- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">Simpler recipe on how to make a simple $7 IMSI Catcher using Debian</a></div>
- <div class="date"> 9th August 2017</div>
- <div class="body"><p>On friday, I came across an interesting article in the Norwegian
-web based ICT news magazine digi.no on
-<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how
-to collect the IMSI numbers of nearby cell phones</a> using the cheap
-DVB-T software defined radios. The article refered to instructions
-and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by
-Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p>
-
-<p>The instructions said to use Ubuntu, install pip using apt (to
-bypass apt), use pip to install pybombs (to bypass both apt and pip),
-and the ask pybombs to fetch and build everything you need from
-scratch. I wanted to see if I could do the same on the most recent
-Debian packages, but this did not work because pybombs tried to build
-stuff that no longer build with the most recent openssl library or
-some other version skew problem. While trying to get this recipe
-working, I learned that the apt->pip->pybombs route was a long detour,
-and the only piece of software dependency missing in Debian was the
-gr-gsm package. I also found out that the lead upstream developer of
-gr-gsm (the name stand for GNU Radio GSM) project already had a set of
-Debian packages provided in an Ubuntu PPA repository. All I needed to
-do was to dget the Debian source package and built it.</p>
-
-<p>The IMSI collector is a python script listening for packages on the
-loopback network device and printing to the terminal some specific GSM
-packages with IMSI numbers in them. The code is fairly short and easy
-to understand. The reason this work is because gr-gsm include a tool
-to read GSM data from a software defined radio like a DVB-T USB stick
-and other software defined radios, decode them and inject them into a
-network device on your Linux machine (using the loopback device by
-default). This proved to work just fine, and I've been testing the
-collector for a few days now.</p>
-
-<p>The updated and simpler recipe is thus to</p>
-
-<ol>
-
-<li>start with a Debian machine running Stretch or newer,</li>
-
-<li>build and install the gr-gsm package available from
-<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li>
-
-<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li>
-
-<li>run grgsm_livemon and adjust the frequency until the terminal
-where it was started is filled with a stream of text (meaning you
-found a GSM station).</li>
-
-<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li>
-
-</ol>
-
-<p>To make it even easier in the future to get this sniffer up and
-running, I decided to package
-<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a>
-for Debian (<a href="https://bugs.debian.org/871055">WNPP
-#871055</a>), and the package was uploaded into the NEW queue today.
-Luckily the gnuradio maintainer has promised to help me, as I do not
-know much about gnuradio stuff yet.</p>
-
-<p>I doubt this "IMSI cacher" is anywhere near as powerfull as
-commercial tools like
-<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The
-Spy Phone Portable IMSI / IMEI Catcher</a> or the
-<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris
-Stingray</a>, but I hope the existance of cheap alternatives can make
-more people realise how their whereabouts when carrying a cell phone
-is easily tracked. Seeing the data flow on the screen, realizing that
-I live close to a police station and knowing that the police is also
-wearing cell phones, I wonder how hard it would be for criminals to
-track the position of the police officers to discover when there are
-police near by, or for foreign military forces to track the location
-of the Norwegian military forces, or for anyone to track the location
-of government officials...</p>
-
-<p>It is worth noting that the data reported by the IMSI-catcher
-script mentioned above is only a fraction of the data broadcasted on
-the GSM network. It will only collect one frequency at the time,
-while a typical phone will be using several frequencies, and not all
-phones will be using the frequencies tracked by the grgsm_livemod
-program. Also, there is a lot of radio chatter being ignored by the
-simple_IMSI-catcher script, which would be collected by extending the
-parser code. I wonder if gr-gsm can be set up to listen to more than
-one frequency?</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/A_bit_more_on_privacy_respecting_health_monitor___fitness_tracker.html">A bit more on privacy respecting health monitor / fitness tracker</a></div>
+ <div class="date">13th August 2018</div>
+ <div class="body"><p>A few days ago, I wondered if there are any privacy respecting
+health monitors and/or fitness trackers available for sale these days.
+I would like to buy one, but do not want to share my personal data
+with strangers, nor be forced to have a mobile phone to get data out
+of the unit. I've received some ideas, and would like to share them
+with you.
+
+One interesting data point was a pointer to a Free Software app for
+Android named
+<a href="https://github.com/Freeyourgadget/Gadgetbridge/">Gadgetbridge</a>.
+It provide cloudless collection and storing of data from a variety of
+trackers. Its
+<a href="https://github.com/Freeyourgadget/Gadgetbridge/#supported-devices">list
+of supported devices</a> is a good indicator for units where the
+protocol is fairly open, as it is obviously being handled by Free
+Software. Other units are reportedly encrypting the collected
+information with their own public key, making sure only the vendor
+cloud service is able to extract data from the unit. The people
+contacting me about Gadgetbirde said they were using
+<a href="https://us.amazfit.com/shop/bip?variant=336750">Amazfit
+Bip</a> and
+<a href="http://www.xiaomimi6phone.com/xiaomi-mi-band-3-features-release-date-rumors/">Xiaomi
+Band 3</a>.</p>
+
+<p>I also got a suggestion to look at some of the units from Garmin.
+I was told their GPS watches can be connected via USB and show up as a
+USB storage device with
+<a href="https://www.gpsbabel.org/htmldoc-development/fmt_garmin_fit.html">Garmin
+FIT files</a> containing the collected measurements. While
+proprietary, FIT files apparently can be read at least by
+<a href="https://www.gpsbabel.org">GPSBabel</a> and the
+<a href="https://apps.nextcloud.com/apps/gpxpod">GpxPod</a> Nextcloud
+app. It is unclear to me if they can read step count and heart rate
+data. The person I talked to was using a
+<a href="https://buy.garmin.com/en-US/US/p/564291">Garmin Forerunner
+935</a>, which is a fairly expensive unit. I doubt it is worth it for
+a unit where the vendor clearly is trying its best to move from open
+to closed systems. I still remember when Garmin dropped NMEA support
+in its GPSes.</p>
+
+<p>A final idea was to build ones own unit, perhaps by basing it on a
+wearable hardware platforms like
+<a href="https://learn.adafruit.com/flora-geo-watch">the Flora Geo
+Watch</a>. Sound like fun, but I had more money than time to spend on
+the topic, so I suspect it will have to wait for another time.</p>
+
+<p>While I was working on tracking down links, I came across an
+inspiring TED talk by Dave Debronkart about
+<a href="https://archive.org/details/DavedeBronkart_2010X">being a
+e-patient</a>, and discovered the web site
+<a href="https://participatorymedicine.org/epatients/">Participatory
+Medicine</a>. If you too want to track your own health and fitness
+without having information about your private life floating around on
+computers owned by others, I recommend checking it out.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
projects / homepage.git / blobdiff