GSM cracking in penetration test methodologies (OSSTMM) ?

As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking.

However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient.

Now Frank Stevenson , norwegian cryptanalyst that already broke the Content Scrambling System of DVD video disc, participating to the A51 cracking project started by Karsten Nohl, released Kraken , a new improved version of the A51 cracking system.

It’s interesting to notice that WiFi cracking had a similar story, as the first WiFi wep cracking discovery was quite slow in earlier techniques but later Korek, an hacker working on cracking code, improve the attack system drammatically.

That’s the story of security research cooperation, you start a research, someone follow it and improve it, some other follow it and improved it and at the end you get the result.

Read more on the Kraken GSM Cracking software release.

And stay tuned as next week at Blackhat Conference Karsten Nohl will explain the details of the required hardware setup and detailed instructions on how to do it :-)

I would really like to see those tools incorporated into Penetration Testing Linux Distribution BackTrack with OSSTMM methodology enforcing the testing of GSM interception and man in the middle :-)

If things proceed that way and Ettus Research (The producer of USRP2 software radio used for low cost GSM signal receiving) will not be taken down, we can still see this.


  • 1
    Emanuele Gentili
    23 July 2010 - 11:19 am | Permalink

    This tool will be avail in BackTrack 4 repository in a few days.

    BackTrack Linux Coordinator

  • 2
    23 July 2010 - 1:36 pm | Permalink

    It would be very useful also to prepare a webpage on backtrack 4 homepage on the Hardware / Software setup requirements to make GSM interception testing and to update it following the Blackhat Conference talk from Karsten Nohl next week.

    Consider me available to collect and invest time and (some) money to test the hardware setup, test and documentation, also collecting the rainbow tables required.

  • 3
    3 December 2011 - 9:04 pm | Permalink

    We used to have rebuilded BackTrack 4 ISO with all kind of GSM stuff - Airprobe, GNURadios, Kraken, OpenBTS, SIM tools, etc.. (screenhost aviable on our site) Now when security researchers started to use OpenBTS for mobile mallware analysis, BT4 repo is down i am moving to BackTrack 5. Appropriate entry for BackTrack Wiki is also being written. (currently 13 pages pure text) We are hardware limited, but it should be interesting :) Stay tuned.


  • Leave a Reply

    Your email address will not be published. Required fields are marked *