Category: Security

16 in 1 Magic SIM Card Revisited

Post author By Nick
Post date 11/04/2020
No Comments on 16 in 1 Magic SIM Card Revisited

Quick look at cheap “Magic SIM Cards”, what they do, how they do it, and the amazing graphics they use.

Tags GSM, SIM, UCCID

Kamailio Security Voice over IP

Kamailio Bytes – SIP over TLS (SIPS)

Post author By Nick
Post date 23/02/2020
No Comments on Kamailio Bytes – SIP over TLS (SIPS)

Using Transport Layer Security (TLS) to protect SIP traffic from modification / manipulation and guarantee message authenticity.

Tags Kamailio, Kamailio Bytes, LTS, SIP, VoIP

EPC EUTRAN LTE Security Voice over IP

VoLTE / IMS – P-CSCF Assignment

Post author By Nick
Post date 08/02/2020
No Comments on VoLTE / IMS – P-CSCF Assignment

How the P-CSCF address is assigned to a UE in Protocol Configuration Options (PCO) during bearer establishment.

Tags IMS, P-CSCF, PCO, Protocol Configuration Options, VoIP, VoLTE

EPC EUTRAN LTE Security Voice over IP

Using Wireshark to peer inside IPsec ESP VoLTE data from the P-CSCF

Post author By Nick
Post date 04/01/2020
No Comments on Using Wireshark to peer inside IPsec ESP VoLTE data from the P-CSCF

Viewing the payload of an Encapsulated Security Payload in Wireshark.

Tags ESP, IPsec, P-CSCF, PCAP, SIP, VoIP, VoLTE, Wireshark

Security Software

Reverse Engineering Samsung Sysdump Utils to Unlock IMS Debug & TCPdump on Samsung Phones

Post author By Nick
Post date 15/12/2019
2 Comments on Reverse Engineering Samsung Sysdump Utils to Unlock IMS Debug & TCPdump on Samsung Phones

OTP Authentication required to unlock IMS Debugging and TCPDUMP on Samsung Sysdump tool

Reverse Engineering the Samsung Sysdump app to unlock IMS Debug and TCPdump functions

Tags IMS, OTP, Samsung, SysDebug, VoLTE

EPC EUTRAN LTE Mobile Networks Security Software Voice over IP

VoLTE/IMS Debugging on Samsung Handsets using Sysdump & Samsung IMS Logger

Post author By Nick
Post date 14/12/2019
No Comments on VoLTE/IMS Debugging on Samsung Handsets using Sysdump & Samsung IMS Logger

Samsung-Sysdump-IMS-Debug-DM-View_Cropped

Unlocking the built in IMS Debugging tool in Samsung’s Sysdump Utility

Tags Debug, IMS, LTE, OTP, PCAP, Samsung, SysDebug, tcpdump, VoLTE

EPC EUTRAN LTE Python RFCs & Standards Security Software

PyHSS Update – MongoDB Backend & SQN Resync

Post author By Nick
Post date 24/11/2019
No Comments on PyHSS Update – MongoDB Backend & SQN Resync

Feature Update on PyHSS the Python Home Subscriber Server

Tags Diameter, HSS, PyHSS, Python

EPC EUTRAN GSM LTE Mobile Networks RFCs & Standards Security

Querying Auth Credentials from USIM/SIM cards

Post author By Nick
Post date 23/11/2019
No Comments on Querying Auth Credentials from USIM/SIM cards

Authentication Vectors and Key Distribution in LTE

Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.

Tags Authentication, Diameter, EUTRAN, HSS, LTE, SIM, USIM, XRES

EPC EUTRAN LTE Mobile Networks RF Security

HSS & USIM Authentication in LTE/NR (4G & 5G)

Post author By Nick
Post date 17/11/2019
2 Comments on HSS & USIM Authentication in LTE/NR (4G & 5G)

Information stored on USIM / SIM Card for LTE / EUTRAN / EPC - K key, OP/OPc key and SQN Sequence Number

Exploring the how and why of Authentication in LTE & NR networks.

Tags Authentication, AUTN, EUTRAN, HSS, K, LTE, OPc, PyHSS, RES, USIM, XRES

EPC EUTRAN LTE Mobile Networks Security

Roll your own USIMs for Private LTE Networks

Post author By Nick
Post date 03/11/2019
1 Comment on Roll your own USIMs for Private LTE Networks

Adventures in getting USIMs to use on private LTE networks.

Tags Authentication, EPC, IMSI, K, LTE, OPc, RAN, SIM, USIM

Kamailio Security Voice over IP

Kamailio Use Case – SIP Honeypot with SQL Database

Post author By Nick
Post date 24/08/2019
No Comments on Kamailio Use Case – SIP Honeypot with SQL Database

Creating a Kamailio based SIP Honeypot

Tags Kamailio, Kamailio Bytes, Kamailio Honeypot, SIP, VoIP

Kamailio Security Software Voice over IP

Kamailio Bytes – Geoip2

Using GeoIP2 module to trace source of traffic and use that for routing in Kamailio

Tags GeoIP, GeoIP2, Kamailio, Kamailio Bytes, SIP, VoIP

Australian Telco Security

The other day I got an SMS from my bank, one of the big 4 Australian Banks. BANKNAME Alert: Block placed on card ending in XXXX, for suspicious transaction at ‘THING NICK PURCHASED ONLINE’ for $29.00 at 13:56. If genuine, reply ‘Yes’. If Fraud, reply ‘No’. SMS from bank They’d detected possible fraud on my […]

Tags Security, SMS

LTE Mobile Networks RF RFCs & Standards Security

LTE (4G) – EUTRAN – Key Distribution and Hierarchy

Post author By Nick
Post date 17/05/2019
No Comments on LTE (4G) – EUTRAN – Key Distribution and Hierarchy

We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management […]

Tags EUTRAN, Keys, LTE, MAC, RAN

LTE Mobile Networks RF RFCs & Standards Security

LTE (4G) – Ciphering & Integrity of Messages

Post author By Nick
Post date 16/05/2019
No Comments on LTE (4G) – Ciphering & Integrity of Messages

We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers. Those functions are done “in the clear” meaning anyone listening can get a copy of the data transmitted, and responses could be spoofed or faked. To prevent this, we want to ensure the data is ciphered (encrypted) […]