Posts

Showing posts from January, 2016

More experiments with GSM- locate BTS

While working to identify the frequency my android phone uses, here are some important links and apps I came across. This is an app I used to find out the LAC (Location Area Code) and CID() https://github.com/SecUpwN/Android-IMSI-Catcher-Detector The following information and more can be taken form the above app: MCC — a Mobile Country Code. This code identifies the country. Sri Lanka- 413 MNC - a Mobile Network Code. This code identifies the mobile operator. eg: Dialog-2, CellTel(Etisalat)-3 LAC - Location Area Code is a unique number of current location area. A location area is a set of base stations that are grouped together to optimize signalling. eg: 20126, 3003 CellID (CID) — is a generally unique number used to identify each Base transceiver station (BTS) or sector of a BTS within a Location area code. eg: 1702739, This is the link I used to find how to track the BTS with Cell ID and LAC: http://cellidfinder.com/articles/how-to-find-cellid-location-with-mcc

Create folders and give permission in Remote Virtual Machine

This article has some useful commands I came across while doing the research lab work. To remotely login into a virtual machine,  creating a user group, and giving permission to the group to access that folder. This is done by changing the group ownership of the directory. Remotely log in to the virtual machine ssh username@[ip] Login from user account and goto the root terminal. su root Creating a group sudo addgroup groupname Creating a user into this group sudo adduser username groupname View all groups groups cat etc/group Change owner and group of a file or directory chown {-R} [user]{:group} [file|directory] Change folder permission only of a group(not user) chgrp {-R} [group] [file|directory] Change permission(read write execute of directory ProjectData to the group and user) cat /etc/group chmod 770 ProjectData

Sniffing GSM traffic with hackRF

Image
This post is realted to my previous post , where the tools that should be pre installed are mentioned. Gqrx which is preinstalled in the live DVD can be used to visualize the frequencies. Here are examples of gqrx  tuned to different frequencies observed from channels captured from hackrf_kalibrate. (see my earlier post) Tuned to frequency 950.8MHz. Tuned to 959.6MHz. Then we need to run the grc script airprobe_rtlsdr.grc which is located at gr-gsm/apps folder found in the pre installed gr-gsm. Here is a screen shot of the flowgraph. I set the default value of gain to 40, which increases the packets captured from wireshark which is later explained. Here is a screen shot when I run the flow graph. Then we have to run wireshark from another terminal. Interface is loopback interface (lo). Use the following command, which runs wireshark as root user with icmp and gsmtap filters. sudo wireshark -k -Y 'gsmtap && !icmp' -i lo Here is a sc

Install Requirements for GSM band observation with hackRF

Image
The GNURadio version used for this is 3.7.9. I used the live DVD image which can be downloaded from here. The extra tools needed are : hackrf_kalibrate gr-gsm gqrx  wireshark (gqrx was preinstalled in the GNURadio image). This is how I installed the other three tools. Installing gr-gsm ,  GnuRadio blocks which is used to decode GSM packets . sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy git clone https://github.com/ptrkrysik/gr-gsm.git cd gr-gsm mkdir build cd build cmake .. make sudo make install sudo ldconfig I had the error "package 'libosmocore' not found", so I had to manually install that package using the commands provided in this site. cd libosmocore/ autoreconf -i ./configure make sudo make install sudo ldconfig -i cd .. And during the configuration  "No package 'talloc' found" error occurred and I had to download and install it manually with this link.