Forwarded from GJ `ยฐรทยฐ` ๐ต๐ธ๐ (t ``~__/>_GJ06)
โ LibreCellular 21.04 documentation โ https://librecellular.org/
The LibreCellular project aims to make it easier to create #4G cellular #networks with open source software and low cost software-defined radio (#SDR) hardware. Seeking to achieve this via validated hardware and software configurations that are subjected to rigorous testing, together with additional tooling and #documentation for repeatable deployment.
LibreCellular will build on the work of numerous existing open source software and hardware projects, related to both the #cellular platform itself and associated test #infrastructure. Where necessary additional components will be developed, with any software source code and #hardware designs published under #opensource licences. The focus is very much on integration, testing, packaging and documentation, reusing and building upon existing solutions..
#LibreCellular #CellulaireLibre
The LibreCellular project aims to make it easier to create #4G cellular #networks with open source software and low cost software-defined radio (#SDR) hardware. Seeking to achieve this via validated hardware and software configurations that are subjected to rigorous testing, together with additional tooling and #documentation for repeatable deployment.
LibreCellular will build on the work of numerous existing open source software and hardware projects, related to both the #cellular platform itself and associated test #infrastructure. Where necessary additional components will be developed, with any software source code and #hardware designs published under #opensource licences. The focus is very much on integration, testing, packaging and documentation, reusing and building upon existing solutions..
#LibreCellular #CellulaireLibre
Grant H (@Digital_Cold): "Our paper on emulating basebands for security analysis has been accepted at NDSS! We found multiple critical pre-auth vulnerabilities in the 2G and 4G implementations on Samsung and MediaTek basebands. Check out the paper or keep reading to learn more https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf"
"Baseband processors are where protocols like GSM and LTE live. Unlike the application processors which run apps and OSes like Android, they run complicated real-time operating systems in the background, which are difficult to analyze and understand."
"Basebands today are gigantic, multi-million line software and hardware projects. Besides the complex cellular standards, they add on top ASN.1 decoders, DHCP, DNS, SIP, audio codecs, TLS, HTTP, XML parsers and so much more. Oh and did I mention TCP/IP stacks?"
"Letโs say you wanted to audit all of this. Youโd get bogged down reverse engineering binary-only firmware - no small task given the size of modern basebands. How about fuzzing? Fuzzing a real phone over-the-air can be done, but it's slow and root-causing of crashes is not easy."
"Thatโs why we created FirmWire which letโs us fuzz unmodified baseband firmware images extracted from vendor updates. We do this using full-system emulation to recreate the hardware environment around the firmware image enabling us to actually boot and run the baseband."
Grant H (@Digital_Cold): "Using these capabilities, we implemented several fuzzers for the GSM CC, GSM SM, as well as the LTE RRC protocol. Some of the bugs we found allow remote code execution for literally anyone who can set up a fake base station, and have been assigned a critical severity score." | nitter โ https://nitter.net/Digital_Cold/status/1481060540109803523#m
#Cellular #2G #4G
"Baseband processors are where protocols like GSM and LTE live. Unlike the application processors which run apps and OSes like Android, they run complicated real-time operating systems in the background, which are difficult to analyze and understand."
"Basebands today are gigantic, multi-million line software and hardware projects. Besides the complex cellular standards, they add on top ASN.1 decoders, DHCP, DNS, SIP, audio codecs, TLS, HTTP, XML parsers and so much more. Oh and did I mention TCP/IP stacks?"
"Letโs say you wanted to audit all of this. Youโd get bogged down reverse engineering binary-only firmware - no small task given the size of modern basebands. How about fuzzing? Fuzzing a real phone over-the-air can be done, but it's slow and root-causing of crashes is not easy."
"Thatโs why we created FirmWire which letโs us fuzz unmodified baseband firmware images extracted from vendor updates. We do this using full-system emulation to recreate the hardware environment around the firmware image enabling us to actually boot and run the baseband."
Grant H (@Digital_Cold): "Using these capabilities, we implemented several fuzzers for the GSM CC, GSM SM, as well as the LTE RRC protocol. Some of the bugs we found allow remote code execution for literally anyone who can set up a fake base station, and have been assigned a critical severity score." | nitter โ https://nitter.net/Digital_Cold/status/1481060540109803523#m
#Cellular #2G #4G