[Openbts-discuss] OpenBTS / E100 & GSM attacks.
Max.Suraev at fairwaves.ru
Fri Feb 14 17:54:16 UTC 2014
Although general caution is advised in this case I have to disagree. I don't think
that availability of such an image will result in influx of gsm script-kiddies:
unlike some random internet attack tool, you can't hide behind some proxy in remote
country - you've got to be sufficiently close physically to your target.
That alone put enough restrictions to make people think twice before attempting to
On the other hand availability of ready-made image with the instructions on proper
and safe usage might lower the bar for actual researchers.
Also don't underestimate "forbidden fruit" effect - getting your hands on something
that those "conspiracy of gsm developers" is trying to hide from mega-cool-hacker is
one thing. Downloading freely available image is way more boring.
And no, I personally do not need this image - I'm quite happy with what we have in
our university lab already :)
14.02.2014 18:27, Luca Bongiorni пишет:
> Hi Matthew, all,
> IMHO releasing such kind of image will just increase the number of script kiddies
> around that could mess with 2G networks (and that is a bloody seriously problem).
> From my experience (e.g. after releasing some
> slides http://www.slideshare.net/iazza/dcm-final-23052013fullycensored ) I have
> always been asked to release sources/scripts/etc. which I have promptly denied.
> The reason is pretty simple as you can imagine... If someone own an USRP or an
> OsmocomBB-MS... and also know just a bit of ETSI specs, SDR and C++... It is unlikely
> they will need a ready-to-deploy image.
> Obviously that is just my two cents.
> Just be wise about sharing it.
>> Hi Michael,
>> It is my intention to share an image and speed the process up for
>> other researchers interested in GSM attacks and building simulations in their labs.
>> At this time there are code changes I want to expand upon before I do
>> (predominantly cosmetic changes and making it more feature useful from the python
>> script). I am also hoping that enhanced detection of fakeBTS attacks will be
>> expanded upon by the osmocom-bb toolkit (the launch of the detection capability
>> occurred in December 2013 at CCC.) which would sufficiently detect anyone
>> attempting to use tools of this nature in an illegal way. Most of the work I did
>> can be recreated from the slides previously provided. If you are interested in the
>> E100 platform, I spent alot of time exploring its capabilities and re-compiling
>> packages. I first started trying to build the firmware from scratch with some
>> discussion occurring between myself and the firmware developer at Ettus, eventually
>> it became easier to customize the firmware provided by Ettus - the most difficult
>> change being a cross-compiled kernel to enable netfilter so that IP routing became
>> practical thus allowing for GPRS capabilities. I also had issues with the OpenBTS
>> 52MTransceiver application in the more recent commits as significant overhaul has
>> begun on changing its capabilities. I eventually settled on r6718 version as this
>> provided GPRS capabilities and also was the last version functioning with the
>> 52MTransceiver application. Most of the firmware I had to rebuild from source
>> including things not available in package repos such as libpcap, asterisk (w/ODBC),
>> odbc, libsqlite and python to get the capabilities I needed to demonstrate the
>> practical elements of a GSM attack from an embedded device. I will be releasing the
>> firmware image as soon as I tidy up some of my python code and detection tools
>> become more effective. If you do really need the image for some research purpose
>> then please e-mail me directly and I will gladly share a copy with you providing I
>> can understand better your requirement for needing an off-the-shelf attack tool for
>> Kind Regards,
> The information contained in this message may be CONFIDENTIAL and is intended for the
> addressee only. If you are not the addressee, please notify the sender immediately by
> return e-mail and delete this message. Thank you.
More information about the baseband-devel