Hello, Yes, it looks a good idea to make a phone. BTW, why isn't it possible to make a sniffer from a cell phone, it has all the components that are needed. Probably it is possible to write a firmware and to simulate some tricky simcard to make it do what we need.
2010/1/4 Clemens Gruber <[email protected]>: > see this listing of the nokia 3210 hardware: > https://www.pqgruber.com/other/Portable.pdf > Maybe we can use similar parts and build our own peripheral perfectly > fitting our needs.. it should be much cheaper than 2 usrp2s with > daughterboards etc. > if there are enough interested people, it will be possible. > > on the other hand, the idea of combining a usrp1 with a new fpga-card > (spartan, virtex, ...) sounds very good because the fpga seems to be the > bottleneck. > does anybody know if it's possible to create a fast > data-transfer-connection between these 2 devices? > > On Mon, 2010-01-04 at 14:16 +0330, p q wrote: >> thanks for the last two questions >> this was also the important facts that nobody mentioned them . to do >> a successful attack to A5/1 enabled GSM you need to capture signal on >> a wide-band style meaning you need to capture all the bands that may >> have carrier on them . this is highly depended on the network >> configuration specially the design on BTS . >> >> >> real world BTSs are offering services on different bands and calls are >> always get handover between the bands due to radio resource >> management . for a sucsessful GSM interception you at least need to >> capture Downlink . considering the current opensource and cheap >> hardware you can simple forget to capture both uplink and downlink , >> that's just not possible . >> >> >> to capture Downlink of a BTS that offers GSM1800 you need to capture >> at least 75 MB of the spectrum space . this is far more than USRP and >> also beyond USRP2 >> yes its possible to do this on GSM900 but you have to first find a BTS >> that only offers downlink on GSM900 and this is not going to be easy >> >> >> the idea of being able to build the RF part of a GSM interceptor that >> works on real world BTSs across the world using cheap stuff like USRP >> is just delusional . never gonna happen . this is another truth about >> this work . giving ourselves promises that's just not technically >> possible is not going to go far >> >> >> what is possible to do ? it is possible to build a GSM900-only capture >> system using at least two USRP2 and still it depends on the number of >> TRXs that's installed on the BTS . if we want to go out there and >> really capture data from a real BTS we need to consider these things >> before getting ahead of ourselves . a two-unit USRP2 system might be >> able to fully capture the downlink of a real BTS operating in GSM900 >> only in a not so crowded area >> >> >> i saw people are fantasizing this work to put it on some hacker CD >> like Wifi and WEP stuff . i'm going to go out and say it : people , >> this is far more complicated and more expensive than that . this is >> all just because of the expensive and close nature of cellular network >> business and RF problems , not just because of the cryptography like i >> said before A5/1 is just a part of the problem . even if we can prove >> we can crack A5/1 which is not happened yet next step is the real pain >> in the ass >> >> >> regards >> >> >> >> >> On Mon, Jan 4, 2010 at 1:58 PM, Gregory Maxwell <[email protected]> >> wrote: >> [Please don't send HTML mail to mailing lists] >> On Mon, Jan 4, 2010 at 4:31 AM, p q <[email protected]> >> wrote: >> > >> > USRP even in a two-unit configuration is no good since it >> can not handle GSM1800 >> >> >> I was under the impression that provider allocations are still >> no more >> than 10mhz wide in the 1800mhz band, are they not? >> >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > -- Regards, Evgeniy Shelepov _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
