[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Discuss-gnuradio] Wimax
|
From: |
David Burgess |
|
Subject: |
Re: [Discuss-gnuradio] Wimax |
|
Date: |
Wed, 26 May 2010 22:21:38 -0700 |
John -
The more recent 2.5-series releases of OpenBTS includes a feature
called "test call" specifically for fuzing handsets. From the CLI,
you can initiate a mobile-terminated transaction a specific handset
using the test call feature. What the test call feature does is open
an SDCCH in multiframe mode and then just tie that SDCCH to a UDP
socket in L3. Then an external application can interact with the
handset directly in L3 via the UDP socket, allowing you to fuzz to
your heart's content without actually hacking OpenBTS.
-- David
On May 26, 2010, at 4:44 PM, John Gilmore wrote:
The OpenBTS code implements a GSM base station; this code could easily
be improved to "fuzz" GSM handsets. Anecdotal reports from the
developers indicate that it's pretty easy for a buggy base station to
tickle numerous bugs in handsets from every manufacturer. (Indeed,
real-world base stations appear to need workarounds for known bugs in
common handsets.) The creation of a GSM handset fuzzing program would
probably improve that situation dramatically. It would also make
possible a powerful denial of service attack on the cellular networks,
making large numbers of existing cellphones crash in their users'
pockets.
David A. Burgess
Kestrel Signal Processing, Inc.