loading
Picture of Telephony, DECT Sniffing with Dedected.
DISCLAMER:  Recording phone conversation without consent from the users is illegal in the US and most country's However, this tutorial is meant to be tested on your OWN equipment.  Be smart and only record your DECT's not your neighbors. 
 
Remove these adsRemove these ads by Signing Up

Step 1: 1: What is DECT?

Picture of 1: What is DECT?
http://en.wikipedia.org/wiki/Digital_Enhanced_Cordless_Telecommunications
usually known by the acronym DECT, is a digital communication standard, which is primarily used for creating cordless phone systems. It originated in Europe, where it is the universal standard, replacing earlier cordless phone standards, such as 900 MHz CT1 and CT2.[1]

Step 2: 1.1: Insecurity...

Picture of 1.1: Insecurity...
cardzs.jpg
DECTshift.jpg
most telecomunication companys don't implement or offer encryption for their devices so they can be easily sniffed.

The following has been tested under these circumstances:
-  Backtrack 5 final x86 KDE with Kernel 2.6.38
- Original Dosh&Amand Type II PCMCIA Card
- SIEMENS C1 DECT phones set up in repeater mode

Step 3: 2: Installing Dedected

Picture of 2: Installing Dedected
When installing Dedected on Backtrack 5 you have the following options:
-Use Dedected from the Backtrack repositorys
-Compile it on your own if you want to experiment

Install from source
root@bt:~# prepare-kernel-sources
root@bt:~# cd /usr/src/linux
root@bt:~# cp -rf include/generated/* include/linux/
root@bt:~# cd /pentest/telephony
root@bt:~# svn co https://dedected.org/svn/trunk dedected_svn
root@bt:~# cd dedected_svn/com-on-air_cs-linux/
root@bt:~# make && make -C tools


Install from repository 

root@bt:~# apt-get update
root@bt:~# apt-get install dedected

It is recommended that you have the tool Audacity if you are serious about recording phone conversations

Load the Drivers
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux
root@bt:~# make node
root@bt:~# make load


Step 4: Scan for fixed parts or fp(DECT base stations)

Picture of Scan for fixed parts or fp(DECT base stations)
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux/tools
root@bt:~# ./dect_cli

If you need info on the usage type "help". If you live in the U.S. switch to the US/DECT 6 band via the "band" command. Let's enable some verbosity:
verb
Now start scanning fpscan After scanning multiple times disable verbosity and stop scanning
verb stop

Step 5: Ignore other phones

Picture of Ignore other phones
Start a callscan with
callscan

Now grab your DECT handset and make a test phonecall and wait until you see the phonecall .It is also sufficient if you just get a dialing tone. You should see something like
 

### found new call on 00 82 31 33 73 on channel 7 RSSI 34

stop
Now dump all found calls
dump

Ignore every other phone except yours via the following command! IMPORTANT!!!

ignore 01 30 95 13 37

Step 6: Record the call

Picture of Record the call
This command will automatically record every phone call that Dedected can dedtect
autorec

Here's what it should look like:

### starting autorec
### stopping DIP
### starting callscan
### trying to sync on 00 82 ab b0 29
### got sync
### dumping to dump_2011-06-11_21_37_37_RFPI_00_82_ab_b0_29.pcap
### stopping DIP


After you hang up the dumping should stop

Step 7: Decode the callstream

Picture of Decode the callstream
stop the autorec
stop
Decode the audiostream into a raw packet dump
root@bt:~# ./decode.sh

Step 8: Import the streams into Audacity to listen to the calls

Picture of Import the streams into Audacity to listen to the calls

Start audacity via "alt + f2" then type “audacity” and press enter. Import the fixed-part and hte portable-part .wav files from /pentest/telephony/dedected/com-on-air_cs-linux/tools via File -> Import -> Audio or simply "ctrl + shift + I" . Import the files which end in .pcap_fp.ima.g721.wav and .pcap_pp.ima.g721.wav.

Play your phone call with the play button:
 

Step 9: CLEAN UP!

Picture of CLEAN UP!
to reload the drivers
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux
root@bt:~# make reload

If you’re finished and want to clean up:

root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux
root@bt:~# make unload
root@bt:~# rm /dev/coa

Step 10: Dect Protocol

Picture of Dect Protocol
If you are interested in more details of the protocol you can open the .pcap file in Wireshark:
zebuilin (author) 3 years ago
wow... the picture repeated i've got to fix this.