Project

General

Profile

Actions
History

Mobile Network Assessment Tools » History » Revision 8

« Previous | Revision 8/32 (diff) | Next »
Karsten, 12/23/2013 01:48 PM

Overview

This is a collection of tools for the assessment of mobile network security.
It includes:

  • SIMtester
    Finds configuration bugs in SIM cards
  • GSMmap-apk
    Android application that collects 2G and 3G network traces from Samsung Galaxy phones
  • xgoldscanner
    Linux application that collects 2G and 3G network traces from Samsung Galaxy phones
  • catcher catcher
    Collect evidence of 2G fake base station activity (requires Osmocom phone)

The tools are included in the GSMmap-live system, which auto-submits data for analysis at GSMmap.org

SIMtester

Assess SIM card security in two dimensions:

  • Cryptanalytic attack surface. Collect cryptographic signatures and encryptions of known plaintexts
  • Application attack surface. Generate a list of all TARs and find "unprotected" (NSL=0) applications
  • Spec. compliance

Requirements:

  • Java (TODO: Which Java edition/version?)
  • PC/SC reader –or–
  • Osmocom phone

Download

Pre-compiled .jar TODO
Source Code TODO
Live System TODO

Instructions

  1. Download
  2. unpack
  3. run: TODO call
    • TODO command line parameters

Mailing list

A public mailing list for announcements and discussion can be found here .

xgoldscanner

Actively collect 2G and 3G traces using Samsung Android phones.
Log files can be analyzed with Tobias Engel's xgoldmon tool, which heavily inspired the development of xgoldscanner.

Requirements:

  • Samsung Galaxy S2 / S3 phone
  • Micro-USB cable
  • Linux Computer

Download:

  • Source Code (bash)
  • Live System

Disclaimer

The active tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.

Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.

During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.

To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.

Instructions

  1. Download
  2. unpack
  3. run: 
    sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]

    Optional parameters:
    • -g conduct GPRS test
    • -d display debug messages
    • -o offline mode [skip log upload for manual submission]
    • -3 conduct 3G tests only [skip 2G tests]
    • -y assume "yes" to questions and confirmation dialogues [for automated testing]
    • -i <n> repeat each test <n> times (default is 5)

Advanced usage

Use Tobias Engel's xgoldmon tool to analyze log files.

Mailing list

A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.

catcher catcher

Display mobile network irregularities hinting at fake base station activity.

Requirements:

  • Osmocom phone
  • Osmocom serial cable
  • Linux Computer

Download:

  • Source Code
  • Live System

Instructions

  1. Download
  2. unpack
  3. run: TODO call
    • TODO command line parameters

Mailing list

A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.

GSMmap-apk

Actively collect 2G and 3G traces using Samsung Android phones.

Requirements:

  • Samsung Galaxy S2 / S3 phone

Download:

  • Pre-compiled .apk
  • Source Code

Disclaimer

Our 3G tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.

Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.

During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.

To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.

Instructions

  1. Install application from App Store
  2. Run

Mailing list

A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.

GSMmap-live

This live linux system is equipped with all the assessment tools listed above. It furthermore includes
It facilitates their use and automatically uploads logs to GSMmap.org.

Requirements:

  • 64bit-compatible Computer
  • For each test: Requirements listed above

Download:

  • Live system image
  • Source Code

Disclaimer

Our 3G tests include an active part. First, your phone will place outgoing calls
to a dedicated number. This number will always be busy and never answer in order
to rule out voice charges as best as we can.

Secondly, your phone will send SMS short messages via an invalid SMS-C to
an invalid number.

During our tests we have not found a European network that charges for these
transactions. However, we can not rule out that you may be charged in specific
settings.

To control for involuntary charges, we strongly advise the use of a dedicated
pre-paid SIM card for these tests.

Instructions

  1. Download
  2. Unpack: 
    tar xvzf gsmmap-live.img.tar.gz
  3. Write to stick 
    dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]
  4. Boot from stick

Mailing list

A public mailing list for announcements and discussion can be found TODO here .
Please file bugs and support requests through the issue tracker TODO as they may be of little relevance to the majority of the mailing list subscribers.

Updated by Karsten almost 11 years ago · 8 revisions