IOT Malaga

 Thanks to the Santander Bank for creating academy and accepting me. IoT introduction course completed.

  Only for learning purposes we have been understanding the GSM traffic. When we say GSM, we refer to 2G. Learning terms as: SDR hardware, Dragon OS (a complete Linux Ubuntu distribution filled and configured with a full set of hacking software for SDR) Grgsm_scanner, grgsm_capture, grgsm_decode, gsm_evil, wireshark, decode sms, decode voice, imsi catcher, etc. 2G is weak in terms of security. Interesting below are two articles, in which it seems that by the time of GSM conception, it was intentionally baked into the algorithm to provide a backdoor for law enforcement agencies to access sensitive data transmissions. How many times have we heard the switch off 2G?  This is delayed continuously due to the still big amount of old connected devices, and some lack of frequencies. Recommendations: in your phone settings configure always to high connexion available 4G/5G, and avoid 2G networks. When buying IOT devices, gsm routers, etc, make sure they have right network technologies....

 This xmas we have been playing with an old usb gsm dongle that was at home. We have created a visual python application that making use of AT commands, it is able to send text sms and also binary 3.48 OTA messages to any simcard in the world.

 Interesting reading real GSM traffic with wireshark. Making a full analysis of the gsm protocol. Next step would be to setup a testing BTS so that our mobile latch to this BTS. The Broadcast Control Channel (BCCH) is a fundamental component of the Global System for Mobile Communications (GSM) cellular network, which is widely used for mobile phone communication worldwide.  The BCCH is responsible for broadcasting essential information about the network to mobile devices, such as cell identity, frequency allocation, and timing information.  This is point to multipoint; from BTS to mobiles. And unidirectional downlink. These messages also provide a list of absolute radio-frequency channel numbers (ARFCNs) used by neighboring BTSs.  The messages themselves are described in 3GPP Technical Specification 44.018. In this slot 0 we can found information like: cell id, LAI, etc This control channel is essential in the GSM.

 gr-gsm is a powerful library that in conjuntion with any GSM receptor, give lot of utilities for playing. Below the link for the utilities: GitHub - ptrkrysik/gr-gsm: Gnuradio blocks and tools for receiving GSM transmissions Today, in some minutes, we have been able to scan: grgsm_scan and locate a connected gsm device. You can note the frequence, and then in a second command you can type: grgsm_livemon  -f 927.8M That will show in console the different GSM packets received, Finally in a third window you can filter into wireshark to execute with the filter gsmtap. wireshark -k -Y '!icmp && gsmtap' -i lo We got very surprise to be able to get GSM traffic in the wireshark, ready to be analysed. We have been reading different times about the imsi catcher. Today we have been able to check how easy is to capture IMSIs, in 5 seconds, we have capture lot of imsi of different persons. No need to say this is just for learning purposes. Note, all instructions are in the in...

We have adquire this USB dongle RTL2838.  What is RTL2838? It's a high performance radio demodulator, that receive frequencies from 500 kHz up to 1.75 GHz.  Most software for the RTL-SDR is also community developed, and provided free of charge. Note that RTL-SDRs cannot transmit. Idea is to play and understand radio GSM standards. And fully understand with wireshark. We will make use of the library GR-GSM. GSM uses a digital modulation format called 0.3GMSK (Gaussian minimum shift keying).  The 0.3 describes the bandwidth of the Gaussian filter with relation to the bit rate. GMSK is a special type of digital FM modulation. 1's and 0's are represented by shifting the RF carrier by plus or minus 67.708KHz.  In the next entry our plan is to learn GSM internal, and radio protocols. Only for learning purposes: LTE sniffer, IMSI catcher, SMS decryption, etc. Note all information is available on the internet.