IMSI catching with RTL-SDR [ part-1 ]

Network Systems 4G LTE,RF
1

maxresdefault
maxresdefault1280×720 262 KB

hello guy’s
welcome to network system or area of network .i have receive my first RTL-SDR some day ago .those who doesn’t know what is RTL-SD .

RTL-SDR is a very cheap that can be used as a computer based radio scanner for receiving live radio signals in your area (no internet required). Depending on the particular model it could receive frequencies from 500 kHz up to 1.75 GHz. for more info about RTL-SDR

i have done some experiment with my RTL-SDR

nesdr_smart_all_1
nesdr_smart_all_11200×1200 162 KB

let’s capture some IMSI … Oooo IMSI full meaning “international mobile subscriber identity” is a unique number, usually fifteen digits, associated with Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) network mobile phone users. so every mobile user who connected with a GSM network have a Unique Identity number . our goal is capture that number .

i am going to use one of the best open source project that was i use in some of my experiment.

Requirement :

  1. RTL-SDR device .
  2. Drivers for RTL_SDR (if you using kali or parrot drivers already installed).

Now clone the IMSI-catcher git repository use this command :

git clone https://github.com/Oros42/IMSI-catcher.git

for run this IMSI-catcher script there is some requirement

sudo apt install python-numpy python-scipy python-scapy

now go to IMSI-catcher directory :

cd IMSI-catcher/

now connect your RTL-SDR on you computer/laptop. and after connect the device the run scan-and-livemon as root user .it will take some time to tune with the network frequency.

sudo ./scan-and-livemon

1
1816×487 276 KB

when it start Allocating zero-copy buffers . now run simple_IMSI-catcher.py with parameter sniff that will start capturing the imsi number …

sudo ./simple_IMSI-catcher.py --sniff

3

Boooo …it’s that easy .

now lets try to understand the IMSI:470 01 01xxxxxxxx . first 3 digit identify the country name Ex. 470 is MCC (Mobile Country Codes) 470 is Bangladesh .
and then after MCC number 2 digit call MNC (Mobile Network Codes) specifically for 01 identify company grameenphone . there is many interesting things you can learn about gsm network . for today that’s enough hope some day i will post some more interesting things .

if you guys have any question let me know i will try to ans some of them :smile:

Have fun :smile:

1 Like
2

Great article bro… :slight_smile:

1 Like
3

Do you capture data and decrypt the data properly?
Which encryption was use?
A5/0 or another?

1 Like
4

:heart_eyes:

1 Like