GSM – Insinuator.net

February 6, 2018 by Priya Chalakkal

Hacking 101 to mobile data

Here is a short blog post that explains how you can make your own Man-in-the-Middle (MitM) setup for sniffing the traffic between a SIM card and the backend server. This is NOT a new research but I hope this will help anyone who doesn’t have a telco background to get started to play with mobile data sniffing and fake base stations. This is applicable to many scenarios today as we have so many IoT devices with SIM cards in it that connects to the backend.
In this particular case, I am explaining the simplest scenario where the SIM card is working with 2G and GPRS. You can probably expect me with more articles with 3G, 4G MitM in future. But lets stick to 2G and GPRS for now.

Continue reading “Hacking 101 to mobile data”

Events

March 1, 2017 by Hendrik Schmidt

Troopers17 GSM Network – How about your own SMPP Service?

The event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”

Breaking

July 17, 2016 by Brian Butterly

Notes on Hijacking GSM/GPRS Connections

As shown in previous blogposts we regularly work with GSM/GPRS basestations for testing devices with cellular uplinks or to simply run a private network during TROOPERS. Here the core difference between a random TROOPERS attendee and a device we want to hack is the will to join our network, or not! While at the conference we hand out own SIM cards which accept the TROOERPS GSM network as their “home network” some device need to be pushed a little bit.
Continue reading “Notes on Hijacking GSM/GPRS Connections”

Breaking

June 3, 2016 by Hendrik Schmidt

The ULIN Story

Some of you might have noticed the articles, or the leaked manual itself, about a tool called ULIN. ULIN is a “bleeding-edge spy tool” for mobile communication networks. According to the manual, it is aimed to be a surveillance software for agencies (or others with enough money) for tracking and intercepting the Voice Calls and SMS of arbitrary phones. They call this “remote recording and geolocation of mobile handsets using 2G/3G/4G networks”.
Continue reading “The ULIN Story”

Building

May 25, 2016 by Hendrik Schmidt

Some Notes on Utilizing Telco Networks for Penetration Tests

After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a modem in place like a lot of IoT devices (you know about the fridge having a GSM Modem, right?) do.
Continue reading “Some Notes on Utilizing Telco Networks for Penetration Tests”

Events

March 16, 2016 by Hendrik Schmidt

Troopers16 – GSM Network

Hello Troopers!

only a few seconds left! As a short reminder, there is a GSM network running on Troopers 2016. It should be available in the whole building. To attend the network you need to

Get a SIM Card @Troopers_Desk
Put it in your phone
Start the phone

That’s it!

You can always dial *#100# to get your phone number. All further information (and a phonebook) you’ll find on gsm.troopers.de, but here again a brief summary:

gsm.troopers.de
Phonebook
Update your name in phonebook via sending your_name to 1000
Submit tokens via sending your_token to 1111 (you must register at the terminal first)

Please note, against to our announcement, there is not Internet (GPRS) yet. Due to questions and problems, please contact Kevin Redon or Hendrik Schmidt. Have fun!

Events

March 3, 2016 by Hendrik Schmidt

Troopers16 – GSM Network

Same as last year, we will have a GSM based telephony network running at Troopers 2016. The network will be a closed network, which means it only can be used with Troopers SIM cards and between Troopers attendees only. You can use the network for

doing Voice Calls
send Short Messages (SMS)
have Internet Access
submit Challenge Tokens (see below)

Continue reading “Troopers16 – GSM Network”

Building

May 17, 2015 by Hendrik Schmidt

How to Get a BaseStation

In our talks in the past we showed what might be possible if an attacker gets access to backhaul and/or core network of a telecommunication provider. In a security analysts perspective this is really disgusting, but provider always will argument that those attack scenarios are not realistic.

Continue reading “How to Get a BaseStation”

Events

March 18, 2015 by Hendrik Schmidt

GSM@Troopers

Additionally to Wifi, Troopers is also offering a GSM network.
If you want to use it, simply ask your phone to scan for available mobile networks. There you should see the usual T-Mobile D, Vodafone.de, E-Plus, O2-de operators, but also the unusual D 23 or 262 23. Just select this one, and your are done. You also can use the Troopers SIMs which you get on the welcome desk on the ground floor.

Continue reading “GSM@Troopers”

Breaking

October 31, 2012 by Daniel Mende

Pytacle alpha1 released!

Finally it’s here!

pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB 😉 )

I’ve posted a preview before, take a look at the video to see the tool in action.

The tool is early alpha, so it’s working (for me 😉 ), but it’s neither rock stable nor packaged in any way. But still, I’ll be happy to get bug reports.

BTW, talking about Telco security: There will be another TelcoSecDay on 03/12/2013 at next year’s Troopers! We’ve already some quite interesting talks confirmed.

cheers

/daniel