DragonOS FocalX Cellular Security Research + IMSI Capture w/ LTESniffer (X310, srsRAN) part 3
Ғылым және технология
The purpose of this video is to support security and analysis research on cellular networks. It's also created from an educational perspective to help learn more about cellular networks in general by means of a controlled lab environment and software defined radios. Privacy is respected at all times and any use of this tool or software defined radios in general is on the user to follow all local regulations.
LTESniffer is now included in the latest DragonOS FocalX ISO, but it can also be installed to current DragonOS FocalX systems by using the following PPA.
github.com/alphafox02/focalx_ppa
To learn more about LTESniffer please see the following project page
github.com/SysSec-KAIST/LTESniffer
In this 3rd and most expensive video I've ever done in terms of hardware (thanks to all those who donated the hardware), we take a look at setting up the same srsRAN network w/ PinePhone attached, but this time the Ettus X310 with 2x Ubx-160 daughterboards is used to run the LTESniffer Security API mode set to three. This utilizes both radios to sniff the downlink and uplink at the same time.
Spectran's RTSA Pro software w/ the SpectranV6 also makes a short appearance when I use it to have a look at the srsRAN downlink.
aaronia.com/software/rtsa-suite/
Once LTESniffer is ran we can see that it's capable of identifying the PinePhone's IMSI passively once it turns on and connects to the srsRAN network. I think this is incredible as it's the only working open source solution that I know of that's capable of passively identifying such information. While IMSI's on LTE networks are rare to show themselves, so I hear, it's still important to understand the security implications of an exposed IMSI. I guess a recommendation based on observation is to try and limit turning on/off your phone when you’re stationary.
If you find this video helpful consider the following,
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @ www.patreon.com/cemaxecuter
Пікірлер: 15
Thanks for your work on this. A good use of time and assets.
nice hardware
Hi! Wanting to test the same scenario, how much did you pay for the USRP X310 as a reference for me? Thanks!
@cemaxecuter7783
Жыл бұрын
There was one on eBay a week ago that was at 5k last I looked. Generally they’re like 10k new but then you need daughterboards for inside. Those are like 1k or so each. In my case the equipment was donations (thankfully!)
Interesting. KZread deleted my comment. Excellent information as usual. I just managed to get my hands on a Radioberry, the FPGA's have been unobtanium so wasn't able to build the thing myself a year ago despite having all the other parts. Is the Radioberry something you'd consider adding to the Pi version of Dragon OS? Cheers! FWIW, I think you can still snag one "on the platform that will remain nameless" if you're interested.
@vincei4252
Жыл бұрын
Tech Minds has a review
@cemaxecuter7783
Жыл бұрын
I’ll have to go check this out and I’ll also check the comment section. KZread makes it hard to manage and interact on mobile, like I can’t see what this comment is associated to video wise unless I go elsewhere in the app. Then sometimes comments will be held for review in yet another section.
@vincei4252
Жыл бұрын
@@cemaxecuter7783 No worries. I've given up on KZread as it is just too hostile for me to put my time and effort into.
@cemaxecuter7783
Жыл бұрын
I’ll go check out tech minds review, is this the project ? github.com/pa3gsb/Radioberry-2.x
@vincei4252
Жыл бұрын
@@cemaxecuter7783 Yep, that's the one. I'd manufactured the PCB's, got the front end device, and all the other parts, then boom, after 6 months waiting, Mouser canceled my FPGA order saying they were being repurposed for the DOD by Intel with no further information. They've been out of stock ever since. Seems manufacturers can now get their hands on them (the FPGA's) so there seem to be a supply for the radioberry's again.
Add this en.wikipedia.org/wiki/Command-line_interface into Dragon OS
@cemaxecuter7783
Жыл бұрын
Like add a guide for CLI?
@GroundTruthing
Жыл бұрын
@@cemaxecuter7783 You should contact David Bombal CCNA