Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Indigo

Pages: [1]
1
Sorry Ioana that particular computer is air gapped so I have to copy each character at a time onto paper then type it back up on another computer.
Anyway I believe I found the problem.

So I found the "do_comp128" program/algorithm and in the log I found the message going to the phone "the random number(challenge)" and the hex value coming back, the "SRES(response)".  I then ran the "do_comp128" algorithm using the random number(challenge) and the Ki I had been provided with the Sim Cards.  What I got back did not match the SRES(response) coming back to the yatebts from the cell phones.  I contacted who had provided me with the sim cards and they assured me they program all their sim cards with that particular Ki.  Is there any possibility that I still have the right Ki, even though I ran the Ki and the random number through "do_comp128" and it did not equal the SRES?

If there is I can copy more of the log and post it next forum post.

Also, whenever I set "ki=*" in subscribers.conf for each handset it results in a rejection cause of failure and returns false from 'gsm.auth' in the logs.  Am I setting this at the right place or the right way in order to disable authentication?

Thanks again

2
So I enabled:

"debug mbts level 10"
"debug transceiver level 10"
"sniffer on"
"debug on"
"color on"
"output on"

In the telnet terminal to increase my debugging ability, and this is what I originally got:

Code: [Select]
<nib:INFO>Got user.register for imsi=001... tmsi=''
<nib:INFO>Searching imsi in subscribers

Sniffed 'gsm.auth' time=...
thread=0x... 'YBTSLocUpd'
data=(nil)
retval='(null)'
param['protocol']='comp128'
param['ki']='001122...FF'
param['op']=''
param['rand']='16e0f...'
Returned false 'gsm.auth' delay=...
thread=0x... 'YBTSLocUpd'
data=(nil)
retval='(null)'
param['protocol']='comp128'
param['ki']='001122...FF'
param['op']=''
param['rand']='16e0f...'
Returned false 'user.register' delay=...

After a lot of troubleshooting and looking at other files I happened to view the README file in the yatebts folder which said to enter "gsm_auth.sh" in the [scripts] section of 'extmodule.conf'.  Not sure why they ask you to enter "gsm_auth.sh=" with nothing after it in the tutorial/wiki setup and the significance of the equals there?  Anyway I may have had "gsm_auth.sh=" in the wrong place in "extmodule.conf", now I just have "gsm_auth.sh" without the equals in the [scripts] section.

However, now when I run it I get this:

Code: [Select]
Returned true 'gsm.auth'
thread=0x... 'YBTSLocUpd'
data=(nil)
retval='(null)'
param['protocol']='comp128'
param['Ki']='001122...FF'
param['op']=''
param['rand']='6d7...'
param['handles']='gsm_auth:95'
param['sres']='922...'
param['Kc']='D8E9...'
Returned false 'user.register' delay=...
thread=0x... 'YBTSLocUpd'
data=(nil)
retval='(null)'
param['driver']='ybts'
param['username']='001...'
param['imsi']='001...'
param['handlers']='monitoring:1, javascript:80, regfile:100, monitoring:1, javascript:80, regfile:100, monitoring:1, javascript:80, regfile:100'
param['auth.rand']='6d7...'
param['auth.response']='f4aa...'
param['error']='noauth'
<ybts:NOTE>Location updating TMSI= IMSI=001... : rejecting authentication [0x7f...]
<ybts-signaling:INFO>Sending [0x...]
------------------------------------
Primitive: L3Message
Info: 0
Connection: 1

<MM>
<Message type="AuthenticationReject"/>
</MM>
------------------------------------
<ybts-signaling:ALL>Releasing connection (0x7f...,1) (0x207...)
<ybts-signaling:INFO>Sending (0x207...)
------------------------------------
Primitive: ConnRelease
Info: 0
Connection: 1
------------------------------------
<ybts:ALL>Location updating thread for (0x7f...) TMSI= IMSI=001... terminated [0x7f...]

So now at least I am getting to the next step in the logs...
However, it still won't register...
Any advice on what to fix from here?
I'm confused because it is returning true from "gsm.auth" yet it's sending back an Authentication Rejection Message.


Thanks in advance

3
When setting up the YateBTS and JavaScript NIB I ran through the initial configuration setup in the Wiki.
One of the lines told me to set "gsm_auth=" in the extmodule.conf
However, it never gave me the options of what to set it to.

I attempted to locate the nib_auth.sh file on my computer, however, running "locate nib_auth.sh" returned nothing.
I also ran the command "external info" in telnet and nothing came up besides the cursor just returning to the next line.
I also tried setting the ki to * "ki=*", and still had the same results of a rejectCause of failure.

Note, does it matter that I am using 2g here when configuring the IMSI's in the configuration files?

Perhaps I overlooked something trivial in the initial configuration?

I will attempt to further debug the issue, following your suggestion of enabling the sniffer.

Thanks for the insight and the help.

4
When I program a SIM card into the BTS station it still gets rejected but the reason is "failure" instead of "location-area-not-allowed".  Below is a short abbreviated log of what is happening.

Thanks in advance.



   
<ybts-signaling>Received
..............................................
Primative: Physical Info
Info: 0
Connection: 1

<PhysicalInfo>TA=0 TE=0.004 UpRSSI=1 TxPwr=33 OnRSSIdbm=-111 time=...</PhysicalInfo>
..............................................
<ybts-signaling:INFO>Received
...............................................
Primative: L3 Message
Info: 0
Connection: 1

<MM>
   <SkipIndicator>0</SkipIndicator>
   <NSD>0</NSD>
   <Message type="LocationUpdatingRequest">
      <LocationUpdatingType>
         <FOR>false</FOR>
         <LUT>normal-location-updating</LUT>
      </LocationUpdatingRequest>
      <CipherKeySequenceNumber>no-key/reserved</CipherKeySequenceNumber>
      <LAI>
         <PLMNidentity>00101</PLMNidentity>
         <LAC>fffe</LAC>
      </LAI>
      <MobileStationClassmark>
         <RFPowerCapability>class4</RFPowerCapability>
         <RevisionLevel>GSM-phase2</RevisionLevel>
         <Flags>ES-IND</Flags>
      </MobileStationClassmark>
      <MobileIdentity>
         <IMSI>001010000098895</IMSI>
      </MobileIdentity>
   </Message>
</MM>
.................................................
<ybts-signaling:ALL>Added Connection
<ybts-mm:ALL>HandlingLocationUpdatingRequest
<ybts-mm:ALL>Added UE      
<ybts-signaling:ALL>Connection 1 set UE
<ybts:ALL>Started Location Updating Thread
<nib:INFO>Got user.register for.... terminated
<ybts-mm:ALL>UE... register failed
<ybts-signaling:INFO>Sending
.................................................
Primative: L3 Message
Info: 0
Connection: 1

<MM>
   <Message type=LocationUpdatingReject>
      <RejectCause>failure</RejectCause>
   </Message>
</MM>







After this the BTS station releases the connection.

Pages: [1]