Home
/
Blog
/

P1 Security releases its open-source Python decoder for the 5G NAS protocols

5G revolutionizes cellular networks with a new core and functions like AMF and SMF, reshaping mobility and subscriber services.

Service annoucement
Dec 10, 2019
P1 Security releases its open-source Python decoder for the 5G NAS protocols

With the introduction of 5G networks, a complete rework of the cellular core network is ongoing, in addition to the introduction of the New Radio stack (abbreviated NR). New network functions are defined, such as AMF for handling the mobility of subscribers, SMF for dealing with subscribers’ sessions… This rework brings new signaling protocols to be used between handsets and modems and the 5G core network, so-called Non-Access Stratum protocols (abbreviated NAS), and also new protocols between core network functions and for inter-PLMN signaling, relying on a Service-Based Architecture (abbreviated SBA).

P1 Security and 5G NAS protocols.

P1 Security is happy to release, as part of the open-source pycrate framework, a complete support of the 5G NAS protocols in terms of signaling message encoding and decoding. A generic decoder is provided and each NAS message class can be used directly for encoding. The pycrate wiki on cellular NAS protocols was updated accordingly, too. here is a decoding example:

In [1]: from pycrate_mobile.NAS5G import * ; from binascii import unhexlify

In [2]: Msg, err = parse_NAS5G(unhexlify('7e005e7700091553837880204216f371'\
'00247e0041690010010302460fff000002680901020304f51001072e02f0f02f'\
'0504030004d2'))

In [3]: err
Out[3]: 0

In [43]: print(Msg.show())
### 5GMMSecurityModeComplete ###
 ### 5GMMHeader ###
  <EPD : 126 (5GMM)<spare : 0x0<SecHdr : 0 (No security)<Type : 94 (Security mode complete)### 5GSID ###
  <T : 119<L : 9### 5GSID ###
   <Digit1 : 0x1<Odd : 0<Type : 5 (IMEISV)<Digits : 353887080224613### NASContainer ###
  <T : 113<L : 36### 5GMMRegistrationRequest ###
   ### 5GMMHeader ###
    <EPD : 126 (5GMM)<spare : 0x0<SecHdr : 0 (No security)<Type : 65 (Registration request)### NAS_KSI ###
    ### NAS_KSI ###
     <TSC : 0 (native security context)<Value : 6### 5GSRegType ###
    ### 5GSRegType ###
     <FOR : 1 (Follow-on request pending)<Value : 1 (initial registration)### 5GSID ###
    <L : 16### 5GSID ###
     <spare : 0<Fmt : 0 (IMSI)<spare : 0<Type : 1 (SUCI)### Value : 0 -SUPI_IMSI ###
      <PLMN : 302640 (Canada.Latitude Wireless)<RoutingInd : <spare : 0x0<ProtSchemeID : 0 (Null scheme)<HNPKID : 0### Output : 0 ###
       <IMSI : 208690102030405### 5GMMCap ###
    <T : 16<L : 1### 5GMMCap ###
     <SGC : 0<5G-HC-CP-CIoT : 0<N3Data : 0<5G-CP-CIoT : 0<RestrictEC : 0<LPP : 1<HOAttach : 1<S1Mode : 1### UESecCap ###
    <T : 46<L : 2### UESecCap ###
     <5G-EA0 : 1<5G-EA1_128 : 1<5G-EA2_128 : 1<5G-EA3_128 : 1<5G-EA4 : 0<5G-EA5 : 0<5G-EA6 : 0<5G-EA7 : 0<5G-IA0 : 1<5G-IA1_128 : 1<5G-IA2_128 : 1<5G-IA3_128 : 1<5G-IA4 : 0<5G-IA5 : 0<5G-IA6 : 0<5G-IA7 : 0### NSSAI ###
    <T : 47<L : 5### NSSAI ###
     ### SNSSAI ###
      <Len : 4### SNSSAI ###
       <SST : 3<SD : 1234

If you are involved in the development of 5G cellular technologies, do not hesitate to give it a try, and to provide any feedback directly on … Read More

Summary
Download our whitepaper

LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Be informed

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers’ lives much harder on mobile networks

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Towards Harmonization: Mapping EU Telecom Security Regulations and their evolution

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.