Version 2 - History - OsmoNITB Crypto - OsmoNITB - Open Source Mobile Communications

OsmoNITB Crypto » History » Version 2

dexter, 02/19/2016 10:47 PM

-dexter
+= A5/x Crypto support ==
 == Prepare Simcard ==
 The first thing we do is to prepare a MagicSim-Simcard with our own provider data. We use the utitity pysim to write the provider data to the card. Enter ./pySim.py --help to get an overview about the parameters. For now it is only importand that you keep in mind that the imsi must begin with the MCC, followed by the MNC and that the pattern in the imsi must match the parameter -x (which is the MCC) and the parameter -y (which is the MNC). You also should note the KI (opetion -k) somewhere. We need it later.
 {{{
 dexter@da-laptop-w3:~/pysim$ ./pySim.py -d /dev/ttyUSB2 -n openBSC -c 49 -x 001 -y 01 -i 001010000000000 -s 12345678901234567890 -k DEADBEEF0C0FFEE0F00D013370D00F23
 Generated card parameters :
  > Name    : openBSC
  > SMSP    : 00495555
  > ICCID   : 12345678901234567890
  > MCC/MNC : 1/1
  > IMSI    : 010010000000000
  > Ki      : DEADBEEF0C0FFEE0F00D013370D00F23
 Autodetected card type magicsim
 Programming ...
 Done !
 dexter@da-laptop-w3:~/pysim$
 }}}
 Pysim can be downloaded at: git clone git://git.osmocom.org/pysim.git
 Now it is time to test if the card basicly work. Just grap a mobile phone, insert the card. Switch the pone on the mobile pone. Than you start your network with the option -e 1 to see whats going on. Without further intervention the moile phone should login to your network. That is a sign that the simcard works and makes the pone successfully think that your testnetwork is its home network.
 Note: The network was configured to accept any pone. (accept-all) We can do this safely because we operate the natwork with a dummload under controlled conditions.
 The output should contain some lines like that:
-dexter
+{{{
-dexter
+<0012> db.c:613 Failed to find the Subscriber. '0' '001010000000000'
 <0012> db.c:294 New Subscriber: ID 1, IMSI 001010000000000
 <0012> db.c:802 Allocated extension 26056 for IMSI 001010000000000.
 <0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
 <0003> gsm_04_08.c:1025 CLASSMARK CHANGE CM2(len=3) CM3(len=2)
 <0012> db.c:699 Sync Equipment IMEI=, classmark1=33, classmark2=33 59 80 , classmark3=60 14
 <0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
 <0002> gsm_04_08.c:387 IDENTITY RESPONSE: mi_type=0x02 MI(357140011801950)
 <0012> db.c:883 New Equipment: ID 1, IMEI 357140011801950
 <0012> db.c:921 New EquipmentWatch: ID 1, IMSI 001010000000000, IMEI 357140011801950
 <0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14
 <0012> db.c:766 Allocated TMSI 1473277565 for IMSI 001010000000000.
-dexter
+}}}
 dexter
 We see that our pone was accepted by our network. We can see our custom imsi 001010000000000. That means that the simcard parameters are correct so far.
 == Configure the network ==
 Now we take a closer look to the configuration:
 {{{
+!
 network
  network country code 1
  mobile network code 1
  short name openBSC
  long name openBSC
  timer t3101 10
  timer t3113 60
  auth policy accept-all
 ! Encryption settings
  encryption a5 1
 }}}
 In the network section we activate the encryption by adding a line "encryption a5 1" at network level. Tha 'a' of a5 must be written in lowercase. Otherwise you will get an error message.
 So we try again to make sure that our changes are accepted:
 {{{
 <0002> gsm_04_08.c:937 LOCATION UPDATING REQUEST: mi_type=0x04 MI(1473277565) type=IMSI ATTACH
 <0012> db.c:641 Found Subscriber: ID 1, IMSI 1010000000000, NAME '', TMSI 1473277565, EXTEN '26056', LAC 1, AUTH 0
 <0001> gsm_04_08.c:99 (bts 0 trx 0 ts 0 pd 05) Sending 0x18 to MS.
 <0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
 <0003> gsm_04_08.c:1025 CLASSMARK CHANGE CM2(len=3) CM3(len=2)
 <0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14
 <0000> abis_rsl.c:1348 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
 <0002> gsm_04_08.c:387 IDENTITY RESPONSE: mi_type=0x02 MI(357140011801950)
 <0012> db.c:934 Updated EquipmentWatch: ID 1, IMSI 1010000000000, IMEI 357140011801950
 <0012> db.c:699 Sync Equipment IMEI=357140011801950, classmark1=33, classmark2=33 59 80 , classmark3=60 14
 <0002> auth.c:83 No retrievable Ki for subscriber, skipping auth<0012> db.c:766 Allocated TMSI 1347086625 for IMSI 1010000000000.
 <0002> gsm_04_08.c:351 -> LOCATION UPDATE ACCEPT
 }}}
 We see that authentication was activated successfully. But we gen an error: No retrievable Ki for subscriber, skipping auth. That is normal and the reason is that we did not configure the auth-keys so far. But it shows us that the encryption is ready to go. We also can see that phones for which is no key configured are accepted anyway. This means that having encryption activated does not lock yout your phones that run with old reused simcards.
 == Setup the keys ==
 The final step is to configure the keys. You have to do this for every user seperately because every user has its individual key. The keys will be stored in the table AuthKeys of the hlr databse. All you need to do is to enter the key manually through the vty:
 subscriber imsi 001010000000000 a3a8 comp128v1 DEADBEEF0C0FFEE0F00D013370D00F23

IMPORTANT NOTICE: This page contains information about a legacy version of the Osmocom software. This legacy version is no longer maintained. If you use it, don't be surprised if it doesn't work. It was your choice to ignore man-years worth of developments, improvements and fixes. Please migrate to the active/supported software (Osmocom CNI, consisting of OsmoBSC, OsmoMSC, OsmoHLR, OsmoSTP, OsmoMGW - a NITB style setup is described at Osmocom_Network_In_The_Box).

Project

General

Profile

Cellular Network Infrastructure » cni-legacy » OpenBSC » OsmoNITB

OsmoNITB Crypto » History » Version 2