you can not just build a phone . it needs a dozen of legal steps to take , huge investment and very huge production line . i dont even go far to explain how complicated and expensive this is . to use a phone as a GSM receiver you need to hack into the baseband processor to be able to control the L1 IC . its usually a DSP implementing the layer-1 Radio interface . you can not own such chip . there are a few producers offering it only to huge vendors , NDA , Legal subjects . etc . your only chance is to hack into baseband . that'd be a very difficult job i must confess but not impossible . if somebody can hack into a baseband processor and control the L1 DSP that's only the start of this work because you need to put a phone into a scanner , learn about active channels , then tune the other phones to follow that channel . still , this is not going to be cheap and most certainly not going to be easy . if you do that and put the hacked firmware on the internet if the phone is old you have low chances to be able to buy it , if its new the vendor will make a little change and present the newly built ones get hacked . after all , this is a billion dollars business and people who design and build phones know what they are doing
> > ---------- Forwarded message ---------- > From: Evgeniy Shelepov <[email protected]> > Date: Mon, Jan 4, 2010 at 3:43 PM > Subject: Re: [A51] Truth about this work > To: a51 <[email protected]> > > > Hello, > > Yes, it looks a good idea to make a phone. BTW, why isn't it possible > to make a sniffer from a cell phone, it has all the components that > are needed. Probably it is possible to write a firmware and to > simulate some tricky simcard to make it do what we need. > > 2010/1/4 Clemens Gruber <[email protected]>: > > see this listing of the nokia 3210 hardware: > > https://www.pqgruber.com/other/Portable.pdf > > Maybe we can use similar parts and build our own peripheral perfectly > > fitting our needs.. it should be much cheaper than 2 usrp2s with > > daughterboards etc. > > if there are enough interested people, it will be possible. > > > > on the other hand, the idea of combining a usrp1 with a new fpga-card > > (spartan, virtex, ...) sounds very good because the fpga seems to be the > > bottleneck. > > does anybody know if it's possible to create a fast > > data-transfer-connection between these 2 devices? > > > > On Mon, 2010-01-04 at 14:16 +0330, p q wrote: > >> thanks for the last two questions > >> this was also the important facts that nobody mentioned them . to do > >> a successful attack to A5/1 enabled GSM you need to capture signal on > >> a wide-band style meaning you need to capture all the bands that may > >> have carrier on them . this is highly depended on the network > >> configuration specially the design on BTS . > >> > >> > >> real world BTSs are offering services on different bands and calls are > >> always get handover between the bands due to radio resource > >> management . for a sucsessful GSM interception you at least need to > >> capture Downlink . considering the current opensource and cheap > >> hardware you can simple forget to capture both uplink and downlink , > >> that's just not possible . > >> > >> > >> to capture Downlink of a BTS that offers GSM1800 you need to capture > >> at least 75 MB of the spectrum space . this is far more than USRP and > >> also beyond USRP2 > >> yes its possible to do this on GSM900 but you have to first find a BTS > >> that only offers downlink on GSM900 and this is not going to be easy > >> > >> > >> the idea of being able to build the RF part of a GSM interceptor that > >> works on real world BTSs across the world using cheap stuff like USRP > >> is just delusional . never gonna happen . this is another truth about > >> this work . giving ourselves promises that's just not technically > >> possible is not going to go far > >> > >> > >> what is possible to do ? it is possible to build a GSM900-only capture > >> system using at least two USRP2 and still it depends on the number of > >> TRXs that's installed on the BTS . if we want to go out there and > >> really capture data from a real BTS we need to consider these things > >> before getting ahead of ourselves . a two-unit USRP2 system might be > >> able to fully capture the downlink of a real BTS operating in GSM900 > >> only in a not so crowded area > >> > >> > >> i saw people are fantasizing this work to put it on some hacker CD > >> like Wifi and WEP stuff . i'm going to go out and say it : people , > >> this is far more complicated and more expensive than that . this is > >> all just because of the expensive and close nature of cellular network > >> business and RF problems , not just because of the cryptography like i > >> said before A5/1 is just a part of the problem . even if we can prove > >> we can crack A5/1 which is not happened yet next step is the real pain > >> in the ass > >> > >> > >> regards > >> > >> > >> > >> > >> On Mon, Jan 4, 2010 at 1:58 PM, Gregory Maxwell <[email protected]> > >> wrote: > >> [Please don't send HTML mail to mailing lists] > >> On Mon, Jan 4, 2010 at 4:31 AM, p q <[email protected]> > >> wrote: > >> > > >> > USRP even in a two-unit configuration is no good since it > >> can not handle GSM1800 > >> > >> > >> I was under the impression that provider allocations are still > >> no more > >> than 10mhz wide in the 1800mhz band, are they not? > >> > >> > >> ______________________________________________ >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
