HomeAboutJobsContact
contact@p1sec.com

P1 Telecom Fuzzer (PTF)

A TELECOM EQUIPMENT FUZZER

PTF (P1 Telecom Fuzzer) is a Telecom protocols oriented fuzzer using automated fuzzing tests generation & reproducible fuzzing tests. PTF goes deeper into telecom-specific layers and covers much more Telecom protocols than any other fuzzer available on the market.

  • PTF product (SS7 / GTP-C / Diameter / S1/X2) should only be used in Laboratory / Testbed environments
  • PTF should never be used on Production networks
  • Robustness testing of testbed equipment before deployment in production environment
  • Coverage of legacy, current and next generation telecom equipment and protocols
  • Compatible with a wide range of Network Elements from multiple vendors
  • Numerous vulnerabilities already discovered by PTF in critical Core Network Elements
  • Export a report in pdf format
  • Control through a JSON API (launch fuzz and retrieve results)
  • PTF is used to find flaws in the signaling protocol stack implementation used in the fuzzed Network Elements.
  • Fuzz SS7/GTP-C/Diameter/S1/X2 Network Elements (e.g. to find 0-Day vulnerabilities which may have the following impact: Remote Code Execution, DoS, permanent DoS, …).
  • PTF can be included in the Continuous Integration (CI) system: each time there is a Network Element software update, a fuzzing campaign can be run to validate that there is no regression in the signaling protocol stack implementation (i.e. related to the software in the Network Element that is handling the parsing and processing of incoming signaling messages, MAP parsing, …).
  • PTF is a fuzzer specific to Telecom protocols used to test robustness of Telecom Network Equipment on testbds before they are deployed in production enevironment
  • Covering 5GC, Diameter (Diameter Base & 3GPP extensions), GTP-C, SS7 (M3UA/SCCP/TCAP/MAP), & S1/X2 protocol stacks.
  • Fuzzing manageable from Web interface.
  • Automated fuzzing tests generation.
  • Reproducible fuzzing tests.

Key Features

  • Proxy fuzzing:
    • Acting as an “on the fly” telecom protocol fuzzer, PTF can accept connection (from a simulator), fuzz the incoming packets and send them to the remote Network Element
  • Reproducible fuzzing:
    • Use of random seed.
    • Any previous fuzzing session can be replayed identically by clicking Replay button.
  • Multiple interconnections for parallel fuzzing.
  • Fuzzing instrumentation:
    • Automated network-based instrumentation (PTF monitors interconnection state and sends valid messages along with fuzzed messages to detect equipment crash).
    • Automated SSH-based instrumentation specific to equipment may be developed on request.
  • Fuzzing report:
    • Report equipment misbehavior (association disconnected or dropped).
    • Shows last malformed MSU sent by PTF and / or received before crash.

(List subject to changes following ongoing development)

Key Benefits
• Robustness testing of testbed equipment before deployment in production environment.
• Coverage of legacy, current and next generation Telecom equipment and protocols.
• Compatibility with a wide range of Network Elements from multiple vendors.
• Numerous vulnerabilities already discovered by PTF in critical Core Network Elements.
(List subject to changes following ongoing development)

©2022 P1 Security S.A.S. All Rights Reserved.