<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I perfectly understand and agree about being reluctant to publish code that could be used for malicious purposes. <div>I was talking more about what Harald suggested: a public/private git repo related with Layers implementation into the MS.</div><div>Cheers,</div><div>Luca</div><div><div><br></div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div><div><div> Currently there is no commercial activity going on. and tool mostly contain testing tools like Multiple IMSI Detach .Identity impersonation , channel hijacking like one presented in this 29C3. Channel DOS. more issue is if we publish such tools we might get in trouble from Government and also from telecom Operator for creating such tools. for same purpose we didnt published those tools. its more like publishing complete sniffing app for GSM with all codec support.<br>
<br></div><div>currently we shall publish l1 l2 l3 app on target code soon when code cleaning will be completed. but dont get time as code is having multiple changes and uses library from different osmocom git hosted locally.<br>
</div><div><br><br></div>about publishing tools and research papers we shall do it after total research is complete.<br><br></div>and reason that its taking too much time is am single person who can do technical work and coding rest team is more on core telecom network security.<br>
<br></div>thats major issue in completing research .<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 2, 2013 at 10:07 AM, <span dir="ltr"><<a href="mailto:luca.bongiorni1@studenti.unimi.it" target="_blank">luca.bongiorni1@studenti.unimi.it</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u><div>So, if I may ask, since you are NOT having anykind of commercial activity related with osmocom's tools and is more than one year that you are asking for technical explanations over this ml/irc... Why u didn't publish yet the sources/results of your researches into a public repo as Harald suggested?<br>
<br>Cheers,<br>Luca<br><div>Sent from my FuffaphoneŽ</div><hr><div><b>From: </b> Akib Sayyed <<a href="mailto:akibsayyed@gmail.com" target="_blank">akibsayyed@gmail.com</a>>
</div><div><b>Sender: </b> <a href="mailto:baseband-devel-bounces@lists.osmocom.org" target="_blank">baseband-devel-bounces@lists.osmocom.org</a>
</div><div><b>Date: </b>Wed, 02 Jan 2013 08:36:46 +0300</div><div><b>To: </b>Luca Bongiorni<<a href="mailto:luca.bongiorni1@studenti.unimi.it" target="_blank">luca.bongiorni1@studenti.unimi.it</a>></div><div><b>Cc: </b><<a href="mailto:baseband-devel@lists.osmocom.org" target="_blank">baseband-devel@lists.osmocom.org</a>>; Harald Welte<<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>></div>
<div><b>Subject: </b>Re: 29c3 youtube video</div><div><div class="h5"><div><br></div><p>Damn typo mistake<br>
On Jan 2, 2013 8:35 AM, "Akib Sayyed" <<a href="mailto:akibsayyed@gmail.com" target="_blank">akibsayyed@gmail.com</a>> wrote:<br>
><br>
> Currently we are not in production stage.<br>
> We are more focused on buying own stack or buying chipset with compatible stack as there is no gprs/edge/3g suppprt in osmocom.<br>
> Our first tool was based on osmocom but we are not in production.<br>
><br>
> On Jan 2, 2013 12:12 AM, "Luca Bongiorni" <<a href="mailto:luca.bongiorni1@studenti.unimi.it" target="_blank">luca.bongiorni1@studenti.unimi.it</a>> wrote:<br>
>><br>
>> Hey all,<br>
>> actually is "interesting" his web site.<br>
>><br>
>> Since it seems a commercial website*:<br>
>><br>
>> * " Matrix Shell developed own GSM penetration testing tool.This tool is comprised of hardware unit and a <a href="http://laptop.it/" target="_blank">laptop.it</a> can perform various test on network using custom firmware.<br>
>> Using this too tester can identify state in which end user is getting service in terms of security."<br>
>><br>
>> * "We provide following services.<br>
>> GSM Network Penetration Testing<br>
>> Matrixshell have developed a tool that can be used for testing attack vectors from users point of view. That is attacks that can be carried out by using modified handsets which may cause misusing identity of GSM subscriber , mass cellphone cell phone switch off ,denial of service of subscriber etc. Such vulnerability may cause loss in reputation of provider.<br>
>> We can find out such issues using our own tools. Our tools comprised of UM interface hardware and a laptop communicating with UM interface. This tool can run different tests on network like: Checking encryption type, Authentication bypass, Wrong way of TMSI assignment by network, Identity impersonating."<br>
>><br>
>> I am wondering how his software tools are dealing with Osmocom's licenses.<br>
>><br>
>> Cheers,<br>
>> Luca<br>
>><br>
>> > are you sharing your current progress in a public git repository? If<br>
>> > not, I'd like to strongly encourage you to do so. I can also give you<br>
>> > commit access so you can push to a private branch on <a href="http://git.osmocom.org/" target="_blank">git.osmocom.org</a>, if you<br>
>> > prefer that.<br>
>> ><br>
>> > --<br>
>> > - Harald Welte <<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>> <a href="http://laforge.gnumonks.org/" target="_blank">http://laforge.gnumonks.org/</a><br>
>> > ============================================================================<br>
>> > "Privacy in residential applications is a desirable marketing option."<br>
>> > (ETSI EN 300 175-7 Ch. A6)<br>
>> ><br>
>><br>
>><br>
</p>
</div></div></div></blockquote></div><br><br clear="all"><br>-- <br>Akib Sayyed<br>Matrix-Shell<br><a href="mailto:akibsayyed@gmail.com" target="_blank">akibsayyed@gmail.com</a><br><a href="mailto:akibsayyed@matrixshell.com" target="_blank">akibsayyed@matrixshell.com</a><br>
Mob:- +91-966-514-2243<br><br>
</div>
</blockquote></div><br></body></html>