Domain: osmocom.org
Stories and comments across the archive that link to osmocom.org.
Comments · 20
-
Motorola C123 = almost SDR
Phone shown in the video is a variant of Motorola C123, Calypso Chipset design with leaked firmware source and semi documented dsp
http://bb.osmocom.org/trac/wik...it isnt some dumb phone, its an SDR platform capable of running primitive GSM base station, or sniffing GSM traffic.
-
Re:Open source base station?
Gee... I didn't find links to the schematics and source code on their web site. Maybe I'm not looking hard enough? Where are they?
Or..... maybe it's yet another click-bait article abusing the term "open source'.
You're right, we are a bit messy right now. Code (rhizomatica specific): https://github.com/rhizomatica Open source GSM code: http://openbsc.osmocom.org/tra... Anything else I can help you with?
:) -
Re detecting/creating
The primary methods of detecting IMSI-Catchers and Fake BTS's is described here (pdf), and due to the variety of manufacturers' baseband interfaces, there wasn't an easy way to uniformly detect these devices.
IMSI-Catcher doesn't seem to work on my old, non-GSM Android, but I've also found OsmocomBB to be interesting; it's an open source GSM broadband implementation that seems to work on some older, cheap phones, like some motorola candy bars; check out Catcher Catcher for more info.
In terms of the IMSI Catcher devices themselves, I've seen estimations of $20 to $1500 to make one, from using cheap RTL-SDR devices to a full SDR (~$400-1500) to run a full fake GSM BTS.
The legal usage of IMSI-Catchers doesn't seem clear to me. It is essentially a MiTM attack, which at least android devices seem to go out of their way to ignore. The law enforcement usage seems worded in ways that would just confuse 50+ year old judges. And they have to go far out of the way to make sure that you don't notice an interruption in service, by forwarding any on-going communications to their intended recipients and tunneling them back, if they go are run over time and don't disassociate.
I haven't seen any estimation on how often these things are used. Besides, hacked femtocell's are probably also responsible for a lot of these rogue BTS's; I wonder if that would be discovered with such detection methods?
-
Re:Why is this important?
-
Re:Why is this important?
-
Re:So what are these "transmitters"?
Either an 8,500 euro transceiver http://www.cubesatshop.com/ind... or an SDR (Software Defined Radio) http://publik.tuwien.ac.at/fil... (or maybe the $18 receiver noted at http://sdr.osmocom.org/trac/wi... and http://hackaday.com/2012/06/27..., or a SoftRock TXRX http://fivedash.com/index.php?...), an upconverter/downconverter, dual circular polarized antennas, and an S-band broadband amp. See http://mdkenny.customer.netspa... for frequency specs. 73s and best regards, y'all, de K7AAY
-
Re:See, this is kinda what I meant
You can decode these IBus messages with a $15 USB receiver? Link please?
-
Re:No.
I disagree. I have been playing around lately with GNU Radio Companion, designing SDR (software-defined radio) tools using a cheap DVB dongle. The transformations of the signal into a human-digestible format is made very easy. I am a software engineer -- I have written a lot of code. But there is a certain class of problems that lend itself to flow-based programming. GRC is one. And ETL tools are another. That is not to say that one does not, from time to time, have to write one's own code block. I have done that for GRC and for some ETL tools. But for 99% of what I have needed, a simple flow graph was all that was required.
-
Re:Story time
Unless we're talking about the same people, there already are TCP servers for the RTLSDR-based receivers. There are a few mentioned on this page, particularly rtl_tcp that comes with the rtlsdr software.
rtl_tcp
Example:
rtl_tcp -a 10.0.0.2 [-p listen port (default: 1234)]
Found 1 device(s).
Found Elonics E4000 tuner
Using Generic RTL2832U (e.g. hama nano)
Tuned to 100000000 Hz.
listening...
Use the device argument 'rtl_tcp=10.0.0.2:1234' in OsmoSDR (gr-osmosdr) source
to receive samples in GRC and control rtl_tcp parameters (frequency, gain, ...).use the rtl_tcp=... device argument in gr-osmosdr source to receive the samples in GRC and control the rtl settings remotely.
This application has been successfully crosscompiled for ARM and MIPS devices and is providing IQ data in a networked ADS-B setup at a rate of 2.4MSps. The gr-osmosdr source is being used together with an optimized gr-air-modes version (see Known Apps below). It is also available as a package in OpenWRT.
I wait anxiously for your app to support rtlsdr - thanks!
-
Airplane mode and OsmocomBB
I would say a good start is to just use the airplane mode of your phone. That should disable your RF transmitter. But of course you wont be notified when the network is paging your IMSI. The save option is to use a phone with OsmocomBB, a free software implementation of the GSM stack: http://bb.osmocom.org/trac/ It has limited functionality (no GPRS working at the moment) but at least you know exactly would your phone is doing. With that, you can even run CatcherCatcher, which is able to detect IMSI catchers: http://opensource.srlabs.de/projects/catcher The supported phones are a bit outdated, mostly old Motorola phones. But there is one supported smartphone: the Openmoko Freerunner. It is pretty usable these days and is fully supported by Debian. I love it, but you will need to tinker - a lot.
-
Re:Domestic Drones w/ ADS-B transponders = trackab
I would imagine that if this evolves it will end up having constraints attached to it along the lines of the prohibitions on retransmitting or relaying information from other protected radio frequencies. While there are useful reasons to translate and distribute general flight tracking information, I'd be willing to bet that either these services are forced to omit law enforcement transponders altogether, or there will be automated gag orders on such sites regarding to drones under certain circumstances such as pending activity (selective availability on drone tracking data?)
In any case, I would imagine that if you want accurate local drone data you'll have to collect it yourself.
As others have now posted this is possible on the cheap: RTL-SDR software over DVB-T dongles based on Realtek RTL2832U (supposedly as cheap as $20) provide a receiver, and GNU Radio with gr-air-modes gives you decoded ADS-B data streams on a decent PC.
-
Re:Hardly surprising...
The barrier for GSM is getting lower every day so it wouldn't surprise me if bugs like this start showing up more often.
-
Re:No kidding
I hate to say this, but not *any* other device. The Openmoko Neo Freerunner has all drivers open source (including GPU) and http://projects.goldelico.com/p/gta04-main/ as well. The only things not free are the GSM firmware and the wifi firmware. The Freerunner original already has working (but not user friendly) FOSS GSM firmware with OsmocomBB http://bb.osmocom.org/
Oh but these aren't Android phones &_& -
$15 DVB-T tuner (RTLSDR)
I'm surprised no-one has mentioned the RTLSDR yet. A $15 DVB-T Tuner than can tune from ~70MHz to 1700MHz. Maximum bandwidth is about 2MHz. It has poor dynamic range (8 bit ADC), but for receiving strong signals it's awesome. There is a source block for gnuradio, and some nice tuners for windows (HDSDR, sdrsharp,
..). Lots of cool stuff to do. For instance I've successfully received MODE-S transponder replies from airplanes as far away as 200km with the stock antenna. Tuning to FM radio, portable mobile radios, DECT, GSM, Exploring the spectrum, .. Of course it cannot compare to an USRP or this new Phi, but it's very cheap and is perfect for getting started, and does not require a HAM license. check here : http://sdr.osmocom.org/trac/wiki/rtl-sdr -
Re:News Release
It's receive only, and the quality isn't magic by any means; but you can get an RTL2832-based DVB-T dongle for ~$20 and be on your merry way.
(And, indeed, this does seem to have spurred greater interest among people who weren't in for a USRP; but were interested. The fact that SDR involves substantially more nontrivial math than many arduino projects probably limits the mass appeal some, though.) -
Wrong link?
I think he posted the wrong link.
Perhaps he meant this one
"$20 ultra-cheap Software Defined Radio with RTL2832 DVB-T USB stick"at http://www.youtube.com/watch?v=Z0hEquzLsWU
The original article is at
http://sdr.osmocom.org/trac/wiki/rtl-sdr -
Re:Free Software Baseband Please.
Apparently this supports the GTA02:
-
Yes, and it only costs $40
GSM has horrible security and carriers aren't exactly doing their best to make their networks secure either. A while ago you needed relatively expensive equipment (around $1000-2000) to be able to sniff on the network, but it's now been done with a few very cheap phones. There's a very informative presentation (with video) here. For this to work, you need to be close to the person you want to eavesdrop on however.
-
Wiretapping
This is essentially the same thing as wiretapping, which has been a legally regulated capability for telco's for decades. Keep in mind, that wiretapping also 'transmitted' location information, but since the location information was known a priori by the sender and receiver (of the tap), then it could be omitted from the communication channel (zero information gain).
When internet usage boomed, governments also regulated that ISPs must have the capability to 'tap' your internet connection (also from home), which is why ISPs are now regulated to log everything that users do for several months.
Cellular wiretapping is essentially a combination of voice, location, and data monitoring. The location information is encoded by which cell towers acknowledge your IMEI (and GPS receiver coordinates). Nothing has changed in the least about who has control over the infrastructure (except here). Users of Free Software on communication devices can at least have SOME control over the backdoors - i.e. who can turn on your GPS receiver remotely or force a firmware upgrade over the air. Unfortunately, most of the important software that has anything to do with communication is still proprietary, and locked (encrypted?) in the baseband processor stack on most mobile phones and wireless communication devices. For older GSM mobile phones, some users have the option to swap out the baseband processor stack and run OsmoconBB.
Until cellular voice / data / location information can be sufficiently anonymised there is really little difference about which technology Big Brother uses to monitor you. Keep in mind that you (the sender / receiver) can often be tied back to a specific IMEI number or MAC address (and even communication pattern).
ifconfig hwaddr 00:11:22:33:44:55 <=> iwconfig hwaddr 00:11:22:33:44:55 <=> imconfig imei AA-BBBBBB-CCCCCC-D ?
-
GPL IS *NOT* "FREE SOFTWARE" !!!
It's licensed under a copyLEFT, restrictive software license that places many limits on who can use it, where, and how. Only copy FREE and "public domain" software can logically be considered "free as in freedom"!