GSM IMSI-Catcher

From Embedded Lab Vienna for IoT & Security
Revision as of 22:35, 26 February 2023 by MBoysen (talk | contribs) (Created page with "== Summary == This article explains how to build an GSM IMSI-Catcher with the SDR called HackRF One. == Requirements == * Operating system: Ubuntu 20.04 LTS (Focal Fossa)! * Packages: git, Wireshark * SDR HackRF One == Description == === Installation of the necessary tools === (Do not use any other OS than Ubuntu 20.04 LTS (Focal Fossa)!!!) Enter these commands in the shell git clone https://github.com/Oros42/IMSI-catcher.git cd IMSI-catcher sudo apt install...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

This article explains how to build an GSM IMSI-Catcher with the SDR called HackRF One.

Requirements

  • Operating system: Ubuntu 20.04 LTS (Focal Fossa)!
  • Packages: git, Wireshark
  • SDR HackRF One

Description

Installation of the necessary tools

(Do not use any other OS than Ubuntu 20.04 LTS (Focal Fossa)!!!)

Enter these commands in the shell 

git clone https://github.com/Oros42/IMSI-catcher.git
cd IMSI-catcher

sudo apt install python3-numpy python3-scipy python3-scapy

sudo apt-get install -y \
   cmake \
   autoconf \
   libtool \
   pkg-config \
   build-essential \
   python-docutils \
   libcppunit-dev \
   swig \
   doxygen \
   liblog4cpp5-dev \
   gnuradio-dev \
   gr-osmosdr \
   libosmocore-dev \
   liborc-0.4-dev \
   swig

git clone -b maint-3.8 https://github.com/velichkov/gr-gsm.git

cd gr-gsm
mkdir build
cd build
cmake ..
make -j 4
sudo make install
sudo ldconfig
echo 'export PYTHONPATH=/usr/local/lib/python3/dist-packages/:$PYTHONPATH' >> ~/.bashrc


IMSI catching in action

Now that all necessary tools are installed, first thing to do is connect the HackRF One to the Computer, in case you are using a VM ensure that you mounted your USB device to the VM.


It is recommended do start each tool in separate terminals!

First start 

grgsm_scanner

grgsm_scanner is used to perform a GSM frequency channel scan to identify active frequencies in a given area.

This should now list the active frequencies that can be received at the current location.

Then start grgsm_livemon with one of the frequencies that has just been discovered in the previous step. 

grgsm_livemon -f <Frequency scanned with grgsm_scanner>

grgsm_livemon is used for capturing and analyzing GSM signals in a specific frequency band using a software-defined radio (SDR) in this case the HackRF One.

This should now open a GUI displaying the scanner and the terminal should show incoming Hex values received by the SDR.

Next up is the simple_IMSI-catcher.py this is a handy script which takes the incoming radio stream from grgsm_livemon and decodes and extracts the most important information. It list all the information in a nicely formatted table. This could take a minute until something is displayed. If there are issues with the scrip not displaying anything simple restart a) the script b) livemon c) both or pick an other frequency.

There is one extra step that can be done to display extra information, for that enter: 

sudo wireshark -k -Y '!icmp && gsmtap' -i lo

This command captures GSM TAP protocol packets on the loopback interface using Wireshark, excluding ICMP packets. The GSMTAP protocol is a format used for capturing GSM protocol messages over the air interface. It is a simple protocol that encapsulates GSM protocol messages inside a UDP packet.

Now it should list all gsmtap protocol packets in real time giving more information about the transmission over the connected SDR.



Used Hardware

HackRF One Software Defined Radio (SDR)


References

https://github.com/velichkov/gr-gsm.git https://github.com/Oros42/IMSI-catcher

Retrieved from "https://wiki.elvis.science/index.php?title=GSM_IMSI-Catcher&oldid=11516"