Honestly, while this tool interested me, I’ve not really done much in this area. My focus is mainly software defined radios.

U mean hack an app ))

It’s actually in a folder on the DragonOS Pi64 build in /usr/src/sigploit . I wonder why the repo was deleted? sourceforge.net/projects/dragonos-pi64/files/

Would it still be there on the wayback internet archive site?

I can try, make take me a a week or so. To setup osmcombb is a little more involving for me, since I have to make my own gsm network to sync to.

I’m not exactly sure I understand the setup part of the lime and 4g.

hi sir, had you figured it out?

Correct, simulation using the provided jar server files. I have no access to a real ss7.

@@cemaxecuter7783 I follow your linux os development & i also interested on telecom pentest ,perhaps you can try to get deeper ,like rooting some baseband modem device or buying used microwave antenna to sniff signal on the air ( R , K band ) 😬

I want to get a C band 6 foot+ dish haha

I think you’d like osmcombb, for old phones but still useful.

@@cemaxecuter7783 osmocombb can only sniff & can never touching those real GT or something like GRX backbone? (as i know) . I have collect some data to begin like what you did but i want do in real ecosystem, daydream bruh 😬

It’s contained inside DragonOS Pi64. You could flash to sd card and take it out or you may find this version works. I don’t know if it’s the same as I think the original project was removed github.com/ethicalhackeragnidhra/SigPloit-ss7/tree/master

@@cemaxecuter7783 Thank you very much

This may work, but if not the repo is contained in the DragonOS Pi64 build itself. github.com/ethicalhackeragnidhra/SigPloit-ss7

@@cemaxecuter7783 thanks

@@cemaxecuter7783 Hello, I have tried with the link that you left me but I have not been successful since it seems that the programming has an error and the os that you recommend I have not been able to mount it because it is img and not iso any ideas that you can give me I need the ss7

If you burn the img to sd card with etcher and then insert it into a Linux machine you’ll be able to browse the file structure. The sigploit repo is in the /usr/src directory. You can grab it but you’ll also need whatever dependencies it requires. The img is for the Raspberry Pi

@cemaxecuter Hello, I need the hackrf one device to be able to obtain the firmware info and it would be mandatory to make the ss7 work for the interception of SMS and if it works over the network or only in the network of my country

Sigploit doesn’t require an SDR, but for the real world, you’d have to have some kind of access to ss7 and even then, I don’t know what/if anything would work.

@@cemaxecuter7783 any other way I can SMS intercept do you know? Seems most ways are unreliable

Most likely do to encryption

Hello and thank you for your feedback. I think today I’ll be able to review and see if I can get you an answer.

@@cemaxecuter7783 Thank you so much Sir

@@rifkyrifky581 I sat down real quick and on DragonOS Focal the latest I just typed in sudo apt-get instal lksctp-tools and it pulled lksctp-tools from the archive.ubuntu.com/ubuntu focal/universe amd64

If you need it from GitHub though, I suppose this would work github.com/sctp/lksctp-tools

Oh sorry I just realized what you were saying. I read it wrong. You were asking for me to copy and paste the command, not that you couldn’t find it. I’ll put it in the description here today.

I’ve not seen or remember the error you mention. I’ll have to find some time to test again. Are you using DragonOS and following these steps?

@@cemaxecuter7783 Yes i am using DragonOS and (SigPloit, GSMEvil2) with (RTL2838 DVB-T) and doing my own number (9647822245450) .... thank for answering

I see. In this video or is not using a real ss7. It is using the included sigploit server side examples, so using your own number I don’t this will work as you would expect when having access to a real ss7 connection.

@@cemaxecuter7783 Oh ok honey i though it can be possible if i used my own number as another example than that appear in the structures , also I've noticed that difference between my real info and the structure info(s) . Honestly am looking for any thing that i a phone number So, It gives me back ( MNC , MCC , LAC AND CID )

@@cemaxecuter7783 did u not use real Rtl-sdr device in this example?

Me too in testing with YateBTS. I was able to read the sms with wireshark. The developer was questioned here but immediately closed the ticket github.com/ninjhacks/gsmevil2/issues/6

Pip2 command not found showing error bro Please help me

Not all SMS interception is work, because if the BTS/Operator using encryption A5/1 A5/2 A5/3, GRGSM not capable to decrypt that, but if the BTS using A5/0, supposedly is working, although never try again

Not that I can think of, maybe talk with the provider?

@@cemaxecuter7783 such a simple but adequate suggestion 😂 thanks !

Armadillo phone provide identification of an attack only. Others pinphone might be

Sure, I think some info here would help. I know for sure there’s so much to learn that I often go down rabbit holes trying to understand things en.m.wikipedia.org/wiki/Global_title

@@cemaxecuter7783 ohh, thanks alot sir ..

Please professor, which way do I know the kind of encryption my network is using, so I can determine if it is A5/1 or A5/2 OR A5/3

I think you’d have to dig into packets captured with wireshark and grgsm perhaps. Some info or at least screen shots of wireshark captures are here www.blackhillsinfosec.com/gsm-traffic-and-encryption-a5-1-stream-cipher/ I don’t know much in this area without trying various tools.

@@cemaxecuter7783 thank you professor, that link really helped, I love your work ...🤗

Ah now I see what people were referring to. In this video the local GT was just an arbitrary number I believe. This was not on a real network, as that’d require some level of access. I plan to redo this video and test it all again on a Pi4 image I’ve been working on.

@@cemaxecuter7783 ok sir, thanks

If you mean the error in the video, there’s really nothing to do except type all the info in again and rerun it. That’s what I had to do during the filming, but I figured people would be bored seeing me type it all over again.

@@cemaxecuter7783 ok thanks I did this and still the same error probably I have an error in the program

Most likely no.

@@cemaxecuter7783Why not?

I mean if you’ve got some way into a telecom ss7 and you do whatever is necessary to redo/refactor/l is needed for sigploit to work, I suppose anything is possible.

Since it’s just a simulation, the only hardware you really need is the Pi3 b+ or Pi4 running the DragonOS Pi64 build as it has the SigPloit software built in. If you’re wanting to do it on a desktop you’d have to grab a copy of sigploit. If you’re talking about Gsmevil2, then you’d need something like a rtlsdr or hackrf to run grgsm_scanner and livemon.

@@cemaxecuter7783 Hello sir, can I communicate with you personally? I have a hackrf one device and I need to intercept sms messages.

@@cemaxecuter7783 And since I can put this in a real environment, not a simulated one, some guide of the steps to follow to achieve this

I feel that would require custom programming and probably more to meet that goal. I would venture to say every network/provider has differences, this code is aged, and also unclear if it’s ever worked in a real environment.

Not that I know of. For this you can do everything internally as it’s just a virtual server.

@@cemaxecuter7783 when I do it says sccp protocol failed? Thats why I think of sdr device

If you have issues and followed exactly as I’ve shown, sometimes it just fails. If you see the same output as me on the server side then that’s fine. What someone has told me is best way to avoid a failure is to run the server with sudo and if it gives a nullpoit exception shut the server down and try again.

That’s a good question. OsmocomBB can send messages, but I don’t think scapy can go through osmocombb.

@@cemaxecuter7783 please how can i do it can you please make a video I want to check whether its possible to send and recieve an hlr query

@@cemaxecuter7783 please how can i do it can you please make a video I want to check whether its possible to send and recieve an hlr query

The config files were just for testing on the simulated lab for research. You’d have to pay for some sort of service to most likely need any sort of other config file. Unfortunately I don’t have knowledge on that.

@@cemaxecuter7783 thanks

Hello. For gsmevil2 yes, for Sigploit no.

@@cemaxecuter7783 Sir Have no Transmitter For test GSM ss7 . There Any Way to Do Real SS7 Network Exploit With Out Device Interaction With Sigpoilt Sir

@@cemaxecuter7783 Hello sir can you give you email

This demonstration is with the server part of SigPloit. For something real, you’d have to have network access/permission from a company.

@@cemaxecuter7783 Sir ... I have SIP connection for ip phone from my isp use in favicon ip telephone .. can i use it for ss7 testing anyway with softwer sir . Can you give your email /whatsapp ./facebook fr contuct

Unless you were running your own BTS and doing something to block SMS then yes, you’d only be listening to traffic and logging it with something like wireshark. It would continue to its destination.

@@cemaxecuter7783 Thanks man!

What’s shown here is only using sigploits included server/client. You’d have to somehow have access to a real ss7 gateway and even then I have no idea if in fact this open source application would yield a result.

It’s actually installed with source as well in this Pi image. sourceforge.net/projects/dragonos-pi64/files/

bradfordltd yes logging is included, that’s why I left that off the install. At any rate, the web interface for IMSI does work, meaning it shows the IMSI in the correct column by line. Besides that, yes it does seem a little buggy.

One additional note, depending on what you’re trying to install and run it on.. for Gsmevil2 to work relies on a correctly setup gr-gsm. I’ve already taken care of this using gr-gsm for gnuradio 3.8 in DragonOS. The next release I upload will have Gsmevil2 preinstalled, but again all I’ve heard from users that works is the IMSI part. I don’t expect sms to work if there’s any sort of encryption on the network.

@@cemaxecuter7783 I got grgsm working fine on Ubuntu and some gsm traffic. The web interface just doesn't work. Noticed that issue on github are immediately closed by the arrogant dev. Same on twitter many people confirm that. Did you get the web GUI working? V1 works fine but nothing different from the existing simple imsi catcher python script.

So you know what’s interesting? I went and looked at the github page this morning and a new updated removed logging from the requirements section.. maybe they saw your post or the video? So I personally haven’t seen the webpage getting info but I’ve been told by two people it works and has the IMSI info being shown. I have all day tomorrow to do testing and if all goes well I want to upload another ISO by the weekend that’ll have iridium live, gsmevil2, updated crocodile hunter and more.

So I literally just now got it all setup and can confirm the webpage version works and I am receiving the IMSI in both the terminal and webpage along w/ the info in the other columns.

There’s no hardware per say. For this video it’s simulated, as if I had access to an ss7 gateway.

Raven XE H2295E-W will be ok? What do you think?

I’m not sure. You’d still need actual access to a provider and that I don’t think is going to happen.

@@flygrandjan6677 interesting

My understanding is it’s possible, but I double it’d be for consumer use and allow this type of manipulation. Maybe but I don’t know.

No problem. I think it’s going to be highly unlikely you’ll find a network where it’s possible to actually read the sms messages. You could try to save the data and do things to it afterwards, but I’m not familiar with the techniques. If you have your own network, with Yate for example, you can turn on GSM tap and see your own SMS going across your own network with wire shark.

What’s the local gt?

Dear it is global title address

How can I get gt

Sorry I’m not sure.

I don’t have anything in particular to refer to, but I have seen some really good papers available with a Google search.

Hello Bhagiyaraj Mahesh, you google the 3GPP standard relevant GSM MAP (one of them is anytimeinterrogation) kindly google this from 3gpp or etsi -> 3GPP TS 29.002 www.etsi.org/deliver/etsi_ts/129000_129099/129002/09.11.00_60/ts_129002v091100p.pdf or do you need also basic ss7 stack protocol info document from MTP level SCCP, TCAP and Application layer ?

Hi. That’s a good question, I’m not sure and never tried 🤔

@@cemaxecuter7783 how did u take that?

Hi, doesn’t work on what? DragonOS? Or something else.

I just installed it on DragonOS Focal and it starts. I’d have to check the Pi version of DragonOS as it already has it installed.

Have a look at the bottom of this videos description, it’ll show you what additional packages to install before using pip2 to install requirements.

It looks like the GitHub page is gone. It is however built into DragonOS.

Sigploit is meant to use if/when you had access to the SS7. It also comes with a simulated SS7 environment. No hackrf there. With gsmevil2, yes you could use a Hackrf or even a rtlsdr as long as the gsm freqs are within each radios range.

Have a look here for directions github.com/sharyer/gsmevil2 I don’t know if it works as I haven’t tested it.

@@cemaxecuter7783 it doesn't work at all, time wasting even in v1

bradfordltd it actually does work, I’ve had two people confirm v2 gets IMSI. Still waiting to hear about sms which most likely won’t work since they’re probably encrypted.

sasan sasan it’s likely sms has some level of encryption which this won’t do anything for - you’d need something else for sms. Like Kraken etc. I’ve been told this does work for IMSI on GSM.

@@cemaxecuter7783 I got grgsm working fine and simple imsi catcher grabbing info. Have a look at the v2 code it's bad.

There’s no need for a HackRF. There’s no need for any hardware, except what’s needed to run the operating system.

I’ll see what else I can do, maybe one of the other attacks.

my bro please help me how i can talk with you

I’ve not used any sites yet, only the built in simulation server for testing.

Neither are used, it’s based on having a network connection into services that are unlikely provider outside a providers control. That’s my understanding.