Differences

This shows you the differences between two versions of the page.

--- project:gsm [2015/12/17 21:15] – jenda
+++ project:gsm:start [2016/11/28 02:38] (current) – ruza
@@ Line 1: / Line 1: @@
+====== GSM ======
+{{template>:project:infobox|
+name=GSM|
+image=GSMLogo.png?200|
+sw=|
+founder=|
+interested=[[user:biiter]]\\ [[user:b00lean]]\\ [[user:ruza]]\\ [[user:sargon]]\\ [[user:niekt0]]\\ [[user:sysop]]\\ [[user:Plnt]]\\ [[user:kxt]]\\ [[user:lui]]\\ [[user:lukash]]\\ [[user:stick]]|
+status=active}}
+~~META:
+status = active
+&relation firstimage = :project:GSMLogo.png
+~~
+The aim of this project is to develop a GSM sniffer and tools for key recovery.
+Project highlights: OpenCL A5/1 cracker and statistical keystream guesser capable of cracking the key in several seconds and 99% probability on an insecure network and in several minutes on a secure network with ~30% probability.
+Project status:
+  * [[project:gsm:shield|Multichannel sniffer]] using FT4232 and 8 OsmocomBB phones controlled by Arduino. This does not seem to be an optimal choice today, a SDR and software demodulation would be much better. The sniffer was designed in 2011 before SDRs became widely available.
+  * [[project:gsm:deka:start|A5/1 cracker]] written in OpenCL. Works.
+  * [[http://nat.brmlab.cz/kraken-idx/brm_krakenko_misc.tgz|GSM stack]] with [[project:gsm:gsmstack-doc|outdated and deficient documentation]] with lots of great features, but unmaintained and broken.
+  * [[user:jenda:gsm|GSM stack fork]] with documentation and without lots of great features, but working.
+  * [[project:gsm:guesser]]
+{{ :project:gsm:gsmstack.png?direct&400 |}}
+Missing parts:
+  * UI that won't require excessive shell magic.
+  * SDR-based sniffer capable of recording adjacent channels and decoding phonecalls after the key is cracked.
+  * Statistical guesser using SI5/5ter/6 messages less stupidly than "we pipe them to the cracker and hope some will be solved".
+===== References =====
+  * http://bb.osmocom.org/trac/wiki/GettingStarted
+  * [[http://gnuradio.org/redmine/wiki/1/OpenBTS|OpenBTS homepage]]
+  * [[http://www.ettus.com/|Ettus Research LLC]]
+  * [[http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html|25C3 Running your own GSM network]]
+  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html|26C3 GSM: SRSLY?]]
+  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3608.en.html|26C3 Playing with the GSM RF Interface]]
+  * [[http://events.ccc.de/congress/2009/Fahrplan/events/3535.en.html|26C3 Using OpenBSC for fuzzing of GSM handsets]]
+  * [[http://bb.osmocom.org/trac/|Free Software GSM Baseband software implementation]]
+  * http://srlabs.de/research/decrypting_gsm/
+  * [[http://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf|27c3: Wideband GSM Sniffing]]
+   {{youtube>lsIriAdbttc}}
+  * [[http://www.gsmweb.cz/|usefull info about GSM and UMTS stations]]
+  * [[http://www.gsmweb.cz/mapa/| GSMweb Map site]]
+  * [[http://students.ee.sun.ac.za/~gshmaritz/gsmfordummies/intro.shtml|GSM For Dummies :)]]
+  * [[http://radio.feld.cvut.cz/personal/mikulak/MK/|predmet Mobilni komunikace @ CVUT]]
+  * [[http://www.avc-cvut.cz/avc.php?id=2243|Zaznam prednasok mobilni komunikace]]
+  * https://svn.berlin.ccc.de/projects/airprobe/wiki/DeCryption
+  * https://svn.berlin.ccc.de/projects/airprobe/wiki/OTA
+  * https://svn.berlin.ccc.de/projects/airprobe/wiki/simreader