ss7-attack-and-its-counter-measuresFinally, Today I’m Just going to show you tutorial on installing and using ss7 tools without building full program.

i’m using telscale opensource ss7 stack in here, which is compiled by akib sayyed. you don’t have to do anything like building it or downloading lots of tools,This tool is in Java .jar format.

Requirements:
* Linux OS with SCTP support
* JRE 1.7(Java SE Runtime Environment) or above
Here is the link to download SS7 accessment tool: SS7 Accessment
And Here Is The Link To Download JRE8 (Java SE Runtime Environment): Java SE Runtime Environment 
JDK 7u6 latest releases include JavaFX SDK (version 2.2 or later). You Have To Get JavaFX SDK and Runtime installed and integrated into the standard JDK directory structure.

For information about how to work with JavaFX, see Check Here
Now for the Installation of the 64-bit JRE on Linux Platforms
THIS PROCEDURE INSTALLS THE JAVA RUNTIME ENVIRONMENT (JRE) FOR 64-BIT LINUX, USING AN ARCHIVE BINARY FILE (.TAR.GZ). THESE INSTRUCTIONS USE THE FOLLOWING FILE:
*  jre-8uversion-linux-x64.tar.gz
Download that file. Before the file can be downloaded, you must accept the license agreement. The archive binary can be installed by anyone (not only root users), in any location that you can write to. However, only the root user can install the JDK into the system location.), Now Change the directory to the location where you would like the JDK to be installed, then move the .tar.gz archive binary to the current directory.
Unpack the tarball and install the JRE:
% tar zxvf jre-8uversion-linux-x64.tar.gz
The Java Development Kit files are installed in a directory called jdk1.8.0_version in the current directory.
Delete the .tar.gz file if you want to save disk space.
Now, Extract the safeseven files to your home directory.
Now Open WireShark.(well, wireshark is preinstalled in Kali Linux)
Choose “SCTP” Protocol & Start capturing data packets.
Then Open Terminal. I’m Writing Here Few Commands For Using the Java .Jar Files;
Before Running Client On Actual Any Ss7 Network
Make sure you Edit client_config file
(Edit Details of Orange Marked Area)
“` //Client
SERVER_IP=“IP of STP you are connecting to”
CLIENT_IP=“IP address provisioned for you in STP”
SERVER_PORT=“STP port” CLIENT_PORT=“client provisioned port” IS_SERVER=FALSE “should be always false” Local_SPC=“point code assigned to you” Remote_SPC= “point code of STP” Local_SSN=“local ssn” Remote_SSN=“remote ssn” Routing_Context=“routing context assigned to you by STP” NETWORK_INDICATOR=“Network indicator”
Local_GT=”Local global title assigned to you”
Remote_GT=”remote Global title you are testing” “` “Network indicator” Local_GT=”Local global title assigned to you”
Remote_GT=”remote Global title you are testing” “`

 Commands For Simulating SS7 Network

 Simulating HLR: java -jar server.jar hlr_config
Simulating MSC/VLR: java -jar server.jar vlr_config
Running STP: java -jar STP.jar stp_config

 Commands For Running SafeSeven

MS Related Operations:java -jar SMS.jar client_config
USSD Related Operations:java -jar ussd.jar client_config
Call Related Operations: java -jar Call_Handling.jar client_config
Mobility Related Operations:java -jar Mobility.jar client_config
Mobility Related Operations:java -jar Mobility.jar client_config
Here Are Some Steps To Intercepting SMS By Using MapSMS.jar:

ss7-toolStep 1

1.Attacker sends request SendRoutingInfoForSM addressing MAP(Mobile Application Part) message by MSISDN(Target Phone Number)
2.HLR(Home Resource Locater) replies with: own address, serving MSC address, IMSI(The International Mobile Subscriber Identity (IMSI) is an internationally standardized unique number to identify a mobile subscriber. The IMSI is defined in ITU-T Recommendation E.212.
The IMSI consists of a Mobile Country Code (MCC), a Mobile Network Code (MNC) and a Mobile Station Identification Number (MSIN).)

Step 2. 
1. Attacker registers Target Phone Number On the fake MSC
2. HLR sets up new location for our target number
3.HLR asks real MSC to release a memory
Step 3. 
1. Someone sends SMS to Target Number
2. MSC translates the SMS to SMS-C
3. SMS-C requests HLR for Target number’s location
4. HLR replies with a fake MSC address
5. SMS-C translates SMS to the fake MSC &
Your Wireshark captures SMS And That’s just all,
But Some Will find this uneasy to install that is why I said Ss7 tool is for pro hackers, so if you have problem with installation kindly comment here.
So if you want to explore and  develop on this by your self so you can download following program:
1. Eclipse Javascript IDE Download
2. Xampp Download For Linux
3. JDK (Java Development Kit) 8 Download

6 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here