Project

General

Profile

Mobile Network Assessment Tools » History » Version 7

Karsten, 12/20/2013 08:45 PM

1 1 Linus
h2. Overview
2 1 Linus
3 1 Linus
This is a collection of tools for the assessment of mobile network security.
4 1 Linus
It includes:
5 3 Linus
6 3 Linus
* *[[SIMtester]]*
7 1 Linus
Find signature & encryption give-away bugs as well es unprotected or hidden TARs
8 3 Linus
9 3 Linus
* *[[xgoldscanner]]*
10 3 Linus
Actively collect 2G and 3G logs from Samsung Galaxy phones to your computer (Linux application)
11 3 Linus
12 3 Linus
* *[[catcher catcher]]*
13 2 Linus
Detect fake 2G base stations
14 2 Linus
15 3 Linus
* *[[GSMmap-apk]]*
16 3 Linus
Actively collect 2G and 3G logs using Samsung Galaxy phones (Android application)
17 1 Linus
18 3 Linus
All command-line tools are provided in the *GSMmap-live* system, which auto-submits data to "GSMmap.org":https://GSMmap.org
19 3 Linus
20 1 Linus
*****
21 2 Linus
22 2 Linus
h2. SIMtester
23 1 Linus
24 1 Linus
Assess SIM card security in 3 dimensions:
25 1 Linus
26 2 Linus
* *Cryptanalytic attack surface*
27 2 Linus
Collect signature giveaways
28 2 Linus
Collect encryption giveaways
29 3 Linus
30 2 Linus
* *Security level*
31 2 Linus
Detect "unprotected" TARs accepting unauthenticated commands (MSL=0)
32 3 Linus
33 1 Linus
* *Spec. compliance*
34 1 Linus
Create a comprehensive overview of all available TARs
35 2 Linus
36 2 Linus
h3. Requirements:
37 2 Linus
38 2 Linus
* PC/SC reader –or–
39 2 Linus
* Osmocom phone
40 2 Linus
* SOFTWARE JAVA? todo
41 2 Linus
42 2 Linus
h3. Download
43 1 Linus
44 3 Linus
Pre-compiled .jar TODO
45 3 Linus
Source Code TODO
46 3 Linus
Live System TODO
47 1 Linus
48 1 Linus
h3. Instructions
49 2 Linus
50 2 Linus
# Download
51 2 Linus
# unpack
52 2 Linus
# run: TODO call
53 2 Linus
* TODO command line parameters
54 1 Linus
55 3 Linus
h3. Mailing list
56 3 Linus
57 3 Linus
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
58 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
59 3 Linus
60 3 Linus
61 2 Linus
*****
62 2 Linus
63 2 Linus
h2. xgoldscanner
64 1 Linus
65 2 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
66 3 Linus
Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
67 2 Linus
68 2 Linus
h3. Requirements:
69 2 Linus
70 2 Linus
* Samsung Galaxy S2 / S3  phone
71 2 Linus
* Micro-USB cable
72 2 Linus
* Linux Computer
73 2 Linus
74 1 Linus
h3. Download:
75 2 Linus
76 1 Linus
* Source Code (bash)
77 1 Linus
* Live System
78 1 Linus
79 6 Linus
h3. Disclaimer
80 6 Linus
81 7 Karsten
The active tests include an active part. First, your phone will place outgoing calls
82 6 Linus
to a dedicated number. This number will always be busy and never answer in order
83 6 Linus
to rule out voice charges as best as we can.
84 6 Linus
85 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
86 6 Linus
an invalid number.
87 6 Linus
88 6 Linus
During our tests we have not found a European network that charges for these
89 6 Linus
transactions. However, we can not rule out that you may be charged in specific
90 6 Linus
settings.
91 6 Linus
92 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
93 6 Linus
pre-paid SIM card for these tests.
94 6 Linus
95 1 Linus
h3. Instructions
96 1 Linus
97 2 Linus
# Download
98 4 Linus
# unpack
99 4 Linus
# run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
100 4 Linus
Optional parameters:
101 4 Linus
*  -g  conduct GPRS test
102 4 Linus
*  -d  display debug messages
103 4 Linus
*  -o  offline mode [skip log upload for manual submission]
104 4 Linus
*  -3  conduct 3G tests only [skip 2G tests]
105 4 Linus
*  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
106 2 Linus
*  -i  <n> repeat each test <n> times (default is 5)
107 2 Linus
108 2 Linus
h3. Advanced usage
109 3 Linus
110 2 Linus
Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
111 3 Linus
112 3 Linus
h3. Mailing list
113 3 Linus
114 3 Linus
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
115 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
116 3 Linus
117 2 Linus
*****
118 2 Linus
119 1 Linus
h2. catcher catcher
120 1 Linus
121 2 Linus
Display mobile network irregularities hinting at fake base station activity.
122 2 Linus
123 2 Linus
h3. Requirements:
124 2 Linus
125 2 Linus
* Osmocom phone
126 2 Linus
* Osmocom serial cable
127 1 Linus
* Linux Computer
128 1 Linus
129 1 Linus
h3. Download:
130 1 Linus
131 1 Linus
* Source Code
132 2 Linus
* Live System
133 2 Linus
134 2 Linus
h3. Instructions
135 2 Linus
136 2 Linus
# Download
137 2 Linus
# unpack
138 2 Linus
# run: TODO call
139 2 Linus
* TODO command line parameters
140 2 Linus
141 3 Linus
h3. Mailing list
142 3 Linus
143 3 Linus
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
144 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
145 3 Linus
146 1 Linus
*****
147 1 Linus
148 2 Linus
h2. GSMmap-apk
149 2 Linus
150 2 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
151 2 Linus
152 1 Linus
h3. Requirements:
153 1 Linus
154 1 Linus
* Samsung Galaxy S2 / S3 phone
155 1 Linus
156 1 Linus
h3. Download:
157 2 Linus
158 2 Linus
* Pre-compiled .apk
159 1 Linus
* Source Code
160 1 Linus
161 6 Linus
h3. Disclaimer
162 6 Linus
163 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
164 6 Linus
to a dedicated number. This number will always be busy and never answer in order
165 6 Linus
to rule out voice charges as best as we can.
166 6 Linus
167 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
168 6 Linus
an invalid number.
169 6 Linus
170 6 Linus
During our tests we have not found a European network that charges for these
171 6 Linus
transactions. However, we can not rule out that you may be charged in specific
172 6 Linus
settings.
173 6 Linus
174 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
175 6 Linus
pre-paid SIM card for these tests.
176 6 Linus
177 2 Linus
h3. Instructions
178 2 Linus
179 2 Linus
# Install application from App Store
180 2 Linus
# Run
181 2 Linus
182 3 Linus
h3. Mailing list
183 3 Linus
184 3 Linus
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
185 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
186 3 Linus
187 2 Linus
*****
188 2 Linus
189 1 Linus
h2. GSMmap-live
190 2 Linus
191 3 Linus
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
192 3 Linus
It facilitates their use and automatically uploads logs to GSMmap.org.
193 2 Linus
194 1 Linus
h3. Requirements:
195 1 Linus
196 1 Linus
* 64bit-compatible Computer
197 1 Linus
* For each test: Requirements listed above
198 1 Linus
199 2 Linus
h3. Download:
200 2 Linus
201 2 Linus
* Live system image
202 1 Linus
* Source Code
203 6 Linus
204 6 Linus
h3. Disclaimer
205 6 Linus
206 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
207 6 Linus
to a dedicated number. This number will always be busy and never answer in order
208 6 Linus
to rule out voice charges as best as we can.
209 6 Linus
210 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
211 6 Linus
an invalid number.
212 6 Linus
213 6 Linus
During our tests we have not found a European network that charges for these
214 6 Linus
transactions. However, we can not rule out that you may be charged in specific
215 6 Linus
settings.
216 6 Linus
217 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
218 6 Linus
pre-paid SIM card for these tests.
219 2 Linus
220 2 Linus
h3. Instructions
221 2 Linus
222 2 Linus
# Download
223 2 Linus
# Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
224 2 Linus
# Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
225 2 Linus
# Boot from stick
226 3 Linus
227 3 Linus
h3. Mailing list
228 3 Linus
229 3 Linus
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
230 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.