Skip to content

SitrakaResearchAndPOC/oai_redirection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
1702.04434v1.pdf
1702.04434v1.pdf
 
 
17146_FULLTEXT.pdf
17146_FULLTEXT.pdf
 
 
OAI_LTE_Redirected.docx
OAI_LTE_Redirected.docx
 
 
OAI_Redirected.rar
OAI_Redirected.rar
 
 
README.md
README.md
 
 
SeekerImpr.docx
SeekerImpr.docx
 
 
SeekerImpr.pdf
SeekerImpr.pdf
 
 
asn1_msg_diff.txt
asn1_msg_diff.txt
 
 
histo-correc
histo-correc
 
 
histo.txt
histo.txt
 
 
oai_redir.zip
oai_redir.zip
 
 
redirection.pdf
redirection.pdf
 
 
schematic1.JPG
schematic1.JPG
 
 
schematic2.JPG
schematic2.JPG
 
 
schematic3.JPG
schematic3.JPG
 
 
schematic_classicflow.JPG
schematic_classicflow.JPG
 
 
schematic_imsicatcher.JPG
schematic_imsicatcher.JPG
 
 
schematic_imsicatcherdos.JPG
schematic_imsicatcherdos.JPG
 
 
schematic_imsicatcherdosredirection.JPG
schematic_imsicatcherdosredirection.JPG
 
 
schematic_imsicatcherdosredirection2.png
schematic_imsicatcherdosredirection2.png
 
 

Repository files navigation

oai_redirection

Tracking area update reject is 10 (IMPLICITLY DETACHED)
Service attach reject for redirection : 2 (IMSI Unkown in HLR) or 17 (Network failure or user busy)
Service attach reject for Dos : 3,7,8,9,14 code
Service attach reject without denied of service : 15 (No suitable cells in this area)

videos tutorials and conferences

conferences
conferences2

Schematics description

  • Classic flow

  • IMSI-Catcher for non programmer without modification but with denied of service

  • IMSI-Catcher for programmer with modification but without denied of service

  • IMSI-Catcher for programmer with modification but with denied of service and redirection

oai_redirection

The changement will describe for making OAI IMSI-CATCHER or redirection
Have a look on this tutorial for installation of OAI:

Have a look on this tutorial for doing the OAI redirection :

REJECTION PROCESS AT OAI-CN :

  • all rejection message is definead at :
gedit src/nas/api/network/as_message.h
  • For changing tracking_area_update_reject : (by default EMM_CAUSE_IMPLICITLY_DETACHED coded as 10)
gedit src/nas/emm/TrackingAreaUpdate.c
  • search and change this code :
rc = emm_proc_tracking_area_update_reject (ue_id, EMM_CAUSE_IMPLICITLY_DETACHED);

NB :

  • WITH JUST COLLECTOR AND JAMMER -> Denied of service afer imsi-catcher ( ILLEGAL_UE coded 3) for default service_attach_reject

  • NO NEED DENIDED OF SERVICE , MODIFY service_attach_reject as NAS_CAUSE_NO_SUITABLE_CELLS_IN_TRACKING_AREA (ONLY ACTIVE IMSI-CATCHER)

  • For changing service_attach_reject :

gedit src/nas/nas_proc.c

search DIAMETER_AUTHENTICATION_DATA_UNAVAILABLE (before s6a_error)

IF UE is not in database, it will send this error so change with code reject
all code is at : src/nas/api/network/as_message.h
For example : NAS_CAUSE_NO_SUITABLE_CELLS_IN_TRACKING_AREA (coded 15) if we want to make IMSI-CATCHER

This error code will be re-apply as attach_reject->emmcause on :

gedit src/nas/emm/msg/AttachReject.c

Modification for redirection at openairinterface5g

find -name asn1_msg.c 

find -name ASN1_files/EUTRA-RRC-Definitions-a20.asn

find -name LTE_RedirectedCarrierInfo*

find -name LTE_RedirectedCarrierInfo.c

find -name LTE_RedirectedCarrierInfo.h

find -name LTE_CarrierFreqsGERAN*

find -name LTE_CarrierFreqsGERAN.h

For building oai for redirection, use release 14

./build_oai -I --eNB -x --install-system-files -w USRP -r Rel14

Redirection changement :

rrcConnectionRelease->criticalExtensions.choice.c1.choice.rrcConnectionRelease_r8.redirectedCarrierInfo = &rInfo;

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published