OsmocomBB MNCC socket implementation without LCR

Gerard Pinto gerardfly9 at gmail.com
Wed Mar 29 08:57:31 UTC 2017

Hi Domi,

Thanks! While I building the same, I was wondering 'may be SAP protocol'
was built for it.
But thanks again for confirming it!
And Yes, I used an external card reader too. I did not check all osmocom
projects, just checked out softSIM it does mention SAP.
Sounds great! Thanks for the feedback again.


On Tue, Mar 28, 2017 at 12:27 AM, Tomcsányi, Domonkos <domi at tomcsanyi.net>

> Hi Gerard
> 2017. márc. 28. dátummal, 9:10 időpontban Gerard Pinto <
> gerardfly9 at gmail.com> írta:
> > 2) I have been trying something different with OsmocomBB, osmo-sim-auth
> and Tor lately - I would like to hear your views on the same.
> >  Attack Model: Geo-Location Anonymous calling in GSM.
> >
> > Description:
> > 1. The attacker uses OsmocomBB phone to make a call using a sim card
> service. (No sim card present in the phone).
> > 2. For this, I have taken the SIM card outside OsmocomBB and re-written
> all SIM API's in osmo-sim-auth (which is the sim card service).
> > 3. This sim card service is deployed over Tor network, so no one can
> actually know the location of the SIM card service.
> > 4, The osmocombb connects to the network and uses this sim card service
> for authentication etc.
> > 5. The whole setup of calling etc is initiated by the sim card service,
> which is itself behind Tor.
> >
> > 6. Now, This SIM card service can be used my multiple phones, so now you
> are not exactly going to track the phone since if I use the SIM card
> service to another phone (cell area) the DB entry in VLR has changed which
> says the location has changed.
> > 7. My experiments worked well on a LIVE network, understanding the delay
> in Tor the network, still, the BTS was accepting RES response challenge
> from the SIM card service behind Tor - I still have to calculate the exact
> max acceptable delay in sending RES back to BTS to confirm this!
> This is a very interesting idea, I like it! I wanted to mention the SAP
> protocol that is available in OsmocomBB's mobile app via a Unix domain
> socket since some time now. It might be even easier to use it for your
> idea. I used it via an external card reader and softSIM to provide a SIM
> card for OsmocomBB.
> Cheers,
> Domi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20170329/045d7d3b/attachment.html>

More information about the baseband-devel mailing list