On 24/07/10 19.30, Harald Welte wrote: > Please focus your scarce resources where it is really needed... >
Harald, i think that you are absolutely right however let me say that doing r&d in telephony it's really a pain and it's a kind of knowledge not very widespread into the hacking community. Usually that's more considered like a techie stuff for TLC experts, radio frequency, difficult protocol to deal with, closed hardware, legal issues and so the environment it's still not knowledgeable enough. Few hackers i know, know what TCH or GPRS Reliability class mean. The entrance barrier (due to telco technology lobbying) to play with those stuff was very high and you and all you guys have the very great and fantastic merit to have opened this environment by providing the building-blocks of software and hardware interaction to play with it. I would like to try to summarize what i understood of the situation and status of the projects and propose some ideas. If i got the point, now we are in a stage where the various technologies require final improvement (from networking side) and different pieces of various projects could be reused for such improvements, particularly for airprobe. >From outside, trying to deal with the various projects, the feeling is that is still a quite disperse set of projects. At 1st attempt it's still quite difficult to understand which are the pieces of the puzzle and how to make what you want to do. That's not easy like playing with the WiFi hacking stuff . People will get crazy when GSM hacking will become something similar to WiFi hacking, in practical term, and more people involved and more people acquiring knowledge on that stuff but at higher level. :-) But security people that want to play with a51 stuff just for security (not being tlc protocol experts) before investing money to buy the hardware typically want to be sure to be able to use it. Still some not major but very important works (compared to previous activity) need to be done to reach that stage (i mean respect to people using it only for security playground without having to know the wide GSM protocol stacks in details). >From what i understood of the various pieces (pls correct me if i am wrong): @ OpenBTS is a BTS software hooked directly (no BSC support )with Asterisk for telephony service, that works with USRP1 @ Airprobe is GSM network sniffer whose oline documentation refer to USRP1 @ OsmocomBB provide: - Baseband processor firmware including all gsm layers protocol stack implementation (cool!) - Radio driver that's compatible with certain Motorola, Sony Ericsson and and OpenMoko @ OpenBSC is a Base Station Controller (BSC) to be used with BTS Siemens BS11 microBTS and ip.access nanoBTS and require an E1 telephony card for interconnection @ A5/1 Security project make the software for cracking by generating and using rainbow tables (recently improved by Frank Stevenson). It has been reported that it worked (with airprobe?) with two USRP2 units (but no public technical setup instruction). @ A5/1 Rainbow tables in size of 2TB are ready and already available to several people in the community Do i got the point or i am missing / misunderstood something? So to summarize, from what i understood, to make the gsm cracking working in real-world environment we still miss: @ Improvement of Airprobe monitoring software (proper demodoulation) to stay up with recording long call and properly following channels (Part of it getting improved by Sascha, part by Piotr?) @ A first full howto on detailed setup hw/sw instruction for a working setup to let ppl start with higher level hacking (should come from Karsten at BH next week?) @ A community / system for Rainbowtable distribution that can scale-up to hundreds of users Do i understood properly or there's something else? Below some ideas about that. @ About missing code of airprobe / other tools? Regarding what's still missing, would it reasonable also to provide something bounties like "Google summer of code" for specific features / module? I mean, it's true that voluntary based development it's the best things but providing some economic incentive for opensource development always help, also getting smart young ppl on-board (you do something fun and challenging and earn some money for holidays). We can arrange some fund raising to support also a bounty based development program on the projects. In past i organized oss development funding with osxcrypt.org project and in 2 days collected 1500USD among the security community. Probably we can get much more. Does this could be an approach that help? @ About documentation I am available to come for a weekend with the proper hardware (within Europe), together with who have the deep project knowledge prepare a setup from scratch, by writing in the meantime the documentation for the hw/sw setup for who don't know anything about the internals/details of the projects but want to start playing with it. It's summer and a weekend of hacking it's always a pleasure :-) That's still a critical point today imho, to let people (like me that know about protocols and security but are not hardcore low-level code hacker) start playing with it at higher level. @ About rainbow table distribution I just wrote to the guys of freerainbowtables.com for availability of hosting the tables (they are already hosting 1700GB of tables) and providing hard disk distribution like they are already doing. Let's see if they're available. Eventually we also can try to organize a "hard disk distribution process distributed". We can make a "call for hard disk distributors" to get people providing the availability to manage hard disk distribution process , at least one for each continent / country (that way we can avoid custom duties and let ppl just handle the shipping burocracy). The cost depend on the person distributing the hardisk and can be in it's own currency. Money get collected on single paypal account and then are forwarded to the distribution point chosen or payment are done directly to the distribution person paypal account, that's near to the requester to distribute the table. People buying the hard disk with tables could be invited to join the distribution network. Additionally we can make an online lists of who have the tables / where lives (city) in order also to easily provide face-to-face distribution (i am in Milan, if someone from Venice need it, probably can just get a car, come to me bringing an hard drive and start cloning it). Bittorrent is fine, but 2TB are still a lot of data to be downloaded. An hard-disk-distribution-protocol that's high-latency but an high-bandwidth along with a web tool to handle the protocol could help. I am trying to find out what can be done to provide support not being an hardcore low-level coder, also to get a big picture of the overall opensource gsm coding and hacking projects as the community is still very small and it need to grow with supporters. -naif _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
