Version 6 - History - Mobile Network Assessment Tools - Mobile Network Assessment Tools - SRLabs Open Source Projects

Mobile Network Assessment Tools » History » Version 6

Linus, 12/20/2013 05:09 PM

-Linus
+h2. Overview
 This is a collection of tools for the assessment of mobile network security.
 It includes:
 Linus
 * *[[SIMtester]]*
-Linus
+Find signature & encryption give-away bugs as well es unprotected or hidden TARs
 Linus
 * *[[xgoldscanner]]*
 Actively collect 2G and 3G logs from Samsung Galaxy phones to your computer (Linux application)
 * *[[catcher catcher]]*
-Linus
+Detect fake 2G base stations
-Linus
+* *[[GSMmap-apk]]*
 Actively collect 2G and 3G logs using Samsung Galaxy phones (Android application)
 Linus
-Linus
+All command-line tools are provided in the *GSMmap-live* system, which auto-submits data to "GSMmap.org":https://GSMmap.org
-Linus
+*****
 Linus
 h2. SIMtester
 Linus
 Assess SIM card security in 3 dimensions:
-Linus
+* *Cryptanalytic attack surface*
 Collect signature giveaways
 Collect encryption giveaways
 Linus
-Linus
+* *Security level*
 Detect "unprotected" TARs accepting unauthenticated commands (MSL=0)
 Linus
-Linus
+* *Spec. compliance*
 Create a comprehensive overview of all available TARs
 Linus
 h3. Requirements:
 * PC/SC reader –or–
 * Osmocom phone
 * SOFTWARE JAVA? todo
 h3. Download
 Linus
-Linus
+Pre-compiled .jar TODO
 Source Code TODO
 Live System TODO
 Linus
 h3. Instructions
 Linus
 # Download
 # unpack
 # run: TODO call
 * TODO command line parameters
 Linus
-Linus
+h3. Mailing list
 A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
-Ben
+Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
 Linus
-Linus
+*****
 h2. xgoldscanner
 Linus
-Linus
+Actively collect 2G and 3G traces using Samsung Android phones.
-Linus
+Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
 Linus
 h3. Requirements:
 * Samsung Galaxy S2 / S3  phone
 * Micro-USB cable
 * Linux Computer
-Linus
+h3. Download:
 Linus
-Linus
+* Source Code (bash)
 * Live System
-Linus
+h3. Disclaimer
 Our 3G tests include an active part. First, your phone will place outgoing calls
 to a dedicated number. This number will always be busy and never answer in order
 to rule out voice charges as best as we can.
 Secondly, your phone will send SMS short messages via an invalid SMS-C to
 an invalid number.
 During our tests we have not found a European network that charges for these
 transactions. However, we can not rule out that you may be charged in specific
 settings.
 To control for involuntary charges, we strongly advise the use of a dedicated
 pre-paid SIM card for these tests.
-Linus
+h3. Instructions
-Linus
+# Download
-Linus
+# unpack
 # run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
 Optional parameters:
 *  -g  conduct GPRS test
 *  -d  display debug messages
 *  -o  offline mode [skip log upload for manual submission]
 *  -3  conduct 3G tests only [skip 2G tests]
 *  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
-Linus
+*  -i  <n> repeat each test <n> times (default is 5)
 h3. Advanced usage
 Linus
-Linus
+Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
 Linus
 h3. Mailing list
 A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
-Ben
+Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
 Linus
-Linus
+*****
-Linus
+h2. catcher catcher
-Linus
+Display mobile network irregularities hinting at fake base station activity.
 h3. Requirements:
 * Osmocom phone
 * Osmocom serial cable
-Linus
+* Linux Computer
 h3. Download:
 * Source Code
-Linus
+* Live System
 h3. Instructions
 # Download
 # unpack
 # run: TODO call
 * TODO command line parameters
-Linus
+h3. Mailing list
 A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
-Ben
+Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
 Linus
-Linus
+*****
-Linus
+h2. GSMmap-apk
 Actively collect 2G and 3G traces using Samsung Android phones.
-Linus
+h3. Requirements:
 * Samsung Galaxy S2 / S3 phone
 h3. Download:
 Linus
 * Pre-compiled .apk
-Linus
+* Source Code
-Linus
+h3. Disclaimer
 Our 3G tests include an active part. First, your phone will place outgoing calls
 to a dedicated number. This number will always be busy and never answer in order
 to rule out voice charges as best as we can.
 Secondly, your phone will send SMS short messages via an invalid SMS-C to
 an invalid number.
 During our tests we have not found a European network that charges for these
 transactions. However, we can not rule out that you may be charged in specific
 settings.
 To control for involuntary charges, we strongly advise the use of a dedicated
 pre-paid SIM card for these tests.
-Linus
+h3. Instructions
 # Install application from App Store
 # Run
-Linus
+h3. Mailing list
 A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
-Ben
+Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
 Linus
-Linus
+*****
-Linus
+h2. GSMmap-live
 Linus
-Linus
+This live linux system is equipped with all the assessment tools listed above. It furthermore includes
 It facilitates their use and automatically uploads logs to GSMmap.org.
 Linus
-Linus
+h3. Requirements:
 * 64bit-compatible Computer
 * For each test: Requirements listed above
-Linus
+h3. Download:
 * Live system image
-Linus
+* Source Code
 Linus
 h3. Disclaimer
 Our 3G tests include an active part. First, your phone will place outgoing calls
 to a dedicated number. This number will always be busy and never answer in order
 to rule out voice charges as best as we can.
 Secondly, your phone will send SMS short messages via an invalid SMS-C to
 an invalid number.
 During our tests we have not found a European network that charges for these
 transactions. However, we can not rule out that you may be charged in specific
 settings.
 To control for involuntary charges, we strongly advise the use of a dedicated
 pre-paid SIM card for these tests.
 Linus
 h3. Instructions
 # Download
 # Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
 # Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
 # Boot from stick
 Linus
 h3. Mailing list
 A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
-Ben
+Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.

Project

General

Profile

Mobile Network Assessment Tools

Mobile Network Assessment Tools » History » Version 6