Mobile Network Assessment Tools » History » Revision 7
« Previous |
Revision 7/32
(diff)
| Next »
Karsten, 12/20/2013 08:45 PM
Overview¶
This is a collection of tools for the assessment of mobile network security.
It includes:
- SIMtester
Find signature & encryption give-away bugs as well es unprotected or hidden TARs
- xgoldscanner
Actively collect 2G and 3G logs from Samsung Galaxy phones to your computer (Linux application)
- catcher catcher
Detect fake 2G base stations
- GSMmap-apk
Actively collect 2G and 3G logs using Samsung Galaxy phones (Android application)
All command-line tools are provided in the GSMmap-live system, which auto-submits data to GSMmap.org
SIMtester¶
Assess SIM card security in 3 dimensions:
- Cryptanalytic attack surface
Collect signature giveaways
Collect encryption giveaways
- Security level
Detect "unprotected" TARs accepting unauthenticated commands (MSL=0)
- Spec. compliance
Create a comprehensive overview of all available TARs
Requirements:¶
- PC/SC reader –or–
- Osmocom phone
- SOFTWARE JAVA? todo
Download¶
Pre-compiled .jar TODO
Source Code TODO
Live System TODO
Instructions¶
- Download
- unpack
- run: TODO call
- TODO command line parameters
Mailing list¶
A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.
xgoldscanner¶
Actively collect 2G and 3G traces using Samsung Android phones.
Log files can be analyzed with Tobias Engel's xgoldmon tool, which heavily inspired the development of xgoldscanner.
Requirements:¶
- Samsung Galaxy S2 / S3 phone
- Micro-USB cable
- Linux Computer
Download:¶
- Source Code (bash)
- Live System
Disclaimer¶
The active tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.
Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.
During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.
To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.
Instructions¶
- Download
- unpack
- run:
sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]
Optional parameters: - -g conduct GPRS test
- -d display debug messages
- -o offline mode [skip log upload for manual submission]
- -3 conduct 3G tests only [skip 2G tests]
- -y assume "yes" to questions and confirmation dialogues [for automated testing]
- -i <n> repeat each test <n> times (default is 5)
Advanced usage¶
Use Tobias Engel's xgoldmon tool to analyze log files.
Mailing list¶
A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.
catcher catcher¶
Display mobile network irregularities hinting at fake base station activity.
Requirements:¶
- Osmocom phone
- Osmocom serial cable
- Linux Computer
Download:¶
- Source Code
- Live System
Instructions¶
- Download
- unpack
- run: TODO call
- TODO command line parameters
Mailing list¶
A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.
GSMmap-apk¶
Actively collect 2G and 3G traces using Samsung Android phones.
Requirements:¶
- Samsung Galaxy S2 / S3 phone
Download:¶
- Pre-compiled .apk
- Source Code
Disclaimer¶
Our 3G tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.
Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.
During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.
To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.
Instructions¶
- Install application from App Store
- Run
Mailing list¶
A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.
GSMmap-live¶
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
It facilitates their use and automatically uploads logs to GSMmap.org.
Requirements:¶
- 64bit-compatible Computer
- For each test: Requirements listed above
Download:¶
- Live system image
- Source Code
Disclaimer¶
Our 3G tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.
Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.
During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.
To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.
Instructions¶
- Download
- Unpack:
tar xvzf gsmmap-live.img.tar.gz
- Write to stick
dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]
- Boot from stick
Mailing list¶
A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.
Updated by Karsten about 11 years ago · 7 revisions