SMART INSTALL IMSI-catcher AND SNIFFING GSM TRAFFIC ON WINDOWS WORKSTATION AND VMWARE WITH HACKRF AND RTL_SDR

14,091

47

2

Introduction: SMART INSTALL IMSI-catcher AND SNIFFING GSM TRAFFIC ON WINDOWS WORKSTATION AND VMWARE WITH HACKRF AND RTL_SDR

continue to contribution test code sniff gsm traffic with IMSI-catcher quick and easy installation.

My Link:

http://giammaiot.blogspot.it/2017/09/v-behaviorurl...

Tools used:

  • VMware Workstation Player
  • GNU Radio Live SDR Environment
  • simple_IMSI-catcher.py
  • gr-gsm_livemon

Install Requirements:

Windows system machine with 4gb of ram and dual core processor, hackrf or rtl sdr device.

Teacher Notes

Teachers! Did you use this instructable in your classroom?
Add a Teacher Note to share how you incorporated it into your lesson.

Step 1: Installation

Installation

  • Download GNU Radio Live SDR Environment 3.7.11
  • Download VMware Workstation Player
  • Install VMware Workstation Player
  • Start VMware Workstation Player
  • Create a new virtual machine , installer disc image file (iso) with GNU Radio Live SDR Environment image
  • Open virtual machine
  • Download ZIP file to github of Oros42/IMSI-catcher
  • UnZip Oros42/IMSI-catcher on desktop

Install and update code with this command:

sudo add-apt-repository -y ppa:ptrkrysik/gr-gsm

sudo apt update

sudo apt install gr-gsm

Step 2: Find Frequencies

Find frequencies

Metod 1:

Run in a terminal:

grgsm_scanner

otherwise for HackRF

Metod 2:

You can either use the grgsm_scanner program from gr-gsm mentioned above, or fetch the kalibrate-hackrf tool like this:

sudo apt-get install automake autoconf libhackrf-dev

git clone https://github.com/scateu/kalibrate-hackrf

cd kalibrate-hackrf/

./bootstrap

./configure

make

sudo make install

Run

kal -s GSM900

kal: Scanning for GSM-900 base stations.

GSM-900:

chan: 14 (937.8MHz + 10.449kHz) power: 3327428.82

chan: 15 (938.0MHz + 4.662kHz) power: 3190712.41

Step 3: Running

Running:

Open 2 terminals:

In terminal 1 entern in the desktop directory to save UnZip Oros42/IMSI-catcher and insert:

sudo python simple_IMSI-catcher.py --sniff

You can add -h to display options.

In terminal 2 insert (example):

gr-gsm-livemon –f 939.9M

Be the First to Share

    Recommendations

    • Arduino Contest 2020

      Arduino Contest 2020
    • First Time Author Contest

      First Time Author Contest
    • Space Challenge

      Space Challenge

    2 Discussions

    0
    Skpss
    Skpss

    Question 1 year ago

    How to use a wifi router or wifi netseter like as imsi chacher

    0
    GiamMa-based researchers
    GiamMa-based researchers

    Answer 1 year ago

    Many online articles on the topic Wi-Fi can be turned into IMSI Catcher to Track Cell already from the year 2015. An example follows:

    The researcher also demonstrated another attack vector whereby attackers can hijack the WiFi calling feature offered by mobile operators.

    This technology is different from voice calling on WhatsApp or Skype app which uses voice over Internet Protocol.

    Thus, WiFi calling, which is supported on iOS and Android devices, allows users to make voice calls over WiFi by connecting to the operator's Edge Packet Data Gateway (EPDG) using the encrypted IP security (IPSec) protocol.

    Like the WiFi auto connect feature, the Internet Key Exchange (IKEv2) protocol used for authenticating WiFi calling is based on identities such as the IMSI number, which are exchanged over EAP-AKA.

    EAP-AKA exchanges are encrypted, but the problem is that they are not protected by a certificate.
    The issue of the feature-man-in-the-middle (MITM) attacks, allowing attackers to intercept the traffic from a smartphone.

    The good news is that you can disable the Wi-Fi calling feature on your device, but Wi-Fi auto connect can only be disabled when such a network is in range.

    The researchers reported that the mobile OS companies, including Apple, Google, Microsoft and Blackberry, and the operators such as GSMA, have been working with them to ensure the future protection of the IMSI number.

    Apple, as a result of conversations with the duo researchers, has implemented a new technology in iOS10 that allows handsets to exchange pseudonyms and not identifiers, helping mitigate the threat.

    The duo concluded their research [slides PDF] by showing a proof-of-concept system that demonstrates their IMSI catcher employing passive as well as active techniques.

    source: thehackernews