wgreenberg
commented
8 months ago https://musec.github.io/rusty-shark/rshark/index.html looks promising?
Closed wgreenberg closed 6 months ago
wgreenberg
commented
8 months ago https://musec.github.io/rusty-shark/rshark/index.html looks promising?
wgreenberg
commented
7 months ago the above options require bundling some external library (libosmocom, libwireshark, etc). but if we generate a parser from the LTE ASN.1 definitions themselves, we should be able to parse everything in-binary.
i'm finding it hard to find the ASN.1 definitions by themselves, but 3GPP has them embedded in the massive microsoft word docs that make up the official spec (https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2440), and there's also some other org that claims to have extracted them and generated parsers: https://obj-sys.com/products/asn1apis/lte_3gpp_apis.php#lte_4g_apis
wgreenberg
commented
7 months ago seems like generating an RRC parser w/ hampi (https://github.com/ystero-dev/hampi) yields results similar to wireshark's dissection! i think something like this'll be the most promising way forward
Currently we let wireshark's GSMTAP parser handle decoding our various message payloads, but if we want to do on-device analysis, we're gonna need to find a way to do this in-process.
It'd be nice if we didn't have to rewrite all of the parsing stuff done by wireshark (e.g. https://github.com/wireshark/wireshark/tree/master/epan/dissectors/asn1/lte-rrc, https://github.com/wireshark/wireshark/blob/b1e900496cf32a34f988a4c8ca12f445204d88fd/epan/dissectors/packet-gsmtap.c#L297), maybe there's a rust library to do parsing over FFI?