SlideShare a Scribd company logo

SSTIC RUMP 2018 - Modmobjam

📡 Sebastien Dudek

Presentation on how to jam with really cheap equipment and how to do "smart"/targeted cell jamming attacks with Modmobmap results

Technology
1 of 19
Download to read offline
Modmobjam Jam tomorrow, jam yesterday, but also jam today By Sébastien Dudek SSTIC RUMP 2018 June 14th 2018
Introduction Following Modmobmap presented at BeeRump 2018 Helps to produce downgrade attacks as shown in House Intercoms Attacks presentations Uses Modmobmap results to jam mobile cells in a DIY way! Cheapest and efficient tricks to jam
Jam yesterday With a portable/chineese device cheap jam the whole 2G/3G/(4G?) bands but requires some modifications poor signal Desktop jammers
2 Jam yesterday With a portable/chineese device Desktop jammers heavy, cumbersome but powerfull also needs a disabling to conserve rogue cells
3 Modifications on radio devices?! In 2018?
4 Jam today With Software-Defined Radio Many devices could be used even the cheapest: bladeRF; HackRF; ADALM-PLUTO; and so on.
4 Jam today With Software-Defined Radio Many devices could be used even the cheapest: bladeRF; HackRF; ADALM-PLUTO; and so on. The bandwidth KTHX! But how do you cover all frequencies with your toys bro?
5 SDR specs source: http://www.taylorkillian.com/2013/08/sdr-showdown-hackrf-vs-bladerf-vs-usrp.html
6 Solution: ”Smart” jamming In 3 steps: 1 scan cells with Modmobmap; 2 target an operator; 3 and jam only targeted channels;
7 Scanning with Modmobmap Modmobmap recovers 2G/3G/4G and more cells pretty much like OsmocomBB monitor mode for 2G only.
8 Results Unlike RE tools, it returns a JSON file with needed cells information to be reused with other tools ;) { ”4b***−76”: { ”PLMN” : ”208−10”, ” arfcn ” : 76 , ” cid ” : ”4b **” , ” type ” : ”2G” } , ”60****−2950”: { ”PLMN” : ”208−20”, ”RX” : 2950, ”TX ” : 2725, ” cid ” : 60*** , ” band ” : 8 , ” type ” : ”3G” } , [ . . . ] } XGold BaseBands? →requires xgoldmon Modmodmap’s fork: https://github.com/FlUxIuS/xgoldmon
9 GnuRadio: playing with blocks GnuRadio companion is really nice →can add, make, and remove blocks →generates Python code Perfect to build the bases of our jammer. But we still need an idea of how to design the schema.
10 After many years of research... Lot of experiments with #blockchains... and research and cool stuff WOW!
11 The formula We have finally found THE formula!
12 And applied it on GnuRadio Here is the final schema: The generated Python code was then edited to support the JSON input.
13 Results with a simple HackRF Works pretty well when downgrading a call from 3G to 2G But the number of cells to jam could raise the number of needed SDR devices.
14 Jam tomorrow Could also be cheaper using OsmoFL2k TODO Some work is required target specific frequencies →right sample rate, carrier frequency and harmonics
15 Conclusion Modmobjam: is a cheap way to jam mobile cells with only a phone and a HackRF but if cells to jam are important more SDR devices are needed the code will be published soon (throw away code recycled to something clean) The Osmo-FL2K will be tested to use it as a jammer too.
THANK YOU FOR YOUR ATTENTION, ANY QUESTIONS?

Recommended

Thin Client for SME's
Thin Client for SME'sThin Client for SME's
Thin Client for SME'sRDP Workstations Pvt Ltd
 
Py drum
Py drumPy drum
Py drumJen Yee Hong
 
Cubie board
Cubie boardCubie board
Cubie boardGerardo Di Iorio
 
AM437x Product on Module
AM437x Product on ModuleAM437x Product on Module
AM437x Product on ModuleMistral Solutions
 
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsBlack Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsWang Kang
 
智慧城市通用交通資訊端點系統
智慧城市通用交通資訊端點系統智慧城市通用交通資訊端點系統
智慧城市通用交通資訊端點系統艾鍗科技
 
Raspberry pi Part 20
Raspberry pi Part 20Raspberry pi Part 20
Raspberry pi Part 20Techvilla
 
More Mad Science for the Commodore 64 (ECCC 2015)
More Mad Science for the Commodore 64 (ECCC 2015)More Mad Science for the Commodore 64 (ECCC 2015)
More Mad Science for the Commodore 64 (ECCC 2015)Leif Bloomquist
 

Recommended

Thin Client for SME's
Thin Client for SME'sThin Client for SME's
Thin Client for SME'sRDP Workstations Pvt Ltd
 
Py drum
Py drumPy drum
Py drumJen Yee Hong
 
Cubie board
Cubie boardCubie board
Cubie boardGerardo Di Iorio
 
AM437x Product on Module
AM437x Product on ModuleAM437x Product on Module
AM437x Product on ModuleMistral Solutions
 
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsBlack Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsWang Kang
 
智慧城市通用交通資訊端點系統
智慧城市通用交通資訊端點系統智慧城市通用交通資訊端點系統
智慧城市通用交通資訊端點系統艾鍗科技
 
Raspberry pi Part 20
Raspberry pi Part 20Raspberry pi Part 20
Raspberry pi Part 20Techvilla
 
More Mad Science for the Commodore 64 (ECCC 2015)
More Mad Science for the Commodore 64 (ECCC 2015)More Mad Science for the Commodore 64 (ECCC 2015)
More Mad Science for the Commodore 64 (ECCC 2015)Leif Bloomquist
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
Retrocomputers as Hacking Platforms
Retrocomputers as Hacking PlatformsRetrocomputers as Hacking Platforms
Retrocomputers as Hacking PlatformsLeif Bloomquist
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech
 
Arma tu pc
Arma tu pcArma tu pc
Arma tu pcmolibes
 
Artillery Duel Network
Artillery Duel NetworkArtillery Duel Network
Artillery Duel NetworkLeif Bloomquist
 
Raspberry pi
Raspberry piRaspberry pi
Raspberry piAlexis Chua
 
10 Old Laptops & Evolution
10 Old Laptops & Evolution10 Old Laptops & Evolution
10 Old Laptops & EvolutionElectro Computer Warehouse
 
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...Nansen Chen
 
K3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoderK3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoderHansen He
 
Aula 1,2,3
Aula 1,2,3Aula 1,2,3
Aula 1,2,3lopes corrientes
 
How To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGLHow To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGLYuichi Kusakabe
 
Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008eComm2008
 
Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 201244CON
 
Raspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.jsRaspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.jsAndri Yadi
 
Troopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricksTroopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricks📡 Sebastien Dudek
 
tm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry Pitm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry PiAlexandru IOVANOVICI
 
Appsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phoneAppsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phonemarcocjacobs
 
Its All About 10 GigE Vision!
Its All About 10 GigE Vision!Its All About 10 GigE Vision!
Its All About 10 GigE Vision!marrysmithevt
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boardsLF Events
 
How to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robotHow to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robotTomáš Jukin
 
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Codemotion
 
Arm cross development_with_eclipse
Arm cross development_with_eclipseArm cross development_with_eclipse
Arm cross development_with_eclipseWalmar de Paula
 

More Related Content

What's hot

ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
Retrocomputers as Hacking Platforms
Retrocomputers as Hacking PlatformsRetrocomputers as Hacking Platforms
Retrocomputers as Hacking PlatformsLeif Bloomquist
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech
 
Arma tu pc
Arma tu pcArma tu pc
Arma tu pcmolibes
 
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...Nansen Chen
 
K3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoderK3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoderHansen He
 
How To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGLHow To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGLYuichi Kusakabe
 
Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008eComm2008
 
Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 201244CON
 

What's hot (13)

ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheet
 
Retrocomputers as Hacking Platforms
Retrocomputers as Hacking PlatformsRetrocomputers as Hacking Platforms
Retrocomputers as Hacking Platforms
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farming
 
Arma tu pc
Arma tu pcArma tu pc
Arma tu pc
 
Artillery Duel Network
Artillery Duel NetworkArtillery Duel Network
Artillery Duel Network
 
Raspberry pi
Raspberry piRaspberry pi
Raspberry pi
 
10 Old Laptops & Evolution
10 Old Laptops & Evolution10 Old Laptops & Evolution
10 Old Laptops & Evolution
 
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
Run Simulations and Then Become An Inventor (Best Paper Award in CDNLive Taiw...
 
K3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoderK3 4 k 3 sim cellular bonding encoder
K3 4 k 3 sim cellular bonding encoder
 
Aula 1,2,3
Aula 1,2,3Aula 1,2,3
Aula 1,2,3
 
How To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGLHow To Use Linux CAN Signal To AGL
How To Use Linux CAN Signal To AGL
 
Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008Adrian Cockcroft's presentation at eComm 2008
Adrian Cockcroft's presentation at eComm 2008
 
Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012Cryptanalysis of the Engima - 44CON 2012
Cryptanalysis of the Engima - 44CON 2012
 

Similar to SSTIC RUMP 2018 - Modmobjam

Raspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.jsRaspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.jsAndri Yadi
 
Troopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricksTroopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricks📡 Sebastien Dudek
 
tm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry Pitm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry PiAlexandru IOVANOVICI
 
Appsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phoneAppsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phonemarcocjacobs
 
Its All About 10 GigE Vision!
Its All About 10 GigE Vision!Its All About 10 GigE Vision!
Its All About 10 GigE Vision!marrysmithevt
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boardsLF Events
 
How to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robotHow to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robotTomáš Jukin
 
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Codemotion
 
Arm cross development_with_eclipse
Arm cross development_with_eclipseArm cross development_with_eclipse
Arm cross development_with_eclipseWalmar de Paula
 
Raspberry pi technical documentation
Raspberry pi technical documentationRaspberry pi technical documentation
Raspberry pi technical documentationGR Techno Solutions
 
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT Core
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT CoreHands-on Labs: Raspberry Pi 2 + Windows 10 IoT Core
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT CoreAndri Yadi
 
an introduction to Distem
an introduction to Disteman introduction to Distem
an introduction to Distemnussbauml
 
ODROID Magazine September 2014
ODROID Magazine September 2014ODROID Magazine September 2014
ODROID Magazine September 2014Nanik Tolaram
 
Introduction of raspberry pi
Introduction of raspberry piIntroduction of raspberry pi
Introduction of raspberry pipankaj478
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?Tomáš Jukin
 

Similar to SSTIC RUMP 2018 - Modmobjam (20)

Raspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.jsRaspberry Pi 2 + Windows 10 IoT Core + Node.js
Raspberry Pi 2 + Windows 10 IoT Core + Node.js
 
Troopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricksTroopers NGI 2019 - Modmobtools and tricks
Troopers NGI 2019 - Modmobtools and tricks
 
tm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry Pitm.gdg.ro: Android on Raspberry Pi
tm.gdg.ro: Android on Raspberry Pi
 
Appsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phoneAppsterdam talk - about the chips inside your phone
Appsterdam talk - about the chips inside your phone
 
Its All About 10 GigE Vision!
Its All About 10 GigE Vision!Its All About 10 GigE Vision!
Its All About 10 GigE Vision!
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boards
 
How to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robotHow to build Open Hardware self-navigating car robot
How to build Open Hardware self-navigating car robot
 
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
 
Arm cross development_with_eclipse
Arm cross development_with_eclipseArm cross development_with_eclipse
Arm cross development_with_eclipse
 
Hacking for salone: drone races
Hacking for salone: drone racesHacking for salone: drone races
Hacking for salone: drone races
 
Doomba presentation
Doomba presentationDoomba presentation
Doomba presentation
 
Raspberry pi
Raspberry piRaspberry pi
Raspberry pi
 
Raspberry pi technical documentation
Raspberry pi technical documentationRaspberry pi technical documentation
Raspberry pi technical documentation
 
Beerump 2018 - Modmobmap
Beerump 2018 - ModmobmapBeerump 2018 - Modmobmap
Beerump 2018 - Modmobmap
 
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT Core
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT CoreHands-on Labs: Raspberry Pi 2 + Windows 10 IoT Core
Hands-on Labs: Raspberry Pi 2 + Windows 10 IoT Core
 
an introduction to Distem
an introduction to Disteman introduction to Distem
an introduction to Distem
 
ODROID Magazine September 2014
ODROID Magazine September 2014ODROID Magazine September 2014
ODROID Magazine September 2014
 
Introduction of raspberry pi
Introduction of raspberry piIntroduction of raspberry pi
Introduction of raspberry pi
 
Raspberry Pi
Raspberry PiRaspberry Pi
Raspberry Pi
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?
 

More from 📡 Sebastien Dudek

The current state of LoRaWAN security
The current state of LoRaWAN securityThe current state of LoRaWAN security
The current state of LoRaWAN security📡 Sebastien Dudek
 
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)📡 Sebastien Dudek
 
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)📡 Sebastien Dudek
 
Hack.lu 2012 - Fuzzing the GSM protocol stack
Hack.lu 2012 - Fuzzing the GSM protocol stackHack.lu 2012 - Fuzzing the GSM protocol stack
Hack.lu 2012 - Fuzzing the GSM protocol stack📡 Sebastien Dudek
 
Hack.lu 2016 - 2G and 3G intercom hacking
Hack.lu 2016 - 2G and 3G intercom hackingHack.lu 2016 - 2G and 3G intercom hacking
Hack.lu 2016 - 2G and 3G intercom hacking📡 Sebastien Dudek
 
Intercoms presentation OSSIR - IoT Hacking
Intercoms presentation OSSIR - IoT HackingIntercoms presentation OSSIR - IoT Hacking
Intercoms presentation OSSIR - IoT Hacking📡 Sebastien Dudek
 
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring NSC 2014 HomePlugAV PLC: Practical attacks and backdooring
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring 📡 Sebastien Dudek
 
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam testsSecurity PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests📡 Sebastien Dudek
 
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...📡 Sebastien Dudek
 
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...📡 Sebastien Dudek
 
Intercom hacks with GSM interception
Intercom hacks with GSM interceptionIntercom hacks with GSM interception
Intercom hacks with GSM interception📡 Sebastien Dudek
 
Synacktiv mobile communications attacks
Synacktiv mobile communications attacksSynacktiv mobile communications attacks
Synacktiv mobile communications attacks📡 Sebastien Dudek
 
Troopers TelcoSec day 2019 - Modmobtools internals
Troopers TelcoSec day 2019 - Modmobtools internalsTroopers TelcoSec day 2019 - Modmobtools internals
Troopers TelcoSec day 2019 - Modmobtools internals📡 Sebastien Dudek
 
Usrp episode 1: smoke gets in your eyes
Usrp episode 1: smoke gets in your eyesUsrp episode 1: smoke gets in your eyes
Usrp episode 1: smoke gets in your eyes📡 Sebastien Dudek
 

More from 📡 Sebastien Dudek (15)

The current state of LoRaWAN security
The current state of LoRaWAN securityThe current state of LoRaWAN security
The current state of LoRaWAN security
 
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)
Hack.lu 2012 - Fuzzing the GSM protocol stack (paper)
 
33c3 - 2G and 3G intercom attacks
33c3 - 2G and 3G intercom attacks33c3 - 2G and 3G intercom attacks
33c3 - 2G and 3G intercom attacks
 
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring (slides)
 
Hack.lu 2012 - Fuzzing the GSM protocol stack
Hack.lu 2012 - Fuzzing the GSM protocol stackHack.lu 2012 - Fuzzing the GSM protocol stack
Hack.lu 2012 - Fuzzing the GSM protocol stack
 
Hack.lu 2016 - 2G and 3G intercom hacking
Hack.lu 2016 - 2G and 3G intercom hackingHack.lu 2016 - 2G and 3G intercom hacking
Hack.lu 2016 - 2G and 3G intercom hacking
 
Intercoms presentation OSSIR - IoT Hacking
Intercoms presentation OSSIR - IoT HackingIntercoms presentation OSSIR - IoT Hacking
Intercoms presentation OSSIR - IoT Hacking
 
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring NSC 2014 HomePlugAV PLC: Practical attacks and backdooring
NSC 2014 HomePlugAV PLC: Practical attacks and backdooring
 
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam testsSecurity PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
 
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...
Article on V2G Hacking - V2G Injector: Whispering to cars and charging statio...
 
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
SSTIC 2019 - V2G injector: Whispering to cars and charging units through the ...
 
Intercom hacks with GSM interception
Intercom hacks with GSM interceptionIntercom hacks with GSM interception
Intercom hacks with GSM interception
 
Synacktiv mobile communications attacks
Synacktiv mobile communications attacksSynacktiv mobile communications attacks
Synacktiv mobile communications attacks
 
Troopers TelcoSec day 2019 - Modmobtools internals
Troopers TelcoSec day 2019 - Modmobtools internalsTroopers TelcoSec day 2019 - Modmobtools internals
Troopers TelcoSec day 2019 - Modmobtools internals
 
Usrp episode 1: smoke gets in your eyes
Usrp episode 1: smoke gets in your eyesUsrp episode 1: smoke gets in your eyes
Usrp episode 1: smoke gets in your eyes
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

SSTIC RUMP 2018 - Modmobjam

  • 1. Modmobjam Jam tomorrow, jam yesterday, but also jam today By Sébastien Dudek SSTIC RUMP 2018 June 14th 2018
  • 2. Introduction Following Modmobmap presented at BeeRump 2018 Helps to produce downgrade attacks as shown in House Intercoms Attacks presentations Uses Modmobmap results to jam mobile cells in a DIY way! Cheapest and efficient tricks to jam
  • 3. Jam yesterday With a portable/chineese device cheap jam the whole 2G/3G/(4G?) bands but requires some modifications poor signal Desktop jammers
  • 4. 2 Jam yesterday With a portable/chineese device Desktop jammers heavy, cumbersome but powerfull also needs a disabling to conserve rogue cells
  • 5. 3 Modifications on radio devices?! In 2018?
  • 6. 4 Jam today With Software-Defined Radio Many devices could be used even the cheapest: bladeRF; HackRF; ADALM-PLUTO; and so on.
  • 7. 4 Jam today With Software-Defined Radio Many devices could be used even the cheapest: bladeRF; HackRF; ADALM-PLUTO; and so on. The bandwidth KTHX! But how do you cover all frequencies with your toys bro?
  • 9. 6 Solution: ”Smart” jamming In 3 steps: 1 scan cells with Modmobmap; 2 target an operator; 3 and jam only targeted channels;
  • 10. 7 Scanning with Modmobmap Modmobmap recovers 2G/3G/4G and more cells pretty much like OsmocomBB monitor mode for 2G only.
  • 11. 8 Results Unlike RE tools, it returns a JSON file with needed cells information to be reused with other tools ;) { ”4b***−76”: { ”PLMN” : ”208−10”, ” arfcn ” : 76 , ” cid ” : ”4b **” , ” type ” : ”2G” } , ”60****−2950”: { ”PLMN” : ”208−20”, ”RX” : 2950, ”TX ” : 2725, ” cid ” : 60*** , ” band ” : 8 , ” type ” : ”3G” } , [ . . . ] } XGold BaseBands? →requires xgoldmon Modmodmap’s fork: https://github.com/FlUxIuS/xgoldmon
  • 12. 9 GnuRadio: playing with blocks GnuRadio companion is really nice →can add, make, and remove blocks →generates Python code Perfect to build the bases of our jammer. But we still need an idea of how to design the schema.
  • 13. 10 After many years of research... Lot of experiments with #blockchains... and research and cool stuff WOW!
  • 14. 11 The formula We have finally found THE formula!
  • 15. 12 And applied it on GnuRadio Here is the final schema: The generated Python code was then edited to support the JSON input.
  • 16. 13 Results with a simple HackRF Works pretty well when downgrading a call from 3G to 2G But the number of cells to jam could raise the number of needed SDR devices.
  • 17. 14 Jam tomorrow Could also be cheaper using OsmoFL2k TODO Some work is required target specific frequencies →right sample rate, carrier frequency and harmonics
  • 18. 15 Conclusion Modmobjam: is a cheap way to jam mobile cells with only a phone and a HackRF but if cells to jam are important more SDR devices are needed the code will be published soon (throw away code recycled to something clean) The Osmo-FL2K will be tested to use it as a jammer too.
  • 19. THANK YOU FOR YOUR ATTENTION, ANY QUESTIONS?