Luca -
I generally agree, for whatever it’s worth. To release a “turn-key” attack tool is
irresponsible. Anyone qualified to actually do this kind of research can hack together
their own attack experiments from available software without much trouble.
— David
On Feb 14, 2014, at 19:27, Luca Bongiorni <luca.bongiorni1(a)studenti.unimi.it>
wrote:
Hi Matthew, all,
IMHO releasing such kind of image will just increase the number of script kiddies around
that could mess with 2G networks (and that is a bloody seriously problem).
From my experience (e.g. after releasing some slides
http://www.slideshare.net/iazza/dcm-final-23052013fullycensored ) I have always been asked
to release sources/scripts/etc. which I have promptly denied.
The reason is pretty simple as you can imagine... If someone own an USRP or an
OsmocomBB-MS... and also know just a bit of ETSI specs, SDR and C++... It is unlikely they
will need a ready-to-deploy image.
Obviously that is just my two cents.
Just be wise about sharing it.
Cheers,
Luca
Hi Michael,
It is my intention to share an image and speed the process up for other
researchers interested in GSM attacks and building simulations in their labs. At this time
there are code changes I want to expand upon before I do (predominantly cosmetic changes
and making it more feature useful from the python script). I am also hoping that enhanced
detection of fakeBTS attacks will be expanded upon by the osmocom-bb toolkit (the launch
of the detection capability occurred in December 2013 at CCC.) which would sufficiently
detect anyone attempting to use tools of this nature in an illegal way. Most of the work I
did can be recreated from the slides previously provided. If you are interested in the
E100 platform, I spent alot of time exploring its capabilities and re-compiling packages.
I first started trying to build the firmware from scratch with some discussion occurring
between myself and the firmware developer at Ettus, eventually it became easier to
customize the firmware provided by Ettus - the most difficult change being a
cross-compiled kernel to enable netfilter so that IP routing became practical thus
allowing for GPRS capabilities. I also had issues with the OpenBTS 52MTransceiver
application in the more recent commits as significant overhaul has begun on changing its
capabilities. I eventually settled on r6718 version as this provided GPRS capabilities and
also was the last version functioning with the 52MTransceiver application. Most of the
firmware I had to rebuild from source including things not available in package repos such
as libpcap, asterisk (w/ODBC), odbc, libsqlite and python to get the capabilities I needed
to demonstrate the practical elements of a GSM attack from an embedded device. I will be
releasing the firmware image as soon as I tidy up some of my python code and detection
tools become more effective. If you do really need the image for some research purpose
then please e-mail me directly and I will gladly share a copy with you providing I can
understand better your requirement for needing an off-the-shelf attack tool for GSM.
Kind Regards,
Matthew
The information contained in this message may be CONFIDENTIAL and is intended for the
addressee only. If you are not the addressee, please notify the sender immediately by
return e-mail and delete this message. Thank you.