Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cellphone Forensic Software Open Sourced

Posted by michael on from the copying-jason-bourne dept.

Niek writes "The Netherlands Forensic Institute (part of the Dutch Ministry of Justice) has open sourced one of their high-profile software frameworks, TULP2G. With this BSD licensed framework, one can extract and decode all data from GSM SIM cards, e.g. called phone numbers and received SMS messages. This was previously only possible with commercial software. Dutch press release, Powerpoint presentation. Earlier this year, the Dutch government GPLed their online election software."

23 comments

  1. I think I speak for all of us when I ask... by Anonymous Coward · · Score: 3, Funny

    Just one question before I pack my bags. Is broadband cheap in the netherlands?

    1. Re:I think I speak for all of us when I ask... by davez0r · · Score: 1

      Word. I don't usually like to make gross generalizations (was that one right there?), but I think Holland is making an exceptional case for itself as being a Better Place (TM).

    2. Re:I think I speak for all of us when I ask... by bhima · · Score: 0

      YES!

      --
      Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
    3. Re:I think I speak for all of us when I ask... by Umbral+Blot · · Score: 2, Insightful

      in all seriousness this does seem like a wonderfule thing, but does anyone know why their government is so supportive of open-source? My guess would be that their government has less pressure/influence from coperations, and thus does not share a corperation's closed-source paranoia like ours (America) does.

      --

      Philosophy.
    4. Re:I think I speak for all of us when I ask... by zootread · · Score: 3, Funny

      Just one question before I pack my bags. Is broadband cheap in the netherlands?

      Yes, and so is the weed :)

      --
      Zoot!
    5. Re:I think I speak for all of us when I ask... by raider_red · · Score: 2

      Yes, and so is the weed :)

      Not to mention the hookers. ;)

      --
      It's good to use your head, but not as a battering ram.
    6. Re:I think I speak for all of us when I ask... by Anonymous Coward · · Score: 0

      does anyone know why their government is so supportive of open-source?

      Why wouldn't it be? If it's going to invest in the development of something, surely it is the property of the public rather than locked away where people have to pay for it again.

      In my opinion, you need to justify the opposite - why would a government spend taxpayers' money on developing software, and then hide it from them or make them pay for it twice?

  2. hardware ? by johnjones · · Score: 1, Interesting

    ok so you still need a sim reader right ?

    where do I get one of those I am in the uk

    plus I am looking into recording GSM signals has anyone got any advice ?

    regards

    John Jones

    1. Re:hardware ? by raider_red · · Score: 2, Informative

      Would a regular smart card reader work?

      If not, I found this from a quick search on Google

      --
      It's good to use your head, but not as a battering ram.
    2. Re:hardware ? by chochos · · Score: 2, Informative

      I talked to some tech people from a smart card company a couple of months ago and from what I understood, a regular smart card reader can read SIM cards, as long as you have the software for it... which now you have...

      --
      Go hug some trees.
    3. Re:hardware ? by cuteseal · · Score: 1
      G'day John... regarding the SIM reader, I saw this recently:
      http://www.mrgadget.com.au/catalog/product_info. php/products_id/558

      Ships within australia only, but I'm sure you can find it somewhere else.

      --

      The friendliest digital photography forums on the net!

    4. Re:hardware ? by RiBread · · Score: 1


      try an e-Mobile SIM card reader, http://www.kinforce.com/en/ArticleShow.asp?Article ID=34 , about $20 off ebay.

      Since you can use this open source application it won't need to bother with the crappy software the sim reader comes with.

      You can read my short comments regarding it in my blog

  3. Before you think of packing by SmallFurryCreature · · Score: 3, Informative
    Read up on the history of Pim Fortuyn.

    The netherlands has gotten used to something called coalition goverment. Unlike the US or england we got a lot of parties ranging from (when I was young) to extreme left to extreme right. To be sure both extremes were tiny but they were there with a seat in the goverment after some elections (we are talking really really small here).

    So to get a majority the biggest partie would form a coalition with smaller parties and agree on a common policy to govern the country with. A bit of give and take.

    This type of goverment was applied also the other areas like the eternal war between goverment industry and unions. Basically for a long time these three social partners talked and achieved a sort of middle ground everyone could live with. By and large it worked or perhaps more accurate failed to fail. Think of it like this. If an action is certain to lead to disaster but there is something opposite of it stopping the disaster from happening then all seems good. The counter action was the growing economy. After the bubble this counter failed and so the polder model started to slide.

    The partnership of goverment industry and unions can be reflected in political alignment. Unions are of course on the left wanting the best for the common worker. Industry is on the right wanting the best for their shareholders. Goverment are the liberals in the middel wanting both happy workers and happy shareholders but also things like freedom, a clean enviroment etc etc. (Unions are not anti-enviroment just as long as it doesn't cost jobs and business is not anti freedom as long as it cut profits).

    With the economy going down all of sudden things started to go wrong. Money was no longer growing on trees (the netherlands is a fairly rich country with a varied export market and a positive trade balance BUT it is also small and very sensitive to other economies. Shipping relies mostly on trade other countries do, construction on projects in other countries, export obviously on other countries).

    The current goverment has forced through cuts and savings that are widely critized as being to harsh and even worse and being bad economic policie by the goverments own think tanks. Before nobody cared about backhanded deals were goverment was just forced through in back chambers without consultation with the voter because each voter was part of the polder model through being represented by either goverment industry or the union.

    But now everytime at least one of the social partner seems to disagree. You get the weird situation that the unions and industry agree on say compensating health care cuts (with industry picking up the bill because healthy workers work harder) and the goverment trying to block it because they don't want it. Weird.

    So the current economy is in a downward spiral were all the social balances that have been achieved in the decades since WW2 are now being eroded.

    There is also a huge other problem involving immigration. Although the golden age for the netherlands came in a time when holland opened its gates to everyone in europe who was persecuted in recent times this has led to frictions.

    During earlier decades there was a shortage of labour so it seemed to make sense to import workers from poor countries like turkey. Integrating these workers was never done as things like enforced learning of the dutch language was considered both expensive and politically incorrect. Hell these workers were not supposed to stay here. Just work, get some money then go back to turkey.

    However the immigrants did not go back. They stayed. Not only stayed but invited their families over and had childeren. The sad thing is that no matter how much the immigrants might complain about holland and how badly the cultures may clash the simple fact is that you couldn't force them to go back at gunpoint. The goverment is even offering cash payments for immigrants who go back. Take up is very very low.

    Over the years three cultures have emerged, the im

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

    1. Re:Before you think of packing by Anonymous Coward · · Score: 0

      Thanks for your post, you should consider contributing to http://wikipedia.org/

    2. Re:Before you think of packing by Anonymous Coward · · Score: 2, Insightful

      Well, as a fellow dutchman (I guess, because of the details, grandparent is a dutch person), I would like to point out a another opinion:
      Pim Fortuyn was not leading in the polls. Three parties, the conservative-liberal VVD, the social-democrat PvdA, and the christian-democrat CDA were always bigger than the Pim Fortuyn party, in all polls.
      Secondly, Theo van Gogh was highly controversial with many Dutch people before his highly hate-inspiring statements about the islam. He was wishing people dead (not a big deal before he was killed), he was was complaining about the Jewish lobby, and many more things. He was a person living for controversy. The Dutch government, in reaction in part to the murder of Theo van Gogh, has way overreacted, and is making statements about laws, which would make Theo van Gogh's statements illegal.
      The press in the Netherlands has also overreacted, creating a national problem, for which muslims and non-muslims have to account for any of their behaviour. Couple this with the minister of justice making statements about tracking down people with wrong thoughts, and you get a scenario which looks eerily like one a certain writer wrote about a certain year.

    3. Re:Before you think of packing by Aggrajag · · Score: 1

      Very nicely written and I think you put some of my thoughts in writing. I used to live in Nederland for three years (I am from Finland) and could see things from both point of views, immigrant and native (as I look like a Dutchman). The problem I had was that I never managed to learn Dutch properly as I worked at least 12 hours a day and most of my colleagues and friends were also non-Dutch.

  4. Is this really that new? by Anonymous Coward · · Score: 0

    Gammu would seem to do the same things as this. You hook up the phone to the computer with a data cable, and read out things like text messages etc.

    On a related note, does anybody know how to use a "Super GSM reader" in Linux, or at least what the basic interface/chipset is? No labelling of any kind on it, no website on the packaging, nothing.

  5. HUH ? by makapuf · · Score: 4, Informative

    you know, if you really are up to that, you must think of a SIM card as a small (16-64k) filesystem.

    Files are organized into a tree structure in directories and protected (read, write..) by PIN codes. Files can be seen as fixed size arrays of fixed siez strings. The GSM standard specification (GSM 11.11) says that, and what information can be found where. (example, on the directory 'GSM' - which is really a filenumber on the sim instead of a filename), you'll have the last number dialled (LDN file).

    the procotol used to open/read files is fairly open.

    That's it. So what's so special to write such a program ? You need e.g. serial access to the card interface, the SIM specification, and a small script language, then a few hours later, voila.

    (or you could put the SIM card in a phone and check the information)

    What you don't have is access to the pin protected information, and good luck to attack those since all european telco industry relies on this.

    1. Re:HUH ? by ilithiiri · · Score: 3, Informative

      What you don't have is access to the pin protected information, and good luck to attack those since all european telco industry relies on this.
      Since you mean a PIN number, which normally is 4 digits 0-9, I think there would be NO problem in doing a brute-force attack to check what information can be found there.
      I.e. last number called protected by PIN? no problem, as long as you get strange characters from the decrypt you go on.. then with one PIN you get some ok characters and you investigate.
      Or not?
      Come on.. just make a copy of those 64k, try to brute-force it, and you have all the information you want.
      They've broken BETTER and SAFER encryption method, a 4-digit encryption is nothing.

      --
      If anyone can hear me, slap some sense into me But you turn your head, and I end up talking to myself
    2. Re:HUH ? by makapuf · · Score: 2

      instruction READ does not provide the protected information unless you provided the PIN code. So, no copy for you of course.

      Then, 3 bad PIN renders the card unusable. No brute force.

      Even calculation times and power consumption (generally) have been randomized to prevent attacks. Info is hidden from Eletronic microscope .

      Not so trivial anymore.

    3. Re:HUH ? by Slashamatic · · Score: 1

      Not quite true. Certain actions use a PIN but aren't counted by the locking mechanism.

    4. Re:HUH ? by makapuf · · Score: 1

      Which ones ?

    5. Re:HUH ? by Slashamatic · · Score: 2, Interesting

      It is simple status inquiry and it was used as a documented attack on a PIN. Of course authenticating a PIN takes time, so it still takes many hours of work however using an "Identify" request doesn;t seem to be counted. Here is one link that I found about it.