summaryrefslogtreecommitdiff
path: root/2009/airprobe-har2009
diff options
context:
space:
mode:
Diffstat (limited to '2009/airprobe-har2009')
-rw-r--r--2009/airprobe-har2009/airprobe.mgp176
-rw-r--r--2009/airprobe-har2009/default.mgp21
2 files changed, 197 insertions, 0 deletions
diff --git a/2009/airprobe-har2009/airprobe.mgp b/2009/airprobe-har2009/airprobe.mgp
new file mode 100644
index 0000000..ab4d6c0
--- /dev/null
+++ b/2009/airprobe-har2009/airprobe.mgp
@@ -0,0 +1,176 @@
+%include "default.mgp"
+%default 1 bgrad
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+%nodefault
+%back "blue"
+
+%center
+%size 7
+
+Airprobe
+
+%size 5
+Monitoring GSM traffic
+with USRP
+
+%center
+%size 4
+by
+
+Harald Welte <laforge@gnumonks.org>
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Why?
+
+
+Why would you monitor GSM traffic
+ For the same reason you might monitor other networks
+ To learn and experiment with technology
+ To boldly go where no [free] man has gone before ;)
+ Practical demonstration of known GSM security problems
+ Raise public awareness abut GSM [in]security
+ thus increase the incentive for the market to improve
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Legal Disclaimer
+
+
+Legal Disclaimer
+ Don't try this with public networks!
+ GSM operates on LICENSED spectrum
+ Most countries have telecommunications privacy laws!
+ Only capture/mointor/analyze traffic of your own networks
+ The software is strictly for research purpose only
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Airprobe.org
+
+
+What is airprobe.org?
+ A platform for various GSM protocol decoding software
+ Including web site, wiki, mailing list, git repository
+ Formed by people who first met at the THC GSM list
+ Now hosted by the Chaos Computer Club
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Airprobe.org
+
+What is our goal?
+ To produce a 100% open source GSM protocol decoder
+ using gnuradio Software Defined Radio (SDR)
+ GSM layer 1 demodulation / decode
+ GSM TDMA demultiplex
+ recombining bursts into mac blocks
+ handing off mac blocks to protocol analyzer like wireshark
+ implement missing dissectors in wireshark
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+What's SDR?
+
+
+ Software defined radio
+ a modern technique where analog hardware is replaced by software
+ digital signal processing replaces analog electronics
+ Variants
+ directly capturing carrier frequency with ADC
+ expensive, only for low/medium carrier frequencies
+ very high computing power required
+ replaces all analog parts by digital parts
+ downconverting before ADC using analogue mixer
+ most commonly found SDR variant today
+ replaces only detection/demodulation/synchronization
+ demodulating in hardware and using ADC for baseband
+ not really SDR, more like traditional analogue receiver
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+What's gnuradio?
+
+ gnuradio is
+ a GPL licensed FOSS project for SDR
+ for general-purpose PC rather than special DSP
+ implements building blocks like filters, demodulators, fft
+ uses python scripts to glue bulding blocks together
+ portable, runs on Linux/BSD/MacOS/Windows
+ supports different SDR and data acquisition hardware
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+What's the USRP?
+
+ USRP is
+ Universal Software Radio Peripheral
+ A open hardware project for SDR hardware
+ provides the ideal companion for gnuradio
+ modular mainboard with FPGA and ADC/DAC
+ pluggable Rx and Tx frontends
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Using USRP for GSM
+
+ USRP mainboard with one of the following frontends
+ USRP RFX900 frontend for GSM 850/900
+ USRP RFX1800 frontend for GSM 1800/1900
+ DBSRX frontend for GSM 850/900/1800/1900
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Airprobe.org software
+
+ gsmsp
+ gssm
+ the two early implementations by Joshua Lockey
+ considered alpha-level, many receive errors even with good signal
+ gsm-tvoid
+ For a long time the best decoder by tvoid
+ very comfortable UI
+ gsm-receiver
+ Latest GSM decoder by Piotr Krysik
+ much better decoding
+ gsmdecode
+ GSM layer2+ decoder from hex bytes to human readable
+ gsmstack
+ GSM MAC layer from demodulated bits to MAC blocks
+ A5.1
+ A5/1 algorithm in C, MyHDL, CUDA and Verilog
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Thanks
+
+
+Thanks to
+ zecke, alphaone, Stefan, Jan for their work on OpenBSC
+ W. for his extensive A-bis protocol traces and MA-10
+ Dieter Spaar for his most excellent input
+ Karsten Keil for mISDN
+ Andreas Eversberg for LCR interface and HFC-E1 driver
+ Stichting Hxx for getting the license
+ all the voluntary testers at HAR2009
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+Monitoring GSM traffic
+Live Demo
+
+
+LIVE DEMO
diff --git a/2009/airprobe-har2009/default.mgp b/2009/airprobe-har2009/default.mgp
new file mode 100644
index 0000000..a0fcfc2
--- /dev/null
+++ b/2009/airprobe-har2009/default.mgp
@@ -0,0 +1,21 @@
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% This default.mgp is "Xft2" oriented.
+%deffont "standard" xfont "serif"
+%deffont "thick" xfont "sans-serif"
+%deffont "typewriter" xfont "monospace"
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Default settings per each line numbers.
+%%
+%default 1 area 90 90, leftfill, size 2, fore "white", back "black", font "thick"
+%default 2 size 7, vgap 10, prefix " "
+%default 3 size 2, bar "gray70", vgap 10
+%default 4 size 5, fore "white", vgap 30, prefix " ", font "standard"
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Default settings that are applied to TAB-indented lines.
+%%
+%tab 1 size 5, vgap 40, prefix " ", icon box "green" 50
+%tab 2 size 4, vgap 40, prefix " ", icon arc "yellow" 50
+%tab 3 size 3, vgap 40, prefix " ", icon delta3 "white" 40
personal git repositories of Harald Welte. Your mileage may vary