IOT Malaga

 Interesting reading real GSM traffic with wireshark. Making a full analysis of the gsm protocol. Next step would be to setup a testing BTS so that our mobile latch to this BTS. The Broadcast Control Channel (BCCH) is a fundamental component of the Global System for Mobile Communications (GSM) cellular network, which is widely used for mobile phone communication worldwide.  The BCCH is responsible for broadcasting essential information about the network to mobile devices, such as cell identity, frequency allocation, and timing information.  This is point to multipoint; from BTS to mobiles. And unidirectional downlink. These messages also provide a list of absolute radio-frequency channel numbers (ARFCNs) used by neighboring BTSs.  The messages themselves are described in 3GPP Technical Specification 44.018. In this slot 0 we can found information like: cell id, LAI, etc This control channel is essential in the GSM.

 gr-gsm is a powerful library that in conjuntion with any GSM receptor, give lot of utilities for playing. Below the link for the utilities: GitHub - ptrkrysik/gr-gsm: Gnuradio blocks and tools for receiving GSM transmissions Today, in some minutes, we have been able to scan: grgsm_scan and locate a connected gsm device. You can note the frequence, and then in a second command you can type: grgsm_livemon  -f 927.8M That will show in console the different GSM packets received, Finally in a third window you can filter into wireshark to execute with the filter gsmtap. wireshark -k -Y '!icmp && gsmtap' -i lo We got very surprise to be able to get GSM traffic in the wireshark, ready to be analysed. We have been reading different times about the imsi catcher. Today we have been able to check how easy is to capture IMSIs, in 5 seconds, we have capture lot of imsi of different persons. No need to say this is just for learning purposes. Note, all instructions are in the in...

We have adquire this USB dongle RTL2838.  What is RTL2838? It's a high performance radio demodulator, that receive frequencies from 500 kHz up to 1.75 GHz.  Most software for the RTL-SDR is also community developed, and provided free of charge. Note that RTL-SDRs cannot transmit. Idea is to play and understand radio GSM standards. And fully understand with wireshark. We will make use of the library GR-GSM. GSM uses a digital modulation format called 0.3GMSK (Gaussian minimum shift keying).  The 0.3 describes the bandwidth of the Gaussian filter with relation to the bit rate. GMSK is a special type of digital FM modulation. 1's and 0's are represented by shifting the RF carrier by plus or minus 67.708KHz.  In the next entry our plan is to learn GSM internal, and radio protocols. Only for learning purposes: LTE sniffer, IMSI catcher, SMS decryption, etc. Note all information is available on the internet.

 We have acquired this GPIO extension board, thats allow a quick connection of the raspberry GPIO connector into our bread board for quick prototypes. We continue creating python programs that have connection to the network, and we are able to API control the different sensors/leds/servo-motors/reles, etc Today we tested a very simple web browser to control the status of a LED via internet. Next steps to send/receive commands via MQTT, access via WEB/API, send commands to the UICC via AT+CSIM commands. We can read/update files inside simcard for a full secure environment. Specific files in the simcard can be a mapping of the status of the different sensors.

 Hello, after the great success of yesterday, on which we managed to send APDUs to the UICC via AT+CISM commands. Today we have sent a 3.40/3.48 envelope to the UICC via AT+CSIM. Envelope was prepared with the right otakeys, counter, etc. File inside the simcard was updated!! In the mean time we are also playing with python and basic led and switch test programs.