This is the artifacts for paper: SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR As part of our Open Science commitment, we provide all components described in Section 3 of the Sni5Gect paper. In addition, we include all exploit modules to ensure reproducibility of the attacks presented. The structure below outlines the organization of these components and identifies where each exploit module is located. Included Items: The Sni5Gect project source code: Full source code for the framework and its components. . ├── cmake ├── configs ├── credentials ├── debian ├── images ├── lib ├── shadower │ ├── hdr │ ├── modules # Source code of exploit modules │ ├── src │ │ ├── broadcast_worker.cc # Broadcast Worker implementation │ │ ├── gnb_dl_worker.cc # GNB DL Injector implementation │ │ ├── gnb_ul_worker.cc # GNB UL Worker implementation │ │ ├── scheduler.cc # Distributes received subframes to components │ │ ├── syncer.cc # Syncher implementation │ │ ├── ue_dl_worker.cc # UE DL Worker implementation │ │ ├── ue_tracker.cc # UE Tracker implementation │ │ └── wd_worker.cc # wDissector wrapper │ ├── test │ └── tools ├── srsenb ├── srsepc ├── srsgnb ├── srsue ├── test └── utils Pre-built Docker container: A ready-to-use Docker image for the Sni5Gect project, containing all required dependencies for evaluation. Offline sniffing example: A sample connection recording for evaluating the sniffing capability of Sni5Gect in an offline setting. Evaluation test data: All evaluation result presented in the paper, including: DCI sniffing evaluation Message sniffing evaluation Uplink message sniffing at different distances Uplink message sniffing with varying Timing Advance (TA) offsets (Along with connection recordings) Message injection at different protocol states Message injection performance at varying distances Evaluation of message injection attacks, including: Attacks from 5Ghoul Registration Reject downgrade attack Identity Request fingerprinting attack Authentication Replay attack To build the container from scratch, you may follow the provided Dockerfile in the source code from Sni5Gect-5GNR-sniffing-and-exploitation-main.zip. Alternatively, you can load the pre-built image using: docker load < sni5gect-artifacts-docker.tar.gz Use the following `docker-compose.yml` to start the container: services: artifacts: image: artifacts build: context: . dockerfile: Dockerfile container_name: artifacts privileged: true restart: unless-stopped entrypoint: /sbin/init network_mode: host environment: - DISPLAY=:99 volumes: - "/dev/:/dev/" - "./sni5gect-evaluation-results:/root/evaluation_results" mongodb: image: mongo:8.0 container_name: mongodb restart: unless-stopped volumes: - dbdata:/data/db network_mode: host healthcheck: test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"] interval: 5s timeout: 5s retries: 3 start_period: 5s volumes: dbdata: The easiest way to get started with Sni5Gect is to run it using a pre-recorded IQ sample file. We've provided a sample for offline testing. 1. Download and Extract the example recording file from Zenodo: wget https://zenodo.org/records/15601773/files/example-connection-samsung-srsran.zip unzip example-connection-samsung-srsran.zip 2. Edit configs/config-srsran-n78-20MHz.conf and modify the [source] section as follows: [source] source_type = file source_module = build/shadower/libfile_source.so # Replace with the absolute path to the extracted IQ sample file if needed source_params = /root/sni5gect/example_connection/example.fc32 3. Finally launch the sniffer using: ./build/shadower/shadower configs/config-srsran-n78-20MHz.conf