2G Base Station Tutorial - Part Three: Catch IMSIs, Tap Data, Edit Welcome SMS, Voice Call Listening

Рет қаралды 2,491

Күн бұрын

Пікірлер: 53

@RobVK8FOES 5 ай бұрын

Sorry for the long video again guys, here's some timestamps to help you navigate: 02:41 Filtering out error messages in YateBTS terminal output 04:12 IMSI catching with YateBTS telnet interface 06:36 Tapping GSM layer 3 messages with Wireshark 09:28 Tapping TCP/IP traffic with Wireshark 13:21 Changing YateBTS welcome SMS 19:13 Hidden SMS menu in YateBTS web GUI 21:31 Capturing and decoding voice calls from YateBTS 27:59 Theoretical, practical man-in-the-middle attack against 2G USB modem COMMANDS (For copying and pasting) sudo yate -vvvvv 2>&1 | grep "clipping" telnet 127.0.0.1 5038 sniffer on sniffer filter user.register output on sudo wireshark -k -Y '!icmp && gsmtap' -i lo sudo wireshark -k -i sgsntun featherpad /usr/local/share/yate/scripts/nipc.js firefox localhost/nipc/custom_sms.php grgsm_capture -f 935.2M -s 1e6 -g 30 ~/capture_f935.2M_s1e6.cfile grgsm_decode -p -v -c ~/capture_f935.2M_s1e6.cfile -f 935.2M -s 1e6 -m TCHF -t 4 -o ~/speech.au.gsm grgsm_decode -p -v -c ~/capture_f935.2M_s1e6.cfile -f 935.2M -s 1e6 -m TCHF -t 5 -o ~/speech.au.gsm ./yatebts_telnet.sh | grep -B 4 "location-area-not-allowed" ./change_mcc_mnc.sh

@Ipa_i2_Pericia 3 ай бұрын

The video is very cool. Please make in-depth videos on silent SMS and other techniques to obtain the geolocation of a mobile user.

@maestr0play316 2 ай бұрын

Thats insane how big entertaiment you can get sending sms or calling phone

@7hw 3 ай бұрын

You are really great, thank you for this series, is it possible that this network is linked to the public network?

@RobVK8FOES 3 ай бұрын

@Cemaxecuter got outgoing calls working using a third party SIP/IAX provider. Incoming phone calls are not working yet. Please see his two videos here: kzbin.info/www/bejne/bp7Pf5qQiNqkf9U and kzbin.info/www/bejne/gYexpoJupMuDd68

@janiel471 5 ай бұрын

love your content so much. pls continue

@RobVK8FOES 5 ай бұрын

Thank you, I certainly will continue making content for you guys!

@hiepn8062 5 ай бұрын

I love your video bro, pls dont stopp

@RobVK8FOES 5 ай бұрын

Thank you!

@karthacker 5 ай бұрын

Good job brother Keep continue🎉🎉

@RobVK8FOES 5 ай бұрын

Thank you!

@zerobow9413 5 ай бұрын

nice one

@RobVK8FOES 5 ай бұрын

Thank you!

@335mati 5 ай бұрын

Is it possible to record a 4g phone call in srsRAN or view the traffic from a 4g internet dongle?

@RobVK8FOES 5 ай бұрын

Hi. srsRAN does not support making voice calls at this time. In order to enable VoLTE phone calls, a third-party IMS application must be used with it. I have no idea how to do this, sorry. Also, to my knowledge, it is not possible to decrypt 4G traffic at this time, so your 4G internet modem can't be intercepted.

@yazidkeraichia2858 Ай бұрын

@@RobVK8FOESyou can do this by undergraduate the victim phone to go to 2G...by jamming all 4G frequency. I you are lucky...you can force many phone to pass from.4G to 2G ...and the use the men in the middle méthode.

@RobVK8FOES Ай бұрын

@yazidkeraichia2858 Hi. Yes, you are correct. By jamming all LTE frequency bands, you can force a targets phone to downgrade to 2G. However, the main problem with that is that there are A LOT of different 4G/LTE bands, and all of them occupy a large swarth of the RF spectrum. The baseband chipset of a modern smartphone will simply 'hop' to the next available LTE base station on another frequency if a particular band is being jammed. Which means you will need to jam essentially all of the LTE bands at a single time. This is not practical, as the spectrum regulator of your country will send agents to knock on your door long before you downgraded anybody to 2G :) Don't mess around with cellular signals, unless going to prison is your idea of having a good time!

@midoedo 5 ай бұрын

does it include A5/3 ?

@RobVK8FOES 5 ай бұрын

It is not possible to enable any A5 encryption with the free version of YateBTS

@midoedo 5 ай бұрын

@@RobVK8FOES can you listen to A5/3 calls?

@VK3HSP 5 ай бұрын

@@midoedo It's infinitely more difficult to crack than A5/1 but if you can extract the Ki from your phone you can listen to your own calls

@midoedo 5 ай бұрын

@@VK3HSP it's almost impossible to crack A5/3 but as I recall the vulnerability takes advantage of a step before encryption

@RobVK8FOES 5 ай бұрын

@midoedo I think you have emailed me in the past about A5/3 cracking. Nothing has changed since we spoke back then, A5/3 has been cracked, this is a fact. But the research team did not release their method or the software tools they developed to do it. Please see the Def Con talk titled 'GSM: We can hear everyone now'. These are the only people that have demonstrated practical A5/3 cracking, nobody else has done so publicly. And with GSM in the process of being switched-off worldwide, there is no interest in it anymore. Everybody is moving to LTE and 5G research now. It's time to let 2G die, my friend. A5/3 is NEVER going to be publicly cracked in our lifetime.

@gjunio6840 5 ай бұрын

É possível fazer isso com o HackRF One?

@RobVK8FOES 5 ай бұрын

Hi. This is not possible to do with a HackRF.

@gjunio6840 5 ай бұрын

@@RobVK8FOES why?

@RobVK8FOES 5 ай бұрын

The HackRF is only 'half-duplex', which means it can only transmit OR receive at a single time. SDR's such as the LimeSDR, BladeRF and USRP are 'full-duplex', which means they can transmit AND receive simultaneously. And full-duplex is what is required to operate a cellular base-station.

@gjunio6840 5 ай бұрын

@@RobVK8FOES Great explanation, thank you very much! Taking advantage of the topic, can I intercept SMS traffic (in clear text) using just hackRf for GSM, 2G, 3G and even 4G? What would be the hardware and software requirements? Would some SPOOFING be necessary? (didactic purposes)

@RobVK8FOES 5 ай бұрын

I can't answer that question until you confirm that you would like to intercept your own SMS traffic for the purposes of self-education and experimentation. I don't condone the use of my knowledge and videos for malicious purposes. Please rephrase your question.

@tpevers1048 5 ай бұрын

Is 3g possible or even 4g

@RobVK8FOES 5 ай бұрын

Yes, I have personally done this with srsRAN/srsLTE for 4G. There is a video on my channel about it

@tpevers1048 5 ай бұрын

@Cankaman 5 ай бұрын

Can u show how to crack proxy unlimited bantwith-ipv4-rotate-residential

@RobVK8FOES 5 ай бұрын

No.

@Cankaman 5 ай бұрын

@@RobVK8FOES you can't anyway

@RobVK8FOES 5 ай бұрын

Either way, you'll never know ;)

@Cankaman 5 ай бұрын

@@RobVK8FOES no i know, masscan

@RobVK8FOES 5 ай бұрын

@CK-ex4hs Wow, a port scanner? You must be the envy of all of your elite hacker buddies! Also, tell me you are a script kiddie without saying you are script kiddie ;)

@lumixS5M2 5 ай бұрын

Hi 2G is no longer active in europe

@cemaxecuter7783 5 ай бұрын

It’s still in the US (T-Mobile), you sure it’s gone in Europe?

@lumixS5M2 5 ай бұрын

@@cemaxecuter7783 yes i am oma it my photo yt :)

@RobVK8FOES 5 ай бұрын

@lumixS5M2 We are switching 3G off this year, Australia is migrating to 4G and 5G only. September is when the last carrier is hitting the off switch. Greetings @Cemaxecuter!

@cemaxecuter7783 5 ай бұрын

@@RobVK8FOES I liked the use of the dongle you talked about!

@VK3HSP 5 ай бұрын

Many countries in Europe are still running it. Most are planning a shutdown in 2025/2026 or even later