Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-05-01 09:59:57 -07:00
Code Issues Packages Projects Releases Wiki Activity
792 Commits 13 Branches 29 Tags
524971471725e3e74462343a19b89858a1cc2b27
Commit Graph

62 Commits

Author SHA1 Message Date
Markus Unterwaditzer
5249714717 Fix clippy lints and warnings in Rust 1.89 
This will also require Rust 1.89 due to if-let.
 2025-08-08 03:02:07 +02:00
Cooper Quintin
ccce63e90c address comments 2025-07-24 16:44:59 -07:00
Cooper Quintin
68b13ea09e Update lib/src/analysis/incomplete_sib.rs 
Co-authored-by: Will Greenberg <willg@eff.org>
 2025-07-24 16:44:59 -07:00
Cooper Quintin
fd216ecb72 add incomplete sib heuristic 2025-07-24 16:44:59 -07:00
Cooper Quintin
07d43b5924 remove unused heuristic 2025-07-24 16:44:59 -07:00
Cooper Quintin
a346449ec5 cargo fmt 2025-07-18 11:19:07 -07:00
Cooper Quintin
464740a1a7 fix another false positive 2025-07-18 11:19:07 -07:00
Cooper Quintin
e07b0b05e7 imsi requested version 2; remove most false positives 2025-07-17 18:43:07 -07:00
Cooper Quintin
f9b621bde9 Update lib/src/analysis/nas_null_cipher.rs 
Co-authored-by: Will Greenberg <willg@eff.org>
 2025-07-16 15:25:11 -07:00
Cooper Quintin
a4cb9454bd add version 2025-07-16 15:25:11 -07:00
Cooper Quintin
b923d9d5a6 cargo fmt 2025-07-16 15:25:11 -07:00
Cooper Quintin
790c0963cd add nas null cipher analyzer 2025-07-16 15:25:11 -07:00
Will Greenberg
1a4deb7524 appease clippy 2025-07-16 13:20:14 -07:00
Will Greenberg
0585e0f996 run cargo fmt 2025-07-16 13:20:14 -07:00
Will Greenberg
c783831e78 check: support pcaps 
rayhunter-check will now analyze any PCAP files it finds in addition to
QMDL
 2025-07-16 13:20:14 -07:00
Will Greenberg
83f246e9af lib: bump the analysis report version 2025-07-16 13:20:14 -07:00
Will Greenberg
0915103ede Flattens analysis structure a bit 
Instead of mirroring the QMDL container format exactly, let our analysis
files just be flat lists of packet analysis. Also removes the dummy
analyzer and adds version numbers to analysis reports and Analyzers
 2025-07-16 13:20:14 -07:00
Markus Unterwaditzer
e320874854 Remove PartialEq, Clone, Serialize from LTE RRC parser 
Compiling telecom-parser takes 2 minutes on my machine. After removing
those derives it takes 1:15. I suspect it's mostly serde though.
 2025-07-15 15:21:02 -07:00
Simon Fondrie-Teitler
5019f2a9d1 Bump Rust edition to 2024 
Includes new cargo fmt changes
 2025-06-28 00:13:15 +02:00
Simon Fondrie-Teitler
94289dcad5 Fix clippy complaints 2025-06-27 23:23:27 +02:00
Cooper Quintin
23a0f72c2f cargo fmt 2025-06-24 12:52:33 -07:00
Will Greenberg
efae6203a9 rm unneeded comment 2025-06-24 12:52:33 -07:00
Will Greenberg
2e4de4a2df lib: Use pycrate-rs NAS parser 2025-06-24 12:52:33 -07:00
Markus Unterwaditzer
d166dfc13d get config and set config 2025-06-20 11:47:40 +02:00
Cooper Quintin
2634271715 re-enable null cipher and update docs 2025-06-17 16:30:22 -07:00
Markus Unterwaditzer
86e08f9a85 Allow enabling/disabling analyzers from config file (#382) 
Co-authored-by: Will Greenberg <willg@eff.org>
 2025-06-10 21:37:38 +02:00
Will Greenberg
b95ff90e5e cargo fmt 2025-04-24 13:23:29 -07:00
Will Greenberg
057c9acb40 wip 2025-04-14 11:59:54 -07:00
oopsbagel
9fe75ac961 chore: cargo fmt 2025-04-14 11:49:24 -07:00
Sashanoraa
04652d2097 Add implement Default on types with ::new 
This fixes a clippy lint warning
 2025-03-27 11:57:01 -07:00
Sashanoraa
034e0632e4 Box some of the larger information element enum variants 
An enum is always the size needed to store its largest variant. Some of
the variants of the InformationElement and LteInformationElement are
substantially larger than the rest. Boxing the larger variants reduces
the size of the enum, in some cases by several kilobytes.

Since Rust does not currently support destructing a Box via pattern
matching, some code that destructures these enums had to be modified.
 2025-03-27 11:57:01 -07:00
Sashanoraa
b0a1b14160 Remove unused import due to e79dc4a 
The referenced commit disabled the null-cipher but did not remove the
now unused import.
 2025-03-26 10:41:05 -07:00
Will Greenberg
e79dc4a8f0 lib: diable null-cipher heuristic due to false positives 
Due to an upstream hampi bug (https://github.com/ystero-dev/hampi/issues/133),
our RRC parser is reporting false-positives for the null cipher
heuristic.
 2025-03-25 15:13:36 -07:00
Sashanoraa
d0d01089dd Fix various clippy warnings 
This commit fixes various clippy warnings that do not affect the
function of the code and aren't stylistic in nature.
 2025-03-24 13:47:20 -07:00
oopsbagel
0b3c0de481 fix(lib/util): use better names for runtime metadata 
- document RuntimeMetadata fields
- rename RayhunterMetadata to RuntimeMetadata
- rename RuntimeMetadata.os to RuntimeMetadata.system_os
- remove unpopulated hardware field
- remove unnecessary duplication of datastructure in analyzer harness
 2025-03-19 11:48:54 -07:00
oopsbagel
f2b5aa2743 feat: show rayhunter version/os/arch in pcap, ndjson, qmdl manifest 
Create a util mod to provide information about the rayhunter binary and
system.
 2025-03-19 11:48:54 -07:00
Will Greenberg
34d87d1fd7 this macro isn't public, so docstrings won't work 2025-01-28 11:02:19 -08:00
Will Greenberg
da4952e70f fix docstring code 2025-01-28 11:02:19 -08:00
Will Greenberg
30323b8329 Keep old 2G downgrade analyzer 2025-01-28 11:02:19 -08:00
Will Greenberg
28b0f409db fix attribution 2025-01-28 11:02:19 -08:00
Will Greenberg
12640cc878 Rewrite our 2G downgrade analyzer 2025-01-28 11:02:19 -08:00
Will Greenberg
26eda5904f Better wording on IMSI requested warning 2025-01-28 11:02:19 -08:00
Will Greenberg
6bd36921d8 consider early IMSI request medium sev 2025-01-08 15:23:59 -08:00
Will Greenberg
c83ae30be8 fix language 2025-01-08 15:23:59 -08:00
Will Greenberg
fa612241a5 lib: add IMSI requested heuristic 2025-01-08 15:23:59 -08:00
Cooper Quintin
f4a6c834d2 remove false positive IMSI heuristic until we get a NAS parser 2024-12-09 10:53:58 -08:00
Cooper Quintin
ee75326912 Fix macos install (#67) 
* update shell path and some docs

* download ADB if not present

* big O not little o

* bugfix

* bugfix

* silence errors for macos developers

* Update dist/install-common.sh

Co-authored-by: Will Greenberg <willg@eff.org>

---------

Co-authored-by: Will Greenberg <willg@eff.org>
 2024-10-22 12:21:27 -07:00
Will Greenberg
6c237e884c lib: rm duplicate TestAnalyzer 2024-10-10 12:41:25 -07:00
Will Greenberg
16f705f29c Add the test analyzer entirely via daemon flags 
Also consolidate the duplicate AnalysisWriter implementation
 2024-10-08 14:58:46 -07:00
Cooper Quintin
ca4f49b15f Framebuffer update (#60) 
* first pass at changing the UI color based on state

* adding flag to qmdl metadata for when hueristic is triggered

* update style for web page to match UI and have color alert on heuristic trigger

* add test analyzer

* rename example_analyzer to test_analyzer

* refactor ui update to not depend on server

* refactor to pass around color instead of display state for framebuffer channel

* add debug feature flag for test analyzer

* remove warning status from qmdl manifest

* dont keep has warning around
 2024-10-03 10:41:59 -07:00