Hi Fabio,
On Sun, Jul 25, 2010 at 12:48:16PM +0200, Fabio Pietrosanti (naif) wrote:
> On 24/07/10 19.30, Harald Welte wrote:
> > Please focus your scarce resources where it is really needed...
> >
>
> Harald, i think that you are absolutely right however let me say that
> doing r&d in telephony it's really a pain and it's a kind of knowledge
> not very widespread into the hacking community.
yes. But like everything else in computer sciece, it's something
that everyone with a basic background in CS or EE can learn with
reasomable effort.
> If i got the point, now we are in a stage where the various technologies
> require final improvement (from networking side) and different pieces of
> various projects could be reused for such improvements, particularly for
> airprobe.
>
> From outside, trying to deal with the various projects, the feeling is
> that is still a quite disperse set of projects.
> At 1st attempt it's still quite difficult to understand which are the
> pieces of the puzzle and how to make what you want to do.
> That's not easy like playing with the WiFi hacking stuff .
Sure. But this hasn't really changed much in a number of years for now.
The various projects that form airprobe are around for 2-3 years (at least),
and none of the people who have managed to reproduce the setup have
decided to write documentation or improve the projects much.
> People will get crazy when GSM hacking will become something similar to
> WiFi hacking, in practical term, and more people involved and more
> people acquiring knowledge on that stuff but at higher level. :-)
> But security people that want to play with a51 stuff just for security
> (not being tlc protocol experts) before investing money to buy the
> hardware typically want to be sure to be able to use it.
sure, but you can just work with existing capture/sample files of GSM and
work on them. Of course you shouldn't do this on real-world data from
real-world operators - but there are more than 70 people who have bought
an inexpensive Siemens BS-11 BTS plus more people with ip.access nanoBTS
who can run OpenBSC (which has encryption + authentication support) and
establish encrypted calls on suhc a cell. Samples from that traffic
can legally be distributed without any legal issues. And everyoen can
test, play with and improve the software tools before he decides on buying
any hardware.
> From what i understood of the various pieces (pls correct me if i am wrong):
> @ OpenBTS is a BTS software hooked directly (no BSC support )with
> Asterisk for telephony service, that works with USRP1
ACK. It can be used with other USRP frontends or even other SDR with relatively
few code changes. Some of thoes changes have been posted as patches to the
list.
> @ Airprobe is GSM network sniffer whose oline documentation refer to USRP1
ACK. You can use any frontend, and you can also use it with USRP2. In fact,
you can use it with any
> @ OsmocomBB provide:
> - Baseband processor firmware including all gsm layers protocol stack
> implementation (cool!)
> - Radio driver that's compatible with certain Motorola, Sony Ericsson
> and and OpenMoko
ACK. you can use this to "run a phone" with control over all layers of
the protocol stack.
> @ OpenBSC is a Base Station Controller (BSC) to be used with BTS Siemens
> BS11 microBTS and ip.access nanoBTS and require an E1 telephony card for
> interconnection
E1 only in case of the BS11
> Do i got the point or i am missing / misunderstood something?
seems fine to me.
> So to summarize, from what i understood, to make the gsm cracking
> working in real-world environment we still miss:
>
> @ Improvement of Airprobe monitoring software (proper demodoulation) to
> stay up with recording long call and properly following channels (Part
> of it getting improved by Sascha, part by Piotr?)
ACK.
> @ A first full howto on detailed setup hw/sw instruction for a working
> setup to let ppl start with higher level hacking (should come from
> Karsten at BH next week?)
ACK
> @ A community / system for Rainbowtable distribution that can scale-up
> to hundreds of users
ACK.
> Do i understood properly or there's something else?
It might be worth publishing a summary paper that covers all the available
tools, just like your outline above.
> @ About missing code of airprobe / other tools?
> Regarding what's still missing, would it reasonable also to provide
> something bounties like "Google summer of code" for specific features /
> module?
I don't think bounties will help. There should be plenty of people with
motivation, but apparently not enough people with the combination of
available time, skill set and "self-esteem" (i.e. they can do it even
if there is no 1:1 detailed instructions they can follow)
> @ About documentation
> I am available to come for a weekend with the proper hardware (within
> Europe), together with who have the deep project knowledge prepare a
> setup from scratch, by writing in the meantime the documentation for the
> hw/sw setup for who don't know anything about the internals/details of
> the projects but want to start playing with it.
> It's summer and a weekend of hacking it's always a pleasure :-)
> That's still a critical point today imho, to let people (like me that
> know about protocols and security but are not hardcore low-level code
> hacker) start playing with it at higher level.
I'm quite sure that poeple like Karsten, Dieter and/or myself would be
available for running such a workshop (i.e. speaking at it).
Regards,
Harald
--
- Harald Welte <[email protected]> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
_______________________________________________
A51 mailing list
[email protected]
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
