In telecom protocols, we generally break down traffic in two kinds: data traffic (your mobile data when browsing Internet, or your voice calls) and signalling traffic (all the rest: the exchange of information needed to authenticate your SIM, setup the channel for data, etc. It says that this packet was transmitted on the Broadcast Control CHannel (BCCH). Let’s look at the first highlighted field in the packet. ASN.1 is used for a lot of things: encoding SSL certificates, encoding data in your credit card, communication between aircrafts but most importantly everywhere in telecommunication networks. If you know about Protobuf, it’s just one of the less complex descendants of ASN.1. ASN.1 is a very old format (developed in the 80’s) that allows you to define data structures and fields using a special text language, and separately, to write code that will generate binary data that you can send on the network. Ok, what does the stuff displayed here mean?įirst, you should know that the data transmitted here is encoded using ASN.1. Near the beginning of the example capture, the first thing our phone does is switching from 4G to 3G (when the “Protocol” column of Wireshark starts to display “RRC”). In order to be able to provide a PCAP you can open in Wireshark, these frames are put after a GSMTAP header, a standard header that may contain 2G/3G/4G traffic (layer 2, 3 or upper, in addition to a few other possible things like SIM card communication). In 3G/4G the layer 3 protocol is RRC (Radio Resource Configuration Protocol), except for the user data itself. And the network says “sure, let’s first authenticate with the neat crypto supported by your SIM card”.Your phone says “what’s up, I got that SIM card and it can do cryptography (yes!), I got that phone serial number (IMEI) also, let me send/receive SMS / calls / Internet and allocate bits of radio frequencies”.Layer 3 ( network layer) is where all the interesting stuff is.In 3G/4G, the layer 2 is split up in two headers called RLC and MAC (which are typically < 10 bytes). tells whether what follows is encrypted and not.acknowledgment (“do you have received my important data? yes I have”).“this chunk of radio waves is not big enough for the bytes I’ll want to put into, I’ll use another later”), Layer 2 ( link layer, think like Ethernet header) is the network protocol that handles, in 3G/4G:.Layer 1 ( physical layer) is the way your phone schedules how radio waves are sent over the air (and it is a complex dance, as some neat tricks are required to optimize the usage of the radio spectrum).What QCSuper provides to you is layer 3 and above packets. This capture was realized on a Sony Xperia Z, switching manually between the 2G, 3G and 4G, generating SMS, calls and some data traffic. You could just run the tool and try to make sense of the displayed information, but for the sake of pedagogy, let’s first analyze some traffic together!ĭownload the example 2G/3G/4G capture (.pcap) You can see radio frames unfolding on your screen, and you are like Neo. Let’s say that you have a rooted Android phone (this is required for reading /dev/diag on the system), plugged in USB to your computer, and that you have downloaded QCSuper (and installed dependencies, everything is explained here). Today, we are proud to present QCSuper, an open-source tool that will enable you to passively capture raw 2G/3G/4G frames produced by your rooted Qualcomm-based Android phone or dongle, and produce a PCAP analyzable using Wireshark (in addition to a couple other input/output formats). I have discovered that most USB dongles with a Qualcomm processor exposed a special diagnostic protocol, called Diag (or DM, or QCDM – for Qualcomm Diagnostic monitor).But I have also discovered that this proprietary protocol was also present inside Android phones (through a device called /dev/diag) and it allowed a couple good things, such as obtaining raw captures of network air traffic or, in older models, reading/writing at arbitrary offsets of the radio chip’s memory (!). Lately, I have been playing with a 3G dongle – a small USB device enabling to connect to the mobile Internet. This helps a wider audience understand these underlying technologies and experiment first hand with these networks. Please note that this article is written to simplify and abstract many complex technical aspects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |