Accelerate3g5 -- blobb » History » Version 25
blobb, 04/20/2017 05:46 PM
1 | 1 | blobb | h1. Accelerate3g5 -- blobb |
---|---|---|---|
2 | 2 | blobb | |
3 | h2. Summary |
||
4 | |||
5 | 3 | blobb | Trying to come up with a fuzzing interface. |
6 | |||
7 | 2 | blobb | h3. Participants |
8 | |||
9 | * André Boddenberg (email: dr.blobb@gmail.com) |
||
10 | |||
11 | h2. Details |
||
12 | 3 | blobb | |
13 | 25 | blobb | First setting up the femtocell and understand basics of UMTS communication. (done) |
14 | Collecting information e.g. slides, talks, docu about fuzzing of wireless protocols. (started) |
||
15 | Writing some code to craft requests and run fuzz tests against subscriber. (tbd) |
||
16 | 1 | blobb | |
17 | Note: first time fuzzing. |
||
18 | |||
19 | 25 | blobb | h2. Test devices |
20 | |||
21 | TD1: Samsung Galaxy S5 Mini (G800F) |
||
22 | OS: Lineage OS (14.1/7.1.1) |
||
23 | BB: G800FXXU1BPC3 |
||
24 | SIM: MicroSIM |
||
25 | |||
26 | TD2: LG Nexus 5 (hammerhead) |
||
27 | OS: Android Marshmallow (6.0) |
||
28 | BB: M48974A-2.0.50.2.27 |
||
29 | SIM: MicroSIM |
||
30 | |||
31 | TD3: HTC One M9 |
||
32 | OS: Android Lollipop (5.1) |
||
33 | BB: 01.04_U11440601_71.02.50709G_F |
||
34 | SIM: NanoSIM (cutted MicroSIM) |
||
35 | |||
36 | |||
37 | 7 | blobb | h2. Journal |
38 | |||
39 | _2017-03-07_ |
||
40 | 2 | blobb | pick up package at the sysmocom office. |
41 | 10 | blobb | having an informative conversation with Neels about jenkins.osmocom. |
42 | 8 | blobb | |
43 | 11 | blobb | _2017-03-12_ |
44 | 8 | blobb | Set up wiki page. |
45 | 7 | blobb | Seeing femtocell on network interface and knocking ports: |
46 | |||
47 | 8 | blobb | > 22/tcp open ssh |
48 | 1 | blobb | > 8089/tcp open http |
49 | 10 | blobb | > 8090/tcp open telnet |
50 | 20 | blobb | > 10002/tcp open documentum (needs investigation) |
51 | 12 | blobb | |
52 | Compiled source as described, but couldn't configure/launch CN successfully (yet). |
||
53 | Next time trying Neels' launch script and same IP range. |
||
54 | 1 | blobb | |
55 | _2017-03-15_ |
||
56 | Reading "data sheet [overview]":http://www.ipaccess.com/uploads/wysiwyg_editor/files/2017/S8_S16-Datasheet-v1.0.pdf "data sheet [details]":https://fccid.io/pdf.php?id=1462491 about ip.access nano3G S8. |
||
57 | Configuring femtocell via telnet (dry run). |
||
58 | Running in HLR issue mentioned in wiki when invoking run.sh. |
||
59 | |||
60 | _2017-04-19_ |
||
61 | 25 | blobb | Resolving HLR issue and set all IPs correct in *.cfg files. |
62 | hNodeB connects to owmo-hnbgw, but no UE is connecting to it. |
||
63 | Adding SIM cards to hlr.db, after creating db successfully (thanks |
||
64 | 1 | blobb | |
65 | _2017-04-20_ |
||
66 | 25 | blobb | Corrected branches used for build e.g. vlr_3G for openbsc or old_sua (tag) for libosmo-sccp |
67 | TD1 and TD2 successfully *connected* to the femtocell!!! *\o/* |
||
68 | TD3 gets IP address but can not be called. (TODO: investigate with wireshark) |
||
69 | voice calls work (TD1->TD2, TD2->TD1). |
||
70 | data is not working, though... |
||
71 | 24 | blobb | |
72 | 7 | blobb | |
73 | 24 | blobb | h2. Conclusions |
74 | 1 | blobb | |
75 | 25 | blobb | - UE's are connecting and voice calls are working :) |
76 | >- network LED does not indicate whether IP has been assigned by DHCP server. |
||
77 | >- umts LED does indicate whether cell is connected to hnbgw, etc pp. |