Project

General

Profile

Mobile Network Assessment Tools » History » Version 7

Karsten, 12/20/2013 08:45 PM

1 1 Linus
h2. Overview
2
3
This is a collection of tools for the assessment of mobile network security.
4
It includes:
5 3 Linus
6
* *[[SIMtester]]*
7 1 Linus
Find signature & encryption give-away bugs as well es unprotected or hidden TARs
8 3 Linus
9
* *[[xgoldscanner]]*
10
Actively collect 2G and 3G logs from Samsung Galaxy phones to your computer (Linux application)
11
12
* *[[catcher catcher]]*
13 2 Linus
Detect fake 2G base stations
14
15 3 Linus
* *[[GSMmap-apk]]*
16
Actively collect 2G and 3G logs using Samsung Galaxy phones (Android application)
17 1 Linus
18 3 Linus
All command-line tools are provided in the *GSMmap-live* system, which auto-submits data to "GSMmap.org":https://GSMmap.org
19
20 1 Linus
*****
21 2 Linus
22
h2. SIMtester
23 1 Linus
24
Assess SIM card security in 3 dimensions:
25
26 2 Linus
* *Cryptanalytic attack surface*
27
Collect signature giveaways
28
Collect encryption giveaways
29 3 Linus
30 2 Linus
* *Security level*
31
Detect "unprotected" TARs accepting unauthenticated commands (MSL=0)
32 3 Linus
33 1 Linus
* *Spec. compliance*
34
Create a comprehensive overview of all available TARs
35 2 Linus
36
h3. Requirements:
37
38
* PC/SC reader –or–
39
* Osmocom phone
40
* SOFTWARE JAVA? todo
41
42
h3. Download
43 1 Linus
44 3 Linus
Pre-compiled .jar TODO
45
Source Code TODO
46
Live System TODO
47 1 Linus
48
h3. Instructions
49 2 Linus
50
# Download
51
# unpack
52
# run: TODO call
53
* TODO command line parameters
54 1 Linus
55 3 Linus
h3. Mailing list
56
57
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
58 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
59 3 Linus
60
61 2 Linus
*****
62
63
h2. xgoldscanner
64 1 Linus
65 2 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
66 3 Linus
Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
67 2 Linus
68
h3. Requirements:
69
70
* Samsung Galaxy S2 / S3  phone
71
* Micro-USB cable
72
* Linux Computer
73
74 1 Linus
h3. Download:
75 2 Linus
76 1 Linus
* Source Code (bash)
77
* Live System
78
79 6 Linus
h3. Disclaimer
80
81 7 Karsten
The active tests include an active part. First, your phone will place outgoing calls
82 6 Linus
to a dedicated number. This number will always be busy and never answer in order
83
to rule out voice charges as best as we can.
84
85
Secondly, your phone will send SMS short messages via an invalid SMS-C to
86
an invalid number.
87
88
During our tests we have not found a European network that charges for these
89
transactions. However, we can not rule out that you may be charged in specific
90
settings.
91
92
To control for involuntary charges, we strongly advise the use of a dedicated
93
pre-paid SIM card for these tests.
94
95 1 Linus
h3. Instructions
96
97 2 Linus
# Download
98 4 Linus
# unpack
99
# run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
100
Optional parameters:
101
*  -g  conduct GPRS test
102
*  -d  display debug messages
103
*  -o  offline mode [skip log upload for manual submission]
104
*  -3  conduct 3G tests only [skip 2G tests]
105
*  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
106 2 Linus
*  -i  <n> repeat each test <n> times (default is 5)
107
108
h3. Advanced usage
109 3 Linus
110 2 Linus
Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
111 3 Linus
112
h3. Mailing list
113
114
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
115 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
116 3 Linus
117 2 Linus
*****
118
119 1 Linus
h2. catcher catcher
120
121 2 Linus
Display mobile network irregularities hinting at fake base station activity.
122
123
h3. Requirements:
124
125
* Osmocom phone
126
* Osmocom serial cable
127 1 Linus
* Linux Computer
128
129
h3. Download:
130
131
* Source Code
132 2 Linus
* Live System
133
134
h3. Instructions
135
136
# Download
137
# unpack
138
# run: TODO call
139
* TODO command line parameters
140
141 3 Linus
h3. Mailing list
142
143
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
144 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
145 3 Linus
146 1 Linus
*****
147
148 2 Linus
h2. GSMmap-apk
149
150
Actively collect 2G and 3G traces using Samsung Android phones.
151
152 1 Linus
h3. Requirements:
153
154
* Samsung Galaxy S2 / S3 phone
155
156
h3. Download:
157 2 Linus
158
* Pre-compiled .apk
159 1 Linus
* Source Code
160
161 6 Linus
h3. Disclaimer
162
163
Our 3G tests include an active part. First, your phone will place outgoing calls
164
to a dedicated number. This number will always be busy and never answer in order
165
to rule out voice charges as best as we can.
166
167
Secondly, your phone will send SMS short messages via an invalid SMS-C to
168
an invalid number.
169
170
During our tests we have not found a European network that charges for these
171
transactions. However, we can not rule out that you may be charged in specific
172
settings.
173
174
To control for involuntary charges, we strongly advise the use of a dedicated
175
pre-paid SIM card for these tests.
176
177 2 Linus
h3. Instructions
178
179
# Install application from App Store
180
# Run
181
182 3 Linus
h3. Mailing list
183
184
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
185 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
186 3 Linus
187 2 Linus
*****
188
189 1 Linus
h2. GSMmap-live
190 2 Linus
191 3 Linus
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
192
It facilitates their use and automatically uploads logs to GSMmap.org.
193 2 Linus
194 1 Linus
h3. Requirements:
195
196
* 64bit-compatible Computer
197
* For each test: Requirements listed above
198
199 2 Linus
h3. Download:
200
201
* Live system image
202 1 Linus
* Source Code
203 6 Linus
204
h3. Disclaimer
205
206
Our 3G tests include an active part. First, your phone will place outgoing calls
207
to a dedicated number. This number will always be busy and never answer in order
208
to rule out voice charges as best as we can.
209
210
Secondly, your phone will send SMS short messages via an invalid SMS-C to
211
an invalid number.
212
213
During our tests we have not found a European network that charges for these
214
transactions. However, we can not rule out that you may be charged in specific
215
settings.
216
217
To control for involuntary charges, we strongly advise the use of a dedicated
218
pre-paid SIM card for these tests.
219 2 Linus
220
h3. Instructions
221
222
# Download
223
# Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
224
# Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
225
# Boot from stick
226 3 Linus
227
h3. Mailing list
228
229
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
230 5 Ben
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.