https://github.com/jimtangshfx/5G_ciphered_NAS_decipher_tool : A python tool to decipher/decrypt 5G ciphered NAS payload and export plain 5G NAS payload back into wireshark pcap file

During my work in 5G testing and troubleshooting, I have been seeing many cases that 5G NAS message captured in wireshark are ciphered by AES,snow3G, or ZUC, and the SUCI in registration request could also be ciphered by profileA/profileB defined in 3GPP 33.501. So I come up with this idea to write a python program to decipher the 5G NAS payload retrieved from pcap file, then write the plain NAS payload back into the pcap file. By that, we can browse and check the deciphered NAS details by wireshark very easily.

https://github.com/jimtangshfx/MilenageTest : 3G/4G/5G authentication test troubleshooting tool written in c++

This Milenage test tool could be used to verify whether the MAC value or RES value exchanged during 3G/4G/5G authentication procude is correct or not. During my work in 3G/4G/5G authentication test and troubleshooting, there have been many cases that UE failed to pass the authentication procedure with core network. Usually it caused by mismatched secret key or OP settings, which results in "MAC failure" error or "RES value mismatched". In that case, we need a tool to verify that the MAC sent by core network or RES value sent by UE is correct, by computing those values based on secret key/OP/RAND value. So I came up with this idea to write a small tool in C, to manually compute the MAC/RES/RES* value and compare it to the one we received in authentication request and response message in pcap file, see whether it's matched. By that, we can tell which side is giving wrong computation result, and whether it's a potential problem of mismatched secret key/OP.

https://github.com/jimtangshfx/openssh-sshd-patch : A shell script patching sshd to dump every command input/output generated by shell into log file

This shell script would hack into the binary code of sshd executable file on the server, replace 58 bytes binary codes of the sshd file by the new ones to force sshd print out every command input/output into the /var/log/auth.log file.By that, one can easily check the auth.log and figure out whether an outside device has established SSH connection to server, what kind of commands has been executed and what's the result of command execution.