Oros42/IMSI-catcher Oros42/IMSI-catcher

  • Stars
    star
    3,148
  • Rank 14,169 (Top 0.3 %)
  • Language
    Python
  • License
    Creative Commons ...
  • Created over 9 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Oros42/IMSI-catcher
github

Oros42

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This program show you IMSI numbers of cellphones around you.

IMSI-catcher

This program shows you IMSI numbers, country, brand and operator of cellphones around you.

/!\ This program was made to understand how GSM network work. Not for bad hacking !

screenshot0

What you need

1 PC with Gnu/Linux. Tested with :

  • debian 10
  • Ubuntu 20.04/LinuxMint 20+
  • Kali 2020+

1 SDR receiver. Tested with :

Setup

git clone https://github.com/Oros42/IMSI-catcher.git
cd IMSI-catcher

or

wget https://github.com/Oros42/IMSI-catcher/archive/master.zip && unzip -q master.zip
cd IMSI-catcher-master
sudo apt install python3-numpy python3-scipy python3-scapy

Warning : don't use python 3.9 (ctypes bug)!

You have the choice with 2 types of gr-gsm's install : in your OS or with docker.

Install gr-gsm in your OS (recommended)

sudo apt-get install -y \
    cmake \
    autoconf \
    libtool \
    pkg-config \
    build-essential \
    python-docutils \
    libcppunit-dev \
    swig \
    doxygen \
    liblog4cpp5-dev \
    gnuradio-dev \
    gr-osmosdr \
    libosmocore-dev \
    liborc-0.4-dev \
    swig
gnuradio-config-info -v

if >= 3.8

git clone -b maint-3.8 https://github.com/velichkov/gr-gsm.git

else (3.7)

git clone https://git.osmocom.org/gr-gsm
cd gr-gsm
mkdir build
cd build
cmake ..
make -j 4
sudo make install
sudo ldconfig
echo 'export PYTHONPATH=/usr/local/lib/python3/dist-packages/:$PYTHONPATH' >> ~/.bashrc

Install gr-gsm with Docker

sudo xhost +local:docker
docker pull atomicpowerman/imsi-catcher
docker run -ti --net=host -e DISPLAY=$DISPLAY --privileged -v /dev/bus/usb:/dev/bus/usb  atomicpowerman/imsi-catcher bash

Run all grgsm_* in this docker.

Usage

We use grgsm_livemon to decode GSM signals and simple_IMSI-catcher.py to find IMSIs.

python3 simple_IMSI-catcher.py -h
Usage: simple_IMSI-catcher.py: [options]

Options:
  -h, --help            show this help message and exit
  -a, --alltmsi         Show TMSI who haven't got IMSI (default  : false)
  -i IFACE, --iface=IFACE
                        Interface (default : lo)
  -m IMSI, --imsi=IMSI  IMSI to track (default : None, Example:
                        123456789101112 or "123 45 6789101112")
  -p PORT, --port=PORT  Port (default : 4729)
  -s, --sniff           sniff on interface instead of listening on port
                        (require root/suid access)
  -w SQLITE, --sqlite=SQLITE
                        Save observed IMSI values to specified SQLite file
  -t TXT, --txt=TXT     Save observed IMSI values to specified TXT file
  -z, --mysql           Save observed IMSI values to specified MYSQL DB (copy
                        .env.dist to .env and edit it)

Open 2 terminals.

In terminal 1

sudo python3 simple_IMSI-catcher.py -s

In terminal 2

grgsm_livemon

Now, change the frequency until it display, in terminal, something like that :

15 06 21 00 01 f0 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
25 06 21 00 05 f4 f8 68 03 26 23 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
49 06 1b 95 cc 02 f8 02 01 9c c8 03 1e 57 a5 01 79 00 00 1c 13 2b 2b

Wireshark

You can watch GSM packets with wireshark.

sudo apt install wireshark
sudo wireshark -k -Y '!icmp && gsmtap' -i lo

Find frequencies

grgsm_scanner
ARFCN:  974, Freq:  925.0M, CID:     2, LAC:   1337, MCC: 208, MNC:  20, Pwr: -41
ARFCN:  976, Freq:  925.4M, CID:  4242, LAC:   1007, MCC: 208, MNC:  20, Pwr: -45

Now, you can set the frequency for grgsm_livemon :

grgsm_livemon -f 925.4M

Or, for hackrf, fetch the kalibrate-hackrf tool like this:

sudo apt-get install automake autoconf libhackrf-dev
git clone https://github.com/scateu/kalibrate-hackrf
cd kalibrate-hackrf/
./bootstrap
./configure
make
sudo make install

Run

kal -s GSM900
kal: Scanning for GSM-900 base stations.
GSM-900:
	chan:   14 (937.8MHz + 10.449kHz)	power: 3327428.82
	chan:   15 (938.0MHz + 4.662kHz)	power: 3190712.41
...

Log data in mysql

Use db-example.sql to create your DB.

cp .env.dist .env
nano .env
# set your config
sudo apt install python-decouple python3-mysqldb
sudo python3 simple_IMSI-catcher.py -s --mysql

scan-and-livemon (no longer used)

Scan frequencies and listen the 1st found :
In terminal 1

python3 scan-and-livemon

In terminal 2

python3 simple_IMSI-catcher.py

Links

Setup of Gr-Gsm : https://osmocom.org/projects/gr-gsm/wiki/Installation and https://github.com/velichkov/gr-gsm
Frequency : http://www.worldtimezone.com/gsm.html and https://fr.wikipedia.org/wiki/Global_System_for_Mobile_Communications
Mobile Network Code : https://en.wikipedia.org/wiki/Mobile_Network_Code
Scapy : http://secdev.org/projects/scapy/doc/usage.html
IMSI : https://fr.wikipedia.org/wiki/IMSI
Realtek RTL2832U : https://osmocom.org/projects/sdr/wiki/rtl-sdr and http://doc.ubuntu-fr.org/rtl2832u and http://doc.ubuntu-fr.org/rtl-sdr

Donate

To support my work, a tipee would be nice ;-)
https://liberapay.com/Oros/

More Repositories

1

DNS_sniffer

A python DNS sniffer
Python
72
star
2

ARP_poisoning_detector

Simple detector of ARP poisoning attack
Python
28
star
3

github_backup

Clone github's repositories before takedown by DMCA
Shell
28
star
4

firefox_change_prefs

Change parameters in firefox for better privacy.
JavaScript
21
star
5

CustomDebian

script to build your custom live Debian
Shell
20
star
6

dwlive

Make a live CD Debian with dwagent
Shell
19
star
7

tiny_DnDUp

tiny Drag and Drop Upload
PHP
17
star
8

files_sniffer

Sniff every types of files you want on your network interface and save it.
Python
16
star
9

checkcertif

Firefox addon for a Man In The Middle detection
PHP
12
star
10

dropWindowsPwd

Drop Windows passords
Shell
9
star
11

mixcloud-dl

Download musique from mixcloud
Shell
9
star
12

CDN_cache

Make your own cache of Google CDN
PHP
8
star
13

checkemailexists

Check if an email address exists
Shell
7
star
14

hubic_gpg

Upload and download file from hubiC
Shell
7
star
15

KISSGallery

Keep It Stupid Simple Gallery
PHP
7
star
16

network_map

Python
6
star
17

find_shaarlis

Oรน sont les shaarlis ?
PHP
6
star
18

shaarlis_list

Liste des shaarlis
PHP
6
star
19

SSTV_Robot_encoder

Simple and fast SSTV encoder for Robot8BW and Robot24BW.
C
6
star
20

uncensor_deviantart

Javascript bookmarks to uncensor deviantart.com
6
star
21

js_terminal

A javascript terminal
HTML
5
star
22

proxy_spider

Cartographie de sites web
Python
5
star
23

github_backup_user_repos

Clone and pull all repositories of one or more user for backup.
Python
5
star
24

IP-count.ries

Count IP and sort countries from log
Shell
4
star
25

js_galerie

Galerie photo en javascript
HTML
4
star
26

Playlist-generator

Generate m3u playlist with list of local paths and URLs
PHP
4
star
27

IP-count.ries_interface

Interface for https://github.com/Oros42/IP-count.ries
PHP
4
star
28

flickr_downloader

Download images from a gallery Flickr
Python
3
star
29

CustomDebianSetup

Examples of setups for https://github.com/Oros42/CustomDebian
Shell
2
star
30

dns_get_record_from_server

PHP function. Get IPv4 and IPv6 addresses of a domain from a specific DNS server.
PHP
2
star
31

phone-blacklist

Blacklisting rogue phone numbers
2
star
32

checkcertif_server

PHP
2
star
33

BooruMirror

"booru" imageboard post mirroring in PHP
PHP
2
star
34

Oros42

1
star
35

Pi

Mon propre calcul de Pi en Python
Python
1
star
36

checkcertif_addon

Firefox addon for a Man In The Middle detection
JavaScript
1
star
37

porneia-shaarli-opml

Generate in OPML the list of Sharli by Porneia. Source code in
PHP
1
star