layer2/3 ported to target? paging attack code?

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.

Tim Ehlers osmocom at ehlers.info
Wed Sep 4 18:46:34 UTC 2013


On Wed, 4 Sep 2013, Dario Lombardo wrote:

Hi,

> Anyone tried it? I've downloaded the patch and applied it to the 
> changset you said. Compilation is ok. Should it generate new images to 
> dump to phone? I can see only standard targets.Dario

yes, as I can see, the rssi Target has been modified. So need to load that 
target with the modified osmocon, which opens another UNIX-Socket 
/tmp/osmocom_mi to read the victims TMSI. Whith "*" you can toggle the 
attack modes, which are DETACH, PAGING, RANGE_PAGING, ALL_PAGING, 
STEAL_SMS.

My only problem is, that I can't find out how to send the TMSI over the 
Socket. If I only send the TMSI with e.g. socat, I get

Err from socket: Bad address

from osmocon...

What do I miss?

Cheers

Tim




More information about the baseband-devel mailing list