Passive Sniffing

Detect BTSs Around

grgsm_scanner --band=GSM900 --gain=34 --speed=5 --args=rtl=0

Capture Broadcast packets from BTS

grgsm_capture --arfcn=11 --rec-length=70 --args="hackrf,num_recv_frames=1024" --gain=34 arfcn_11.cfile

Decode BCCH Channels

The Broadcast Control Channel (BCCH) is a critical component in GSM networks that carries network-specific and cell-specific information.

This data includes the identity of the network and associated parameters, information about neighboring cells, and other details necessary for mobile stations to connect to the network.

By regularly monitoring the BCCH, mobile devices can maintain proper communication with the network and ensure seamless handovers between cells.

This channel operates continuously, providing essential data to facilitate efficient network operations.

grgsm_decode --arfcn=11 --mode=BCCH --timeslot=0 --cfile=arfcn_11.cfile

Decode SDCCH/8 Channels

Standalone Dedicated Control Channel (SDCCH/8) is a crucial element in GSM networks used primarily for signaling and control.

SDCCH/8 facilitates non-traffic purposes such as call setup, SMS delivery, and location updates. It operates independently of voice channels, ensuring efficient network management without occupying significant bandwidth.

By utilizing SDCCH/8, mobile networks can efficiently handle control tasks, leading to streamlined operations and improved resource allocation.

grgsm_decode --cfile=arfcn_11.cfile --arfcn=11 --mode=SDCCH8 --timeslot=0 --print-bursts

A5/1 Cracking with Kc Key

A5/1 is a stream cipher used to encrypt voice and data communications in GSM cellular networks. Designed to provide confidentiality, A5/1 works by encrypting the data stream between mobile devices and base stations.

It operates on a 64-bit key (Kc), which is generated during the authentication process and shared between the mobile device and the network.

Key Features of A5/1 Encryption:

• Stream Cipher: Encrypts data on-the-fly as it is transmitted, allowing for real-time communication.

• 64-bit Key Length: Uses a 64-bit key, making it a relatively lightweight encryption mechanism.

• Fast and Simple: Designed to suit the processing capabilities of mobile devices and support high-speed transmission.

• Uses Kc: The ciphering key (Kc) is a central part of the encryption process, ensuring that communication remains secure.

Despite its widespread use, A5/1 has been shown to have vulnerabilities, which have led to considerations of stronger encryption alternatives in modern networks.