A curated list of telco resources and projects. Consult awesome-5g for 5G specific projects, which is probably more up to date on the matter than this one.
- SIM: USIM, SIM, eSIM
- UE: phones, modems apps
- RAN: 2G, 3G, 4G, 5G
- Core: EPC, MME, SGW, PGW
- Interco: IMS, SBC, Diameter
- Protocols: Libraries, Frameworks
- Infrastructure: SDN and NFV management software
- Orchestration: Automation and integration software
- Lab: tooling for telco labs
- Testing : TTCN3 and others testing frameworks
- Security: Papers and talks around telco security
- Blogs: Telco-related personal blogs
- Organizations: Orgs and forums working on telcos hardware/software
- Docs: Documentations and standards
- Decks: Powerpoints and great slides
- Tweets: Relevant tweets and link to social networks
- Issues: interesting issues on bugtrackers
- Mailings-lists : ML, slack and other forums
- PySIM - Tool to program sim card. Useful to manage and program blank SIM cards such as the sysmocom ones.
- SIMTrace - Osmocom SIMtrace is a hardware device and associated firmware + host software to trace the communication between phone and SIM card.
- SIMTester - SIMtester assess SIM card security in two dimensions : Cryptanalytic attack surface, Application attack surface.
- Njiwa - M2M UICC - Njiwa (Swahili for homing pigeon) is an implementation of the GSMA's Embedded SIM Remote Provisioning Manager for M2M devices. (Note: original repo is missing, replacing by a fork).
- LPAd SM-DP+ Connector - Local Profile Assistant for Device (LPAd) - LPAd SM-DP+ Connector
- sysmo-usim-tool - Modified version of sysmo-usim-tool
- GlobalPlatformPro - A tool to load and manage SIM applets on compatible JavaCards from command line from MArtin Paljak.
- ARA-M Applet - ARA-M implementation for JavaCards by Bertrand Martel.
- CoIMS_wiki - Guide for overriding IMS settings to force enable VoLTE/VoWiFi using Carrier Privileges, with its companion app on the Google Play store CoIMS.
- HelloSTK2 - My 2021's guide to HelloSTK [...] but maybe this "guide" helps you to build and install SIM-Toolkit applets.
- Generic-eUICC-Test-Profile - [...] to normalize the way in which Test Profiles for embedded UICCs will be available, and configurable, for industry standardised testing.
- SUPI with pysim - Notes on enabling SUPI with pysim.
- ScapySMS - A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.
- ISD-R Access Provider - This application contains a tiny content provider for communicating with ISD-R in eSIM soldered on Android device (developed for Pixel4).
- asterix - asterix is a framework for communication with smartcards based on pyscard.
- SimServerAndroid - Gets SIM card ICCID/runs 3G Authentication over ADB shell.
- esim.me - physical sim card combined with a proprietary app that enable to load up to 15 eSIM on the physical sim card.
- swSIM - A software-only SIM card.
- swICC - A framework for creating smart cards (ICC-based cards with contacts).
- srsUE - UE 4G modem part of the srsLTE project.
- srsUE PR external NAS - a PR for srsLTE for external NAS message injection.
- OAI UE - Open Air Interface RAN 4G eNB/ 5G gNB to use on SDR-based radios.
- Amarisoft - Commercial UE Emulator by Amarisoft, company co-founded by Bellard on his original LTE software modem work.
- LTE-CellScanner - This is a collection of tools to locate and track LTE basestation cells using very low performance RF front ends.
- LTE-CellScanner-SDR-X - An OpenCL accelerated TDD/FDD LTE Scanner (from rtlsdr/hackRF/bladeRF A/D samples to PDSCH output and RRC SIB messages decoded).
- S1APTester - A test tool that simulates the s1aptest functionality of a LTE network.
- SCAT - this application parses diagnostic messages of Qualcomm and Samsung baseband through USB, and generates a stream of GSMTAP packet containing cellular control plane messages.
- QCSuper - QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.
- Network Signal Guru - Android app able to parse Diag output from QC modem and display a lot of data for engineering field work.
- Snoopsnitch - an opensource project focused on collecting data on existing network by performing passive and active tests and recovering the event through the DIAG protocol on a rooted Android phone.
- Diag-parser - Parse the Qualcomm DIAG format and convert 2G, 3G and 4G radio messages to Osmocom GSMTAP for analysis in wireshark and other utilities.
- LTE_monitor_c2xx - The purpose of LTE_monitor_c2xx is to provide a LTE message debugging solution for Samsung C2xx-based chipsets.
- XGoldmon - xgoldmon is a small tool to convert the messages output by the USB logging mode of phones with Intel/Infineon XGold baseband processor.
- Modmobmap - Map 2G/3G/4G and more cellular networks in real live with a simple smart phone, pretty much like osmocomBB monitoring feature.
- Modmobjam - A smart jamming proof of concept for mobile equipments that could be powered with Modmobmap tool.
- O-RAN Software and seed code - The O-RAN Software Community (SC) is a collaboration between the O-RAN Alliance and Linux Foundation with the mission to support the creation of software for the Radio Access Network (RAN). Introduction to O-RAN in a LF video.
- srsRAN_Project - A complete ORAN-native 5G RAN solution.
- OAI NR - 5GNR related branch of the OAI code. You can follow the weekly updates to stay up to date.
- UERANSIM - UERANSIM is the state-of-the-art 5G UE and RAN (gNodeB) simulator. The project can be used for testing 5G Core Network and studying 5G System.
- Software gNB for free5GC - The gNB function was built on the model of the other free5GC CN functions using all the pattern and helper class defined by the free5GC team.
gnbsim- gnbsim is a 5G SA gNB/UE (Release 16) simulator for testing 5GC system. The project is aimed to understand 5GC system more efficiently than just reading 3GPP standard documents. The original repo is not available. See the forked repo instead.- 5G-tools.com - 5G-tools.com is devoted to modern standards of wireless communications, such as 5G, 4G, etc. Main mission of site to give engineers the useful software tools to create a wireless network
- corescope - CoreScope combines gNodeB and UE components without any radio transmission.
- my5G-RANTester - my5G-RANTester is a gNB/UE simulator for testing 3GPP standards and stressing a 5G core.
- free5GRAN - free5GRAN is an open-source 5G RAN stack. The current version includes a receiver which decodes MIB & SIB1 data. It also acts as a cell scanner. free5GRAN works in SA mode. From Telecom Paris 5G laboratory - Institut Polytechnique de Paris.
- pfm - Implemented a prototype of gNB-CU-UP a network element of 5G Radio Network. Using DPDK, a set of data-plane processing libraries and NIC drivers for high speed packet processing applications.
- OAI eNB/ gNB - Open Air Interface RAN 4G eNB / 5G NR gNB to use on SDR-based radios.
- srsLTE - srsLTE eNB 4G to use on SDR-based radios.
- LTE-ciphercheck - srsLTE derivative to check for cipher configuration of an LTE network - test across the 256 possibilities using an SDR radio.
- OpenLTE - OpenLTE is an open source implementation of the 3GPP LTE specifications from Ben Wojtowicz.
- Cisco 4G nFAPI - Open-nFAPI is implementation of the Small Cell Forum's network functional API or nFAPI for short. nFAPI defines a network protocol that is used to connect a Physical Network Function (PNF) running LTE Layer 1 to a Virtual Network Function (VNF) running LTE layer 2 and above.
- CrocodileHunter - Crocodile Hunter is a tool to hunt fake eNodeBs, also known commonly as hailstorm, stingray, cell site simulators, or IMSI catchers. It works by listening for broadcast messages from all of the 4G stations in the area, inferring their location, and looking for unusual activity. From the EFF.
- eNB s1 emulator - This is an eNB emulator application done in python3 to interact with MME (S1AP) and SGW (S1-U). This application can be used to perform and simulate several EMM and ESM procedures, including user plane traffic. This application was tested with real MMEs (lab environment).
- radisys_lte_enb_for_qualcomm_fsm9955 - Radisys Open Source code for a LTE eNB on Qualcomm FSM9955
- sigover_injector - A tool for SigOver, signal overshadowing attack on the LTE broadcast signals in physical domain.
- OpenUMTS - 3G NodeB
- openbts-UMTS - updated dependency and code to run OpenBTS-UMTS in 2023. Docker image available here
- OpenBTS - 2G BTS with SDR-based radios.
- YateBTS - 2G BTS with SDR-based radios.
- OsmoTRX - fork of OpenBTS tranceiver to use on SDR-based radios.
- OsmoBTS - Open Source GSM BTS (Base Transceiver Station) with A-bis/IP interface.
- gr-osmoSDR - Unified gnuradio input/output block for a variety of SDR devices, including FUNcube Dongle, OsmoSDR, RTL-SDR, MSi2500, SDRplay, SDR-IQ, AirSpy, rad10, HackRF, bladeRF, USSRP/UHD, UMtrx, RedPitaya, FreeSRP.
- USRP B210 - SDR Radio kit compatible with most of the SDR-based software modem implementations.
- Kalibrate - Kalibrate, or kal, can scan for GSM base stations in a given frequency band and can use those GSM base stations to calculate the local oscillator frequency offset.
- Open5GS - 5G, R14 4G EPC core with independent MME, HSS, SGW, PGW, PCRF, UPF, SMF, NRF functions. Follow-up of NextEPC. github
- OAI 5GCN - OAI(Open Air Interface) was initially developed by EURECOM, provides a 3GPP-Compliant 5G SA Core Network.
- travelping-vpp - UPF plugins implements a GTP-U user plane based on 3GPP TS 23.214 and 3GPP TS 29.244 Release 15, adding UPF as a plugin to VPP.
- IITB 5G SBA PoC - Prototyping and Load Balancing the Service Based Architecture of 5G Core using NFV - research paper from IITB
- Free5GC - The free5GC is an open-source project for 5th generation (5G) mobile core network hosted by CS Lab. Written in Golang. Associated github projects: PER parser/encoder, AMF.
- 5GC Swagger APIS - RESTful APIs of main Network Functions in the 3GPP 5G Core Network. R16.
- 5G GTP kernel driver - gtp5g is a customized Linux kernel module 5G GTP-U to handle packet by PFCP IEs such as PDR and FAR. About more detail IEs, there are more information in 3GPP TS 29.281 and 3GPP TS 29.244.
- UPF-EPC - UPF-EPC is a revised version of ngic-rtc's dp. it uses BESS as dataplane.
- OpenUPF - A 3GPP R16 compliant open source 5G core UPF (User Plane Function).
- Katana Slice Manager - Katana Slice Manager is a central software component responsible for controlling all the devices comprising the network, providing an interface for creating, modifying, monitoring and deleting slices.
- my5G-core - Currently, my5G-core is a fork of the free5GC project, with some extensions to facilitate the deployment.
- III-5GC-Free-Trial - The basic III-5GC is a free trial for lab research, prototype product testing and simple 5G end-to-end demonstration.
- upf-bpf - An open source C++ library powered by eBPF/XDP for user plane in mobile core network (5G/LTE).
- 5G_CN - This is a basic implementation of a 5G Core Network supporting 4G LTE control signalling.
- openupf - A 3GPP R16 compliant open source 5G core UPF (User Plane Function).
- upf-xdp - it shows the possibility of using xdp to implement 5g upf.
- SD-Core - A 4G/5G core that is based on OMEC for 4G, and a fork of Free5GC for 5G. Has implementations for AMF,SMF,PCF,UDM,AUSF,NSSF and a P4 based UPF. github
- Magma - Rearchitected core network with access gateway (MME+P/SGW), federation gateway for auth (S6a) and billing (Gx, Gy). Initiated by FB on a the OAI EPC code base.
- OAI EPC - MME and HSS functions from the OAI projects.
- NextEPC - R13 4G EPC core with independent MME, HSS, SGW, PGW, PCRF functions. github
- Magma - Rearchitected core network with access gateway (MME+P/SGW), federation gateway for auth (S6a) and billing (Gx, Gy). Initiated by FB on a the OAI EPC code base.
- C3PO - HSS, CDF, CTF, PCRF around Cassandra DB, and backed by hardware security through SGX from the OMEC.
- NGIC-RTC - Control User Plane Separated (CUPS) architecture 3GPP TS23501 based implementation of EPC Service and Packet Gateway functions (SGW, PGW) from the OMEC.
- OpenMME - OpenMME is a grounds up implementation of the Mobility Management Entity EPC S1 front end to the Cell Tower (eNB) from the OMEC.
- srsEPC - light-weight LTE core network implementation with MME, HSS and S/P-GW.
- corenet - Minimal 3G and LTE / EPC core network using Pycrate library.
- erGW - This is a 3GPP GGSN and PDN-GW implemented in Erlang.
- vEPC IITB - vEPC is a simple virtualized form of Long Term Evolution Evolved Packet Core (LTE EPC) from IITB india.
- pyHSS - PyHSS is a simple Home Subscriber Server (HSS) used by LTE (4G) Evolved Packet Core (EPC) networks, written in Python. 3GPP network elements like the MME and PCRF communicate with the HSS via the DIAMETER protocol, with some extensions defined by 3GPP.
- coreswitch - coreswitch is an open soruce project for EPC (Evolved Packet Core) of LTE and 5G infrastructure. Right now we are implementing MME (Mobility Management Entity).
- SGs - This is a MSS SGs SCTP Server written in python3 that can be used with a MME to test some SGs features, like IMSI Attach, Location Update, SMS (Sending/Receiving/Alerting) or Paging (for SMS or CS-Fallback).
- OsmoHNBGW - An Open Source implenentation of a HNB-GW (HomeNodeB-Gateway), implementing the Iuh, IuCS and IuPS interfaces. It aggregates the Iuh links from femtocells (hNodeBs) and presents them as regular IuCS and IuPS towards MSC and SGSN.
- OpenBSC - OsmoBSC is an Open Source BSC (GSM Base Station Controller) with A-bis/IP and A/IP interface. It supports a variety of BTS Vendors/Models, including some Siemens, Nokia, Ericsson and ip.access models.
- OsmoMSC - It provides a 3GPP AoIP interface towards BSCs like OsmoBSC as well as 3GPP IuCS towards RNCs or HNB-GWs like OsmoHNBGW as well as GSUP towards OsmoHLR.
- Sigscale OCS - SigScale OCS includes a 3GPP AAA server function for authentication, authorization and accounting (AAA) of subscribers using DIAMETER or RADIUS protocols.
- Bodastage CE - Boda Telecom Suite - Community Edition (BTS-CE) is an open source telecommunication network management platform for various RAN providers. github
- Freeswitch - Popular SIP stack that could be used as Session Border Controller (SBC)
- IMS Clearwater - Clearwater is an open source implementation of IMS (the IP Multimedia Subsystem).
- Kamailio - SIP stack used for VoLTE and SBC.
- go-eventsocket - FreeSWITCH Event Socket library for the Go programming language.
- Restcomm SS7 - Open Source Java SS7 stack that allows Java apps to communicate with legacy SS7 communications equipment.
- SigFW - Open Source Signaling Firewall for SS7, Diameter filtering, antispoof and antisniff.
- go-smpp - This is an implementation of SMPP 3.4 for Go, based on the original smpp34 from Kevin Patel.
- Selenium SMPPSim - (software disappeared) - possible mirror here.
- Pycrate - the successor of the libmich library that is used to encode and decode data structures, including ASN.1 used in cellular protocol.
- hampi - The Goal of this project is to implement an ASN.1 Compiler in Rust which can generate Rust bindings for different ASN.1 specifications.
- mts-nas - Project to decode/encode Non-Access Stratum (NAS) protocol.
- LTE-security - a Windows application that implements all the security procedures for LTE referred in Annex A and Annex B of 3GPP 33.401. Last update in 2020, direct link
- milenage - https://github.com/emakeev/milenage
- nas-5gs - Routines for Non-Access-Stratum (NAS) protocol for NAS-NR(5GS).
- Kernel GTP-U - This is an implementation of the GTP-U (user plane) inside the Linux kernel.
- go-gtp - Package gtp provides simple and painless handling of GTP(GPRS Tunneling Protocol), implemented in the Go Programming Language.
- go-pfcp - PFCP(Packet Forwarding Control Protocol) is a signaling protocol used in mobile networking infrastructure(LTE EPC, 5GC) to realize CUPS architecture(Control and User Plane Separation, not a printing system) defined in 3GPP TS29.244.
- gtplib - Erlang GTPv1/GTPv2 library.
- gtpv2 - GPRS Tunneling Protocol Library for golang.
- scapy-gtp - Scapy (A interactive packet manipulation program) GTP layer. Spec: 3GPP TS 29.060 and 3GPP TS 29.274. Some IEs: 3GPP TS 24.008.
- gtp_dialer - GTPv1/GTPv2 Dialer
- sctp - Stream Control Transmission Protocol (SCTP) in Go.
- usrsctp - This is a userland SCTP stack supporting FreeBSD, Linux, Mac OS X and Windows.
- PySCTP - PySCTP - SCTP bindings for Python.
- MTS: Multiprotocol Test Tool - MTS (Multi-protocol Test Suite) is a multi-protocol testing tool specially designed for telecom IP-based architectures (see above "Features" section for more details).
- scapy-sctp - Scapy (A interactive packet manipulation program) SCTP layer.
- SWu-IKEv2 - This is a SWu client emulator done in python3 that establishes an IKEv2/IPSec tunnel with an ePDG. This application implements not only the control plane of SWu (IKEv2) but also the user plane (IPSec).
- go-diameter - Package go-diameter is an implementation of the Diameter Base Protocol RFC 6733 and a stack for the Go programming language.
- jdiameter - RestComm jDiameter provides an Open Source Java implementation of the Diameter standard for Authentication, Authorization, and Accounting (AAA).
- diafuzzer - Diameter fuzzer, based on specifications of Diameter applications following rfc 3588 / 6733 from Orange.
- bromelia - A Python micro framework for building Diameter protocol applications.
- go-m3ua - Package m3ua provides easy and painless handling of M3UA protocol in pure Golang.
- go-sccp - Package sccp provides simple and painless handling of SCCP(Signaling Connection Control Part) in SS7/SIGTRAN stack, implemented in the Go Programming Language.
- libosmo-sccp - SCCP Library
- go-tcap - Package tcap provides simple and painless handling of TCAP(Transaction Capabilities Application Part) in SS7/SIGTRAN protocol stack.
- openss7 - An opensource development project (called OpenSS7) to provide a robust and GPL'ed SS7, SIGTRAN, ISDN and VoIP stack for Linux and other UN*X operating systems.
- Ligato - Controlplane agent for FD.io VPP
- FD.io - FD.io is a vector processing engine (VPP). VPP processes a number of packets in parallel instead of one at a time thus significantly improving packet throughput.
- OVS - Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.
- DPDK - DPDK is the Data Plane Development Kit that consists of libraries to accelerate packet processing workloads running on a wide variety of CPU architectures. Vista Creek (FPGA-based baseband accelerator) support has been added to DPDK.
- open-nFAPI - Open-nFAPI is implementation of the Small Cell Forum's network functional API or nFAPI for short. nFAPI defines a network protocol that is used to connect a Physical Network Function (PNF) running LTE Layer 1 to a Virtual Network Function (VNF) running LTE layer 2 and above.
- CSDR - csdr is a command line tool to carry out DSP tasks for Software Defined Radio.
- OGSLib - state machine and utilities functions for NextEPC and Open5gs
- DiagLibrary - a JNI library that implement a DIAG protocol parser under C code to be used under Android or Linux.
- 5G Trace visualizer - DT set of Python scripts allow you to convert pcap, pcapng or pdml 5G protocol traces (Wireshark, tcpdump, ...) into SVG sequence diagrams.
- sigshark - Sigshark makes working with SS7 TCAP (MAP/CAP) and Diameter signaling pcap files easier. Its features include "flattening" (putting each SCTP chunk in its own packet) and transaction sorting/grouping.
- ipccdownloader - Download IPCC Carrier Profiles
- Openstack Kolla - Production ready containers and Ansible tools for deploying an Openstack cluster to run NFV functions.
- SNAPS-openstack - Openstack deployment to be used on SNAPS booted machine from Cablelabs.
- OPNFV - The OPNFV project addresses a number of aspects in the development of a consistent virtualisation platform including common hardware requirements, software architecture, MANO and applications.
- Kubernetes KubeADM - Deployment tool to create Kubernetes cluster.
- Intel Multus CNI plugin - Multus CNI is a container network interface (CNI) plugin for Kubernetes that enables attaching multiple network interfaces to pods from Intel.
- Intel SRVIOV/DPDK CNI plugin - SR-IOV CNI plugin works with SR-IOV device plugin for VF allocation for a container.
- Nokia Danm - TelCo grade network management in a Kubernetes cluster from Nokia.
- SNAPS-kubernetes - Kubernetes deployment to be used on SNAPS booted machine from Cablelabs.
- Free5GC on kubeCORD - This project is for deploying Free5GC on kubeCORD.
- CNCF CNF-Testbed - The CNCF CNF Testbed provides reference code and test cases for running networking code on Kubernetes and OpenStack using emerging cloud native technologies in the Telecom domain. Provides simulated network functions.
- SNAPS-boot - Baremetal cluster management solution to prepare for a Openstack or k8s deployment from Cablelabs.
- MAAS - Self-service, remote installation of Windows, CentOS, ESXi and Ubuntu on real servers turns your data center into a bare-metal cloud - Metal As A Service.
- Open5GS-VoLTE - This repository is meant to be a install-and-run lab for Open5GS + Kamailio IMS VoLTE study, a follow-up project of Open5GS Tutorial: VoLTE Setup with Kamailio IMS and Open5GS, which is mainly contributed by Herle Supreeth.
- Open5GS - Docker files to build and run open5gs in a docker by Herle Supreeth.
- Open5gs-K8s-VyOS - This tutorial is about how to deploy a virtual 4G stack using GNS3 and Kubernetes.
- mobile-env - An open, minimalist Gym environment for autonomous coordination in wireless mobile networks.
- OpenSTF - Enable remote control of phone over ADB over an HTML5 interfaces.
- Vyzor - A window to your Android, streaming Android UI through ADB in a Google Chrome Browser app.
- GPS-SDR-SIM - GPS signal generator with a SDR radio and ephemeris files.
- Tools for MT3339 - Ephemeris injector for MT3339-based GPS chipset
- ntt - TTCN-3 test framework.
- Eclipse Titan TTCN3 - Eclipse Titan is a TTCN-3 compilation and execution environment with an Eclipse-based IDE.
- TTCN3vscode - TTCN-3 vs code plugin
- ixia-c - Ixia-c is a modern, powerful and API-driven traffic generator designed to cater to the needs of hyperscalers, network hardware vendors and hobbyists alike.
- SigPloit - Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP.
- 5GC_API_parse - 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes.
- FirmWire - FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares.
- Exploiting Possible 5G Vulnerabilities a blog post on the 3G/4G blog about the latest HITB talk describing attack in 5G.
- USENIX19 Hiding in Plain Signal:Physical Signal Overshadowing Attack on LTE - SigOver - Overriding LTE broadcast message using signal capture effect and good enough time synchronization.
- HITB talk : 4G LTE Man in the Middle Attack with a Hacked Femtocell - high level talk on hacking 4G smallcell, sourcing, tools, opportunities including on S1 gateway.
- Vulnerabilities in 5G New vulnerabilities in 5G Security Architecture & Countermeasures.
- QPSI-2019-LTEFuzz - Security analysis of the LTE control plane with LTEFuzz, talk regarded at QPSI Product Security Summit.
- LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE - Talk about LTE vulnerability research at NDSS 2018.
- SS7: Locate. Track. Manipulate. - Talk about SS7 vulnerability at 31C3.
- SS7map : mapping vulnerability of the international mobile roaming infrastructure - Talk about SS7 vulnerability and introduction to SS7map at 31C3.
- Advanced interconnect attacks - Talk about GTP interconnection security at Chaos Communication Camp 2015.
- Mobile Data Interception from the Interconnection Link - Talk about Diameter interconnection security at 34C3.
- On the Challenges of Automata Reconstruction in LTE Networks - In this paper, the authors explore active automata learning for 4G/LTE protocol state machines. video
- SS7 and SIGTRAN in 2G/3G networks - An introduction to SS7/SIGTRAN stack, including the history, use cases, roles of each layer, and how SS7-speaking equipment works.
- Hiding in plain signal: Physical signal overshadowing attack on LTE - n this paper, for the first time, we present a signal injection attack that exploits the funda- mental weaknesses of broadcast messages in LTE and mod- ifies a transmitted signal over the air.
- How the CCC Camp 2019 LTE network works - write up on reusing commercial Ericsson 4G units.
- GSM capture, analysis and decoding - four posts series on GSM cellular signal analysis.
- Nick vs Networking - So this blog focuses on telecommunications network engineering, from the very old (Shout out to the National Communications Museum), to very new and everything in between.
- The 3G4G Blog - Latest news and information on 3G, 4G, 5G wireless and technologies in general.
- Frédéric Launay - Les réseaux de mobiles 4G et 5G - [FR] Ce blog est un site de vulgarisation sur la téléphonie mobile de 4ème Génération ou 4G, du LTE et du web 2.O.
- Yoshiyuki Kurauchi - Blog posts by Yoshiyuki Kurauchi - A telecom / networking / security enthusiast.
- How LTE Stuff Works? - Blogs on 4G/5G by a 3GPP Engineer.
- Osmocom Umbrella for numerous opensource mobile communications projects. Recordings of many great presentations can be found on their OsmoDevCon page (It's held online as OsmoDevCall lately).
- Sysmocom Store frontend for sysmocom, company providing product, support and services not only related to Osmocom.
- Telecom Infra Project - FB initiated project to create an equivalent of the OpenCompute project in the telco space.
- Wireless frequency bands - Come for the frequency calculator, stay for the cellular other resources.
- ShareTechNote - an impressive repo of knowledge for the cellular telco world.
- 3GPP specs - 3GPP specs.
- CNTT - set of reference specifications for NFVI coming from several telcos (Vodafone, Telstra, Orange mentionned as authors).
- 3gpp.guru - look up 3GPP abbreviations
- speX - accessible 3GPP specs (PDF, DOC, HTML), can be self-hosted
- tool3rd - Assistant for 3GPP telecommunication development
- 3gpp-citations - 3GPP Bibtex entry generator
- 3GPP-overall-architecture - very detailed, high-res PDF of the overall 3GPP architecture
- Introduce to 5GC - 5GC & Cloud Native handbook written in traditaional chinese