Skip to content

False positive UPER decoding #197

New issue
New issue
Open
Open
False positive UPER decoding#197
@rtommy

Description

@rtommy
rtommy
opened on Sep 9, 2025

There are cases where the UPER ASN.1 decoding gives a false positive result when it actually should not provide a result.

2 examples attached.


Example 1

The hex string represents an RRC NR UE-MRDC-Capability message. Imported in Wireshark and saved for demonstration.
Dissectors for importing: lte-rrc.ue_eutra_cap and nr-rrc.ue_mrdc_cap.
The pcap files in the attached zip file clearly show the packet is EUTRA_NR (MRDC) and not EUTRA (LTE).
But as1ntools can decode it as EUTRA without actually providing a warning or an error.

example1.txt example1.zip


Example 2

The hex string represents an RRC NR UE-NR-Capability message. Imported in Wireshark and saved for demonstration.
Dissectors for importing: lte-rrc.ue_eutra_cap and nr-rrc.ue_nr_cap.
The pcap files in the attached zip file clearly show the packet is NR and not EUTRA (LTE).
But as1ntools can decode it as EUTRA without actually providing a warning or an error.

example2.txt example2.zip


Python code example

import asn1tools
from binascii import unhexlify, hexlify

hex_str = "..." # example file content
data = unhexlify(hex_str)

nrTrees = [
    'asn1/NR-RRC-Definitions.asn',
    'asn1/NR-InterNodeDefinitions.asn',
]

lteTrees = [
    'asn1/EUTRA-RRC-Definitions.asn',
    'asn1/EUTRA-InterNodeDefinitions.asn',
]

nrSpec = asn1tools.compile_files(nrTrees, codec='uper')
decoded_value = nrSpec.decode(EUTRA_NR, data)  # for example 1
decoded_value = nrSpec.decode(NR, data)        # for example 2
print(decoded_value)

lteSpec = asn1tools.compile_files(lteTrees, codec='uper')
decoded_value = lteSpec.decode(EUTRA, data)
print(decoded_value)

ASN.1 files can be fetched from wireshark nr-rrc asn1.


Alternative test

I have done an additional decoding with pycrate to see if it works or fails.

For example 1 it raises python error which means it cannot be decoded as EUTRA (correctly).

ENUM._from_per: accessStratumRelease, unknown extension index 4
    raise(CharpyErr('bitlen overflow: {0}, max {1}'\
pycrate_core.charpy.CharpyErr: bitlen overflow: 2172750209, max 11747

For example 2 it says unknown extension and decoding not possible as EUTRA (correctly).

ENUM._from_per: accessStratumRelease, unknown extension index 6
ENUM._from_per: _item_, unknown extension index 0
ENUM._from_per: _item_, unknown extension index 58949...
ENUM._from_per: _item_, unknown extension index 33
...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions