Tagged: gr-gsm

Running GR-GSM and IMSI Catcher on a Raspberry Pi 4 with Dragon OS

DragonOS is a ready to use Ubuntu Linux image that comes preinstalled with multiple SDR software packages. The creator Aaron also runs a YouTube channel showing how to use the various packages installed. 

In his latest video Aaron tests his Pi64 image with GR-GSM and IMSI Catcher running with the GNU Radio 3.10 platform on a Raspberry Pi 4. He tests operation with an RTL-SDR and LimeSDR.

GR-GSM is a GNU Radio based program capable of receiving and analyzing mobile GSM data. We note that it cannot decode actual messages without additional information about the encryption key, but it can be interesting to investigate the metadata. GSM is mostly outdated these days, but still used in some areas by some older phones and devices. IMSI Catcher is a script that will record all detected GSM 'IMSI' numbers received by the mobile tower which can be used to uniquely identify devices.

Short video setting up and testing GR-GSM on DragonOS Pi64 w/ GNU Radio 3.10 and the RTL-SDR. The current DragonOS Pi64 build has GNU Radio 3.8 and all the necessary tools to accomplish what's shown in this video. If you'd like to test the build shown in this video, it's temporarily available here until I finish and put it on Source Forge.

https://drive.google.com/drive/u/1/fo...

A LimeSDR and DragonOS Focal's Osmo-NITB-Scripts was used to create the GSM900 lab environment. The RTL-SDR was able to see and decode the GSM900 network and although only briefly shown in the video, the IMSI Catcher script works.

Here's the fork used for this video and for testing. There's also a pull request on the main GR-GSM repo for this code to be added.

https://github.com/bkerler/gr-gsm

DragonOS Pi64 Testing GR-GSM + IMSI Catcher w/ GNU Radio 3.10 (RTLSDR, Pi4, LimeSDR, OSMO-NITB)

DragonOS Updated: Now with OP25 Installed and many new YouTube Tutorials

Last month we posted about Aaron's "DragonOS" project, which is a ready to install Linux ISO aimed to make getting started with SDR software easy by providing several programs preinstalled, as well as providing multiple video tutorials. Recently he's updated the build, this time basing it on Lubuntu 18.04 allowing for Legacy and UEFI support, along with disk encryption. The OS supports RTL-SDRs as well as the HackRF and bladeRF and probably supports most other SDRs via the SoapySDR interface.

In terms of software he's also added OP25 and bladeRF support. Other programs pre-installed include rtl_433, Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate, hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF.

His DragonOS YouTube tutorial channel is also growing fast, with several tutorials showing you how to use DragonOS to perform tasks like listen to trunked mobile radios, use QSpectrumAnalyzer with a HackRF, receive NOAA APT weather satellite images, retrieve cellular network information via a rooted Samsung Galaxy S5, create a ShinySDR server with rtl_433 and how to capture and replay with a HackRF.

DragonOS running CubicSDR
DragonOS running CubicSDR

Camp++ YouTube Talk: GSM Signal Sniffing for Everyone with GR-GSM and Multi-RTL

Over on YouTube the channel Budapest Hackerspace has recently uploaded a talk by Piotr Krysik which was given during the August 2016 Camp++ 0x7e0 information security conference. The talk is titled: “GSM signal sniffing for everyone with gr-gsm and Multi-RTL by Piotr Krysik” and talks about using the gr-gsm software and RTL-SDR dongles to sniff the GSM mobile phone network. Also, a tool developed by Piotr called multi-rtl which allows the proper synchronization of multiple RTL-SDR dongles in order to cover the large gap between the GSM uplink and downlink frequencies is discussed.

The talk explains a bit about how GSM works, and then goes on to talk about the gr-gsm and multi-rtl software. The talk blurb reads:

Gr-gsm is a set of tools for receiving GSM transmissions, which works with any software radio hardware capable of receiving GSM signal. Together with widely available RTL2832 based TV dongles, that are popularly used as low cost software radio receivers (known as RTL-SDR), it enables everyone to receive and study protocols used in GSM’s mobile radio interface.

Ability to receive signals spread over wide frequency range exceeding single RTL-SDR receiver’s bandwidth (~2.4MHz) was available exclusively for the owners of more capable and more expensive SDR devices. With introduction of Multi-RTL project by the author of the talk, this limit was overcome through synchronization of multiple RTL-SDR receivers in time domain, that doesn’t require complicated hardware modifications. With Muli-RTL it is possible to receive for example uplink and downlink of GSM900 transmissions, that are separated by 45MHz.

Speaker will present origins of both of the projects, together with description of their inner workings, examples of applications and plans for the future.

The talk slides can be downloaded here.

Camp++ 0x7e0 // GSM signal sniffing for everyone with gr-gsm and Multi-RTL by Piotr Krysik

GSM Sniffing: A Full YouTube Tutorial

Over on YouTube user Crazy Danish Hacker has been working on uploading an entire series on GSM Sniffing with an RTL-SDR. His series is explained in a slow and clear presenting style, and it starts at the very beginning from installing the RTL-SDR. The tutorial series is not yet complete, however he is uploading a new video almost daily. Presumably the series will end with showing you how to receive text messages and voice calls originating from your own cellphone.

So far he has shown how to install the RTL-SDR, identify GSM downlinks, install and use GQRX and kalibrate, locate nearby cell towers, install and use GR-GSM and how to extract the TMSI & KC keys from your cell phone. To obtain the TMSI & KC keys he shows us how to use an Android tool called usbswitcher which forces the phone to use its USB modem interface, from which the keys can be obtained.

The video below shows his teaser video on the series. Check out his GSM playlist to view the full series.

GSM Sniffing Teaser - Software Defined Radio Series!

Sniffing and Analyzing GSM Signals with GR-GSM

Over a year ago we wrote a tutorial on how to analyze GSM cellular phone signals using a RTL-SDR, a Linux computer with GNU Radio, Wireshark and a GSM decoder called Airprobe. With this combination it is possible to easily decode GSM system messages. Setting up Airprobe is can be difficult as it is unmaintained and incompatible with the new version of GNU Radio without patches.

Now a new software package called gr-gsm has been released on GitHub which seems to be a newer and improved version of Airprobe. The gr-gsm software is also much easier to install, uses the newer GNU Radio 3.7 and seems to decode the system data with much less trouble than Airprobe did. We will soon update our tutorial to use gr-gsm, but the instructions on the GitHub are already quite good. The author of gr-gsm also appears to be actively adding new features to the software as well. The video below shows gr-gsm in action.

Sniffing GSM data with gr-gsm and cheap RTL-SDR receivers