Accelerate3g5 -- blobb » History » Revision 25
Revision 24 (blobb, 04/20/2017 04:48 PM) → Revision 25/153 (blobb, 04/20/2017 05:46 PM)
h1. Accelerate3g5 -- blobb h2. Summary Trying to come up with a fuzzing interface. h3. Participants * André Boddenberg (email: dr.blobb@gmail.com) h2. Details First setting up the femtocell and understand basics of UMTS communication. (done) Collecting information e.g. slides, talks, docu about fuzzing of wireless protocols. (started) Writing some code to craft requests and run fuzz tests against subscriber. (tbd) Note: first time fuzzing. h2. Test devices TD1: Samsung Galaxy S5 Mini (G800F) OS: Lineage OS (14.1/7.1.1) BB: G800FXXU1BPC3 SIM: MicroSIM TD2: LG Nexus 5 (hammerhead) OS: Android Marshmallow (6.0) BB: M48974A-2.0.50.2.27 SIM: MicroSIM TD3: HTC One M9 OS: Android Lollipop (5.1) BB: 01.04_U11440601_71.02.50709G_F SIM: NanoSIM (cutted MicroSIM) h2. Journal _2017-03-07_ pick up package at the sysmocom office. having an informative conversation with Neels about jenkins.osmocom. _2017-03-12_ Set up wiki page. Seeing femtocell on network interface and knocking ports: > 22/tcp open ssh > 8089/tcp open http > 8090/tcp open telnet > 10002/tcp open documentum (needs investigation) Compiled source as described, but couldn't configure/launch CN successfully (yet). Next time trying Neels' launch script and same IP range. Note: Feeling the need for an additional LAN port to not interfere with eth0. _2017-03-15_ Reading "data sheet [overview]":http://www.ipaccess.com/uploads/wysiwyg_editor/files/2017/S8_S16-Datasheet-v1.0.pdf "data sheet [details]":https://fccid.io/pdf.php?id=1462491 about ip.access nano3G S8. Configuring femtocell via telnet (dry run). Running in HLR issue mentioned in wiki when invoking run.sh. _2017-04-19_ Resolving resolved HLR issue and set all IPs correct in *.cfg files. hNodeB connects to owmo-hnbgw, but no UE is connecting to it. Adding SIM cards to hlr.db, after creating db successfully (thanks phone connects. _2017-04-20_ Corrected branches used for build e.g. vlr_3G for openbsc or old_sua (tag) for libosmo-sccp TD1 and TD2 successfully *connected* connected to the femtocell!!! *\o/* \o/ TD3 gets IP address but can not be called. (TODO: investigate with wireshark) voice calls work (TD1->TD2, TD2->TD1). call work, data is not working, though... working (wip). h2. Conclusions - UE's are connecting and voice calls are working :) >- network LED does not indicate whether IP has been assigned by DHCP server. >- - umts LED does indicate whether cell is connected to hnbgw, etc pp.
