits data to "GSMmap.org":https://GSMmap.org https://GSMmap.org ***** h2. SIMtester Assess SIM card security in 3 dimensions: * *Cryptanalytic attack surface* Collect signature giveaways Collect encryption giveaways * *Security level* Detect "unprotected" TARs accepting unauthenticated commands (MSL=0) * *Spec. compliance* Create a comprehensive overview of all available TARs h3. Requirements: * PC/SC reader –or– * Osmocom phone * SOFTWARE JAVA? todo h3. Download * Pre-compiled .jar TODO * Source Code TODO * Live System TODO h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please fill bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. xgoldscanner Actively collect 2G and 3G traces using Samsung Android phones. Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner. h3. Requirements: * Samsung Galaxy S2 / S3 phone * Micro-USB cable * Linux Computer h3. Download: * Source Code (bash) * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Advanced usage Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon xgoldmon tool to analyze log files. h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please fill bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. https://github.com/2b-as/xgoldmon ***** h2. catcher catcher Display mobile network irregularities hinting at fake base station activity. h3. Requirements: * Osmocom phone * Osmocom serial cable * Linux Computer h3. Download: * Source Code * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please fill bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. GSMmap-apk Actively collect 2G and 3G traces using Samsung Android phones. h3. Requirements: * Samsung Galaxy S2 / S3 phone h3. Download: * Pre-compiled .apk * Source Code h3. Instructions # Install application from App Store # Run h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please fill bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. GSMmap-live This live linux system is equipped with all the assessment tools listed above. It furthermore includes below. It facilitates their use and automatically uploads logs to GSMmap.org. GSMmap.org h3. Requirements: * 64bit-compatible Computer * For each test: Requirements listed above h3. Download: * Live system image * Source Code h3. Instructions # Download # Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre> # Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre> # Boot from stick h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please fill bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.