There is a newer version of the record available.

Published June 7, 2025 | Version 1.0
Software Open

Artifacts for SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR

Authors/Creators

Contributors

  • 1. ROR icon Singapore University of Technology and Design

Description

This is the artifacts for paper: SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR
 
As part of our Open Science commitment, we provide all components described in Section 3 of the Sni5Gect paper. In addition, we include all exploit modules to ensure reproducibility of the attacks presented. The structure below outlines the organization of these components and identifies where each exploit module is located.

Included Items:

  1. The Sni5Gect project source code: Full source code for the framework and its components. 
    • .
├── cmake
├── configs
├── credentials
├── debian
├── images
├── lib
├── shadower
│   ├── hdr
│   ├── modules # Source code of exploit modules
│   ├── src
│   │   ├── broadcast_worker.cc # Broadcast Worker implementation
│   │   ├── gnb_dl_worker.cc    # GNB DL Injector implementation
│   │   ├── gnb_ul_worker.cc    # GNB UL Worker implementation
│   │   ├── scheduler.cc        # Distributes received subframes to components
│   │   ├── syncer.cc           # Syncher implementation
│   │   ├── ue_dl_worker.cc     # UE DL Worker implementation
│   │   ├── ue_tracker.cc       # UE Tracker implementation
│   │   └── wd_worker.cc        # wDissector wrapper
│   ├── test
│   └── tools
├── srsenb
├── srsepc
├── srsgnb
├── srsue
├── test
└── utils
  2. Pre-built Docker container: A ready-to-use Docker image for the Sni5Gect project, containing all required dependencies for evaluation.
  3. Offline sniffing example: A sample connection recording for evaluating the sniffing capability of Sni5Gect in an offline setting.
  4. Evaluation test data: All evaluation result presented in the paper, including:
    1. DCI sniffing evaluation
    2. Message sniffing evaluation
    3. Uplink message sniffing at different distances
    4. Uplink message sniffing with varying Timing Advance (TA) offsets (Along with connection recordings)
    5. Message injection at different protocol states
    6. Message injection performance at varying distances
    7. Evaluation of message injection attacks, including:
      • Attacks from 5Ghoul
      • Registration Reject downgrade attack
      • Identity Request fingerprinting attack
      • Authentication Replay attack
To build the container from scratch, you may follow the provided Dockerfile in the source code from Sni5Gect-5GNR-sniffing-and-exploitation-main.zip. Alternatively, you can load the pre-built image using:
 
docker load < sni5gect-artifacts-docker.tar.gz
 
Use the following `docker-compose.yml` to start the container:
services:
  artifacts:
    image: artifacts
    build:
      context: .
      dockerfile: Dockerfile
    container_name: artifacts
    privileged: true
    restart: unless-stopped
    entrypoint: /sbin/init
    network_mode: host
    environment:
      - DISPLAY=:99
    volumes:
      - "/dev/:/dev/"
      - "./sni5gect-evaluation-results:/root/evaluation_results"

  mongodb:
    image: mongo:8.0
    container_name: mongodb
    restart: unless-stopped
    volumes:
      - dbdata:/data/db
    network_mode: host
    healthcheck:
      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
      interval: 5s
      timeout: 5s
      retries: 3
      start_period: 5s

volumes:
  dbdata:

The easiest way to get started with Sni5Gect is to run it using a pre-recorded IQ sample file. We've provided a sample for offline testing.
1. Download and Extract the example recording file from Zenodo:
 
wget https://zenodo.org/records/15601773/files/example-connection-samsung-srsran.zip
unzip example-connection-samsung-srsran.zip
 
2. Edit configs/config-srsran-n78-20MHz.conf and modify the [source] section as follows:

[source]
source_type = file
source_module = build/shadower/libfile_source.so
# Replace with the absolute path to the extracted IQ sample file if needed
source_params = /root/sni5gect/example_connection/example.fc32  
 

3. Finally launch the sniffer using:
 
./build/shadower/shadower configs/config-srsran-n78-20MHz.conf

Files

example-connection-samsung-srsran.zip

Files (15.4 GB)

Name Size Download all
md5:78027322e5366012d9814389a9fa3066
743.2 MB Preview Download
md5:ad097acdd9f29ff54c45349b9d584d60
5.1 GB Download
md5:3d82b3647859cda0693208467e4b34fd
9.5 GB Preview Download
md5:fa2a29d09548e00493c3ea16006ab245
32.2 MB Preview Download

Additional details

Dates

Available
2025-06-07
Artifacts

Software

Repository URL
https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation/
Programming language
C++
Development Status
Active