Re: OsmocomBB MNCC socket implementation without LCR

2) I have been trying something different with OsmocomBB, osmo-sim-auth and Tor lately - I would like to hear your views on the same. Attack Model: Geo-Location Anonymous calling in GSM. Description: 1. The attacker uses OsmocomBB phone to make a call using a sim card service. (No sim card present in the phone). 2. For this, I have taken the SIM card outside OsmocomBB and re-written all SIM API's in osmo-sim-auth (which is the sim card service). 3. This sim card service is deployed over Tor network, so no one can actually know the location of the SIM card service. 4, The osmocombb connects to the network and uses this sim card service for authentication etc. 5. The whole setup of calling etc is initiated by the sim card service, which is itself behind Tor. 6. Now, This SIM card service can be used my multiple phones, so now you are not exactly going to track the phone since if I use the SIM card service to another phone (cell area) the DB entry in VLR has changed which says the location has changed. 7. My experiments worked well on a LIVE network, understanding the delay in Tor the network, still, the BTS was accepting RES response challenge from the SIM card service behind Tor - I still have to calculate the exact max acceptable delay in sending RES back to BTS to confirm this!