@Jabeir, I am having 1 usrp, ati4770 card, 2tb hdd, currently downloading rainbow tables, os is Ubantu9.1(Karmic-kola), high gain gsm antenna, kindly let me know what else I need to have to break 3G live, or is there anything that I need in extra, please guide me, I have also problem while running usrp with gnuradio on ubantu9.1. please reply, I am waiting
On Sun, Jan 3, 2010 at 2:53 PM, <[email protected]> wrote: > Send A51 mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of A51 digest..." > > > Today's Topics: > > 1. Re: Attacks tool is required (Fabio Pietrosanti (naif)) > 2. Re: Attacks tool is required (hardware required?) > (Fabio Pietrosanti (naif)) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 3 Jan 2010 10:17:55 +0100 > From: "Fabio Pietrosanti (naif)" <[email protected]> > Subject: Re: [A51] Attacks tool is required > To: GeleGrodan <[email protected]> > Cc: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > In the 'old age' of WiFi, getting a serious Cisco Aironet LCM-352 (the > one with external antenna plug) along with a couple of good antenna > with MMCX interface cable would had cost not less than 400 EUR all > together. > > It's the same "average" cost. > > However there's on guy here in the mailing lists with which we are > discussing to make a "clone" of USRP2 by making it "much cheaper" and > already integrating all the piece of hardware required to play with GSM. > > It's absolutely feasible, now let's wait for the release of the > software including all the feature that should had been demonstrated. > > Then we'll put in place some "open" industrialization effort to reduce > the entrance barrier to play with the stuff. > > Fabio > > On 03/gen/10, at 01:26, GeleGrodan wrote: > > > The problem with comparing with aircrack-ng is that together with a > > supported wifi-card (often built-in in laptops, or bought for ca > > 20usd) you have a complete tool for capture and cracking, out of box. > > If you compare that with this project, the cracking/decoding is just > > half the part, you still need expensive hardware to capture the > > traffic. But sure, if the tool is well made, its just a matter of > > money. > > So if I understand everything correctly, what you need (in hardware) > > to CAPTURE somebody's phone-call is: > > USRP > > Daughterboard > > Some antenna > > +Software of course > > 700USD+150USD+35USD = 885USD > > (http://www.ettus.com/order) > > > > Or am I missing something? > > > > On Fri, Jan 1, 2010 at 21:05, Fabio Pietrosanti (naif) < > [email protected] > > > wrote: > > Hi all, > > > > this is a provocative email. > > > > IMHO we need "practical", really practical ability for hackers to > > "easily" make gsm hacking and gsm interception. > > > > We need something like aircrack-ng for WiFi, we need that anyone with > > basic knowledge and not that big costs could start playing and hacking > > gsm. > > > > Why? > > > > Because if we don't reach that goal the problem will be always there, > > GSM equipment is not going to be replaced easily. > > > > What's already happened with other technologies like 802.11/WEP? > > > > Until well known, cheap and easy to use attack tools was diffused the > > industry did not reacted by making WPA1, WPA2 and working on security > > awareness. > > > > The real sense of full disclosure is this. > > > > GSM is sensitive, mobile voice and data interception is a strong > > matter and companies, governments and various agencies does not want > > anyone being able to break it. > > > > The interception tool exists. > > > > But they costs a lot of money (200-600k) and officially can be brought > > only by governments (even if most private agencies have it...). > > So only private spies, organized crimes, law enforcement, secret > > services and military can use it. > > > > And the general feeling of the man walking the street is that "calls > > and data are secure". > > Because they don't feel the risk, a real risk for the system, for the > > economy, for the industry, for the democracy itself. > > > > If people does not "taste" the risk, they will not react. > > > > Is the "public" is not *strongly aware* about the problem, then > > problem for them DOES NOT EXISTS (like has been done in past 15 > > years). > > > > Mobile networks are building block of the information society, and > > information society is the building block of the information and > > services economy where we live. > > > > All past GSM hacking attempt got serious attention from authorities > > and big lobbies, there was always "legal" problem and "pressure" on > > the project founders. > > > > I think we should think about it seriously, Karsten also told in > > various talk about such kind of "pressure". > > > > The project should probably increase it's resilience to possible > > attacks to the project itself, with the creation of always up-to-date > > mirror of the informations and development environment, sharing of > > mailing lists subscribers to always keep the community up&running. > > > > Then on top of that framework it would be fine to get some financing > > for additional development and refinement and eventually even build > > some business around it to make it economically sustainable and reach > > the "point-click-sniff" tool. > > > > It's a very difficult step but if we want to really change the > > landscape of the mobile security we should reach a level that will > > "force" the industry to upgrade or when not possible to explicitly do > > awareness about the risk. > > > > On Windows Vista if i connect to an open wifi network i receive the > > advice that the network is insecure and someone could sniff the > > traffic. > > > > Well, let's force them to do awareness on the users if the don't want > > to upgrade, users should always know what they are using and what are > > their risks. > > > > Telecommunication companies account 3 quarter of the european high > > yield bonds ( > http://www.cadwalader.com/assets/article/HighYieldBondMk.pdf > > ), they are plenty of debt to invest in selling dumb sing and logos > > for mobile, restricting network neutrality of the internet and a lot > > of very nasty and lobbystic stuff. > > > > > > I would like to see them to invest more in securing the information > > society, that is the foundation of their business required to sustain > > their debt. > > > > Let's do everything to make the project reach a "point-click-sniff" > > tool, at least on software side. > > > > Let's release everything, with very precise documentation, so privacy > > activists can demonstrate the risks to the masses. > > Let's mirror everything across trusted networks. > > Let's get public donations and private funding to carry on the > > development. > > Let's increase documentation and community strength to expand the > > knowledge. > > > > That's my personal point of view, all you guys have made an excellent > > job, now we should not stop. > > > > We should goes on, let anyone insisting on privacy activism in the > > world, on information society right to "access" the technology that > > demonstrate how the industry acted. > > > > We need more people involved that will start using the "tools" around > > the policy and activism scene, that will make the process > > unreversible. > > > > Without an easy to use attack tool available for anyone that want to > > show up which are the risks, all this effort not reach the result. > > > > Citizens and politicians will not care about it, and worst things will > > do all the bests to say that "everything it's ok, it was just a fun > > stuff by some bunch of young hackers!". > > > > Fabio > > _______________________________________________ > > A51 mailing list > > [email protected] > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.lists.reflextor.com/pipermail/a51/attachments/20100103/d601f28a/attachment-0001.htm > > ------------------------------ > > Message: 2 > Date: Sun, 3 Jan 2010 10:23:38 +0100 > From: "Fabio Pietrosanti (naif)" <[email protected]> > Subject: Re: [A51] Attacks tool is required (hardware required?) > To: javier falbo <[email protected]> > Cc: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > This thread is making me understanding that there's not enough > information. > > I read on airprobe website: > https://svn.berlin.ccc.de/projects/airprobe/wiki/hardware > > But i read here that 1 USRP2 along with 2 daughterboards are required. > > Can we confirm that the equipment needed is 2 DBSRX daughterboards > along with antennas? > > We should probably reach a practical 'how to for experiments'. > > Are the rainbowtables only 2TB in size? > > Fabio > > > On 03/gen/10, at 05:52, javier falbo wrote: > > > You need also: > > > > Add: > > 1 PC Computer (new one if possible) > > 1 2tbytes hard disk (us$ 200 or more, depends on trademark) > > 1 pc user :) > > > > Aprox us$ 2.500 to decode in realtime any GSM voice and message. > > (without pc user salary jeje) > > Multiply this by 5, to have LIVE A53 and Kasumi breaked. > > > > Javier > > > > > Date: Sun, 3 Jan 2010 02:52:22 +0100 > > > From: [email protected] > > > To: [email protected] > > > Subject: Re: [A51] Attacks tool is required > > > > > > A usrp1 is not enough by current estimates. > > > A usrp2 OTOH is. And you need 2 daughterboards. > > > > > > On Sun, Jan 03, 2010 at 01:26:25AM +0100, GeleGrodan wrote: > > > > The problem with comparing with aircrack-ng is that together > > with a > > > > supported wifi-card (often built-in in laptops, or bought for ca > > 20usd) you > > > > have a complete tool for capture and cracking, out of box. > > > > If you compare that with this project, the cracking/decoding is > > just half > > > > the part, you still need expensive hardware to capture the > > traffic. But > > > > sure, if the tool is well made, its just a matter of money. > > > > So if I understand everything correctly, what you need (in > > hardware) to > > > > CAPTURE somebody's phone-call is: > > > > USRP > > > > Daughterboard > > > > Some antenna > > > > +Software of course > > > > 700USD+150USD+35USD = 885USD > > > > (http://www.ettus.com/order) > > > > > > > > Or am I missing something? > > > > > > > > On Fri, Jan 1, 2010 at 21:05, Fabio Pietrosanti (naif) < > > > > [email protected]> wrote: > > > > > > > > > Hi all, > > > > > > > > > > this is a provocative email. > > > > > > > > > > IMHO we need "practical", really practical ability for hackers > > to > > > > > "easily" make gsm hacking and gsm interception. > > > > > > > > > > We need something like aircrack-ng for WiFi, we need that > > anyone with > > > > > basic knowledge and not that big costs could start playing and > > hacking > > > > > gsm. > > > > > > > > > > Why? > > > > > > > > > > Because if we don't reach that goal the problem will be always > > there, > > > > > GSM equipment is not going to be replaced easily. > > > > > > > > > > What's already happened with other technologies like 802.11/WEP? > > > > > > > > > > Until well known, cheap and easy to use attack tools was > > diffused the > > > > > industry did not reacted by making WPA1, WPA2 and working on > > security > > > > > awareness. > > > > > > > > > > The real sense of full disclosure is this. > > > > > > > > > > GSM is sensitive, mobile voice and data interception is a strong > > > > > matter and companies, governments and various agencies does > > not want > > > > > anyone being able to break it. > > > > > > > > > > The interception tool exists. > > > > > > > > > > But they costs a lot of money (200-600k) and officially can be > > brought > > > > > only by governments (even if most private agencies have it...). > > > > > So only private spies, organized crimes, law enforcement, secret > > > > > services and military can use it. > > > > > > > > > > And the general feeling of the man walking the street is that > > "calls > > > > > and data are secure". > > > > > Because they don't feel the risk, a real risk for the system, > > for the > > > > > economy, for the industry, for the democracy itself. > > > > > > > > > > If people does not "taste" the risk, they will not react. > > > > > > > > > > Is the "public" is not *strongly aware* about the problem, then > > > > > problem for them DOES NOT EXISTS (like has been done in past > > 15 years). > > > > > > > > > > Mobile networks are building block of the information society, > > and > > > > > information society is the building block of the information and > > > > > services economy where we live. > > > > > > > > > > All past GSM hacking attempt got serious attention from > > authorities > > > > > and big lobbies, there was always "legal" problem and > > "pressure" on > > > > > the project founders. > > > > > > > > > > I think we should think about it seriously, Karsten also told in > > > > > various talk about such kind of "pressure". > > > > > > > > > > The project should probably increase it's resilience to possible > > > > > attacks to the project itself, with the creation of always up- > > to-date > > > > > mirror of the informations and development environment, > > sharing of > > > > > mailing lists subscribers to always keep the community > > up&running. > > > > > > > > > > Then on top of that framework it would be fine to get some > > financing > > > > > for additional development and refinement and eventually even > > build > > > > > some business around it to make it economically sustainable > > and reach > > > > > the "point-click-sniff" tool. > > > > > > > > > > It's a very difficult step but if we want to really change the > > > > > landscape of the mobile security we should reach a level that > > will > > > > > "force" the industry to upgrade or when not possible to > > explicitly do > > > > > awareness about the risk. > > > > > > > > > > On Windows Vista if i connect to an open wifi network i > > receive the > > > > > advice that the network is insecure and someone could sniff > > the traffic. > > > > > > > > > > Well, let's force them to do awareness on the users if the > > don't want > > > > > to upgrade, users should always know what they are using and > > what are > > > > > their risks. > > > > > > > > > > Telecommunication companies account 3 quarter of the european > > high > > > > > yield bonds ( > http://www.cadwalader.com/assets/article/HighYieldBondMk.pdf > > > > > ), they are plenty of debt to invest in selling dumb sing and > > logos > > > > > for mobile, restricting network neutrality of the internet and > > a lot > > > > > of very nasty and lobbystic stuff. > > > > > > > > > > > > > > > I would like to see them to invest more in securing the > > information > > > > > society, that is the foundation of their business required to > > sustain > > > > > their debt. > > > > > > > > > > Let's do everything to make the project reach a "point-click- > > sniff" > > > > > tool, at least on software side. > > > > > > > > > > Let's release everything, with very precise documentation, so > > privacy > > > > > activists can demonstrate the risks to the masses. > > > > > Let's mirror everything across trusted networks. > > > > > Let's get public donations and private funding to carry on the > > > > > development. > > > > > Let's increase documentation and community strength to expand > > the > > > > > knowledge. > > > > > > > > > > That's my personal point of view, all you guys have made an > > excellent > > > > > job, now we should not stop. > > > > > > > > > > We should goes on, let anyone insisting on privacy activism in > > the > > > > > world, on information society right to "access" the technology > > that > > > > > demonstrate how the industry acted. > > > > > > > > > > We need more people involved that will start using the "tools" > > around > > > > > the policy and activism scene, that will make the process > > unreversible. > > > > > > > > > > Without an easy to use attack tool available for anyone that > > want to > > > > > show up which are the risks, all this effort not reach the > > result. > > > > > > > > > > Citizens and politicians will not care about it, and worst > > things will > > > > > do all the bests to say that "everything it's ok, it was just > > a fun > > > > > stuff by some bunch of young hackers!". > > > > > > > > > > Fabio > > > > > _______________________________________________ > > > > > A51 mailing list > > > > > [email protected] > > > > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > > > > > > > > > _______________________________________________ > > > > A51 mailing list > > > > [email protected] > > > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > > > _______________________________________________ > > > A51 mailing list > > > [email protected] > > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > ?Te llegan demasiados emails? Organizate con Hotmail. ?Cre? carpetas > > para todos tus correos!_______________________________________________ > > A51 mailing list > > [email protected] > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.lists.reflextor.com/pipermail/a51/attachments/20100103/d233f054/attachment.htm > > ------------------------------ > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > End of A51 Digest, Vol 8, Issue 13 > ********************************** > -- Thanks. Best Regards..... Sandeep Mishra(System Analyst, 8th Angle System) +91-9953996009
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
