[Gsmmap] Newbro here, False positives

James L james_leaver at hotmail.com
Thu Dec 1 00:48:13 CET 2016


Hi guys, new to snoopsnitch and I am an SDR amateur who has recently done some GSM studying in my spare time.

Currently running in developer mode and dropping pcap to my SD card, this is the best feature, here is why:

Simply copying to windows through tether, opening in wireshark.

Got a score of 3 a good few times last night for crypto downgrade/weakening. C1 & C5.

Opened pcap in WS with no problems, added new column, field name gsm_a.rr.algorithm_identifier - this is according to WS protocol spec.  Sorted rows by this column, then all rows say "Cipher with algorithm A5/1".

I don't see there being a problem, weak ciphers seem to be common in UK and particularly in 1G cells?

Is it possible to see specifically, crypto downgrading in same cell by same carrier, or when any cell sets to A5/0?  A5/2 is a weaker export version of A5/1?

The scoring mechanism is good as a scale but remains vague.  The pcap dump is brilliant and opens doors to the underground :D.

If anyone responds, I shall post further findings!

Thanks.
J.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/gsmmap/attachments/20161130/29091d7b/attachment.html>


More information about the Gsmmap mailing list