7f1a701abc
Apparently Wikipedia has changed its HTML, introducing another header level. This has resulted in what previously was tagged h3 is now tagged h4, thus breaking this script (which fails silently, btw.). Changing h3 to h4 in the script fixes the issue. |
||
|---|---|---|
| mcc-mnc | ||
| capture_simple_IMSI-catcher.png | ||
| immediate_assignment_catcher.py | ||
| LICENSE | ||
| README.md | ||
| scan-and-livemon | ||
| simple_IMSI-catcher.py | ||
IMSI-catcher
This program shows you IMSI numbers, country, brand and operator of cellphones around you.
/!\ This program was made to understand how GSM network work. Not for bad hacking !
What you need
1 PC
1 USB DVB-T key (RTL2832U) with antenna (less than 15$) or a OsmocomBB phone or HackRF
Setup
git clone https://github.com/Oros42/IMSI-catcher.git
# or wget https://github.com/Oros42/IMSI-catcher/archive/master.zip && unzip -q master.zip
sudo apt install python-numpy python-scipy python-scapy
sudo add-apt-repository -y ppa:ptrkrysik/gr-gsm
sudo apt update
sudo apt install gr-gsm
If gr-gsm failled to setup. Try this setup : https://github.com/ptrkrysik/gr-gsm/wiki/Installation
Debian : https://tracker.debian.org/pkg/gr-gsm
Run
With an old version of gr-gsm
Open 2 terminals.
In terminal 1
sudo python simple_IMSI-catcher.py --sniff
You can add -h to display options.
In terminal 2, search a frequency to listen :
grgsm_scanner
Next, ask grgsm_livemon to use one of these frequencies:
grgsm_livemon -f <your_frequency>M
Example :
grgsm_livemon -f 938.2M
It should start producing output like :
15 06 21 00 01 f0 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
25 06 21 00 05 f4 f8 68 03 26 23 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
49 06 1b 95 cc 02 f8 02 01 9c c8 03 1e 57 a5 01 79 00 00 1c 13 2b 2b
...
You can change the frequency if you want.
With version of gr-gsm >= 0.41.2-1
Open 2 terminals.
In terminal 1
python simple_IMSI-catcher.py
You can add -h to display options.
In terminal 2
python scan-and-livemon
This step can take a few minutes to get started, as it first run grgsm_scanner to find nearby base stations and ask grgsm_livemon_headless to receive the signal from the strongest signals.
Or first find the frequencies of the nearby base stations.
grgsm_scanner
Next, ask grgsm_livemon to use one of these frequencies:
grgsm_livemon -f <your_frequency>M
Example :
grgsm_livemon -f 938.2M
It should start producing output like :
15 06 21 00 01 f0 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
25 06 21 00 05 f4 f8 68 03 26 23 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
49 06 1b 95 cc 02 f8 02 01 9c c8 03 1e 57 a5 01 79 00 00 1c 13 2b 2b
...
You can change the frequency if you want.
For all
Now, watch terminal 1 and wait. IMSI numbers should appear :-)
If nothing appears after 1 min, change the frequency.
Doc : https://fr.wikipedia.org/wiki/Global_System_for_Mobile_Communications
Example of frequency in France : 9.288e+08 Bouygues
You can watch GSM packets with
sudo wireshark -k -Y '!icmp && gsmtap' -i lo
Optional
Information about the cell tower :
sudo python find_cell_id.py
Get immediate assignment :
sudo python immediate_assignment_catcher.py
Find frequencies
You can either use the grgsm_scanner program from gr-gsm mentioned above, or fetch the kalibrate-hackrf tool like this:
sudo apt-get install automake autoconf libhackrf-dev
git clone https://github.com/scateu/kalibrate-hackrf
cd kalibrate-hackrf/
./bootstrap
./configure
make
sudo make install
Run
kal -s GSM900
kal: Scanning for GSM-900 base stations.
GSM-900:
chan: 14 (937.8MHz + 10.449kHz) power: 3327428.82
chan: 15 (938.0MHz + 4.662kHz) power: 3190712.41
...
Links
Setup of Gr-Gsm : https://github.com/ptrkrysik/gr-gsm/wiki/Installation
Frequency : http://www.worldtimezone.com/gsm.html and https://fr.wikipedia.org/wiki/Global_System_for_Mobile_Communications
Mobile Network Code : https://en.wikipedia.org/wiki/Mobile_Network_Code
Scapy : http://secdev.org/projects/scapy/doc/usage.html
IMSI : https://fr.wikipedia.org/wiki/IMSI
Realtek RTL2832U : https://osmocom.org/projects/sdr/wiki/rtl-sdr and http://doc.ubuntu-fr.org/rtl2832u and http://doc.ubuntu-fr.org/rtl-sdr