GSM Debugging Karsten Nohl, nohl@srlabs.de Karsten Nohl, - - PowerPoint PPT Presentation

gsm debugging
SMART_READER_LITE
LIVE PREVIEW

GSM Debugging Karsten Nohl, nohl@srlabs.de Karsten Nohl, - - PowerPoint PPT Presentation

Apr 03, 2024 871 likes •1.07k views

GSM Debugging Karsten Nohl, nohl@srlabs.de Karsten Nohl, nohl@srlabs.de Dieter Spaar, spaar@mirider.augusta.de Dieter Spaar, spaar@mirider.augusta.de Industry responds to GSM cracking attempts by creating new challenges the GSM call has

slide-1
SLIDE 1

GSM Debugging

Karsten Nohl, nohl@srlabs.de Dieter Spaar, spaar@mirider.augusta.de Karsten Nohl, nohl@srlabs.de Dieter Spaar, spaar@mirider.augusta.de

slide-2
SLIDE 2

Industry responds to GSM cracking attempts by creating new challenges

“ the GSM call has to be identified and recorded from the radio interface. [] we strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data.”

– GSMA, Aug.‘09

This talk demonstrates signal processing software to decode GSM uplink and downlink signals

Source: GSMA press statement

slide-3
SLIDE 3

Agenda

  • GSM communication basics
  • Downlink sniffing: It works!
  • Uplink sniffing: Getting close
slide-4
SLIDE 4

GSM calls are transmitted encrypted over unpredictable frequencies

Beacon channel Phone, are you here? Ok, switch channel Yes, I am Control channel You are being called Start encryp- tion OK Switch to hopping channels OK Voice Voice Voice Voice Voice Voice Voice Voice Traffic channel Encrypted Unpredictable hopping Down- link Uplink

slide-5
SLIDE 5

GSM spectrum is divided by operators and cells

Cell allocations an hopping sequences should be spread

  • ver the available

spectrum for noise resistance and increased sniffing efforts 960 MHz 925 MHz Downlink GSM 900 brand Operator allocation One cell allocation Channels of

  • ne call

Uplink 915 MHz 880 MHz

slide-6
SLIDE 6

GSM debugging tools have vastly different sepctrum coverage

GSM 900 band Channels of

  • ne call

GSM debugging tools [sniffing bandwidth] Commercial FPGA board [50 MHz] USRP-2 [20MHz] USRP-1 [8MHz] OsmocomBB [200 kHz] Focus of this talk Downlink Uplink Frequency coverage

slide-7
SLIDE 7

Agenda

  • GSM communication basics
  • Downlink sniffing: It works!
  • Uplink sniffing: Getting close
slide-8
SLIDE 8

Demo: Downlink sniffing.

slide-9
SLIDE 9

Open source components fit together in debugging GSM calls

GnuRadio records data from air Airprobe parses con- trol data Kraken cracks A5/1 key Airprobe decodes voice Requires

  • Software radio, ie. USRP
  • Recommended for uplink:

BURX board Requires

  • 2TB of rainbow tables
  • CPU or ATI graphics card
  • SSD/RAID for fast cracking

8

slide-10
SLIDE 10

Agenda

  • GSM communication basics
  • Downlink sniffing: It works!
  • Uplink sniffing: Getting close
slide-11
SLIDE 11

Downstream can be recorded from large distances

Uplink recor- ding range: 100-300m Downlink recor- ding range: 5 – 35km

10

  • Uplink is 10-30dB weaker than downlink
  • Handset is typically in a much less

“radio visible” position

slide-12
SLIDE 12

Uplink sniffing is a challenging RF problem

Uplink complications

  • Lower sending power

strength than downlink

  • Phones are hidden in

buildings or in street gutter

  • The phone varies its send

power to save on battery

  • Phone might move causing

varying signal strength

Weaker signal with higher variability

slide-13
SLIDE 13

USRP+Airprobe provide the base for an open source uplink sniffer

Sniffed with USRP-1 and two daughter- boards for uplink / downlink

slide-14
SLIDE 14

Demo: Uplink sniffing.

slide-15
SLIDE 15

Engineering challenges remain towards reliable uplink sniffing

  • Synchronization between uplink and downlink in Airprobe is not

yet reliable (work in progress)

  • Planned enhancements:
  • 1. Better demodulation algorithm
  • 2. Support for hopping channels
  • There is plenty to do—Your chance to start contributing to the

growing pool of GSM tools!

slide-16
SLIDE 16

Demo: Key cracking.

slide-17
SLIDE 17

Randomized padding would mitigate attack potential

Trace of SDCCH downlink 238530 03 20 0d 06 35 11 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 238581 03 42 45 13 05 1e 02 ea 81 5c 08 11 80 94 03 98 93 92 69 81 2b 2b 2b 238613 00 00 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 00 00 00 00 00 00 00 00 238632 01 61 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 238683 01 81 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 238715 00 00 03 03 49 06 06 70 00 00 00 00 00 04 15 50 10 00 00 00 00 0a a8 238734 03 84 21 06 2e 0d 02 d5 00 63 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 238785 03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b Randomization was specified in 2008 (TS44.006) and should be implemented with high priority Padding in GSM has traditionally been predictable (2B) Every byte of randomized padding increasing attack cost by two orders of magnitude! Additionally needed: randomi- zation of system information msg.

16

slide-18
SLIDE 18

Open research into GSM security grows exponentially and so will the attacks

CryptoPhone et al.: End-to-end encryption on phones OpenBTS: Full base station emulation OpenBSC: Controller for base stations GSM Security Project: A5/1 decrypt tool HLR tracking of phone users 2006 ‘07 ‘08 ‘09 ‘10 ‘11 ‘ 12 OsmoconBB: phone firmware $YOUR_PROJECT

slide-19
SLIDE 19

Questions?

Karsten Nohl nohl@srlabs.de Dieter Spaar spaar@mirider.augusta.de Airprobe, Kraken srlabs.de GSM project supported by