Intro: Telephony, DECT Sniffing With Dedected.
DISCLAMER: Recording phone conversation without consent from the users is illegal in the US and most country's However, this tutorial is meant to be tested on your OWN equipment. Be smart and only record your DECT's not your neighbors.
Step 1: 1: What Is DECT?
usually known by the acronymDECT, is a digital communication standard, which is primarily used for creating cordless phone systems. It originated in Europe, where it is the universal standard, replacing earlier cordless phone standards, such as 900 MHz CT1 and CT2.
Step 2: 1.1: Insecurity...
most telecomunication companys don't implement or offer encryption for their devices so they can be easily sniffed.
The following has been tested under these circumstances:
- Backtrack 5 final x86 KDE with Kernel 2.6.38
- Original Dosh&Amand Type II PCMCIA Card
- SIEMENS C1 DECT phones set up in repeater mode
Step 3: 2: Installing Dedected
-Use Dedected from the Backtrack repositorys
-Compile it on your own if you want to experiment
Install from source
root@bt:~# prepare-kernel-sources root@bt:~# cd /usr/src/linux root@bt:~# cp -rf include/generated/* include/linux/ root@bt:~# cd /pentest/telephony root@bt:~# svn co https://dedected.org/svn/trunk dedected_svn root@bt:~# cd dedected_svn/com-on-air_cs-linux/ root@bt:~# make && make -C tools Install from repository
root@bt:~# apt-get update root@bt:~# apt-get install dedected It is recommended that you have the tool Audacity if you are serious about recording phone conversations Load the Drivers
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux root@bt:~# make node root@bt:~# make load
Step 4: Scan for Fixed Parts or Fp(DECT Base Stations)
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux/tools root@bt:~# ./dect_cli
If you need info on the usage type "help". If you live in the U.S. switch to the US/DECT 6 band via the "band" command. Let's enable some verbosity:
Now start scanning fpscan After scanning multiple times disable verbosity and stop scanning
Step 5: Ignore Other Phones
Now grab your DECT handset and make a test phonecall and wait until you see the phonecall .It is also sufficient if you just get a dialing tone. You should see something like
### found new call on 00 82 31 33 73 on channel 7 RSSI 34 stop Now dump all found calls dump
Ignore every other phone except yours via the following command! IMPORTANT!!!
ignore 01 30 95 13 37
Step 6: Record the Call
Here's what it should look like:
### starting autorec ### stopping DIP ### starting callscan ### trying to sync on 00 82 ab b0 29 ### got sync ### dumping to dump_2011-06-11_21_37_37_RFPI_00_82_ab_b0_29.pcap ### stopping DIP After you hang up the dumping should stop
Step 7: Decode the Callstream
Decode the audiostream into a raw packet dump
Step 8: Import the Streams Into Audacity to Listen to the Calls
Start audacity via "alt + f2" then type “audacity” and press enter. Import the fixed-part and hte portable-part .wav files from /pentest/telephony/dedected/com-on-air_cs-linux/tools via File -> Import -> Audio or simply "ctrl + shift + I" . Import the files which end in .pcap_fp.ima.g721.wav and .pcap_pp.ima.g721.wav.
Play your phone call with the play button:
Step 9: CLEAN UP!
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux root@bt:~# make reload
If you’re finished and want to clean up:
root@bt:~# cd /pentest/telephony/dedected/com-on-air_cs-linux root@bt:~# make unload root@bt:~# rm /dev/coa
Step 10: Dect Protocol
If you are interested in more details of the protocol you can open the .pcap file in Wireshark: