主题:【原创】论山寨手机与Android联姻的技术基础 -- 邓侃
我简单查了一下GSM协议,发现手机在线时会产生一个周期性改变的临时身份号TMSI防止有人从空中截获信号盗话,这个TMSI是由基站的鉴权中心AUC与SIM卡的IMSI,Ki等数据共同完成鉴权的。由于SIM卡上的数据是无线服务商私有的,所以联通的基站没法完成对移动手机的鉴权。同理,你的伪基站似乎也没有办法完全按照GSM协议鉴权。
是不是还有什么其他方法绕过去?类似于用voip绕过基站间通讯一样。
里面就有算Ki的程序。就是为了复制sim卡的。但新的sim加密
算法加强了,这种复制sim的方法不再有效。
你自己就是基站。你自己的基站就是鉴权中心。
Ki是和sim卡和电话号码相关的,是为了验证“手机”不会被copy.有人用copy的sim卡是可以截听信号的。但新一代sim加密
更严,大部分无法算出Ki。Ki主要是验证电话号码和sim卡号的
绑定.
而你自己就是基站,你是发出信号与sim验证的发起方。你不需要算这个Ki。
算Ki是为了copy sim卡,自己伪装成某个电话号码。这个问题对伪基站是没有的。
当然如果伪基站要跟其他移动基站连接,可能是要另外验证的。但你不需要再连入其他移动基站,你直接呼叫voip
这只是小孩自己玩的,没人指望出什么名堂,google跟这个没关系。
频段什么的都不对,而且GSM已经是几十年前的旧技术了。
google指望的是空白频道,以后可以做运营商。
http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=1&partner=rss&emc=rss
BERLIN — A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.
The action by the encryption expert, Karsten Nohl, aimed to question the effectiveness of the 21-year-old G.S.M. algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of mobile calls worldwide. (The abbreviation stands for global system for mobile communication.)
“This shows that existing G.S.M. security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin. “We are trying to push operators to adopt better security measures for mobile phone calls.”
另外感兴趣的可以去看看这两个。
http://en.wikipedia.org/wiki/A5/1#Attacks_on_A5.2F1_as_used_in_GSM
http://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
是否可以有劳三友兄写个帖子,详细介绍一下OpenBTS?
大家先了解清楚,然后再判断这个东东是否有潜力。如何?
听这个问题一般不大,反正干的人不少,据说在发达国家的媒体就经常“窃听”警用频道,这样有什么突发事件能第一时间赶赴现场。国外的问题不在你做了还是没做,核心的问题是不能让检方合法地取证。但在中国就有点麻烦,关键是国内警方的取证不那么规矩。
暴力破解问题在北美是非法的,欧洲的某些国家现在是不非法,中国也是不非法。
除了这个开源的以外,还有运营商商品化的例子。
att用这个东西弥补空白点, Microcell
http://gizmodo.com/5363880/att-3g-microcell-site-live-home-base-station-boosts-spotty-coverage
http://gizmodo.com/5363938/att-microcell-3g-should-users-in-known-dead-spots-get-one-free
如果你住在基站信号不好的地方,可以买一个这种小基站在家里或办公室,就不要运营商的基站了,直接连internet voip.
用这个打电话可以省点钱,att可以省一点基站的频道。
中国做一个有一点点用。生产山寨4频手机销往美国的,可以用这个测试一下能否入网。或者住在乡下信号差的地方可以用用。但中国有互联网入户连接线而没有手机信号的情况几乎不存在。
或者美国华人回国可以带一个,把美国的手机机继续在中国用。不过只能在家周围用用。
其他想不出有什么用了。
能有一个小范围BTS的应用就足够好。
能不能介绍一下OpenBTS的技术?作为工程师,我们先搞搞明白技术实现原理是什么。想明白了技术问题,找应用场景,就水到渠成了。
好文。现在联发科的确是一支不可忽视的力量了,以前不太关注,以后要多关心了。尤其是MTK拜了高通的码头以后,对于不少中国的企业来说,也许算一个坏消息吧。
PS,
CISC早于RISC,RISC的初衷很大程度上就是为了取代CISC,当然之后的发展就复杂了。建议修改一下原文。
In the late 1950s, faced with the need to rationalize it's computer product lines, IBM instituted a research program having the objective of creating a range of software compatible computers that would also capture its existing software investments. The result, introduced on April 7, 1964 was the System/360, the first commercially available microprogrammed computer architecture (latter to become known as complex instruction set computer, or CISC architecture). The success of System/360 resulted in CISC architectures dominating computer, and later microprocessor, design for two decades.
However, the ability to incorporate any instruction which could be microprogrammed turned out to be a mixed blessing. During the mid-1970s, improved performance measurement tools demonstrated that the execution of most application programs on CISC-based systems was dominated by a few simple instructions, and the complex ones were seldom used. As a result, in October 1975 the project was initiated at IBM's Watson Research Center which, four years later gave birth to a 32-bit RISC microprocessor named for the building in which it was developed. In the immortal words of Joel Birnbaum, the first leader of the 801 project and later designer of the PA-RISC architecture: "Engineers had guessed that computers needed numerous complex instructions in order to work efficiently. It was a bad guess. That kind of design produced machines that were not only ornate, but baroque - even rococo."
提醒得好,是我写文章考据不细。
明天修改,今天实在有点累了。
GNU Radio是个好东西,其实就是一个软件无线电平台,关键是可以用C来描述功能逻辑,比起用vhdl或是verilog来,减低了入门门槛。
自动编译后可以download到Universal Software Radio Peripheral (USRP,GNU Radio的硬件平台)上的FPGA里,然后就是标准的软件无线电平台了,信号模拟话,上变频到射频,滤波,到天线。
基本上用这个东西可以做出所有的无线平台来,有兴趣可以看看这两年的sigcomm,好几篇经典paper都是基于这个平台的。可以自己优化802.11, 802.15.4添加自定义功能。
去年下半年跟老板说了这东西,老板同意今年看哪个funding有余的,买几个回来玩玩。呵呵
多谢提醒!
能不能给几个链接,大家一起读读,然后讨论讨论?