Project

General

Profile

Mobile Network Assessment Tools » History » Version 9

Karsten, 12/23/2013 02:35 PM

1 1 Linus
h2. Overview
2 1 Linus
3 1 Linus
This is a collection of tools for the assessment of mobile network security.
4 1 Linus
It includes:
5 3 Linus
6 3 Linus
* *[[SIMtester]]*
7 8 Karsten
Finds configuration bugs in SIM cards
8 1 Linus
9 8 Karsten
* *[[GSMmap-apk]]*
10 8 Karsten
Android application that collects 2G and 3G network traces from Samsung Galaxy phones
11 8 Karsten
12 3 Linus
* *[[xgoldscanner]]*
13 8 Karsten
Linux application that collects 2G and 3G network traces from Samsung Galaxy phones
14 2 Linus
15 3 Linus
* *[[catcher catcher]]*
16 8 Karsten
Collect evidence of 2G fake base station activity (requires Osmocom phone)
17 1 Linus
18 1 Linus
19 8 Karsten
The tools are included in the *GSMmap-live* system, which auto-submits data for analysis at "GSMmap.org":https://GSMmap.org
20 1 Linus
21 1 Linus
*****
22 2 Linus
23 2 Linus
h2. SIMtester
24 2 Linus
25 8 Karsten
Assess SIM card security in two dimensions:
26 2 Linus
27 8 Karsten
* *Cryptanalytic attack surface.* Collect cryptographic signatures and encryptions of known plaintexts
28 1 Linus
29 9 Karsten
* *Application attack surface.* Generate a list of all application identifiers (TAR) and find "unprotected" (NSL=0) applications
30 2 Linus
31 2 Linus
h3. Requirements:
32 2 Linus
33 8 Karsten
* Java (TODO: Which Java edition/version?)
34 2 Linus
* PC/SC reader –or–
35 2 Linus
* Osmocom phone
36 2 Linus
37 1 Linus
h3. Download
38 1 Linus
39 3 Linus
Pre-compiled .jar TODO
40 3 Linus
Source Code TODO
41 2 Linus
Live System TODO
42 2 Linus
43 2 Linus
h3. Instructions
44 2 Linus
45 2 Linus
# Download
46 1 Linus
# unpack
47 3 Linus
# run: TODO call
48 3 Linus
* TODO command line parameters
49 3 Linus
50 1 Linus
h3. Mailing list
51 3 Linus
52 9 Karsten
A public mailing list for announcements and discussion can be found "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/simsec
53 2 Linus
54 2 Linus
*****
55 2 Linus
56 1 Linus
h2. xgoldscanner
57 2 Linus
58 3 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
59 2 Linus
Log files can be analyzed with Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool, which heavily inspired the development of xgoldscanner.
60 2 Linus
61 2 Linus
h3. Requirements:
62 2 Linus
63 2 Linus
* Samsung Galaxy S2 / S3  phone
64 2 Linus
* Micro-USB cable
65 2 Linus
* Linux Computer
66 1 Linus
67 2 Linus
h3. Download:
68 1 Linus
69 1 Linus
* Source Code (bash)
70 1 Linus
* Live System
71 6 Linus
72 6 Linus
h3. Disclaimer
73 7 Karsten
74 6 Linus
The active tests include an active part. First, your phone will place outgoing calls
75 6 Linus
to a dedicated number. This number will always be busy and never answer in order
76 6 Linus
to rule out voice charges as best as we can.
77 6 Linus
78 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
79 6 Linus
an invalid number.
80 6 Linus
81 6 Linus
During our tests we have not found a European network that charges for these
82 6 Linus
transactions. However, we can not rule out that you may be charged in specific
83 6 Linus
settings.
84 6 Linus
85 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
86 6 Linus
pre-paid SIM card for these tests.
87 1 Linus
88 1 Linus
h3. Instructions
89 2 Linus
90 4 Linus
# Download
91 4 Linus
# unpack
92 4 Linus
# run:  <pre>sudo ./xgoldscanner.sh -n [telephone number, e.g. +491234567]</pre>
93 4 Linus
Optional parameters:
94 4 Linus
*  -g  conduct GPRS test
95 4 Linus
*  -d  display debug messages
96 4 Linus
*  -o  offline mode [skip log upload for manual submission]
97 4 Linus
*  -3  conduct 3G tests only [skip 2G tests]
98 2 Linus
*  -y  assume "yes" to questions and confirmation dialogues [for automated testing]
99 2 Linus
*  -i  <n> repeat each test <n> times (default is 5)
100 2 Linus
101 3 Linus
h3. Advanced usage
102 2 Linus
103 3 Linus
Use Tobias Engel's "xgoldmon":https://github.com/2b-as/xgoldmon tool to analyze log files.
104 3 Linus
105 3 Linus
h3. Mailing list
106 3 Linus
107 5 Ben
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
108 3 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
109 2 Linus
110 2 Linus
*****
111 1 Linus
112 1 Linus
h2. catcher catcher
113 2 Linus
114 2 Linus
Display mobile network irregularities hinting at fake base station activity.
115 2 Linus
116 2 Linus
h3. Requirements:
117 2 Linus
118 2 Linus
* Osmocom phone
119 1 Linus
* Osmocom serial cable
120 1 Linus
* Linux Computer
121 1 Linus
122 1 Linus
h3. Download:
123 1 Linus
124 2 Linus
* Source Code
125 2 Linus
* Live System
126 2 Linus
127 2 Linus
h3. Instructions
128 2 Linus
129 2 Linus
# Download
130 2 Linus
# unpack
131 2 Linus
# run: TODO call
132 2 Linus
* TODO command line parameters
133 3 Linus
134 3 Linus
h3. Mailing list
135 3 Linus
136 5 Ben
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
137 3 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
138 1 Linus
139 1 Linus
*****
140 2 Linus
141 2 Linus
h2. GSMmap-apk
142 2 Linus
143 2 Linus
Actively collect 2G and 3G traces using Samsung Android phones.
144 1 Linus
145 1 Linus
h3. Requirements:
146 1 Linus
147 1 Linus
* Samsung Galaxy S2 / S3 phone
148 1 Linus
149 2 Linus
h3. Download:
150 2 Linus
151 1 Linus
* Pre-compiled .apk
152 1 Linus
* Source Code
153 6 Linus
154 6 Linus
h3. Disclaimer
155 6 Linus
156 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
157 6 Linus
to a dedicated number. This number will always be busy and never answer in order
158 6 Linus
to rule out voice charges as best as we can.
159 6 Linus
160 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
161 6 Linus
an invalid number.
162 6 Linus
163 6 Linus
During our tests we have not found a European network that charges for these
164 6 Linus
transactions. However, we can not rule out that you may be charged in specific
165 6 Linus
settings.
166 6 Linus
167 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
168 6 Linus
pre-paid SIM card for these tests.
169 2 Linus
170 2 Linus
h3. Instructions
171 2 Linus
172 2 Linus
# Install application from App Store
173 2 Linus
# Run
174 3 Linus
175 3 Linus
h3. Mailing list
176 3 Linus
177 5 Ben
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
178 3 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.
179 2 Linus
180 2 Linus
*****
181 1 Linus
182 2 Linus
h2. GSMmap-live
183 3 Linus
184 3 Linus
This live linux system is equipped with all the assessment tools listed above. It furthermore includes
185 2 Linus
It facilitates their use and automatically uploads logs to GSMmap.org.
186 1 Linus
187 1 Linus
h3. Requirements:
188 1 Linus
189 1 Linus
* 64bit-compatible Computer
190 1 Linus
* For each test: Requirements listed above
191 2 Linus
192 2 Linus
h3. Download:
193 2 Linus
194 1 Linus
* Live system image
195 6 Linus
* Source Code
196 6 Linus
197 6 Linus
h3. Disclaimer
198 6 Linus
199 6 Linus
Our 3G tests include an active part. First, your phone will place outgoing calls
200 6 Linus
to a dedicated number. This number will always be busy and never answer in order
201 6 Linus
to rule out voice charges as best as we can.
202 6 Linus
203 6 Linus
Secondly, your phone will send SMS short messages via an invalid SMS-C to
204 6 Linus
an invalid number.
205 6 Linus
206 6 Linus
During our tests we have not found a European network that charges for these
207 6 Linus
transactions. However, we can not rule out that you may be charged in specific
208 6 Linus
settings.
209 6 Linus
210 6 Linus
To control for involuntary charges, we strongly advise the use of a dedicated
211 2 Linus
pre-paid SIM card for these tests.
212 2 Linus
213 2 Linus
h3. Instructions
214 2 Linus
215 2 Linus
# Download
216 2 Linus
# Unpack: <pre>tar xvzf gsmmap-live.img.tar.gz</pre>
217 2 Linus
# Write to stick <pre>dd if=gsmmap-live.img of=/dev/[USB-stick] [bs=1M]</pre>
218 3 Linus
# Boot from stick
219 3 Linus
220 3 Linus
h3. Mailing list
221 3 Linus
222 5 Ben
A public mailing list for announcements and discussion can be found TODO  "here":http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51 .
223 1 Linus
Please file bugs and support requests through the "issue tracker TODO ":http://opensource.srlabs.de/projects/a51-decrypt/issues/new as they may be of little relevance to the majority of the mailing list subscribers.