Hi Alex, I have a couple of those femtocells (Vodafone UK SureSignal versions 1.5 and 2.0). I did some research on them abour 4-5 years ago I think. The SureSignal uses an embedded crypto chip to generate keys IIRC. I also had the chance to have a look at a rooted board for some time (it was lent to me). The THC wiki has pretty much all the info about the board. I also was not able to find any UART or serial port on it when I looked. I wanted to dump the flash but then got busy with other stuff. Maybe the debug fuses are blown in the factory as well. Anyways if you wish to do tests or try out something with the device(s) I can dig them up, they must be somewhere in my cabinet. As far as I remember though the actual femtocell implementation is a closed source binary blob, but strongswan (or maybe openswan? I cannot recall exactly) is used for the IPsec part, terefore I have a source code tree downloaded somewhere as well. Alcatel or Vodafone stayed compliant to GPL so the code was released. If only we were able to reconfigure the strongswan daemon on the device then we could connect it to your network. Provisioning of some parametere (e.g. frequency, Routing Area Code, allowed IMSIs) is done via XML files I think inside the ipsec tunnel. Now back to changing the ipsec configuration: dumping the flash and then changing the config would be a good way to do it, although that would not be a generic solution, but as a pilot it could just work. I am also not sure if there are any cryptographic signatures protecting the firmware, but I would guess probably not.
Sorry for the inconsistent rambling this email turned into, I wrote things as they surfaced from the back of my brain, hidden parts of my memory :) Cheers, Domi 2018. nov. 27. dátummal, 19:57 időpontban Alex <[email protected]> írta: > Hi, > little UP: > > Vodafone UK and other OpCo like it (VF DE and VF GR I think) made a local > femtocell network based on similar platform from ALU. > > Does anyone know something/ever tried to make something like connecting one > of these devs to osmoHNBGW or similar? > > Thank you and best regards > >> Il giorno mar 27 nov 2018 alle ore 19:56 Alex <[email protected]> ha >> scritto: >> Hi, >> thanks for the answer! >> >> This femto seems to have a discrete simcard (it has empty slot accessible >> from the external). >> >> I don't know the setup used by the original operator (TelecomItalia), >> because I bought it from ebay. >> >> I found a possible reset procedure (still to be tested), but I don't think >> it will "unlock" the board. >> Now I'm trying to find the UART on the board, but on the testpoints i only >> see "control" signals and clocks. Nothing seems to be a serial port pattern >> on my oscilloscope. >> >> On this site >> https://web.archive.org/web/20170707063235/https://wiki.thc.org/vodafone >> there are some information on a really similar cell (9361 I think) from >> Vodafone, which has a relly similar IPSEC config, but there ins't any spec. >> >> No one tried to disassemble it or do have just the serial pinout on the >> board? >> >> On the other side I've already deployed the CN part (HLR + MSC + SSGN + GSGN >> + STP + MGW + HNBGW), which seems to be fully operational, but i can't test >> without a test cell. >> I also thing the IuH protocol of this femto is little out-of-standard, but >> from ALU documentation I can't understand the differences with standard IuH. >> >> The idea is to implement ALU's IuH variant on HNBGW if i can take traces >> from a "lab" env, but without the femto it's just impossible. >> >>> Il giorno mar 27 nov 2018 alle ore 18:17 Tomcsányi, Domonkos >>> <[email protected]> ha scritto: >>> Hi Alex, >>> >>> Femtocells are provisioned with operator data - certificates/keys to be >>> able to talk to the gateway. >>> Some femtocells use EAP-SIM with an embedded SIM card, others just rely on >>> the configuration. If your femto supports a SIM card you can use a SIM card >>> with a known Ki to connect it to your gateway (strongswan I assume). >>> If however there is no SIM card support in the femtocell then you need to >>> somehow re-provision the device - probably using a proprietary software and >>> method. >>> Sorry, this is probably bad news for you. >>> >>> Kind regards, >>> Domi >>> >>> >>> 2018. nov. 27. dátummal, 9:33 időpontban Alex <[email protected]> >>> írta: >>> >>>> Hi to everyone! >>>> >>>> I'm a new member and I really appreciate the work done here! >>>> >>>> >>>> I'm trying to use Alcatel Femtocells (ALU 9361/9362/9363) with osmo-hnbgw, >>>> but I'm still blocked at the IPSEC tunnel step. >>>> >>>> I've created an IPSEC server with EAP support, but I suspect there is a >>>> problem with my self signed certificate. >>>> >>>> Probably the femtocell has an internal trusted CA which validates server >>>> certs. >>>> >>>> >>>> I din't find the console pins on the board also, so I cannot simply >>>> connect to it and have a look at the system level. >>>> >>>> >>>> Has anyone any experience with this kind of HW or just an idea about a >>>> possible work around? >>>> >>>> >>>> Thank you and best regards >>>> >>>> Alex
