Help for My IMSI-TMSI-SMS sniff...
548 views
Skip to first unread message
A.Guero
Sep 1, 2022, 6:18:02 AM9/1/22
to gr-gsm
Hello everybody,
after installing kali linux and the various software
(Gr-gsm-IMSI-CATCHER-Wireshark)
I recorded various * .cfile files with Gr-gsm (from the ARFCN my phone is connected to)
starting Gr-gsm first with the command:
gr-gsm_livemon -f 944.0M -g 40
and then saving the traffic with the command:
grgsm_capture -g 40 -a 45 -s 1000000 sms.cfile -T 200
while I'm sending a text message.
Now that I have the file (with wireshark I see the various data through the GSMTAP protocol, I would like to find a clear guide (I have read some but without results) that allows me to detect in the
MY sms.cfile the various data referring to my Sim.
NOTE: With SIMspyII I can see both the KC code of my sim card and also the TMSI present inside, after sending the SMS.
Thanks to those who have time to help me.
Nikos Balkanas
Sep 1, 2022, 10:03:27 AM9/1/22
to A.Guero, gr-gsm
Hi Antonio,
SimSPY is running from your phone, therefore it knows your SIM key (Kc)
You will need to provide yor key to gr-gsm, since it is running from your PC.
All SMS and DLR fields are encrypted. To use gr-gsm with decryption, you can
use this how-to:
https://github.com/ptrkrysik/gr-gsm/wiki/Usage:-Decoding-How-To
HTH
Nikos
> --
> You received this message because you are subscribed to the Google Groups "gr-gsm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr-gsm+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/626e4acd-bb2a-4e69-8748-4d0cc0df2f9an%40googlegroups.com.
SimSPY is running from your phone, therefore it knows your SIM key (Kc)
You will need to provide yor key to gr-gsm, since it is running from your PC.
All SMS and DLR fields are encrypted. To use gr-gsm with decryption, you can
use this how-to:
https://github.com/ptrkrysik/gr-gsm/wiki/Usage:-Decoding-How-To
HTH
Nikos
> You received this message because you are subscribed to the Google Groups "gr-gsm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr-gsm+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/626e4acd-bb2a-4e69-8748-4d0cc0df2f9an%40googlegroups.com.
A.Guero
Sep 1, 2022, 11:40:27 AM9/1/22
to gr-gsm
Many thanks, light 'for good guide ... we resend!
A.Guero
Sep 3, 2022, 12:47:43 PM9/3/22
to gr-gsm
In the guide I'm reading it says:
-s specifies the sample rate of the capture, which is
dependent on the hardware.
The file we are working on was captured with a
sample rate of 100e6, but with a decimation of 174.
That's why we
perform the division 100000000/174, and put in inside the $((.....))
so that it is evaluated by your command line before passing it to the
program.
If you have no decimation, you don't have to do this.
How do I know if I have decimation or not?
Thank you
Nikos Balkanas
Sep 3, 2022, 1:13:07 PM9/3/22
to A.Guero, gr-gsm
Hi Antonio,
If you don't know about decimation, you probably don't need it;;-)
Seriously, in the guide 100e6 is the master clock rate which is
constant in usrps. It is not the sample rate.
This is decimated by a certain factor, to get the desired sample rate.
This is used in usrps, not sdrs.
Just input straight your sample rate you used to capture the file:)
HTH
Nikos
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/5af245c3-8e2c-4725-ba90-6810df762a06n%40googlegroups.com.
If you don't know about decimation, you probably don't need it;;-)
Seriously, in the guide 100e6 is the master clock rate which is
constant in usrps. It is not the sample rate.
This is decimated by a certain factor, to get the desired sample rate.
This is used in usrps, not sdrs.
Just input straight your sample rate you used to capture the file:)
HTH
Nikos
A.Guero
Sep 3, 2022, 1:26:25 PM9/3/22
to gr-gsm
so with my portapack hackrf i don't need the sample rate ?!
Nikos Balkanas
Sep 3, 2022, 3:26:05 PM9/3/22
to A.Guero, gr-gsm
Ofc you need the sample rate. You don't need decimation.
The whole term $((100000000/174)) is the sample rate.
Just substitute in your -s sample_rate and you will be fine.
BR
Nikos
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/60072ff7-8038-4576-8ad2-288396f5e665n%40googlegroups.com.
The whole term $((100000000/174)) is the sample rate.
Just substitute in your -s sample_rate and you will be fine.
BR
Nikos
Nikos Balkanas
Sep 3, 2022, 4:03:43 PM9/3/22
to A.Guero, gr-gsm
Sample rate and central frequency are you 2 most important variables,
used in all signal processing. You can't disguard any of them.
Mark your sample files accordingly:)
Nikos
used in all signal processing. You can't disguard any of them.
Mark your sample files accordingly:)
Nikos
A.Guero
Sep 5, 2022, 5:05:57 AM9/5/22
to gr-gsm
How do I determine which sample rate size I should use?
10 000 000 or 100 000 000?
What does the size depend on?
I thank you for your invaluable help. :-)
Nikos Balkanas
Sep 5, 2022, 8:18:46 AM9/5/22
to A.Guero, gr-gsm
That depends on the network spec you want to capture...2G, 3G, 4G or 5G.
2G has 1.048 Mhz data rate. So we, usually sample at 2Mhz.
3G has ~3.5 Mhz data rate, and 4G ~30.51 Mhz...
5G is at ~60 Mhz
HTH
Nikos
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/3c49fdaf-a52e-4d0c-ba6b-f3bd9b56bff9n%40googlegroups.com.
2G has 1.048 Mhz data rate. So we, usually sample at 2Mhz.
3G has ~3.5 Mhz data rate, and 4G ~30.51 Mhz...
5G is at ~60 Mhz
HTH
Nikos
A.Guero
Sep 5, 2022, 10:12:31 AM9/5/22
to gr-gsm
So to acquire the 2g in the command to be sent to grgsm I insert
2 000 000 as a sampling parameter?
grgsm-capture -g 40 -a 45 -s 2000000 gsm.cfile -t 180
What exactly would be the sampling parameters to be entered in the grgsm-Capture command to acquire data from 2g 3g 4g 5g?
Nikos Balkanas
Sep 5, 2022, 3:41:38 PM9/5/22
to A.Guero, gr-gsm
On Mon, Sep 5, 2022 at 5:12 PM A.Guero <antoniog...@email.com> wrote:
>
> So to acquire the 2g in the command to be sent to grgsm I insert 2 000 000 as a sampling parameter?
> grgsm-capture -g 40 -a 45 -s 2000000 gsm.cfile -t 180
Yes. You can also type -s 2e6 for simpler...
>
> So to acquire the 2g in the command to be sent to grgsm I insert 2 000 000 as a sampling parameter?
> grgsm-capture -g 40 -a 45 -s 2000000 gsm.cfile -t 180
> What exactly would be the sampling parameters to be entered in the grgsm-Capture command to acquire data from 2g 3g 4g 5g?
Reply all
Reply to author
Forward
Message has been deleted
0 new messages