Quick look at cheap “Magic SIM Cards”, what they do, how they do it, and the amazing graphics they use.
Using Transport Layer Security (TLS) to protect SIP traffic from modification / manipulation and guarantee message authenticity.
How the P-CSCF address is assigned to a UE in Protocol Configuration Options (PCO) during bearer establishment.
Viewing the payload of an Encapsulated Security Payload in Wireshark.
Reverse Engineering the Samsung Sysdump app to unlock IMS Debug and TCPdump functions
Unlocking the built in IMS Debugging tool in Samsung’s Sysdump Utility
Feature Update on PyHSS the Python Home Subscriber Server
Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.
Exploring the how and why of Authentication in LTE & NR networks.
Adventures in getting USIMs to use on private LTE networks.
Creating a Kamailio based SIP Honeypot
Using GeoIP2 module to trace source of traffic and use that for routing in Kamailio
The other day I got an SMS from my bank, one of the big 4 Australian Banks. BANKNAME Alert: Block placed on card ending in XXXX, for suspicious transaction at ‘THING NICK PURCHASED ONLINE’ for $29.00 at 13:56. If genuine, reply ‘Yes’. If Fraud, reply ‘No’. SMS from bank They’d detected possible fraud on my […]
We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management […]
We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers. Those functions are done “in the clear” meaning anyone listening can get a copy of the data transmitted, and responses could be spoofed or faked. To prevent this, we want to ensure the data is ciphered (encrypted) […]
How LTE Subscriber authenticate the network
Contents of a USIM, fields & their meanings and basics of EUTRAN authentication.
Hash Tables (HTable) – Lightning fast small databases used in Kamailio for anything you can imagine.
Who is calling?
Using Kamailio’s Permissions module to implement basic ACL functionality.