Home
/
Blog
/

Working with TCAP-MAP the efficient way with PYCRATE

This article analyzes the evolution of TCAP-MAP protocol, its version changes, decoding challenges, and how they are mitigated by the pycrate python library.

Research
Nov 12, 2019
Working with TCAP-MAP the efficient way with PYCRATE

In this post, we explain how the TCAP-MAP protocol has been defined and extended in its successive versions, which led to some backward incompatibilities in the message decoding process. This is where pycrate comes to the rescue, providing an extended TCAP-MAP ASN.1 module that supports all MAP versions; it enables the encoding and decoding of any TCAP-MAP messages in a convenient and straightforward way.

Introduction to TCAP-MAP

TCAP-MAP is one of the main protocols used in 2G and 3G mobile core networks, and probably still the most used at operators’ interconnect to support roaming. MAP (Mobile Application Part) is a set of operations and data structures to support mobile subscribers mobility and services over 2G and 3G access networks and for both CS (Circuit Switch) and PS (Packet Switch) domains. The TCAP-MAP protocol is mostly used (but not only) between MSC-VLR (Mobile Switching Center – Visited Location Register) and HLR (Home Location Register) in the CS domain, and SGSN (Serving GPRS Support Node) and HLR in the PS domain.

TCAP/MAP are important layers of the SS7 protocol stack, conveying most of the high-level meaning of mobile core network packets.

MAP is currently maintained by the 3GPP and continues to be extended regularly. It can be downloaded on the 3GPP website under the reference TS 29.002. It relies on TCAP (Transaction Capabilities Application Part) which defines generic call flows and generic message structures for any kind of application procedures. ITU-T is responsible for the TCAP specification under the following references: Q.771, Q.772, Q.773 and Q.774. The Q.773 is of particular interest as it defines the TCAP message formatting and encoding; it has been stable for more than 20 years. In short, TCAP uses ASN.1 BER (Basic Encoding Rules) and specifies several types of generic message structures, whereas MAP defines specific operations and argument structures that get embedded into those generic TCAP messages.

TCAP-MAP messages are formally defined by using ASN.1. The ASN.1 definition for TCAP message structures can be found in the ITU-T Q.773 document (and also here). The ASN.1 definitions for MAP operations and argument structures are provided in section 17 of the 3GPP document. Those MAP ASN.1 definitions can be used to parameterize the TCAP ASN.1 definition, in order to produce a complete TCAP-MAP schema that will enable to encode and decode all possible messages for all the defined MAP operations. This is exactly what is done within the pycrate_TCAP_MAP module within Pycrate, a Python library maintained by P1 Security that integrates an ASN.1 compiler and run-time. In order to get accustomed with this specific module, one can read the pycrate wiki dedicated to TCAP-MAP and TCAP-CAMEL (Customised Applications for Mobile network Enhanced Logic).

Basic structure of a TCAP-MAP message

A TCAP message can be of 5 different types: unidirectional (which is a standalone message) or begin, continue, end or abort (which are parts of a … Read More

Summary
Download our whitepaper

LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Be informed

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers’ lives much harder on mobile networks

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Towards Harmonization: Mapping EU Telecom Security Regulations and their evolution

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.