[GITLAB] - A technical upgrade is planned on Thursday the 1st of July at noon on our GITLAB server.

Commit 9d05a9a3 authored by Robert Schmidt's avatar Robert Schmidt

track IMSIs by decoding NAS messages

Original Author: Xenofon Foukas
Changed formatting
does not compile
RS: cast to get rid of compiler warning
-> ImsiEpsMobileIdentity_t to ImsiMobileIdentity_t which is defined the same
way
parent ef78dcde
......@@ -59,6 +59,10 @@
#include "gtpv1u_eNB_task.h"
#include "RRC/LITE/rrc_eNB_GTPV1U.h"
#include "TLVDecoder.h"
#include "S1ap-NAS-PDU.h"
#include "flexran_agent_common_internal.h"
extern RAN_CONTEXT_t RC;
/* Value to indicate an invalid UE initial id */
......@@ -542,6 +546,74 @@ rrc_eNB_send_S1AP_UPLINK_NAS(
S1AP_UPLINK_NAS (msg_p).nas_pdu.length = pdu_length;
S1AP_UPLINK_NAS (msg_p).nas_pdu.buffer = pdu_buffer;
/* Process NAS message locally to get the IMSI */
nas_message_t nas_msg;
memset(&nas_msg, 0, sizeof(nas_message_t));
int size = 0;
uint32_t pdu_len = S1AP_UPLINK_NAS (msg_p).nas_pdu.length;
uint8_t *pdu_buff = malloc(pdu_len * sizeof(uint8_t));
memcpy(pdu_buff, S1AP_UPLINK_NAS (msg_p).nas_pdu.buffer, pdu_len * sizeof(uint8_t));
nas_message_security_header_t *header = &nas_msg.header;
/* Decode the first octet of the header (security header type or EPS
* bearer identity, and protocol discriminator) */
DECODE_U8((char *) pdu_buff, *(uint8_t*) (header), size);
/* Decode NAS message */
if (header->security_header_type <= SECURITY_HEADER_TYPE_INTEGRITY_PROTECTED
&& header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE
&& pdu_len > NAS_MESSAGE_SECURITY_HEADER_SIZE) {
if (header->security_header_type != SECURITY_HEADER_TYPE_NOT_PROTECTED) {
/* Decode the message authentication code */
DECODE_U32((char *) pdu_buff+size, header->message_authentication_code, size);
/* Decode the sequence number */
DECODE_U8((char *) pdu_buff+size, header->sequence_number, size);
}
if (size > 1) {
pdu_buff += size;
pdu_len -= size;
}
/* Decode plain NAS message */
EMM_msg *e_msg = &nas_msg.plain.emm;
emm_msg_header_t *emm_header = &e_msg->header;
/* First decode the EMM message header */
int e_head_size = 0;
/* Check the buffer length */
if (pdu_len > sizeof(emm_msg_header_t)) {
/* Decode the security header type and the protocol discriminator */
DECODE_U8(pdu_buff + e_head_size, *(uint8_t *)(emm_header), e_head_size);
/* Decode the message type */
DECODE_U8(pdu_buff + e_head_size, emm_header->message_type, e_head_size);
/* Check the protocol discriminator */
if (emm_header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE) {
pdu_buff += e_head_size;
pdu_len -= e_head_size;
if (emm_header->message_type == IDENTITY_RESPONSE) {
decode_identity_response(&e_msg->identity_response, pdu_buff, pdu_len);
if (e_msg->identity_response.mobileidentity.imsi.typeofidentity == MOBILE_IDENTITY_IMSI) {
ue_context_pP->ue_context.imsi = compute_imsi(&(e_msg->identity_response.mobileidentity.imsi));
}
}
pdu_buff -= e_head_size;
if (size > 1) {
pdu_buff -= size;
}
}
}
}
free(pdu_buff);
itti_send_msg_to_task (TASK_S1AP, ctxt_pP->instance, msg_p);
}
}
......@@ -563,16 +635,82 @@ rrc_eNB_send_S1AP_UPLINK_NAS(
&ulInformationTransfer->criticalExtensions.choice.
c1.choice.ulInformationTransfer_r8;
if (ulInformationTransferR8->dedicatedInfoType.
present ==
ULInformationTransfer_r8_IEs__dedicatedInfoType_PR_dedicatedInfoNAS)
if (ulInformationTransferR8->dedicatedInfoType.present ==
ULInformationTransfer_r8_IEs__dedicatedInfoType_PR_dedicatedInfoNAS) {
/* Process NAS message locally to get the IMSI */
nas_message_t nas_msg;
memset(&nas_msg, 0, sizeof(nas_message_t));
int size = 0;
uint32_t pdu_len = ulInformationTransferR8->dedicatedInfoType.choice.dedicatedInfoNAS.size;
uint8_t *pdu_buff = malloc(pdu_len * sizeof(uint8_t));
memcpy(pdu_buff, ulInformationTransferR8->dedicatedInfoType.choice.dedicatedInfoNAS.buf, pdu_len * sizeof(uint8_t));
nas_message_security_header_t *header = &nas_msg.header;
/* Decode the first octet of the header (security header type or EPS
* bearer identity, and protocol discriminator) */
DECODE_U8((char *) pdu_buff, *(uint8_t*) (header), size);
/* Decode NAS message */
if (header->security_header_type <= SECURITY_HEADER_TYPE_INTEGRITY_PROTECTED &&
header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE &&
pdu_len > NAS_MESSAGE_SECURITY_HEADER_SIZE) {
if (header->security_header_type != SECURITY_HEADER_TYPE_NOT_PROTECTED) {
/* Decode the message authentication code */
DECODE_U32((char *) pdu_buff+size, header->message_authentication_code, size);
/* Decode the sequence number */
DECODE_U8((char *) pdu_buff+size, header->sequence_number, size);
}
if (size > 1) {
pdu_buff += size;
pdu_len -= size;
}
/* Decode plain NAS message */
EMM_msg *e_msg = &nas_msg.plain.emm;
emm_msg_header_t *emm_header = &e_msg->header;
/* First decode the EMM message header */
int e_head_size = 0;
/* Check the buffer length */
if (pdu_len > sizeof(emm_msg_header_t)) {
/* Decode the security header type and the protocol discriminator */
DECODE_U8(pdu_buff + e_head_size, *(uint8_t *)(emm_header), e_head_size);
/* Decode the message type */
DECODE_U8(pdu_buff + e_head_size, emm_header->message_type, e_head_size);
/* Check the protocol discriminator */
if (emm_header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE) {
pdu_buff += e_head_size;
pdu_len -= e_head_size;
if (emm_header->message_type == IDENTITY_RESPONSE) {
decode_identity_response(&e_msg->identity_response, pdu_buff, pdu_len);
if (e_msg->identity_response.mobileidentity.imsi.typeofidentity == MOBILE_IDENTITY_IMSI) {
ue_context_pP->ue_context.imsi = compute_imsi(&(e_msg->identity_response.mobileidentity.imsi));
}
}
pdu_buff -= e_head_size;
if (size > 1) {
pdu_buff -= size;
}
}
}
}
free(pdu_buff);
s1ap_eNB_new_data_request (mod_id, ue_index,
ulInformationTransferR8->
dedicatedInfoType.choice.
dedicatedInfoNAS.buf,
ulInformationTransferR8->
dedicatedInfoType.choice.
dedicatedInfoNAS.size);
ulInformationTransferR8->dedicatedInfoType.choice.dedicatedInfoNAS.buf,
ulInformationTransferR8->dedicatedInfoType.choice.dedicatedInfoNAS.size);
}
}
}
}
......@@ -674,6 +812,78 @@ rrc_eNB_send_S1AP_NAS_FIRST_REQ(
rrcConnectionSetupComplete->dedicatedInfoNAS.buf;
S1AP_NAS_FIRST_REQ (message_p).nas_pdu.length = rrcConnectionSetupComplete->dedicatedInfoNAS.size;
// Process NAS message locally to get the IMSI
nas_message_t nas_msg;
memset(&nas_msg, 0, sizeof(nas_message_t));
int size = 0;
uint32_t pdu_len = S1AP_NAS_FIRST_REQ (message_p).nas_pdu.length;
uint8_t *pdu_buff = malloc(pdu_len * sizeof(uint8_t));
memcpy(pdu_buff, S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer, pdu_len * sizeof(uint8_t));
nas_message_security_header_t *header = &nas_msg.header;
/* Decode the first octet of the header (security header type or EPS
* bearer identity, and protocol discriminator) */
DECODE_U8((char *) pdu_buff, *(uint8_t*) (header), size);
/* Decode NAS message */
if (header->security_header_type <= SECURITY_HEADER_TYPE_INTEGRITY_PROTECTED &&
header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE &&
pdu_len > NAS_MESSAGE_SECURITY_HEADER_SIZE) {
if (header->security_header_type != SECURITY_HEADER_TYPE_NOT_PROTECTED) {
/* Decode the message authentication code */
DECODE_U32((char *) pdu_buff+size, header->message_authentication_code, size);
/* Decode the sequence number */
DECODE_U8((char *) pdu_buff+size, header->sequence_number, size);
}
if (size > 1) {
pdu_buff += size;
pdu_len -= size;
}
/* Decode plain NAS message */
EMM_msg *e_msg = &nas_msg.plain.emm;
emm_msg_header_t *emm_header = &e_msg->header;
/* First decode the EMM message header */
int e_head_size = 0;
/* Check the buffer length */
if (pdu_len > sizeof(emm_msg_header_t)) {
/* Decode the security header type and the protocol discriminator */
DECODE_U8(pdu_buff + e_head_size, *(uint8_t *)(emm_header), e_head_size);
/* Decode the message type */
DECODE_U8(pdu_buff + e_head_size, emm_header->message_type, e_head_size);
/* Check the protocol discriminator */
if (emm_header->protocol_discriminator == EPS_MOBILITY_MANAGEMENT_MESSAGE) {
pdu_buff += e_head_size;
pdu_len -= e_head_size;
if (emm_header->message_type == ATTACH_REQUEST) {
decode_attach_request(&e_msg->attach_request, pdu_buff, pdu_len);
if (e_msg->attach_request.oldgutiorimsi.imsi.typeofidentity == MOBILE_IDENTITY_IMSI) {
/* the following is very dirty, we cast from
* ImsiEpsMobileIdentity_t to ImsiMobileIdentity_t*/
ue_context_pP->ue_context.imsi = compute_imsi((ImsiMobileIdentity_t *)&(e_msg->attach_request.oldgutiorimsi.imsi));
} else {
ue_context_pP->ue_context.imsi = e_msg->attach_request.oldgutiorimsi.guti.mtmsi;
}
}
pdu_buff -= e_head_size;
if (size > 1) {
pdu_buff -= size;
}
}
}
}
free(pdu_buff);
/* Fill UE identities with available information */
{
S1AP_NAS_FIRST_REQ (message_p).ue_identity.presenceMask = UE_IDENTITIES_NONE;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment