Exemplo n.º 1
0
def handle_usim(options, rand_bin, autn_bin):
    u = USIM()
    if not u:
        print "Error opening USIM"
        exit(1)

    if options.debug:
        u.dbg = 2

    imsi = u.get_imsi()
    print "Testing USIM card with IMSI %s" % imsi

    print "\nUMTS Authentication"
    ret = u.authenticate(rand_bin, autn_bin, ctx='3G')
    if len(ret) == 1:
        print "AUTS:\t%s" % b2a_hex(byteToString(ret[0]))
    else:
        print "RES:\t%s" % b2a_hex(byteToString(ret[0]))
        print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
        print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
        if len(ret) == 4:
            print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))

    print "\nGSM Authentication"
    ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
    if not len(ret) == 2:
        print "Error during 2G authentication"
        exit(1)
    print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
    print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))
Exemplo n.º 2
0
def handle_usim_fakehss(options, rand_bin):
    u = USIM(options.debug)
    if not u:
        print "Error opening USIM"
        exit(1)

    if options.debug:
        u.dbg = 2

    if rand_bin == None:
        rand_bin = stringToByte("00112233445566778899aabbccddeeff")
    IV = 16 * '\x00'
    OP_bin = stringToByte("00000000000000000000000000000000") # Operator Key
    KI_bin = stringToByte("00000000000000000000000000000000") # K
    SQN_bin= stringToByte("000023403500") # SQN 591410432
    # AMF ??
                         #"7D3D6804DB5480003F7A47FB35FA7285"
                         #"808182888485868788898A8B8C8D8E8F" K
                         #"97A167DED889B6DFA92D985D77E5C088" OP
    #calculate OPc
    KI = binascii.unhexlify(byteToString(KI_bin))
    aesCrypt = AES.new(KI, mode=AES.MODE_CBC, IV=IV)
    data = binascii.unhexlify(byteToString(OP_bin))
    ## OCc = encAES(OP) xor OP
    OPc =  xor_strings(data, aesCrypt.encrypt(data)) 
    OPc_bin = stringToByte(OPc)

    print "OP: \t%s" % b2a_hex(OP_bin)
    print "KI: \t%s" % b2a_hex(KI_bin)
    print "OPc:\t%s" % b2a_hex(OPc_bin)

    imsi = u.get_imsi()
    print "USIM card with IMSI %s" % imsi
    print "AUTS:\t%s" % b2a_hex(rand_bin)
Exemplo n.º 3
0
def handle_usim(options, rand_bin, autn_bin):
	u = USIM()
	if not u:
		print "Error opening USIM"
		exit(1)

	if options.debug:
		u.dbg = 2;

	imsi = u.get_imsi()
	ret = u.authenticate(rand_bin, autn_bin, ctx='3G')
	if len(ret) == 1:
		print "AUTS:\t%s" % b2a_hex(byteToString(ret[0]))
	else:
		print "RES:\t%s" % b2a_hex(byteToString(ret[0]))
		print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
		print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
		if len(ret) == 4:
			print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
Exemplo n.º 4
0
def handle_usim(options, rand_bin, autn_bin):
    u = USIM()
    if not u:
        print "Error opening USIM"
        exit(1)

    if options.debug:
        u.dbg = 2

    imsi = u.get_imsi()
    ret = u.authenticate(rand_bin, autn_bin, ctx='3G')
    if len(ret) == 1:
        print "AUTS:\t%s" % b2a_hex(byteToString(ret[0]))
    else:
        print "RES:\t%s" % b2a_hex(byteToString(ret[0]))
        print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
        print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
        if len(ret) == 4:
            print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
Exemplo n.º 5
0
		print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
		print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
		if len(ret) == 4:
			print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))

	#ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
	#if not len(ret) == 2:
	#	print "Error during 2G authentication"
	#	exit(1)
	#print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
	#print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))

if __name__ == "__main__":
	u = USIM()
	u.debug = 2
	imsi = u.get_imsi()

	s = socket.socket()
	host = socket.gethostname()
	#host = '192.168.2.254'
	port = 12345
	s.connect((host, port))
	authenticated = False
	status = 0

	while True:
		print "\n"
		if authenticated == False:
			if status == 2:
				print "## auth=false; status=2 - trying to send imsi+auts"
				s.send("3"+imsi+auts)
Exemplo n.º 6
0
        print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
        if len(ret) == 4:
            print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))

    #ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
    #if not len(ret) == 2:
    #	print "Error during 2G authentication"
    #	exit(1)
    #print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
    #print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))


if __name__ == "__main__":
    u = USIM()
    u.debug = 2
    imsi = u.get_imsi()

    s = socket.socket()
    host = socket.gethostname()
    #host = '192.168.2.254'
    port = 12345
    s.connect((host, port))
    authenticated = False
    status = 0

    while True:
        print "\n"
        if authenticated == False:
            if status == 2:
                print "## auth=false; status=2 - trying to send imsi+auts"
                s.send("3" + imsi + auts)