Project

General

Profile

Actions


IMPORTANT NOTICE: This page contains information about a legacy version of the Osmocom software. This legacy version is no longer maintained. If you use it, don't be surprised if it doesn't work. It was your choice to ignore man-years worth of developments, improvements and fixes. Please migrate to the active/supported software (Osmocom CNI, consisting of OsmoBSC, OsmoMSC, OsmoHLR, OsmoSTP, OsmoMGW - a NITB style setup is described at Osmocom_Network_In_The_Box).


A5/x Crypto support

Prepare Simcard

The first thing we do is to prepare a MagicSim-Simcard with our own provider data. We use the utitity pysim to write the provider data to the card. Enter ./pySim.py --help to get an overview about the parameters. For now it is only importand that you keep in mind that the imsi must begin with the MCC, followed by the MNC and that the pattern in the imsi must match the parameter -x (which is the MCC) and the parameter -y (which is the MNC). You also should note the KI (opetion -k) somewhere. We need it later.

dexter@da-laptop-w3:~/pysim$ ./pySim.py -d /dev/ttyUSB2 -n openBSC -c 49 -x 001 -y 01 -i 001010000000000 -s 12345678901234567890 -k DEADBEEF0C0FFEE0F00D013370D00F23
Generated card parameters :
 > Name    : openBSC
 > SMSP    : 00495555
 > ICCID   : 12345678901234567890
 > MCC/MNC : 1/1
 > IMSI    : 010010000000000
 > Ki      : DEADBEEF0C0FFEE0F00D013370D00F23

Autodetected card type magicsim
Programming ...
Done !
dexter@da-laptop-w3:~/pysim$ 

Pysim can be downloaded at: git clone git://git.osmocom.org/pysim.git

Now it is time to test if the card basicly work. Just grap a mobile phone, insert the card. Switch the pone on the mobile pone. Than you start your network with the option -e 1 to see whats going on. Without further intervention the moile phone should login to your network. That is a sign that the simcard works and makes the pone successfully think that your testnetwork is its home network.

Note: The network was configured to accept any pone. (accept-all) We can do this safely because we operate the natwork with a dummload under controlled conditions.

The output should contain some lines like that:

<0012> db.c:613 Failed to find the Subscriber. '0' '001010000000000'
<0012> db.c:294 New Subscriber: ID 1, IMSI 001010000000000
<0012> db.c:802 Allocated extension 26056 for IMSI 001010000000000.
<0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
<0003> gsm_04_08.c:1025 CLASSMARK CHANGE CM2(len=3) CM3(len=2)
<0012> db.c:699 Sync Equipment IMEI=, classmark1=33, classmark2=33 59 80 , classmark3=60 14 
<0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
<0002> gsm_04_08.c:387 IDENTITY RESPONSE: mi_type=0x02 MI(357140011801950)
<0012> db.c:883 New Equipment: ID 1, IMEI 357140011801950
<0012> db.c:921 New [[EquipmentWatch]]: ID 1, IMSI 001010000000000, IMEI 357140011801950
<0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14 
<0012> db.c:766 Allocated TMSI 1473277565 for IMSI 001010000000000.

We see that our pone was accepted by our network. We can see our custom imsi 001010000000000. That means that the simcard parameters are correct so far.

Configure the network

Now we take a closer look to the configuration:

!
network
 network country code 1
 mobile network code 1
 short name openBSC
 long name openBSC
 timer t3101 10
 timer t3113 60
 auth policy accept-all

! Encryption settings
 encryption a5 1

In the network section we activate the encryption by adding a line "encryption a5 1" at network level. Tha 'a' of a5 must be written in lowercase. Otherwise you will get an error message.

Note: In this example "auth policy accept-all" is enabled here for debug. You should disable this when all tests are finished. Do not forget to set the authorisation flag for the subscriber.

So we try again to make sure that our changes are accepted:

<0002> gsm_04_08.c:937 LOCATION UPDATING REQUEST: mi_type=0x04 MI(1473277565) type=IMSI ATTACH 
<0012> db.c:641 Found Subscriber: ID 1, IMSI 1010000000000, NAME _, TMSI 1473277565, EXTEN '26056', LAC 1, AUTH 0
<0001> gsm_04_08.c:99 (bts 0 trx 0 ts 0 pd 05) Sending 0x18 to MS.
<0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
<0003> gsm_04_08.c:1025 CLASSMARK CHANGE CM2(len=3) CM3(len=2)
<0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14 
<0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
<0002> gsm_04_08.c:387 IDENTITY RESPONSE: mi_type=0x02 MI(357140011801950)
<0012> db.c:934 Updated [[EquipmentWatch]]: ID 1, IMSI 1010000000000, IMEI 357140011801950
<0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14 
<0002> auth.c:83 No retrievable Ki for subscriber, skipping auth<0012> db.c:766 Allocated TMSI 1347086625 for IMSI 1010000000000.
<0002> gsm_04_08.c:351 -> LOCATION UPDATE ACCEPT

We see that authentication was activated successfully. But we gen an error: No retrievable Ki for subscriber, skipping auth. That is normal and the reason is that we did not configure the auth-keys so far. But it shows us that the encryption is ready to go. We also can see that phones for which is no key configured are accepted anyway. This means that having encryption activated does not lock yout your phones that run with old reused simcards.

Setup the keys

The final step is to configure the keys. You have to do this for every user seperately because every user has its individual key. The keys will be stored in the table AuthKeys of the hlr databse. All you need to do is to enter the key manually through the vty:

subscriber imsi 001010000000000 a3a8 comp128v1 DEADBEEF0C0FFEE0F00D013370D00F23

Files (0)

Updated by laforge about 6 years ago · 6 revisions

Add picture from clipboard (Maximum size: 48.8 MB)