This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Tomcsányi, Domonkos domi at tomcsanyi.netHi Gerard 2017. márc. 28. dátummal, 9:10 időpontban Gerard Pinto <gerardfly9 at gmail.com> írta: > 2) I have been trying something different with OsmocomBB, osmo-sim-auth and Tor lately - I would like to hear your views on the same. > Attack Model: Geo-Location Anonymous calling in GSM. > > Description: > 1. The attacker uses OsmocomBB phone to make a call using a sim card service. (No sim card present in the phone). > 2. For this, I have taken the SIM card outside OsmocomBB and re-written all SIM API's in osmo-sim-auth (which is the sim card service). > 3. This sim card service is deployed over Tor network, so no one can actually know the location of the SIM card service. > 4, The osmocombb connects to the network and uses this sim card service for authentication etc. > 5. The whole setup of calling etc is initiated by the sim card service, which is itself behind Tor. > > 6. Now, This SIM card service can be used my multiple phones, so now you are not exactly going to track the phone since if I use the SIM card service to another phone (cell area) the DB entry in VLR has changed which says the location has changed. > 7. My experiments worked well on a LIVE network, understanding the delay in Tor the network, still, the BTS was accepting RES response challenge from the SIM card service behind Tor - I still have to calculate the exact max acceptable delay in sending RES back to BTS to confirm this! This is a very interesting idea, I like it! I wanted to mention the SAP protocol that is available in OsmocomBB's mobile app via a Unix domain socket since some time now. It might be even easier to use it for your idea. I used it via an external card reader and softSIM to provide a SIM card for OsmocomBB. Cheers, Domi