I'm working on creating an exploit using OAI UE (without an SDR), where I intercept an Authentication Request message and inject a Registration Reject with cause code 22 (congestion). However, I’ve encountered an issue: I need to modify the dedicatedNAS-Message field to carry out the injection, but the pkt_buf provided by the API doesn’t seem to give direct access to the dedicatedNAS-Message.

Additionally, Wireshark treats this field as an unaligned octet string (that because con ASN.1 UPER enconding i guess), making it harder to interpret and manipulate. Does anyone have suggestions or experience with handling this kind of situation? Any help would be appreciated!