Re: [Openbts-discuss] OpenBTS / E100 & GSM attacks.

[Michael M. <moo...@nk...>]

Matthew,

Thank you for the information about how you optimized the E100 firmware. I
have been having much trouble getting OpenBTS running on an E100.  An
already setup image would definitely speed up my development time.

My area of interest is in how to improve GSM security with OpenBTS, so I do
see the point David & Luca are making about not getting a prepackaged tool
like this out in the wild.  I have most of the features already implemented
myself w/ a USRP2, but it would be nice to have a stable E100 system for my
lab setup too.  I am just impressed at how everything was presented in the
greedyBTS interface.

If I have any other questions I will send you an e-mail directly.

Thank you everyone for the input,

Michael


On Fri, Feb 14, 2014 at 9:45 AM, Hacker Fantastic <
hac...@go...> wrote:

> Hi Luca,
>             Whilst I agree that arming a bunch of script kiddies is
> completely detrimental to the security of everyone I must point out that
> there are many practical applications for the use of such technology to
> assist people working in security. For instance on multiple occasions I
> have been told "It is GPRS, not WIFI" which is a complete misunderstanding
> of the vulnerabilities in current mobility solutions used by many. I have
> no intention to weaken the state of security any further than it is but I
> am always happy to assist those who are interested in building stronger
> defences. When the detection tools become better it will be less of an
> issue but as it stands we are still in the infancy of detecting and
> preventing such threats because there is misunderstanding about the
> triviality of exploitation. I have no intention to provide material that
> could enable anyone to exploit others, I merely aimed to highlight what is
> possible and open the question as to how it can be accounted for in
> traditional security defences.
>
> Kind Regards,
> Matthew
>
>
> On Fri, Feb 14, 2014 at 5:27 PM, Luca Bongiorni <
> luc...@st...> wrote:
>
>> Hi Matthew, all,
>>
>> IMHO releasing such kind of image will just increase the number of script
>> kiddies around that could mess with 2G networks (and that is a bloody
>> seriously problem).
>> From my experience (e.g. after releasing some slides
>> http://www.slideshare.net/iazza/dcm-final-23052013fullycensored ) I have
>> always been asked to release sources/scripts/etc. which I have promptly
>> denied.
>> The reason is pretty simple as you can imagine... If someone own an USRP
>> or an OsmocomBB-MS... and also know just a bit of ETSI specs, SDR and
>> C++... It is unlikely they will need a ready-to-deploy image.
>>
>> Obviously that is just my two cents.
>> Just be wise about sharing it.
>>
>> Cheers,
>> Luca
>>
>> Hi Michael,
>>                  It is my intention to share an image and speed the
>> process up for other researchers interested in GSM attacks and building
>> simulations in their labs. At this time there are code changes I want to
>> expand upon before I do (predominantly cosmetic changes and making it more
>> feature useful from the python script). I am also hoping that enhanced
>> detection of fakeBTS attacks will be expanded upon by the osmocom-bb
>> toolkit (the launch of the detection capability occurred in December 2013
>> at CCC.) which would sufficiently detect anyone attempting to use tools of
>> this nature in an illegal way. Most of the work I did can be recreated from
>> the slides previously provided. If you are interested in the E100 platform,
>> I spent alot of time exploring its capabilities and re-compiling packages.
>> I first started trying to build the firmware from scratch with some
>> discussion occurring between myself and the firmware developer at Ettus,
>> eventually it became easier to customize the firmware provided by Ettus -
>> the most difficult change being a cross-compiled kernel to enable netfilter
>> so that IP routing became practical thus allowing for GPRS capabilities. I
>> also had issues with the OpenBTS 52MTransceiver application in the more
>> recent commits as significant overhaul has begun on changing its
>> capabilities. I eventually settled on r6718 version as this provided GPRS
>> capabilities and also was the last version functioning with the
>> 52MTransceiver application. Most of the firmware I had to rebuild from
>> source including things not available in package repos such as libpcap,
>> asterisk (w/ODBC), odbc, libsqlite and python to get the capabilities I
>> needed to demonstrate the practical elements of a GSM attack from an
>> embedded device. I will be releasing the firmware image as soon as I tidy
>> up some of my python code and detection tools become more effective. If you
>> do really need the image for some research purpose then please e-mail me
>> directly and I will gladly share a copy with you providing I can understand
>> better your requirement for needing an off-the-shelf attack tool for GSM.
>>
>> Kind Regards,
>> Matthew
>>
>>
>> The information contained in this message may be CONFIDENTIAL and is
>> intended for the addressee only. If you are not the addressee, please
>> notify the sender immediately by return e-mail and delete this
>> message. Thank you.
>>
>>
>
>
> --
> Matthew Hickey
> Tel: +44 7543 661237
> Web: http://blog.hackerfantastic.com
>
> Please visit my website for blog postings, status updates and project
> information.
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Android apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience.  Start now.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
> _______________________________________________
> Openbts-discuss mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openbts-discuss
>
>


-- 

Michael Mooradian
Nathan Kunes Inc.
5055 North Harbor Drive, Suite 230
San Diego, CA 92106
619-822-1045 MAIN
619-553-3076 DIRECT
619-997-7055 CELL
619-221-1235 FAX...@nk...