RSS Feed for This PostCurrent Article

GSM Sniffer

AirProbe is the new home of the former GSM-Sniffer project. The goal is to build an air-interface analysis tool for the GSM (and possible later 3G) mobile phone standard. The prime motivation is to learn the details of the technology, help people who develop other open GSM technology (like OpenBTS, OpenMoko?, BS11/OpenBSC and others) and demonstrate the insecurity of the current standard.

AirProbe is divided into three main subprojects: Acquisition, Demodulation and Analysis.

Acquisition The Acquisition module is hardware dependent and contains everything that has to do with receiving and digitizing the air interface. This is the part that needs to be rewritten for different receiver hardware, so it should be kept small and limited to the necessary functions. Most parts should be inherited from GNURadio, to keep workload limited.

DeModulation The Demodulation module contains all necessary code to make bits out of the signal captured by Acquisition. It is in principle hardware independent, but should be open to use DSPs is desired.

Analysis This module contains all the protocol parsing and decoding. Wireshark can be used to handle parts of the visualisation and UI tasks. An important part of the Analysis module is non-realtime A5 DeCryption based on a generic fast CPU. Realtime or near-realtime A5 dercyption is not a goal of the project. For purposes of protocol analysis and demonstration of insecurities, non-realtime decryption is sufficient.

Gsmdecode is used to decode the gsm messages from the gammu trace log and a Nokia DCT3 mobile phone. Nokia used a simple remote logging facility for debugging their DCT3 firmwares remotely, but apparently forgot to remove this when going into production. So you can enable it back with a special software described below.

Trackback URL

RSS Feed for This PostPost a Comment

Refresh Image