Events

Advanced Security Evaluation of Network Protocols

Hi,

I’m back from London where I gave a talk about security evaluation of proprietary network protocols. I had a great time at InfoSecurity Intelligent Defence and BSides London, many thanks for inviting me and giving me the opportunity to speak to so much nice people.

Find the abstract and the download link to the slides after the break.

Continue reading “Advanced Security Evaluation of Network Protocols”

Continue reading
Breaking

Cisco Cloud Services Router 1000V and the Virtual Matryoshka

Recently we started playing around with Cisco’s virtual router, the CSR 1000V, while doing some protocol analysis. We found Cisco offering an BIN file for download (alternatively there is an ISO file which contains a GRUB boot loader and the BIN file, or an OVA file which contains a virtual machine description and the ISO file) and file(1) identifies it as DOS executable:

$ file csr1000v-universalk9.03.12.00.S.154-2.S-std.SPA.bin 
csr1000v-universalk9.03.12.00.S.154-2.S-std.SPA.bin: DOS executable (COM)

We didn’t manage to get the file running, neither in a (Free-)DOS environment, nor in a wine virtual DOS environment, except using the boot loader from the ISO file. So we became curious as for the structure and ingredients of the file.

Continue reading “Cisco Cloud Services Router 1000V and the Virtual Matryoshka”

Continue reading
Breaking

New Tool: s1ap_enum

As we continue our research in the 3GPP protocol world, there is a new tool for you to play with. It is called s1ap_enum and thats also what it does  😉

The tool itself is written in erlang, as i found no other free ASN.1 parser that is able to parse those fancy 3GPP protocol specs. It connects to an MME on sctp/36412 and tries to initiate a S1AP session by sending an S1SetupRequest PDU. To establish a S1AP session with an MME the right MCC and MNC are needed in the PLMNIdentity. The tool tries to guess the right MCC/MNC combinations. It comes with a preset of known MCC/MNC pairs from mcc-mnc.com, but can try all other combinations as well.

Download

Continue reading “New Tool: s1ap_enum”

Continue reading
Breaking

pytacle – alpha2

Its been a long time, since i released the last version of pytacle, but now the time has come. Here is alpha2 with some new features:

– Support of RTLSDR sticks
– Possibility to scan for cells around you
– Changed the code to generate real KCs (but as nobody noticed the wrong KCs i guess you were good with the others 😉

Im also planning to address hopping channels in the future, but ive not made it far enough in my DSP lecture, yet 😉

Find the new version here.
Also see this post for requirements.

cheers

/daniel

Continue reading
Breaking

BlackBerry 10 USB Modes

So we got these shiny new BlackBerry Q10 and Z10 device laying on the desk one morning. It’s my first BlackBerry, I have to admit, but never the less, the hole wushy GUI and touchy glass stuff wasn’t my main concern, instead i took a look at the stuff going on while you connect the phone (do i have to call it blackberry? its a phone, isn’t it?) to your computer.

Continue reading “BlackBerry 10 USB Modes”

Continue reading