GSM SNIFFING

https://telegra.ph/GSM-SNIFFING-07-25

Before starting let us clear some basic points about GSM SNIFFING !

What is GSM (Global System for Mobile communication)

GSM or Global System for Mobile Communications is the most popular

wireless cellular communication technique, used for
public communication. The GSM standard was developed for setting
protocols for second generation (2G) digital cellular networks.

It initially started as a circuit switching network, but later packet switching

was implemented after integration General Packet Radio Service (GPRS)
technology as well. The widely-used GSM frequency bands are 900 MHz and
1800 MHz.

In the Europe and Asia, the GSM operates in 900 to 1800 MHz frequency
range, whereas in United States and other American countries, it operates
in the 850 to 1900 MHz frequency range. It uses the digital air interface
wherein the analog signals are converted to digital signals before
transmission. The transmission speed is 270 Kbps.

In GSM cellular networks, an absolute radio-frequency channel number

(ARFCN) is a code that specifies a pair of physical radio carriers used for
transmission and reception in a land mobile radio system, one for the
uplink signal and one for the downlink signal.

What is SDR?

Software Defined Radio is a radio broadcast communication technology,

which is based on a software-defined wireless communication protocol
instead of being implemented through hard-wires. SDR allows easy signal
processing and experimentation with more complex radio frequency
builds.
WHAT IS RTL-SDR

RTL-SDR (RTL2832U) and software defined radio news and projects. Also
featuring Airspy, HackRF, FCD, SDRplay and more.

What are some RTL-SDR Radio Scanner Applications?

The RTL-SDR can be used as a wide band radio scanner. Applications

include:

Use as a police radio scanner.

Listening to EMS/Ambulance/Fire communications.
Listening to aircraft traffic control conversations.
Tracking aircraft positions like a radar with ADSB decoding.
Decoding aircraft ACARS short messages.
Scanning trunking radio conversations.
Decoding unencrypted digital voice transmissions such as P25/DMR/D-
STAR.
Tracking maritime boat positions like a radar with AIS decoding.
Decoding POCSAG/FLEX pager traffic.
Scanning for cordless phones and baby monitors.
Tracking and receiving meteorological agency launched weather
balloon data.
Tracking your own self launched high altitude balloon for payload
recovery.
Receiving wireless temperature sensors and wireless power meter
sensors.
Listening to VHF amateur radio.
Decoding ham radio APRS packets.
Watching analogue broadcast TV.
 Sniffing GSM signals.
Using rtl-sdr on your Android device as a portable radio scanner.
Receiving GPS signals and decoding them.
Using rtl-sdr as a spectrum analyzer.
Receiving NOAA weather satellite images.
Listening to satellites and the ISS.
Radio astronomy.
Monitoring meteor scatter.
Listening to FM radio, and decoding RDS information.
Listening to DAB broadcast radio.
Listening to and decoding HD-Radio (NRSC5).
Use rtl-sdr as a panadapter for your traditional hardware radio.
Decoding taxi mobile data terminal signals.
Use rtl-sdr as a high quality entropy source for random number
generation.
Use rtl-sdr as a noise figure indicator.
Reverse engineering unknown protocols.
Triangulating the source of a signal.
Searching for RF noise sources.
Characterizing RF filters and measuring antenna SWR.
Decoding Inmarsat STD-C EGC geosynchronous satellites.
Listening to the ISS (International Space Station).

Furthermore, with an upconverter or V3 RTL-SDR dongle to receive HF

signals the applications are expanded to:

Listening to amateur radio hams on SSB with LSB/USB modulation.

Decoding digital amateur radio ham communications such as
CW/PSK/RTTY/SSTV.
 Receiving HF weatherfax.
Receiving digital radio mondiale shortwave radio(DRM).
Listening to international shortwave radio.
Looking for RADAR signals like over the horizon (OTH) radar, and
HAARP signals.

Note that not all the applications listed may be legal in your country. Please
be responsible.

@its_me_kali

Requirement For Sniffing.

You can use any one of them :

RTL-SDR
   Hackrf
   USRP
   Blade-RF

Software used:
 hackrf_kalibrate
gnuradio-companion
gr-gsm
gqrx
wireshark

GSM Sniffing Tools

apt-get install gqrx

apt-get install kalibrate-rtl

apt-get install gr-gsm

https://github.com/Oros42/IMSI-catcher

For tutorial click on apples:

🍎🍎🍎🍎🍎🍎🍎🍎🍎🍎🍎
What Is an International Mobile Subscriber Identity (IMSI)?

IMSI numbers are usually 15 digits, and they have three distinct parts: 

1. The first set of digits is the Mobile Country Code (MCC), which defines
the country a subscriber primarily operates within. This is always either
two or three digits.
2. The second set of digits is the Mobile Network Code (MNC), which
identifies the specific MNO a subscriber is associated with. This is
between one and three digits.
3. The final set of digits is the Mobile Subscription Identification Number,
which is unique to the subscriber. (This is typically nine or ten digits.)

For example, here’s what you can learn from the IMSI number
310410123456789:
 

Mobile Country Code

310

United States

Mobile Network Code

410

AT&T

Mobile Subscription Identification Number

123456789

 What Is an ICCID Number?

ICCID stands for Integrated Circuit Card Identification Number. It’s a unique
18-22 digit code that includes a SIM card’s country, home network, and
identification number. You’ll usually find an ICCID printed on the back of a
SIM card, but sometimes it’s included in the packaging materials instead.

What is IMSI ?

IMSI stands for "International Mobile Subscriber Identity." It’s a mobile

subscriber’s unique identification number. Like an ICCID, an IMSI is saved
on the SIM card. Most SIM cards only store a single IMSI, which is
associated with a list of networks the subscriber is authorized to access.
EMnify’s SIMs, however, are Multi-IMSI, meaning they store multiple
subscriber identities. This allows the SIM to change identities to access
more networks and select the one with the best coverage. 

An IMSI is not the same as a telephone number. The IMSI number has up to
15 digits and consists of three parts: 

The first three digits are the Mobile Country Code (MCC). This can be used
to determine the home country of the operator that issued the SIM card.
The IMSI of European countries always starts with the number 2.  

The following two or three digits are the Mobile Network Code, which
represents the network the user is active in. For example, the number 01
represents Deutsche Telekom.

All subsequent numbers are specifically assigned to the user, and no two
users share the same IMSI number. 

What is IMEI ?

The International Mobile Station Equipment Identity, or IMEI for short, is

one unique 15-digit serial number that can be used to uniquely identify
each mobile radio terminal (your device). It includes four parts:

The first two digits indicate the reporting body identifier showing Type
Allocation Code (TAC) by GSMA approval group. 

The next six digits are the TAC.

The six digits after that uniquely identify the individual device.

The final number is the check digit, which helps prevent errors in
equipment databases.

There are also “software versions” of IMEIs, referred to as IMEISVs. In an

IMEISV, there is no check digit, and the last two digits represent the
Software Version Number (SVN).

What is IMSI CATCHER ?

IMSI Catchers are indiscriminate surveillance tools that could be used to

track who attends a political demonstration or a public event like a
football match. They can even be used to monitor your calls and edit your
messages – and you wouldn't even know it was happening.


What is Harris Stingray ?

Stingrays, also known as "cell site simulators" or "IMSI catchers," are

invasive cell phone surveillance devices that mimic cell phone towers and
send out signals to trick cell phones in the area into transmitting their
locations and identifying information. When used to track a suspect's cell
phone, they also gather information about the phones of countless
bystanders who happen to be nearby. It only works on 2G networks.

What Is A Dirtbox ?

A dirtbox (or DRT box) is a cell site simulator, a phone device mimicking a
cell phone tower, that creates a signal strong enough to cause nearby
dormant mobile phones to switch to it. ... It can also be used to jam phones.
The device's name comes from the company that developed it, Digital
Receiver Technology, Inc.

What Does the Dirtbox Do?

Dirtboxes basically operate as fake mobile phone towers, forcing all the
(targeted) mobile phones within its range to use their signal for
communication purposes. In other words, a dirtbox functions as a cell
tower simulator. Also, as the information passes through the cell tower
simulator, the dirtbox simultaneously breaks the encryption on the voice
and data transmissions of dozens of mobile phones. If you put dirtboxes on
an airplane or even a drone, you’ll potentially elicit all sorts of information
about hundreds of people. This information shockingly includes recorded
telephone conversations, identification of callers and receivers, and even
SMS shared between them.

What does dirtbox can do ?

According to Digital Receiver Technology ,DRT is capable of cracking the

encryption on communications from over 200 mobile phones at the same
time. This is done across state-of-the-art 4G LTE frequencies used for fast
voice and data communication. In 2008, Boeing took over the Digital
Receiver Technology company. Boeing describes this device’s purpose as
“jamming, managed access and detection”.

Dirtbox

Thank You , This tutorial is just for educational purpose ! I m not

responsible if you're in jail !!

I hope you get it !!

🦁By  Its_me_kali