ph-neutral header
welcome talks guest_info party history imprint darklab phenoelit twist4

OsmocomBB: Sending arbitrary protocol data to GSM networks

Abstract

So far, lower-level protocol attacks against GSM networks were not feasible due to lack of a usable simple GSM "transceiver": Something that implements the physical layer operations like [de]modulation, [de]scrambling, [de]multiplexing, but provides the ability to send and receive raw data at the lowest possible layer in the protocol stack.

In January 2010, after working about 18 months on a network-side GSM protocol implementation OpenBSC, the speaker has started a project to write a custom open source firmware for GSM baseband processors called OsmocomBB. Using this software, it is possible to turn innocent mobile phones into a protocol and protocol security analysis tool.

Suddenly, you can send hand-crafted packets on all the various GSM protocol layers, and thus target all functional elements in a GSM network: Base Transceiver Sation, Base Station Controller, Mobile Switching Center, ...

References: http://bb.osmocom.org/ http://laforge.gnumonks.org/papers/gsm_phone-anatomy-latest.pdf http://openbsc.gnumonks.org/

Harald Welte