Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-26 23:49:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
830 Commits 14 Branches 29 Tags
493fdfa22722e47e56b3ce114eb6c3fcf4448ae5
Commit Graph

37 Commits

Author SHA1 Message Date
Cooper Quintin
493fdfa227 add docs 2025-08-20 14:48:47 -07:00
Cooper Quintin
ffdad4aed8 add test analyzer 2025-08-20 14:48:47 -07:00
Markus Unterwaditzer
5249714717 Fix clippy lints and warnings in Rust 1.89 
This will also require Rust 1.89 due to if-let.
 2025-08-08 03:02:07 +02:00
Cooper Quintin
fd216ecb72 add incomplete sib heuristic 2025-07-24 16:44:59 -07:00
Cooper Quintin
b923d9d5a6 cargo fmt 2025-07-16 15:25:11 -07:00
Cooper Quintin
790c0963cd add nas null cipher analyzer 2025-07-16 15:25:11 -07:00
Will Greenberg
1a4deb7524 appease clippy 2025-07-16 13:20:14 -07:00
Will Greenberg
0585e0f996 run cargo fmt 2025-07-16 13:20:14 -07:00
Will Greenberg
c783831e78 check: support pcaps 
rayhunter-check will now analyze any PCAP files it finds in addition to
QMDL
 2025-07-16 13:20:14 -07:00
Will Greenberg
83f246e9af lib: bump the analysis report version 2025-07-16 13:20:14 -07:00
Will Greenberg
0915103ede Flattens analysis structure a bit 
Instead of mirroring the QMDL container format exactly, let our analysis
files just be flat lists of packet analysis. Also removes the dummy
analyzer and adds version numbers to analysis reports and Analyzers
 2025-07-16 13:20:14 -07:00
Simon Fondrie-Teitler
94289dcad5 Fix clippy complaints 2025-06-27 23:23:27 +02:00
Markus Unterwaditzer
d166dfc13d get config and set config 2025-06-20 11:47:40 +02:00
Cooper Quintin
2634271715 re-enable null cipher and update docs 2025-06-17 16:30:22 -07:00
Markus Unterwaditzer
86e08f9a85 Allow enabling/disabling analyzers from config file (#382) 
Co-authored-by: Will Greenberg <willg@eff.org>
 2025-06-10 21:37:38 +02:00
oopsbagel
9fe75ac961 chore: cargo fmt 2025-04-14 11:49:24 -07:00
Sashanoraa
04652d2097 Add implement Default on types with ::new 
This fixes a clippy lint warning
 2025-03-27 11:57:01 -07:00
Sashanoraa
b0a1b14160 Remove unused import due to e79dc4a 
The referenced commit disabled the null-cipher but did not remove the
now unused import.
 2025-03-26 10:41:05 -07:00
Will Greenberg
e79dc4a8f0 lib: diable null-cipher heuristic due to false positives 
Due to an upstream hampi bug (https://github.com/ystero-dev/hampi/issues/133),
our RRC parser is reporting false-positives for the null cipher
heuristic.
 2025-03-25 15:13:36 -07:00
Sashanoraa
d0d01089dd Fix various clippy warnings 
This commit fixes various clippy warnings that do not affect the
function of the code and aren't stylistic in nature.
 2025-03-24 13:47:20 -07:00
oopsbagel
0b3c0de481 fix(lib/util): use better names for runtime metadata 
- document RuntimeMetadata fields
- rename RayhunterMetadata to RuntimeMetadata
- rename RuntimeMetadata.os to RuntimeMetadata.system_os
- remove unpopulated hardware field
- remove unnecessary duplication of datastructure in analyzer harness
 2025-03-19 11:48:54 -07:00
oopsbagel
f2b5aa2743 feat: show rayhunter version/os/arch in pcap, ndjson, qmdl manifest 
Create a util mod to provide information about the rayhunter binary and
system.
 2025-03-19 11:48:54 -07:00
Will Greenberg
30323b8329 Keep old 2G downgrade analyzer 2025-01-28 11:02:19 -08:00
Will Greenberg
12640cc878 Rewrite our 2G downgrade analyzer 2025-01-28 11:02:19 -08:00
Will Greenberg
fa612241a5 lib: add IMSI requested heuristic 2025-01-08 15:23:59 -08:00
Cooper Quintin
f4a6c834d2 remove false positive IMSI heuristic until we get a NAS parser 2024-12-09 10:53:58 -08:00
Will Greenberg
16f705f29c Add the test analyzer entirely via daemon flags 
Also consolidate the duplicate AnalysisWriter implementation
 2024-10-08 14:58:46 -07:00
Cooper Quintin
ca4f49b15f Framebuffer update (#60) 
* first pass at changing the UI color based on state

* adding flag to qmdl metadata for when hueristic is triggered

* update style for web page to match UI and have color alert on heuristic trigger

* add test analyzer

* rename example_analyzer to test_analyzer

* refactor ui update to not depend on server

* refactor to pass around color instead of display state for framebuffer channel

* add debug feature flag for test analyzer

* remove warning status from qmdl manifest

* dont keep has warning around
 2024-10-03 10:41:59 -07:00
Will Greenberg
861aaedd47 rayhunter-check improvements 2024-08-19 16:49:01 -07:00
Will Greenberg
09fdb9d6e1 lib: add analyzer for a null cipher being set 2024-07-18 16:02:12 -07:00
Will Greenberg
b5262cd1b9 lib: use ImsiProvidedAnalyzer by default 2024-07-10 20:28:33 -07:00
Will Greenberg
bfc688ad21 daemon: switch to writing heuristics output to ND-JSON 
ND-JSON (newline-delimited JSON) is just a file with a list of JSON
objects separated by newlines. This way, as the analyzer harness
processes new packets, it can simply append JSON-serialized results
to a file without parsing the entire thing first.

Also simplifies the analysis stuff to all operate in the diag thread.
 2024-05-09 14:46:41 -07:00
Will Greenberg
3c932f0ce9 daemon: run analysis in realtime 
Currently we just show the results of analysis as a <pre> tagged
JSON blob, but eventually we can make some actual UI
 2024-05-08 14:58:14 -07:00
Will Greenberg
531c10cf29 Add rayhunter-check, a utility for running QMDL heuristics 2024-03-11 18:21:52 -07:00
Will Greenberg
d4ee48827c lint fixes 2024-02-13 17:03:06 -08:00
Will Greenberg
5d7caba1a6 Minimal version of the LTE downgrade analyzer 
This also renames the lte_parser crate to telcom_parser, since it'll
handle any 2G or 3G parsing going forward.
 2024-02-13 17:03:06 -08:00
Will Greenberg
d570ad3cb1 lib: add Analyzer trait 
This trait will be implemented by all of our heuristics, giving
us a uniform interface for collecting events and displaying them
to the user.
 2024-02-13 17:03:06 -08:00