- <item>
- <title>Easier recipe to observe the cell phones around you</title>
- <link>http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</guid>
- <pubDate>Sun, 24 Sep 2017 08:30:00 +0200</pubDate>
- <description><p>A little more than a month ago I wrote
-<a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">how
-to observe the SIM card ID (aka IMSI number) of mobile phones talking
-to nearby mobile phone base stations using Debian GNU/Linux and a
-cheap USB software defined radio</a>, and thus being able to pinpoint
-the location of people and equipment (like cars and trains) with an
-accuracy of a few kilometer. Since then we have worked to make the
-procedure even simpler, and it is now possible to do this without any
-manual frequency tuning and without building your own packages.</p>
-
-<p>The <a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a>
-package is now included in Debian testing and unstable, and the
-IMSI-catcher code no longer require root access to fetch and decode
-the GSM data collected using gr-gsm.</p>
-
-<p>Here is an updated recipe, using packages built by Debian and a git
-clone of two python scripts:</p>
-
-<ol>
-
-<li>Start with a Debian machine running the Buster version (aka
- testing).</li>
-
-<li>Run '<tt>apt install gr-gsm python-numpy python-scipy
- python-scapy</tt>' as root to install required packages.</li>
-
-<li>Fetch the code decoding GSM packages using '<tt>git clone
- github.com/Oros42/IMSI-catcher.git</tt>'.</li>
-
-<li>Insert USB software defined radio supported by GNU Radio.</li>
-
-<li>Enter the IMSI-catcher directory and run '<tt>python
- scan-and-livemon</tt>' to locate the frequency of nearby base
- stations and start listening for GSM packages on one of them.</li>
-
-<li>Enter the IMSI-catcher directory and run '<tt>python
- simple_IMSI-catcher.py</tt>' to display the collected information.</li>
-
-</ol>
-
-<p>Note, due to a bug somewhere the scan-and-livemon program (actually
-<a href="https://github.com/ptrkrysik/gr-gsm/issues/336">its underlying
-program grgsm_scanner</a>) do not work with the HackRF radio. It does
-work with RTL 8232 and other similar USB radio receivers you can get
-very cheaply
-(<a href="https://www.ebay.com/sch/items/?_nkw=rtl+2832">for example
-from ebay</a>), so for now the solution is to scan using the RTL radio
-and only use HackRF for fetching GSM data.</p>
-
-<p>As far as I can tell, a cell phone only show up on one of the
-frequencies at the time, so if you are going to track and count every
-cell phone around you, you need to listen to all the frequencies used.
-To listen to several frequencies, use the --numrecv argument to
-scan-and-livemon to use several receivers. Further, I am not sure if
-phones using 3G or 4G will show as talking GSM to base stations, so
-this approach might not see all phones around you. I typically see
-0-400 IMSI numbers an hour when looking around where I live.</p>
-
-<p>I've tried to run the scanner on a
-<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi 2 and 3
-running Debian Buster</a>, but the grgsm_livemon_headless process seem
-to be too CPU intensive to keep up. When GNU Radio print 'O' to
-stdout, I am told there it is caused by a buffer overflow between the
-radio and GNU Radio, caused by the program being unable to read the
-GSM data fast enough. If you see a stream of 'O's from the terminal
-where you started scan-and-livemon, you need a give the process more
-CPU power. Perhaps someone are able to optimize the code to a point
-where it become possible to set up RPi3 based GSM sniffers? I tried
-using Raspbian instead of Debian, but there seem to be something wrong
-with GNU Radio on raspbian, causing glibc to abort().</p>
-</description>
- </item>
-
projects / homepage.git / blobdiff