Home
/
Blog
/

New open-source MCC_MNC library

P1 Security's open-source MCC_MNC library simplifies identifier compilation for mobile operators, aiding in investigations and fraud detection.

Service annoucement
Sep 15, 2020
New open-source MCC_MNC library

P1 Security is working with mobile operators worldwide, and therefore requires a good knowledge of identifiers used in mobile networks. The P1 Lab has worked carefully to identify all public information related to this topic, and is publishing a new open-source library called MCC_MNC that enables to download and compile them into few comprehensive dictionaries.

Identifiers Used

The Mobile Country Code (MCC) and Mobile Network Code (MNC) are primarily used to identify mobile operators. Some identifiers, such as phone numbers (or Mobile Station ISDN Number, i.e. MSISDN), SS7 global titles and signaling point codes, are also commonly used when dealing with routing of mobile communication in an international context. Finally, having precise information related to geographic aspects (such as country name, alpha-code-2, borders and near-by countries) can help when dealing with signaling patterns related to roaming subscribers.

The library provided can be used out-of-the-box, by importing the JSON or Python dictionaries available in the gen/ directory of the project. Following is an example of a common investigation that can be done by an operator when looking for potentially fraudulent international signaling exchanges…

In most of those investigation cases, the starting point is an MCC-MNC (being it taken from an IMSI, or a Diameter realm). Let’s use Python to illustrate the use of the dictionaries:

$ ipython
fPython 3.8.2 (default, Jul 16 2020, 14:00:26) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.13.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: from gen.p1_mnc import P1_MNC

In [2]: P1_MNC['73404'] # let's check MCC-MNC 734-04
Out[2]: 
{'bands': ['GSM 850', 'GSM 1900', 'UMTS 1900', 'LTE 1700'],
 'brand': 'movistar',
 'cc2s': ['VE'],
 'country': 'Venezuela',
 'ope': True,
 'operator': 'Telefónica Móviles Venezuela',
 'src': 'Wikipedia'}

Now, imagine we identify several mobility procedures for a given subscriber between this mobile network in Venezuela, identified with MCC-MNC 734-04, and another mobile network, identified with MCC-MNC 363-01, in a limited time-frame. Does it look legitimate ? Let’s check with our geographical dataset.

In [3]: P1_MNC['36301']
Out[3]: 
{'bands': ['GSM 900',
  'GSM 1800',
  'GSM 1900',
  'UMTS 2100',
  'LTE 1800',
  'TDMA 800'],
 'brand': 'SETAR',
 'cc2s': ['AW'],
 'country': 'Aruba',
 'ope': True,
 'operator': 'Servicio di Telecomunicacion di Aruba',
 'src': 'Wikipedia'}

In [4]: from gen.p1_cc2 import P1_CC2

In [5]: from gen.p1_cntr import P1_CNTR

In [5]: from gen.p1_terr import P1_TERR

In [6]: P1_TERR[P1_MNC['36301']['country'] # checking border information for Aruba
Out[6]: 
{'cc2': 'AW',
 'dep': 'NL',
 'neigh': {'bord': [], 'less100': ['Curaçao'], 'less30': ['Venezuela']}}

In [7]: P1_CC2['AW']
Out[7]: 
{'cc2': 'AW',
 'dep': 'NL',
 'infos': {
  [... mainly information from the World Factbook ...]
  },
 'mcc': ['363'],
 'mccmnc': ['36301', '36302', '36320'],
 'msisdn': ['297'],
 'name': 'Aruba',
 'url': 'https://en.wikipedia.org/wiki/Aruba'}

In [8]: P1_CC2['AW'] == P1_CNTR['Aruba']
Out[8]: True # P1_CC2 and P1_CNTR provides the same information

Here, we find that Aruba, which is actually part of Kingdom of the Netherlands, has no border (this is an island), but is less than 30 kilometers from Venezuela. This makes GSM subscriber relocation legitimately possible.

And this is only a little example on how to use this dataset ! Being able to identify legitimate or plausible mobility events for … Read More

Summary
Download our whitepaper

LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Be informed

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers’ lives much harder on mobile networks

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Towards Harmonization: Mapping EU Telecom Security Regulations and their evolution

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.