RTL-SDR Cell Phone IMSI, TMSI and Key Sniffer

Over on YouTube user Kali Gsm has uploaded a video showing off a new software program he has written that allows an RTL-SDR to be used to gather IMSI, TMSI and Key information from a cell phone connected to a PC.

The IMSI (International Mobile Subscriber Identity) is a number that uniquely identifies a cell phone. Because IMSI’s are unique, they can be used to track a cell phone so they are rarely broadcast and instead a TMSI (Temporary Mobile Subscriber Identity) number is used to identify a cell phone instead. The TMSI is changed depending on geographic location or changed by the network randomly. The key is a number that is used to decrypt the GSM data sent to your phone.

Kali Gsm’s software is called rtl_tool_kit and is planned to be released soon on it’s GitHub page. It uses the gr-gsm software to sniff the GSM downlink with an RTL-SDR dongle and also interfaces to a connected mobile phone. The author writes that the following is possible with the software:

  1. You can get imsi tmsi and key of the device connected to your pc.
  2. You can send silent/flash sms
  3. You can connect/match tmsi to a mobile number if target is on the same BTS and in GSM900/2G mode.

Update 25/01/2015: All YouTube videos appear to have been removed – though the uploader reports in the comments that the videos will be back online soon.
Update 29/01/2015: Videos are back online.

http://www.youtube.com/watch?v=KtVBuUDGWVE
http://www.youtube.com/watch?v=ZCwWpfxKHjI

7 comments

  1. Garry

    hello i emailed you about video link but email said failed deliver,how can i get video link and github scripts pls?

  2. kali_gsm

    Sorry for taking down the vidoes but you want a direct link contact me. They will be public again soon.

    kali.gsm.rtl.sdr (at) gmail.com

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>