Accelerate3g5 -- blobb » History » Revision 26
Revision 25 (blobb, 04/20/2017 05:46 PM) → Revision 26/153 (blobb, 04/20/2017 08:38 PM)
h1. Accelerate3g5 -- blobb h2. Summary Trying to come up with a fuzzing interface. h3. Participants * André Boddenberg (email: dr.blobb@gmail.com) h2. Details First setting up the femtocell and understand basics of UMTS communication. (almost done) (done) Collecting information e.g. slides, talks, docu about fuzzing of wireless protocols. (started) Writing some code to craft requests and run fuzz tests against subscriber. (tbd) Note: first time fuzzing. h2. Test devices TD1: Samsung Galaxy S5 Mini (G800F) OS: Lineage OS (14.1/7.1.1) BB: G800FXXU1BPC3 SIM: MicroSIM TD2: LG Nexus 5 (hammerhead) OS: Android Marshmallow (6.0) BB: M48974A-2.0.50.2.27 SIM: MicroSIM TD3: HTC One M9 OS: Android Lollipop (5.1) BB: 01.04_U11440601_71.02.50709G_F SIM: NanoSIM (cutted MicroSIM) h2. Journal _2017-03-07_ pick up package at the sysmocom office. having an informative conversation with Neels about jenkins.osmocom. _2017-03-12_ Set up wiki page. Seeing femtocell on network interface. interface and knocking ports: > 22/tcp open ssh > 8089/tcp open http > 8090/tcp open telnet > 10002/tcp open documentum (needs investigation) Compiled source as described, but couldn't configure/launch CN successfully (yet). Next time will try trying Neels' launch script and same IP range. _2017-03-15_ Reading "data sheet [overview]":http://www.ipaccess.com/uploads/wysiwyg_editor/files/2017/S8_S16-Datasheet-v1.0.pdf "data sheet [details]":https://fccid.io/pdf.php?id=1462491 about ip.access nano3G S8. Configuring femtocell via telnet (dry run). Running in HLR issue mentioned in wiki when invoking run.sh. _2017_04-02_ Lecture about Fuzzing: Talks about Fuzzing: Slides about Fuzzing: _2017-04-19_ Resolving HLR issue and set all IPs correct in *.cfg files. hNodeB connects to owmo-hnbgw, but no UE is connecting to it. Adding SIM cards to hlr.db, after creating db successfully (thanks _2017-04-20_ Corrected branches used for build e.g. vlr_3G for openbsc or old_sua (tag) for libosmo-sccp TD1 and TD2 successfully *connected* to the femtocell!!! *\o/* TD3 gets IP address but can not be called. (*TODO*: (TODO: investigate with wireshark) voice calls work (TD1->TD2, TD2->TD1). data is not working (*TODO*: make it work :) working, though... h2. Conclusions - UE's are connecting and voice calls are working :) >- network LED does not indicate whether IP has been assigned by DHCP server. >- umts LED does indicate whether cell is connected to hnbgw, etc pp.
