Mobile Network Assessment Tools » History » Revision 8
Revision 7 (Karsten, 12/20/2013 08:45 PM) → Revision 8/32 (Karsten, 12/23/2013 01:48 PM)
h2. Overview This is a collection of tools for the assessment of mobile network security. It includes: * *[[SIMtester]]* Finds configuration Find signature & encryption give-away bugs in SIM cards as well es unprotected or hidden TARs * *[[GSMmap-apk]]* *[[xgoldscanner]]* Android application that collects Actively collect 2G and 3G network traces logs from Samsung Galaxy phones to your computer (Linux application) * *[[xgoldscanner]]* *[[catcher catcher]]* Linux application that collects Detect fake 2G base stations * *[[GSMmap-apk]]* Actively collect 2G and 3G network traces from logs using Samsung Galaxy phones (Android application) * *[[catcher catcher]]* Collect evidence of 2G fake base station activity (requires Osmocom phone) The All command-line tools are included provided in the *GSMmap-live* system, which auto-submits data for analysis at to "GSMmap.org":https://GSMmap.org ***** h2. SIMtester Assess SIM card security in two 3 dimensions: * *Cryptanalytic attack surface.* surface* Collect cryptographic signatures and encryptions of known plaintexts signature giveaways Collect encryption giveaways * *Application attack surface.* Generate *Security level* Detect "unprotected" TARs accepting unauthenticated commands (MSL=0) * *Spec. compliance* Create a list comprehensive overview of all available TARs and find "unprotected" (NSL=0) applications * *Spec. compliance* h3. Requirements: * Java (TODO: Which Java edition/version?) * PC/SC reader –or– * Osmocom phone * SOFTWARE JAVA? todo h3. Download Pre-compiled .jar TODO Source Code TODO Live System TODO h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Mailing list A public mailing list for announcements and discussion can be found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/simsec TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. xgoldscanner Actively collect 2G and 3G traces using Samsung Android phones. Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner. h3. Requirements: * Samsung Galaxy S2 / S3 phone * Micro-USB cable * Linux Computer h3. Download: * Source Code (bash) * Live System h3. Disclaimer The active tests include an active part. First, your phone will place outgoing calls to a dedicated number. This number will always be busy and never answer in order to rule out voice charges as best as we can. Secondly, your phone will send SMS short messages via an invalid SMS-C to an invalid number. During our tests we have not found a European network that charges for these transactions. However, we can not rule out that you may be charged in specific settings. To control for involuntary charges, we strongly advise the use of a dedicated pre-paid SIM card for these tests. h3. Instructions # Download # unpack # run: <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre> Optional parameters: * -g conduct GPRS test * -d display debug messages * -o offline mode [skip log upload for manual submission] * -3 conduct 3G tests only [skip 2G tests] * -y assume "yes" to questions and confirmation dialogues [for automated testing] * -i <n> repeat each test <n> times (default is 5) h3. Advanced usage Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files. h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. catcher catcher Display mobile network irregularities hinting at fake base station activity. h3. Requirements: * Osmocom phone * Osmocom serial cable * Linux Computer h3. Download: * Source Code * Live System h3. Instructions # Download # unpack # run: TODO call * TODO command line parameters h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. GSMmap-apk Actively collect 2G and 3G traces using Samsung Android phones. h3. Requirements: * Samsung Galaxy S2 / S3 phone h3. Download: * Pre-compiled .apk * Source Code h3. Disclaimer Our 3G tests include an active part. First, your phone will place outgoing calls to a dedicated number. This number will always be busy and never answer in order to rule out voice charges as best as we can. Secondly, your phone will send SMS short messages via an invalid SMS-C to an invalid number. During our tests we have not found a European network that charges for these transactions. However, we can not rule out that you may be charged in specific settings. To control for involuntary charges, we strongly advise the use of a dedicated pre-paid SIM card for these tests. h3. Instructions # Install application from App Store # Run h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers. ***** h2. GSMmap-live This live linux system is equipped with all the assessment tools listed above. It furthermore includes It facilitates their use and automatically uploads logs to GSMmap.org. h3. Requirements: * 64bit-compatible Computer * For each test: Requirements listed above h3. Download: * Live system image * Source Code h3. Disclaimer Our 3G tests include an active part. First, your phone will place outgoing calls to a dedicated number. This number will always be busy and never answer in order to rule out voice charges as best as we can. Secondly, your phone will send SMS short messages via an invalid SMS-C to an invalid number. During our tests we have not found a European network that charges for these transactions. However, we can not rule out that you may be charged in specific settings. To control for involuntary charges, we strongly advise the use of a dedicated pre-paid SIM card for these tests. h3. Instructions # Download # Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre> # Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre> # Boot from stick h3. Mailing list A public mailing list for announcements and discussion can be found TODO "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 . Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.