Hi all.
Although general caution is advised in this case I have to disagree. I don't think
that availability of such an image will result in influx of gsm script-kiddies:
unlike some random internet attack tool, you can't hide behind some proxy in remote
country - you've got to be sufficiently close physically to your target.
That alone put enough restrictions to make people think twice before attempting to
use it.
On the other hand availability of ready-made image with the instructions on proper
and safe usage might lower the bar for actual researchers.
Also don't underestimate "forbidden fruit" effect - getting your hands on
something
that those "conspiracy of gsm developers" is trying to hide from
mega-cool-hacker is
one thing. Downloading freely available image is way more boring.
And no, I personally do not need this image - I'm quite happy with what we have in
our university lab already :)
cheers,
Max.
14.02.2014 18:27, Luca Bongiorni пишет:
Hi Matthew, all,
IMHO releasing such kind of image will just increase the number of script kiddies
around that could mess with 2G networks (and that is a bloody seriously problem).
From my experience (e.g. after releasing some
slides
http://www.slideshare.net/iazza/dcm-final-23052013fullycensored ) I have
always been asked to release sources/scripts/etc. which I have promptly denied.
The reason is pretty simple as you can imagine... If someone own an USRP or an
OsmocomBB-MS... and also know just a bit of ETSI specs, SDR and C++... It is unlikely
they will need a ready-to-deploy image.
Obviously that is just my two cents.
Just be wise about sharing it.
Cheers,
Luca
Hi Michael,
It is my intention to share an image and speed the process up for
other researchers interested in GSM attacks and building simulations in their labs.
At this time there are code changes I want to expand upon before I do
(predominantly cosmetic changes and making it more feature useful from the python
script). I am also hoping that enhanced detection of fakeBTS attacks will be
expanded upon by the osmocom-bb toolkit (the launch of the detection capability
occurred in December 2013 at CCC.) which would sufficiently detect anyone
attempting to use tools of this nature in an illegal way. Most of the work I did
can be recreated from the slides previously provided. If you are interested in the
E100 platform, I spent alot of time exploring its capabilities and re-compiling
packages. I first started trying to build the firmware from scratch with some
discussion occurring between myself and the firmware developer at Ettus, eventually
it became easier to customize the firmware provided by Ettus - the most difficult
change being a cross-compiled kernel to enable netfilter so that IP routing became
practical thus allowing for GPRS capabilities. I also had issues with the OpenBTS
52MTransceiver application in the more recent commits as significant overhaul has
begun on changing its capabilities. I eventually settled on r6718 version as this
provided GPRS capabilities and also was the last version functioning with the
52MTransceiver application. Most of the firmware I had to rebuild from source
including things not available in package repos such as libpcap, asterisk (w/ODBC),
odbc, libsqlite and python to get the capabilities I needed to demonstrate the
practical elements of a GSM attack from an embedded device. I will be releasing the
firmware image as soon as I tidy up some of my python code and detection tools
become more effective. If you do really need the image for some research purpose
then please e-mail me directly and I will gladly share a copy with you providing I
can understand better your requirement for needing an off-the-shelf attack tool for
GSM.
Kind Regards,
Matthew
The information contained in this message may be CONFIDENTIAL and is intended for the
addressee only. If you are not the addressee, please notify the sender immediately by
return e-mail and delete this message. Thank you.