Matheus Eduardo Garbelini

@cemaxecuter @SirhaXalot_ @signalensradio Thanks a lot. So my colleague attempted on a Orangepi 5 and Raspberry pi 5 first. It seems the board cannot keep up in real-time due to missing use of ARM simd extensions in the code base.

@MatheusGarbelin @SirhaXalot_ @signalensradio I noticed this on LTESniffer. In the case of LTESniffer the code was “tricked” by me building a prebuilt fftw bin and placing it where it was looking for it. Maybe something similar can be done for your sniffer. I have to try soon on the docker, excited to run it asap.

Might have to test this on ARM and maybe bundle it in to the WarDragon MP. Because what’s better for sniffing 5G than one B210-like SDR?
👉 Two B210-like SDRs. 😎 github.com/asset-group/Sn… (thanks for the tip @SirhaXalot_) @signalensradio

@cemaxecuter @SirhaXalot_ @signalensradio Ah, thanks a lot for the this. Shijie mentioned that he experienced a slow startup indeed. Will check whether we can include this prebuilt fftw wisdom files in the arm build somehow. Other than that, are you able to sniff in real-time, or experiencing overflows?

If you notice what seems like a forever start time it’s very possible you’re experiencing the extreme slow building of the fftw file in arm. I end up having to pre build one with all the sizes expected and reference its use instead of waiting for it to be generated. Just a heads up.

@cemaxecuter @SirhaXalot_ @signalensradio Hum, I don't think we use. The fft processing if done the same as with the FFTW library used by srsran codebase

@MatheusGarbelin @SirhaXalot_ @signalensradio I think you may want like the Jetson Orin Nano or higher. Is there any use of an fftw wisdom file that you know of in your project?

@cemaxecuter @SirhaXalot_ @signalensradio Yeah, it would be very interesting to see a portable 5G sniffer on the field with a live Wireshark View of the TDD MAC-NR payload :)

@cemaxecuter Awesome, did you have to change the OAI config file to make 5Ghoul work with LibreSDR or had to change some code?

5Ghoul w/ LibreSDR against vulnerable modem ✅ (had to swap out docker b210 bin)..

Full house today in the #5Ghoul demo session at #defcon32 . Thanks @poppopretn for the picture and we had the best badge in our career so far 😀. Great feedback and questions, all slides will be posted in #5Ghoul website soon. #5gsecurity #cybersecurity #Wireless

@SecureAerospace We need to order online in front of staff? Can't we just purchase online and collect today?

Must be present to purchase a badge thru Eventbrite.

@SecureAerospace Do we buy online and then present some code at Aerospace Village?

BADGE UPDATE. ONLY IF YOU’RE at DEF CON 32 LIMITED QUANTITY available here eventbrite.com/e/aerospace-vi… No code, please don’t show up. There is zero chance you will get one today. Please watch here for post event sales options. Thank you for your patience. ❤️

@cemaxecuter We already left unfortunately, but maybe next year we will be back haha.

@MatheusGarbelin I gotta leave late tonight unfortunately. You around now?

Apparently I missed the 5Ghoul talk this morning 🤦‍♂️

Launching attacks against 5G devices employing Qualcomm and Mediatek chipsets from a rogue base station (gNB). Thanks @cemaxecuter for demonstrating 5Ghoul.

@cemaxecuter Nice, it was a great collaboration. Your video also gave us tons of great feedback that we are planning to address into future commits, particularly around SIM card issues.

Excited my video made it to the 5Ghoul project page, but what really captivates me is diving into the project itself. The README alone has loads of cool things I want to try. Plus, I still want to incorporate my GL-INET router w modem + docker_open5gs. github.com/asset-group/5g…

@cemaxecuter Awesome, thanks

It’s amazing how much better the recording looks this time. Started from scratch again and the attack/exploit seems to work just fine. I’ll upload in the morning. #5ghoul

@cemaxecuter @andreascla1 Yes, that's because podman uses a different folder to save container images, volumes and configuration. Also, podman is daemon-less so it works fine with docker in the same system. At least this is my experience with it under Ubuntu so far.

@MatheusGarbelin @andreascla1 That’s pretty cool, in that setup can docker and podman coexist? I typically find myself sticking with docker since it seems maybe people are more flakier with the name. They seem to otherwise function nearly the same, but can’t both be installed system wide it seems.

When 5Ghoul's misbehaving in your tech-hood, who you gonna call? 😂 I swear I’m going to get this eventually… @PentHertz you have something connecting yet?

@cemaxecuter @cemaxecuter awesome. Thanks a lot for all your time put into this. Once your video is ready I can certainly link it to the 5Ghoul readme to help beginners. You also provided many useful feedback that can improve the quick-start experience.

Consider this a 5Ghoul setup “teaser”. Don’t mind the fact it’s 20+ minutes.. you might not be able to see everything but at least you can listen to my voice, right? Right?? 🤣 WarDragon 5Ghoul Quick Setup w/ 5G Exploit (B210, RM520N-GL) youtu.be/qjG_rMNjb4k

@cemaxecuter @andreascla1 Thanks for confirming. We are actually doing some trials here to see which one works best. Seems that installing podman is much easier via static binaries and it's possible to use it standalone rather than installing system wide.

@andreascla1 For the record @MatheusGarbelin I’m pretty certain Docker works perfectly fine 😄

@FlUxIuS @cemaxecuter @PentHertz @cemaxecuter indeed, modems allow you to configured allowed and preferred bands. This can be done either via AT commands or modem manager via mmcli as discussed here: #issuecomment-1880061819" target="_blank" rel="nofollow noopener">github.com/asset-group/5g… Note that the 5ghoul requires use of band n78 by default.

@cemaxecuter @PentHertz Look at the current BB configs, caps and bands. I forgot to add this refreshed presentation that could help: drive.google.com/file/d/1u7R2VR…

@PentHertz @cemaxecuter @PentHertz awesome. Thanks for your time in testing 5Ghoul. Hopefully this can improve security assessment for a range of other 5G equipment.

@cemaxecuter Yes we have some nice downgrades behaviors on MTK & Qualcomm and even some unexpected/non-documented on some mobile modules even for automotive. 😎