1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from September
2017</title>
5 <description>Entries from September
2017</description>
6 <link>https://www.hungry.com/~pere/blog/
</link>
10 <title>Visualizing GSM radio chatter using gr-gsm and Hopglass
</title>
11 <link>https://www.hungry.com/~pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html
</link>
12 <guid isPermaLink=
"true">https://www.hungry.com/~pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html
</guid>
13 <pubDate>Fri,
29 Sep
2017 10:
30:
00 +
0200</pubDate>
14 <description><p
>Every mobile phone announce its existence over radio to the nearby
15 mobile cell towers. And this radio chatter is available for anyone
16 with a radio receiver capable of receiving them. Details about the
17 mobile phones with very good accuracy is of course collected by the
18 phone companies, but this is not the topic of this blog post. The
19 mobile phone radio chatter make it possible to figure out when a cell
20 phone is nearby, as it include the SIM card ID (IMSI). By paying
21 attention over time, one can see when a phone arrive and when it leave
22 an area. I believe it would be nice to make this information more
23 available to the general public, to make more people aware of how
24 their phones are announcing their whereabouts to anyone that care to
27 <p
>I am very happy to report that we managed to get something
28 visualizing this information up and running for
29 <a href=
"http://norwaymakers.org/osf17
">Oslo Skaperfestival
2017</a
>
30 (Oslo Makers Festival) taking place today and tomorrow at Deichmanske
31 library. The solution is based on the
32 <a href=
"https://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html
">simple
33 recipe for listening to GSM chatter
</a
> I posted a few days ago, and
34 will show up at the stand of
<a href=
"http://sonen.ifi.uio.no/
">Åpen
35 Sone from the Computer Science department of the University of
36 Oslo
</a
>. The presentation will show the nearby mobile phones (aka
37 IMSIs) as dots in a web browser graph, with lines to the dot
38 representing mobile base station it is talking to. It was working in
39 the lab yesterday, and was moved into place this morning.
</p
>
41 <p
>We set up a fairly powerful desktop machine using Debian
42 Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers
43 connected and visualize the visible cell phone towers using an
44 <a href=
"https://github.com/marlow925/hopglass
">English version of
45 Hopglass
</a
>. A fairly powerfull machine is needed as the
46 grgsm_livemon_headless processes from
47 <a href=
"https://tracker.debian.org/pkg/gr-gsm
">gr-gsm
</a
> converting
48 the radio signal to data packages is quite CPU intensive.
</p
>
50 <p
>The frequencies to listen to, are identified using a slightly
51 patched scan-and-livemon (to set the --args values for each receiver),
52 and the Hopglass data is generated using the
53 <a href=
"https://github.com/petterreinholdtsen/IMSI-catcher/tree/meshviewer-output
">patches
54 in my meshviewer-output branch
</a
>. For some reason we could not get
55 more than four SDRs working. There is also a geographical map trying
56 to show the location of the base stations, but I believe their
57 coordinates are hardcoded to some random location in Germany, I
58 believe. The code should be replaced with code to look up location in
59 a text file, a sqlite database or one of the online databases
61 <a href=
"https://github.com/Oros42/IMSI-catcher/issues/
14">the github
62 issue for the topic
</a
>.
64 <p
>If this sound interesting, visit the stand at the festival!
</p
>
69 <title>Easier recipe to observe the cell phones around you
</title>
70 <link>https://www.hungry.com/~pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html
</link>
71 <guid isPermaLink=
"true">https://www.hungry.com/~pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html
</guid>
72 <pubDate>Sun,
24 Sep
2017 08:
30:
00 +
0200</pubDate>
73 <description><p
>A little more than a month ago I wrote
74 <a href=
"https://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html
">how
75 to observe the SIM card ID (aka IMSI number) of mobile phones talking
76 to nearby mobile phone base stations using Debian GNU/Linux and a
77 cheap USB software defined radio
</a
>, and thus being able to pinpoint
78 the location of people and equipment (like cars and trains) with an
79 accuracy of a few kilometer. Since then we have worked to make the
80 procedure even simpler, and it is now possible to do this without any
81 manual frequency tuning and without building your own packages.
</p
>
83 <p
>The
<a href=
"https://tracker.debian.org/pkg/gr-gsm
">gr-gsm
</a
>
84 package is now included in Debian testing and unstable, and the
85 IMSI-catcher code no longer require root access to fetch and decode
86 the GSM data collected using gr-gsm.
</p
>
88 <p
>Here is an updated recipe, using packages built by Debian and a git
89 clone of two python scripts:
</p
>
93 <li
>Start with a Debian machine running the Buster version (aka
96 <li
>Run
'<tt
>apt install gr-gsm python-numpy python-scipy
97 python-scapy
</tt
>' as root to install required packages.
</li
>
99 <li
>Fetch the code decoding GSM packages using
'<tt
>git clone
100 github.com/Oros42/IMSI-catcher.git
</tt
>'.
</li
>
102 <li
>Insert USB software defined radio supported by GNU Radio.
</li
>
104 <li
>Enter the IMSI-catcher directory and run
'<tt
>python
105 scan-and-livemon
</tt
>' to locate the frequency of nearby base
106 stations and start listening for GSM packages on one of them.
</li
>
108 <li
>Enter the IMSI-catcher directory and run
'<tt
>python
109 simple_IMSI-catcher.py
</tt
>' to display the collected information.
</li
>
113 <p
>Note, due to a bug somewhere the scan-and-livemon program (actually
114 <a href=
"https://github.com/ptrkrysik/gr-gsm/issues/
336">its underlying
115 program grgsm_scanner
</a
>) do not work with the HackRF radio. It does
116 work with RTL
8232 and other similar USB radio receivers you can get
118 (
<a href=
"https://www.ebay.com/sch/items/?_nkw=rtl+
2832">for example
119 from ebay
</a
>), so for now the solution is to scan using the RTL radio
120 and only use HackRF for fetching GSM data.
</p
>
122 <p
>As far as I can tell, a cell phone only show up on one of the
123 frequencies at the time, so if you are going to track and count every
124 cell phone around you, you need to listen to all the frequencies used.
125 To listen to several frequencies, use the --numrecv argument to
126 scan-and-livemon to use several receivers. Further, I am not sure if
127 phones using
3G or
4G will show as talking GSM to base stations, so
128 this approach might not see all phones around you. I typically see
129 0-
400 IMSI numbers an hour when looking around where I live.
</p
>
131 <p
>I
've tried to run the scanner on a
132 <a href=
"https://wiki.debian.org/RaspberryPi
">Raspberry Pi
2 and
3
133 running Debian Buster
</a
>, but the grgsm_livemon_headless process seem
134 to be too CPU intensive to keep up. When GNU Radio print
'O
' to
135 stdout, I am told there it is caused by a buffer overflow between the
136 radio and GNU Radio, caused by the program being unable to read the
137 GSM data fast enough. If you see a stream of
'O
's from the terminal
138 where you started scan-and-livemon, you need a give the process more
139 CPU power. Perhaps someone are able to optimize the code to a point
140 where it become possible to set up RPi3 based GSM sniffers? I tried
141 using Raspbian instead of Debian, but there seem to be something wrong
142 with GNU Radio on raspbian, causing glibc to abort().
</p
>
147 <title>Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet
</title>
148 <link>https://www.hungry.com/~pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html
</link>
149 <guid isPermaLink=
"true">https://www.hungry.com/~pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html
</guid>
150 <pubDate>Thu,
7 Sep
2017 21:
35:
00 +
0200</pubDate>
151 <description><p
>For noen dager siden publiserte Jon Wessel-Aas en bloggpost om
152 «
<a href=
"http://www.uhuru.biz/?p=
1821">Konklusjonen om datalagring som
153 EU-kommisjonen ikke ville at vi skulle få se
</a
>». Det er en
154 interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning
155 av befolkningen, som er klar på at det er i strid med
156 EU-lovgivingen.
</p
>
158 <p
>Valgkampen går for fullt i Norge, og om noen få dager er siste
159 frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet
161 <a href=
"https://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html
">denne
162 gangen heller
</a
>. Jeg har ikke glemt at de tvang igjennom loven som
163 skulle pålegge alle data- og teletjenesteleverandører å overvåke alle
164 sine kunder. En lov som er vedtatt, og aldri opphevet igjen.
</p
>
166 <p
>Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning
167 (eller
"Digital Grenseforsvar
" som det kalles i Orvellisk nytale) at
168 hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å
169 overvåke hele befolkningen, og diskusjonen så langt tyder på at flere
170 av de andre partiene heller ikke har det. Mange av
171 <a href=
"https://data.holderdeord.no/votes/
1301946411e
">de som stemte
172 for Datalagringsdirektivet i Stortinget
</a
> (
64 fra Arbeiderpartiet,
173 25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere
174 vekk mer av innbyggernes privatsfære.
</p
>
176 <p
>Når myndighetene demonstrerer sin mistillit til folket, tror jeg
177 folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta
178 i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære,
179 og begrense hvor mye privat informasjon som deles med uvedkommende.
180 Det er jo ingenting som tyder på at myndighetene kommer til å være vår
182 <a href=
"https://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html
">Det
183 er mange muligheter
</a
>. Selv har jeg litt sans for
184 <a href=
"https://ring.cx/
">Ring
</a
>, som er basert på p2p-teknologi
185 uten sentral kontroll, er fri programvare, og støtter meldinger, tale
186 og video. Systemet er tilgjengelig ut av boksen fra
187 <a href=
"https://tracker.debian.org/pkg/ring
">Debian
</a
> og
188 <a href=
"https://launchpad.net/ubuntu/+source/ring
">Ubuntu
</a
>, og det
189 finnes pakker for Android, MacOSX og Windows. Foreløpig er det få
190 brukere med Ring, slik at jeg også bruker
191 <a href=
"https://signal.org/
">Signal
</a
> som nettleserutvidelse.
</p
>
projects / homepage.git / blob