Offensive Security

Introducción Amplifying the previous article, with the creation of a virtual GSM base station, it is possible to develop another proof of concept using the software OsmocomBB. With a phone with Calypso processor, such as the Motorola C115, C123, C140, C155 or V171, it is possible to create a physical GSM base station, with a limited functionality, only circuit-based operations such as sending and receiving text messages. This network can be connected to other physical devices by configuring the corresponding SIM card.️ ...

Introduction️ Osmocom (Open Source Mobile Communications) is an open source project dedicated to developing software and tools for mobile communication networks. Its main objective is to implement a range of mobile network technologies, such as GSM (2G), in an open and accessible way, with its different modules in the form of libraries.️ The project related to the creation of mobile networks is the CNI (Cellular Network Infrastructure), which are implementations of the protocol stack and network elements of GSM. The projects used for creating the network are OsmoMSC, OsmoBSC, OsmoSTP, OsmoHLR, OsmoMGW. On the other hand, we need the element that creates the base station, OsmoBTS, which supports different hardware and software devices. And finally, the transceiver that will support OsmoBTS, the component OsmocomBB.️ ...

Introduction️ GSM (Global System for Mobile Communications) (2G) is a communication standard developed for the transmission of voice and data in mobile networks. Originally created in Europe in the 80s by the European Telecommunications Standards Institute (ETSI), it became the most popular mobile phone system worldwide, used by most mobile network operators around the world. The GSM technology allows users from different operators to communicate with each other and use services like SMS (text messages) or calls. With the arrival of 4G and 5G, the use of GSM networks has decreased and some operators are gradually removing support for these networks.️ ...

Introduction️ KeeLoq is a security protocol based on a symmetric key cryptographic algorithm that is mainly used in remote control systems, such as garage door remotes and remote access systems for cars. It was developed by Microchip Technology and is widely used due to its low cost and relatively simple implementation.️ KeeLoq implements a “rolling code” system to prevent replay attacks. This means that every time the remote control button is pressed, a unique code is generated that never repeats. The receiver (such as a garage door opener) recognizes this code and validates it against an expected sequence, ignoring any duplicate codes.️ ...

Introduction️ Having access to a device with a GNU/Linux operating system and MIPS architecture as a router or embedded system will require generating executable binary files using tools such as the complete busybox suite or the tcpdump tool to intercept network packets. These systems often lack these tools or include them with reduced features. To do this, it is necessary to install a cross-compiler and the source code of the application, which depending on the versions used, can result in errors.️ ...

Introduction️ Various devices marketed in the market both for acquisition by consumers and for rental by Internet service providers’ clients allow their administration through a web portal. This portal may be limited in features and if more advanced configurations are needed, such as configuring the firewall, with the iptables tool, access via console is necessary. The operating system of routers usually is GNU/Linux.️ The console access is usually blocked to prevent problems with incorrect configurations made by inexperienced users, which makes it necessary, for example, to access the serial port by removing the device casing. In other cases, access to the console is allowed through the SSH (Secure Shell) protocol, but access is limited to a restricted console, with pre-defined commands from the manufacturer. These devices usually have a backdoor that allows deploying a command terminal sh or bash with the introduction of specific commands.️ ...

Introduction️ There are additional protections related to the requirement for a specific TLS certificate (pinning). There is also the possibility of encrypting network communications over the HTTP protocol. In the case of symmetric encryption, the application will obtain the key from the server or obtain it from the application’s own source code, statically (stored in a variable), or dynamically, where several obfuscated methods will be executed to create the key to use. ...

Introduction️ Various applications related to banking environments or public administrations contain restrictions that prevent their execution on Android mobile devices that have been altered, for example, after installing Magisk and obtaining super administrator permissions, unlocking the boot loader, or if they are running in emulators and not on real devices, all of this to avoid analysis.️ In an example application, we will have to remove those restrictions from the source code of the application. One option will be to unpack the application and modify the .smali code, which is a type of low-level non-binary bytecode that can be read. For this, we will first extract the corresponding APK file for the application and decompile the source code of the application using the tool JADX.️ ...

Introducción A handshake WPA (Wi-Fi Protected Access) is a process in which a client device authenticates with an access point that uses the security protocol WPA. During this process, the client device and the access point exchange information to establish a secure connection. This information includes cryptographic data used to encrypt communication between the client device and the access point, ensuring thus the privacy and security of the Wi-Fi connection. In computer security environments, capturing a handshake WPA can be used to perform brute-force attacks to decrypt the Wi-Fi network password.️ ...

Introduction️ Kali Linux is a security auditing Linux distribution based on Debian GNU/Linux. Kali is aimed at security professionals and IT administrators, allowing them to perform advanced penetration testing, forensic analysis, and security audits. Debian GNU/Linux is one of the main generic Linux distributions, known for its quality and stability. Kali Linux is based on the work of the Debian project and adds over 400 special purpose packages of its own, all related to information security, particularly in the field of penetration testing. The default ISO images can be downloaded from the Kali website.️ ...