Jump to content

GSM Signal Tapping using RTL-SDR


Cyb3rShot
 Share

Recommended Posts

In our previous articles we learnt the To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/ and Created our To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/ using RTL-SDR using our Kali Linux system. So in this article we are not going to cover the basics again. Please make sure to read our previous articles carefully. One more thing, buying To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/ will support us, we earn a little commission income.

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

In our this detailed article we are going to discuss about scanning and analyzing GSM traffic using our RTL-SDR on Kali Linux with the help of kalibrate-rtl tool. This tool can scan for GSM based stations in a frequency band.

Scanning for GSM Signals

As we told we are going to use kalibrate-rtl or kal tool to scan GSM traffic. So we need to install it on our system. We can easily install it on our Kali Linux by applying following command:

sudo apt install kalibrate-rtl -y

In the following screenshot we can see the output:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/
kalibrate-rtl is already installed on our Kali Linux system

Most of the countries use GSM900 band, but in USA it's GSM850. We are scanning for GSM900 band, our USA friends need to use GSM850 in the place of GSM900.

We need to plugin our RTL-SDR with antenna at first, Then to scan GSM900 traffic we run following command on our terminal:

kal -s GSM900 -g 40

The following screenshot shows the output of the above command:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

In the above screenshot we can see that there are many channels, but we need to note the frequencies, in our case we are going to use 953.4MHz.

Now we open GQRX tool and enter the frequency in the Receiver Options window, shown in the following screenshot:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

We can see the waterfall that the device is able to catch the signals perfectly.

Analyzing GSM Packets

Now we need to install gr-gsm tool by using following command:

sudo apt install gr-gsm -y

We can see the output in the following screenshot:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

This gr-gsm tool will help us to look the data at the packet level. After the installation process is done, we need to run following command to start the monitoring packets:

grgsm_livemon

Here a new window will open, we will change the frequency we are working with (we had noted the 935.4MHz while using kalibrate). As we can see in the following screenshot:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

On the gr-gsm livemon window we can see the frequency and in the terminal window we can see the data traffic. Now we need to analyze the data packets using Wireshark. We leave this gr-gsm livemon terminal and window as it is capturing packets and open our Wireshark from application menu or from another terminal using wireshark command.

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

Here we need to select the interface. Our interface will be Loopback: lo by double clicking over it. Then we can see the packets on the Wireshark, as following screenshot:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

We need to apply the display filter now. We need to add the filter gsmtap. Then we need to look on the packet Info tab for System Information Type 3.

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

Now we need to check the GSM CCCH > Location Area Identification (LAI). There we will get the information about the data packets. Shown in the following screenshot:

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

In the highlighted line we can see that the mobile network provider is BSNL and this packets are transmitting from West Bengal. This is how we analyze GSM signal and how GSM packets travel on our Kali Linux.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...