Passive IMSI catcher: recent updates of LTESniffer
Ғылым және технология
This video shows updates of the LTESniff tool used to capture LTE DownLink and UpLink, and shows also how this tool behave on the UpLink using a perfect lab environment, so users can also apprehend this tool working in a real context.
Chapters:
0:00 Welcome
00:16 Fixed bugs and testing DL
1:22 Capturing the UpLink
3:04 Catching a target within a lab environment
6:02 Using the security API
7:23 Conclusion and end
.:: Socials 🌐 ::.
➡️ Website: penthertz.com/
➡️ Twitter: / penthertz
➡️ Facebook: / penthertzlab
Пікірлер: 15
woooow incrível continue postando vídeos. tanks😲
Hello Brother. I live in a rural area, with a very low population density. I'm thinking about setting up an early warning system using SDR. The idea is to set up an IMISI catcher detecting all the cell phones around me and comparing them with a base of known (regular) imsis. So when a new, unknown cell phone (from outside my area) appears in range of my antenna it would alert me and let me know that someone new is now in my neighborhood. I haven't started working on the code for this yet, but I would like to know your opinion about it and also if you have any insights about it or if you know some tools that are able to help me with that.
What’s the best place to buy the expensive sdr?
hi there im just curious if your OpenBTS UMTS have a cbs function like in the OPenBTS gsm? or if not can you put a emergency broadcast function to the openBTS umts??
Thanks Sebastian for the good video, May I ask you what is the point of collecting this information, I mean you are running it at eNB side or at UE side
@Penthertz
Жыл бұрын
It's running like a UE, but your don't need to register on any cell to collect this information -> so you can track users, debug also comms if you are running your cell, inspect on capabilities for security, grab PDCH to attack the crypto, and so son :)
Lime mini 2 ?
is there solution for A5/3 ?
@Penthertz
Жыл бұрын
Hello, No unfortunately you'll unlikely find KASUMI on LTE, and this Software do not have module to tackle SNOW-3G, AES, ZUC or other yet.
Am confused isn't IMSI supposed to be sensitive information?
@Penthertz
11 ай бұрын
It must be seen as a public secret at the end. Temporary identities are created to make tracking the IMSI complex after it registers to a cell and then moves from one to another. Only on 5G SA, optionally operators will have the ability to conceal it.
Hi, is this working with hackrf?
@Penthertz
Жыл бұрын
The 1st problem is that even if an LTE channel can be 20 MHz width and less, the hackRF sucks at getting a proper signal because of the LO leak so your signal has to be strong enough by guess. But the 2nd problem is that you would be only able to decode Downlink, or to adapt the too to work with two hackRF sync with same clock to get DL and UL in same time if you want the uplink too as you need to tune to two different frequencies.
@catalinalb1722
Жыл бұрын
@@Penthertz what are you using in the video? Is it your phone?
@Penthertz
Жыл бұрын
@@catalinalb1722 I'm using a USRP x300, another SDR to simulate an eNodeB and a phone connected to it to be sure to have enough power for receiving uplink with a crappy antenna