contact@p1sec.com
Comment are off

P1 Security releases its open-source Python decoder for the 5G NAS protocols

With the introduction of 5G networks, a complete rework of the cellular core network is ongoing, in addition to the introduction of the New Radio stack (abbreviated NR). New network functions are defined, such as AMF for handling the mobility of subscribers, SMF for dealing with subscribers’ sessions… This rework brings new signaling protocols to be used between handsets and modems and the 5G core network, so-called Non-Access Stratum protocols (abbreviated NAS), and also new protocols between core network functions and for inter-PLMN signaling, relying on a Service-Based Architecture (abbreviated SBA).

P1 Security is happy to release, as part of the open-source pycrate framework, a complete support of the 5G NAS protocols in terms of signaling message encoding and decoding. A generic decoder is provided and each NAS message class can be used directly for encoding. The pycrate wiki on cellular NAS protocols was updated accordingly, too. here is a decoding example:

In [1]: from pycrate_mobile.NAS5G import * ; from binascii import unhexlify

In [2]: Msg, err = parse_NAS5G(unhexlify('7e005e7700091553837880204216f371'\
'00247e0041690010010302460fff000002680901020304f51001072e02f0f02f'\
'0504030004d2'))

In [3]: err
Out[3]: 0

In [43]: print(Msg.show())
### 5GMMSecurityModeComplete ###
 ### 5GMMHeader ###
  <EPD : 126 (5GMM)<spare : 0x0<SecHdr : 0 (No security)<Type : 94 (Security mode complete)### 5GSID ###
  <T : 119<L : 9### 5GSID ###
   <Digit1 : 0x1<Odd : 0<Type : 5 (IMEISV)<Digits : 353887080224613### NASContainer ###
  <T : 113<L : 36### 5GMMRegistrationRequest ###
   ### 5GMMHeader ###
    <EPD : 126 (5GMM)<spare : 0x0<SecHdr : 0 (No security)<Type : 65 (Registration request)### NAS_KSI ###
    ### NAS_KSI ###
     <TSC : 0 (native security context)<Value : 6### 5GSRegType ###
    ### 5GSRegType ###
     <FOR : 1 (Follow-on request pending)<Value : 1 (initial registration)### 5GSID ###
    <L : 16### 5GSID ###
     <spare : 0<Fmt : 0 (IMSI)<spare : 0<Type : 1 (SUCI)### Value : 0 -SUPI_IMSI ###
      <PLMN : 302640 (Canada.Latitude Wireless)<RoutingInd : <spare : 0x0<ProtSchemeID : 0 (Null scheme)<HNPKID : 0### Output : 0 ###
       <IMSI : 208690102030405### 5GMMCap ###
    <T : 16<L : 1### 5GMMCap ###
     <SGC : 0<5G-HC-CP-CIoT : 0<N3Data : 0<5G-CP-CIoT : 0<RestrictEC : 0<LPP : 1<HOAttach : 1<S1Mode : 1### UESecCap ###
    <T : 46<L : 2### UESecCap ###
     <5G-EA0 : 1<5G-EA1_128 : 1<5G-EA2_128 : 1<5G-EA3_128 : 1<5G-EA4 : 0<5G-EA5 : 0<5G-EA6 : 0<5G-EA7 : 0<5G-IA0 : 1<5G-IA1_128 : 1<5G-IA2_128 : 1<5G-IA3_128 : 1<5G-IA4 : 0<5G-IA5 : 0<5G-IA6 : 0<5G-IA7 : 0### NSSAI ###
    <T : 47<L : 5### NSSAI ###
     ### SNSSAI ###
      <Len : 4### SNSSAI ###
       <SST : 3<SD : 1234

If you are involved in the development of 5G cellular technologies, do not hesitate to give it a try, and to provide any feedback directly on … Read More

About the Author