search

mrlnc / LTE-ciphercheck

Check LTE Network Cipher Support -- over the air
GNU Affero General Public License v3.0
71 stars 33 forks source link

Could not attach to the network. Check configuration. #1

Closed r00tb3 closed 4 years ago

r00tb3 commented 4 years ago

Before filing an issue, search for solutions here:

Issue Description

I'm using an commercial SIM card with a pcsc based SIM card reader but I keep on getting the following error:

sudo ./srsue 
linux; GNU C++ version 7.4.0; Boost_106501; UHD_003.010.003.HEAD-0-gef157678

Reading configuration file /home/ubuntu16/.config/srslte/ue.conf...

Built-in Release mode using commit 4925f48a on branch sec_algo_test.

Opening 1 RF devices with 1 RF channels...
Opening USRP with args: type=b200,master_clock_rate=23.04e6
-- Detected Device: B200
-- Operating over USB 3.
-- Initialize CODEC control...
-- Initialize Radio control...
-- Performing register loopback test... pass
-- Performing CODEC loopback test... pass
-- Asking for clock rate 23.040000 MHz... 
-- Actually got clock rate 23.040000 MHz.
-- Performing timer loopback test... pass
Waiting PHY to initialize ... done!
Saving MAC PCAP file
Saving NAS PCAP file
Searching cell in DL EARFCN=39350, f_dl=2370.0 MHz, f_ul=2370.0 MHz
.
.
.
.
Found Cell:  Mode=TDD, PCI=133, PRB=100, Ports=4, CFO=-5.5 kHz
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
Could not attach to the network. Check configuration.

Saving MAC PCAP file
Saving NAS PCAP file
---  exiting  ---

Why am I not able to connect to the commercial network?

I've double-checked the EARFCN's used by the network and made changes in the ue.conf regarding the same.

Setup Details

OS: Lubuntu 18.06 x86_64 Hardware: Intel i7-3610QM 3.06ghz, 8GB RAM, 1TB HDD RF front-end: USRP B200 library and driver versions: 003.010.003(manually compiled) Network configuration: masqueraded the wi-fi interface of my machine.

Expected Behavior

I should be able to connect to the commercial network using the commercial SIM Card through the PCSC card reader.

Actual Behaviour

I'm receiving the following error...

Could not attach to the network. Check configuration.

Steps to reproduce problem

~$ sudo apt-get install git cmake libfftw3-dev libmbedtls-dev libboost-program-options-dev \
    libconfig++-dev libsctp-dev libpcsclite-dev pcsc-tools libuhd-dev
~$ git clone https://github.com/mrlnc/eia0.git
~$ cd eia0
eia0$ mkdir build && cd build
build$ cmake ..
build$ make -j `nproc` srsue

cp eia0/srsue/ue.conf.example ~/.config/srslte/ue.conf

nano ~/.config/srslte/ue.conf (Added the below paramters)

[pcap]
enable = true
filename = /tmp/sec_results/ue
nas_enable = true
nas_filename = /tmp/sec_results/nas

[usim]
mode = pcsc
#algo = xor
#opc  = 63BFA50EE6523365FF14C1F45F88737D
#k    = 00112233445566778899aabbccddeeff
#imsi = 001010123456789
imei = 353490069873319

eia0/build/srsue/src$ sudo ./srsue 
linux; GNU C++ version 7.4.0; Boost_106501; UHD_003.010.003.HEAD-0-gef157678

Reading configuration file /home/ubuntu16/.config/srslte/ue.conf...

Built-in Release mode using commit 4925f48a on branch sec_algo_test.

Opening 1 RF devices with 1 RF channels...
Opening USRP with args: type=b200,master_clock_rate=23.04e6
-- Detected Device: B200
-- Operating over USB 3.
-- Initialize CODEC control...
-- Initialize Radio control...
-- Performing register loopback test... pass
-- Performing CODEC loopback test... pass
-- Asking for clock rate 23.040000 MHz... 
-- Actually got clock rate 23.040000 MHz.
-- Performing timer loopback test... pass
Waiting PHY to initialize ... done!
Saving MAC PCAP file
Saving NAS PCAP file
Searching cell in DL EARFCN=39350, f_dl=2370.0 MHz, f_ul=2370.0 MHz
.
.
.
.
Found Cell:  Mode=TDD, PCI=133, PRB=100, Ports=4, CFO=-5.5 kHz
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
Could not attach to the network. Check configuration.

Saving MAC PCAP file
Saving NAS PCAP file
---  exiting  ---

Additional Information

A humble request can you pls share what changes did you make in the eia0 code compared to the vanilla srslte code?

I'm finding it difficult to understand the code would like to have the diff view and understand your implementation.

mrlnc commented 4 years ago

Check if you can connect with srsLTE.

The implementation is pretty dumb actually, just changing the Security Capabilities and repeatedly performing attach requests. Check out the git commits for a full diff.

I'll rebase onto the latest release soon.

r00tb3 commented 4 years ago

Check if you can connect with srsLTE.

I don't have another USRP to check the same.

Check out the git commits for a full diff.

Huh, I'm trying using different tools for diffing.

I'll rebase onto the latest release soon.

Till when can I expect the rebase to master branch?

Regards.

WingPig99 commented 3 years ago

@r00tb3 Hi, have you solved this problem? I'm facing this problem. Could you give me some idea to solve it?

Found Cell:  Mode=TDD, PCI=0, PRB=15, Ports=1, CFO=4.1 KHz
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
Enabling subframe interpolation for TDD cells (recommended setting)
mrlnc commented 3 years ago

You could try with an unmodified version of srsRAN. The SRS team makes very significant progress with every release - especially improving the reliability and ability to connect to many different cell configurations.

The LTE-ciphercheck patches are rather small actually, but it is hard to keep track with srsRAN.

If the vanilla srsRAN works for you, you can just manually change the cipher selection. In the meantime, srsUE added a configuration option for that:

# eia:               List of integrity algorithms included in UE capabilities
#                      Supported: 1 - Snow3G, 2 - AES
# eea:               List of ciphering algorithms included in UE capabilities
#                      Supported: 0 - NULL, 1 - Snow3G, 2 - AES

https://github.com/srsran/srsRAN/blob/master/srsue/ue.conf.example#L186

Some modification would be required to make srsUE connect with EIA0. I think this line discards EIA0 from configurations: https://github.com/srsran/srsRAN/blob/c950209902e28b7a3eb8724943ed5e3167f05d29/srsue/src/stack/upper/nas.cc#L76

By just changing these two lines, you could see if networks allow EEA0 and EIA0.

joeldelosangeles commented 3 years ago

Do you have experiences where the phone needs to be manually connected to the network and automatic network selection either works, takes a long time, or does not work at all?

mrlnc commented 3 years ago

Not sure what you're referring to. If your actual smartphone fails to connect, this tool won't help you. If you're having trouble connecting the "ciphercheck" to the network, I suggest try the comment above and check with vanilla srsRAN.