DragonOS FocalX Passive Sniffing LTE IMSI + BTLE Security Research (bladeRF, Ubertooth, B205, X310)

Рет қаралды 4,913

8 ай бұрын

**Title**: LTE IMSI Sniffing and Bluetooth Low Energy Security Research
**Description**:
In this video, we'll take another look at LTE IMSI sniffing. I'll also show, to my surprise, Mirage and the Ubertooth Bluetooth working and doing some BTLE sniffing.
📡 **LTE IMSI Sniffing**:
We start with LTE IMSI sniffing using the powerful LTEsniffer w/ updates, running on an X310 with two daughterboards. I'm keeping it legal and ethical by using my own equipment and closely monitoring the legal implications. You can explore the details of this project on GitHub
github.com/SysSec-KAIST/LTESn...
I'll demonstrate how this setup can monitor both uplink and downlink LTE traffic, highlighting the importance of protecting sensitive data in the world of cellular networks.
📶 **Creating My Own LTE Network**:
To show you LTE IMSI sniffing in action, I've set up my own LTE network using srsRAN. This opens up exciting possibilities for network exploration and understanding the technology behind it.
🌐 **Bluetooth Low Energy (BLE) Vulnerabilities**:
Transitioning into the world of Bluetooth Low Energy, I introduce you to Mirage, a powerful and modular framework dedicated to wireless analysis. You can find more information about Mirage at github.com/RCayre/mirage
Using a BladeRF, I create a simulated wireless connection between two clients. While Mirage is running, an Ubertooth One is actively sniffing for new BLE connections. This demonstrates the potential security risks and vulnerabilities present in BLE devices and how they can be exploited.
🔒 **Legal and Ethical Considerations**:
Throughout the video, I emphasize the importance of ethical research and respecting legal boundaries when exploring security vulnerabilities. My commitment to ethical hacking and responsible disclosure is paramount in all my endeavors.
WarDragon S available here (when in stock):
cemaxecuter.com/?product=ward...
Don't miss out on staying connected:
Catch updates on Twitter: / cemaxecuter
Supporting the channel:
If you appreciate the value this content brings, I invite you to consider extending your support through Patreon: / cemaxecuter

Пікірлер: 27

@user-wy1wb9bq7f 8 ай бұрын

thanks for this great video amego

@user-wy1wb9bq7f 8 ай бұрын

+ can u do more bluetooth hacking (:

@Melhisedek618 8 ай бұрын

Is it possible to do a pentest using a Bluetooth adapter, without using expensive HsckRF or BladeRF? what applications are suitable for this?

@cemaxecuter7783 8 ай бұрын

Mirage has modules for a standard Bluetooth adapter, like one inside a laptop.

@user-gf6ch1yn6p 6 ай бұрын

I would like to ask how the motherboard of the X310 makes the two channels synchronized? Is it possible to use a TwinRX daughter board to do this? How to specify RF parameters in LTESniffer -a? Thanks

@cemaxecuter7783 6 ай бұрын

Outside of gnuradio itself/maybe some command line tools, I’ve not seen any open source application use both channels of the twin rx at the same time. For lte sniffer the dev only said x310 with two separate daughter boards or optionally there’s a way to take two b210s and a separate branch and make them work together. For the x310, I have two separate daughter boards and for how they work together - I assume that’s uhd and design for how they work together but I don’t know specifics.

@user-gf6ch1yn6p 6 ай бұрын

I now have an X310 and two daughter boards, but my two channels cannot work at the same time. Do you not need additional configuration when starting the X310? In addition, I see that when you start X310, two network cards are connected. Do you need two network cards to be connected during the actual parsing process?@@cemaxecuter7783

@cemaxecuter7783 4 ай бұрын

Sorry I didn’t see this till now. Are the daughter boards twinrx? If so those types did not work.

@cemaxecuter7783 4 ай бұрын

The two network connections I don’t believe are needed.

@BB-ko3fh 8 ай бұрын

hi there, i am new into the field and wanted to ask what sdr should i get. I was trying to get a limesdr but i am out of luck. would really appreciate your advice on how to get started

@cemaxecuter7783 8 ай бұрын

That’s tough, are you wanting or needing full duplex? Perhaps you can get a AntSDR e200.

@BB-ko3fh 8 ай бұрын

@@cemaxecuter7783 full duplex would be better (if i am going to buy anything) but would the AntSDR e200 enable me to implement all your tutorials for example. If it doesn't which one would you recommend. That's both affordable in a sense and is on the market. Given some SDRs can get very expensive given demand-supply , not looking to buy multiple (i just want have one good one like i have one good phone). I hope this makes the question a lil easier lol ... i hope :) Awesome Video btw !! forgot to say

@cemaxecuter7783 8 ай бұрын

@BB-ko3fh the flexibility of the ante200 would allow you to run a lot of the tutorials using uhd and also you could optionally change out the firmware for a PlutoSDR like setup and test those tutorials as well. It seems like a win win.

@haraldwolte3745 5 ай бұрын

@@cemaxecuter7783does limeSDR work also?

@JB-123 6 ай бұрын

Can you do this with the HackRF? Is there any special setup?

@cemaxecuter7783 6 ай бұрын

You could but you’d need to install one of these onto the hackrf. There’s a few vendors selling them. www.nooelec.com/store/tiny-tcxo.html You’d also use the hackrf conf file.

@JB-123 6 ай бұрын

@@cemaxecuter7783 thank you. Do you have a preferred device for this? Like the blade?

@cemaxecuter7783 6 ай бұрын

@JB-123 sorry I thought your question was in reference to my latest video. I just noticed it was on the lte sniffer one. Sorry, the hackrf won’t work for this case. The only way you’d get imsi info off lte is either with the x310 or possibly 2x b210s. Now the bladerf can sniff the downlink, but that doesn’t get much.

@JB-123 6 ай бұрын

@@cemaxecuter7783 Thank you, the feedback.

@testguy3210 4 ай бұрын

Can this be done using Hackrf?

@cemaxecuter7783 4 ай бұрын

Unfortunately not, but there is some parts of Mirage you can use the Hackrf with.

@RenoldSingh 8 ай бұрын

Is it possible to dump the trace data to pcap?

@cemaxecuter7783 8 ай бұрын

It does automatically and if I had been thinking more clearly I would’ve shown that piece. Dang it! Yeah multiple pcaps are dumped in the directory you run it in, all labeled according to what they focus on.