the term "semi-active" is a commercial crap that companies like Shoghi has built to sell their old products to government with a different name and false hope . let me explain what is this about . Active attacks send BCCH . the operator has the GPS fix and BCCH information of all its Valid BTSs . so , they can find out if there is an active attack going on , if they want . but this usually does not happen because local law enforcements always do that locally and there is no easy way knowing which one is local which is evil semi-active interception systems are trying not emulate all the BTS functionaries to avoid some chances of detection , but its still detectable . an active system needs low level access to both MS and BTS side of the communication it also offer man in the middle functionaries like filtering SMSs or modification of data on the fly
Passive System is receive only and it only has RX for both uplink and downlink . it needs an attack method . there are various attack methods TMTO or rainbow tables among them , along side with correlation attacks or guess-and-determine attacks . Active and Passive systems are not usually comparable . why ? they offer different attack vectors . Active systems are tactical and can modify data . so law enforcement can change your out going calls to their own phones and set you up . Passive systems are good for stationed and cross boarder usage , not for tactical operations . Passive systems are always more expensive not because of the technology because of their features . in reality , building an Active system is much much harder than a passive system . reason is the Close nature of GSM society , difficulaties to have access to L1 layer of MS and BTS without paying millions and dollars and signing NDA . there are currently only 2 different GSM active system on the market . but there are a couple of Passive systems available . all only sell to government . to buy , you need a letter of introduction from your embassy in the target country that confirms you work for the government . of course these things always get smuggled out of government for illegal usages but generally they are controlled and trackable > ---------- Forwarded message ---------- > From: Fabio Pietrosanti (naif) <[email protected]> > Date: Sat, Jan 2, 2010 at 8:33 PM > Subject: [A51] Passive vs. semi-active > To: a51 <[email protected]> > > > Hi all, > > am i wrong or the semi-active interception is much more 'easy' than > the passive one? > > I mean, it appears like 'less hidden' (so detectable in case of real- > world-attack-usage) but much simpler in terms of 'requirements'. > > Does semi-active approach is simpler and does not require huge rainbow > tables? > > Fabio > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
