29 Mar
2017
29 Mar
'17
10:57 a.m.
Hi Domi,
Thanks! While I building the same, I was wondering 'may be SAP protocol'
was built for it.
But thanks again for confirming it!
And Yes, I used an external card reader too. I did not check all osmocom
projects, just checked out softSIM it does mention SAP.
Sounds great! Thanks for the feedback again.
Thanks,
Gerard
On Tue, Mar 28, 2017 at 12:27 AM, Tomcsányi, Domonkos <domi(a)tomcsanyi.net>
wrote:
Hi Gerard
2017. márc. 28. dátummal, 9:10 időpontban Gerard Pinto <
gerardfly9(a)gmail.com> írta:
2) I have been trying something different with
OsmocomBB, osmo-sim-auth
and Tor lately - I would like to hear your views on the
same.
Attack Model: Geo-Location Anonymous calling in
GSM.
Description:
1. The attacker uses OsmocomBB phone to make a call using a sim card
service. (No
sim card present in the phone).
2. For this, I have taken the SIM card outside
OsmocomBB and re-written
all SIM API's in osmo-sim-auth (which is the sim card
service).
3. This sim card service is deployed over Tor
network, so no one can
actually know the location of the SIM card service.
4, The osmocombb connects to the network and uses
this sim card service
for authentication etc.
5. The whole setup of calling etc is initiated by
the sim card service,
which is itself behind Tor.
6. Now, This SIM card service can be used my multiple phones, so now you
are not
exactly going to track the phone since if I use the SIM card
service to another phone (cell area) the DB entry in VLR has changed which
says the location has changed.
7. My experiments worked well on a LIVE network,
understanding the delay
in Tor the network, still, the BTS was accepting RES
response challenge
from the SIM card service behind Tor - I still have to calculate the exact
max acceptable delay in sending RES back to BTS to confirm this!
This is a very interesting idea, I like it! I wanted to mention the SAP
protocol that is available in OsmocomBB's mobile app via a Unix domain
socket since some time now. It might be even easier to use it for your
idea. I used it via an external card reader and softSIM to provide a SIM
card for OsmocomBB.
Cheers,
Domi