adminsoftware:osmobsc+osmocom-bb
1. The GSM attack base station sends an Identity Request request to the target mobile station, requiring it to send IMSI and IMEI parameter information.
2. The target mobile station sends its IMSI and IMEI information to the GSM attack base station
3. After receiving the IMSI and IMEI parameter information, the GSM attack base station sends it to the attacking mobile phone.
4. After receiving the IMSI and IMEI information from the attacking base station, the attacking mobile phone sends a Location Update Request location update command to the GSM real base station using the received IMSI parameters of the target mobile station.
5. After receiving the update request, the GSM real base station sends an Identity Request IMSI identification request to the attacking mobile phone, requiring the attacking mobile phone to send back IMSI information.
6. The attacking mobile phone sends the IMSI information of the target mobile station to the real GSM base station.
7. After receiving the IMSI information, the GSM real base station sends an Identity Request IMEI identification request to the attacking mobile phone, requiring the attacking mobile phone to send back IMEI parameter information.
8. The attacking mobile phone sends the IMEI parameter information of the target mobile station to the real GSM base station.
9. After receiving the IMEI information, the GSM real base station sends an authentication request command to the target mobile station. The GSM real base station sends the IMSI information to the authentication center AUC. The AUC uses a random generator to generate a 128-bit random number RAND, uses RAND to generate a symbol response SRES through the A3 algorithm, and sends the SRES to the GSM real base station. Then the GSM real base station sends a message to the attacking mobile phone. Send a random number RAND and request authentication.
10. After receiving the random number RAND, the attacking mobile phone forwards it to the GSM attacking base station.
11. The GSM attack base station receives the right random number RAND and then sends the authentication random number to the target mobile station to issue an Authentication Request authentication request.
12. After receiving RAND, the target mobile station uses the A3 algorithm in its own SIM card to generate symbols to calculate the SRES variance equation and GSM to attack the base station.
13. After receiving the SRES, the GSM attacking base station forwards it to the attacking mobile phone.
14. The attacking mobile phone uses the received symbol response SRES to send an authentication response to the GSM real base station.
15. After receiving the symbol response SRES, the GSM real base station compared it with the SRES sent by the authentication center AUC and found that the SRES matched. The authentication of the attacking mobile phone was successful. The GSM real base station sent the LocationUpdate Accept command to the attacking mobile phone. The attacking mobile phone responded with The identity of the target mobile station is running in the real GSM network, completing the man-in-the-middle attack on the target mobile station.
The GSM network requires a maximum authentication time of 5 seconds. If it exceeds 5 seconds, the authentication will fail.
Budget: $1,000
Posted On: January 26, 2024 13:25 UTC
Category: Full Stack Development
Skills:Full-Stack Development, Software Debugging, AI Agent Development, Database Development, C++, C#, Python
Country: Hong Kong
click to apply
Powered by WPeMatico
