Offensive Security

Introduction Modulation by frequency shift (FSK, Frequency Shift Keying) is a digital modulation technique where binary information is transmitted by varying the frequency of a carrier between two or more discrete values. In its simplest form, 2-FSK, a bit 0 is represented with a specific frequency (f0) and a bit 1 with another (f1). This technique is widely used in low-speed wireless communications, such as remote controls, telemetry systems, RFID, and IoT devices. ...

Introduction The Flipper Zero is a multifunction device for hacking, security testing and radio frequency protocol exploration. One of its most highlighted features is the ability to transmit and receive SubGHz signals, using the Texas Instruments CC1101 chip, a programmable low-power RF transmitter. SubGHz refers to the range of radio frequencies below 1 GHz (typically between 300 MHz and 928 MHz, depending on the region). These frequencies are used by devices such as remote garage door controls or wireless sensors (temperature, movement, alarms). ...

Introduction The firmware is the embedded software that controls the basic functioning of electronic devices, from routers and IP cameras to smart home appliances and industrial systems. Unlike traditional software, firmware operates directly on hardware, making it a critical target in terms of security, functionality, and privacy. Firmware analysis involves examining this embedded software to understand its internal workings, detect potential vulnerabilities, identify backdoors, and in some cases modify or extract relevant information. This type of analysis is particularly relevant in security audits, forensic investigations, reverse engineering, or exploit development. ...

Introduction️ DMR (Digital Mobile Radio) is a digital radio standard developed by the ETSI (European Telecommunications Standards Institute), designed to replace analog radio systems and offer more efficient communications. It operates in TDMA (Time Division Multiple Access) with two time slots within a 12.5 kHz channel, allowing for simultaneous transmissions on the same frequency. It allows additional services beyond voice transmission, such as data sending, like text messages or location reports of terminals. Around voice, it allows both individual calls similar to mobile phone calls and group calls, where registered terminals can participate.️ ...

Introduction️ With the deployment of a virtual base station virtual and a mobile device with OsmocomBB software, it is now possible to analyze traffic generated when making a phone call or sending text messages using Wireshark.️ Starting the Wireshark tool.️ We start a new session of Wireshark, monitoring by -f UDP packets with the filter -Y gsmtap on the interface -i lo.️ wireshark -k -f udp -Y gsmtap -i lo Start of the virtual base station.️ We are starting the virtual base station.️ ...

Introducción Amplifying the previous article, with the creation of a virtual GSM base station, it is possible to develop another proof of concept using the software OsmocomBB. With a phone with Calypso processor, such as the Motorola C115, C123, C140, C155 or V171, it is possible to create a physical GSM base station, with a limited functionality, only circuit-based operations such as sending and receiving text messages. This network can be connected to other physical devices by configuring the corresponding SIM card.️ ...

Introduction️ Osmocom (Open Source Mobile Communications) is an open source project dedicated to developing software and tools for mobile communication networks. Its main objective is to implement a range of mobile network technologies, such as GSM (2G), in an open and accessible way, with its different modules in the form of libraries.️ The project related to the creation of mobile networks is the CNI (Cellular Network Infrastructure), which are implementations of the protocol stack and network elements of GSM. The projects used for creating the network are OsmoMSC, OsmoBSC, OsmoSTP, OsmoHLR, OsmoMGW. On the other hand, we need the element that creates the base station, OsmoBTS, which supports different hardware and software devices. And finally, the transceiver that will support OsmoBTS, the component OsmocomBB.️ ...

Introduction️ GSM (Global System for Mobile Communications) (2G) is a communication standard developed for the transmission of voice and data in mobile networks. Originally created in Europe in the 80s by the European Telecommunications Standards Institute (ETSI), it became the most popular mobile phone system worldwide, used by most mobile network operators around the world. The GSM technology allows users from different operators to communicate with each other and use services like SMS (text messages) or calls. With the arrival of 4G and 5G, the use of GSM networks has decreased and some operators are gradually removing support for these networks.️ ...

Introduction️ KeeLoq is a security protocol based on a symmetric key cryptographic algorithm that is mainly used in remote control systems, such as garage door remotes and remote access systems for cars. It was developed by Microchip Technology and is widely used due to its low cost and relatively simple implementation.️ KeeLoq implements a “rolling code” system to prevent replay attacks. This means that every time the remote control button is pressed, a unique code is generated that never repeats. The receiver (such as a garage door opener) recognizes this code and validates it against an expected sequence, ignoring any duplicate codes.️ ...

Introduction️ Having access to a device with a GNU/Linux operating system and MIPS architecture as a router or embedded system will require generating executable binary files using tools such as the complete busybox suite or the tcpdump tool to intercept network packets. These systems often lack these tools or include them with reduced features. To do this, it is necessary to install a cross-compiler and the source code of the application, which depending on the versions used, can result in errors.️ ...