====== GSM ======
{{template>:project:infobox|
name=GSM|
image=GSMLogo.png?200|
sw=|
founder=|
interested=[[user:biiter]]\\ [[user:b00lean]]\\ [[user:ruza]]\\ [[user:sargon]]\\ [[user:niekt0]]\\ [[user:sysop]]\\ [[user:Plnt]]\\ [[user:kxt]]\\ [[user:lui]]\\ [[user:lukash]]\\ [[user:stick]]|
status=active}}

~~META:
status = active
&relation firstimage = :project:GSMLogo.png
~~

The aim of this project is to develop a GSM sniffer and tools for key recovery.

Project highlights: OpenCL A5/1 cracker and statistical keystream guesser capable of cracking the key in several seconds and 99% probability on an insecure network and in several minutes on a secure network with ~30% probability.

Project status:
  * [[project:gsm:shield|Multichannel sniffer]] using FT4232 and 8 OsmocomBB phones controlled by Arduino. This does not seem to be an optimal choice today, a SDR and software demodulation would be much better. The sniffer was designed in 2011 before SDRs became widely available.
  * [[project:gsm:deka:start|A5/1 cracker]] written in OpenCL. Works.
  * [[http://nat.brmlab.cz/kraken-idx/brm_krakenko_misc.tgz|GSM stack]] with [[project:gsm:gsmstack-doc|outdated and deficient documentation]] with lots of great features, but unmaintained and broken.
  * [[user:jenda:gsm|GSM stack fork]] with documentation and without lots of great features, but working.
  * [[project:gsm:guesser]]

{{ :project:gsm:gsmstack.png?direct&400 |}}

Missing parts:
  * UI that won't require excessive shell magic.
  * SDR-based sniffer capable of recording adjacent channels and decoding phonecalls after the key is cracked.
  * Statistical guesser using SI5/5ter/6 messages less stupidly than "we pipe them to the cracker and hope some will be solved".


===== References =====

  * http://bb.osmocom.org/trac/wiki/GettingStarted
  * [[http://gnuradio.org/redmine/wiki/1/OpenBTS|OpenBTS homepage]]
  * [[http://www.ettus.com/|Ettus Research LLC]]
  * [[http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html|25C3 Running your own GSM network]]
  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html|26C3 GSM: SRSLY?]]
  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3608.en.html|26C3 Playing with the GSM RF Interface]]
  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3535.en.html|26C3 Using OpenBSC for fuzzing of GSM handsets]]
  * [[http://bb.osmocom.org/trac/|Free Software GSM Baseband software implementation]]
  * http://srlabs.de/research/decrypting_gsm/
  * [[http://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf|27c3: Wideband GSM Sniffing]]
   {{youtube>lsIriAdbttc}}
  * [[http://www.gsmweb.cz/|usefull info about GSM and UMTS stations]]
  * [[http://www.gsmweb.cz/mapa/| GSMweb Map site]]
  * [[http://students.ee.sun.ac.za/~gshmaritz/gsmfordummies/intro.shtml|GSM For Dummies :)]]
  * [[http://radio.feld.cvut.cz/personal/mikulak/MK/|predmet Mobilni komunikace @ CVUT]]
  * [[http://www.avc-cvut.cz/avc.php?id=2243|Zaznam prednasok mobilni komunikace]]
  * https://svn.berlin.ccc.de/projects/airprobe/wiki/DeCryption
  * https://svn.berlin.ccc.de/projects/airprobe/wiki/OTA
  * https://svn.berlin.ccc.de/projects/airprobe/wiki/simreader