Hi,
I am a MSc Student, I have decided to implement a Mobile tracking system using GSM, not using GPS as a proof of concept. Since I am new to this subject, can some one point me to a right start point.
thanx
Ganesh
I think this has been done before:
http://www.navizon.com/
Thanx for the reply,
I forgot to tell one other othing. My project, not only find the location of the callee. If I receive a call from a person I should know where is he calling from. I know that I cannot pin point without a GPS, atleast if I can get a redias from the nearest cell tower.
If I can get a database of all the Cell ID and their GEO location, can I do something with that ?
ganesh
I think the operator will only tell your handset the caller's caller ID in the form of phone number instead of cell ID. It's kind of intrusion of privacy if an operator does that.
Frankly, if the operator really does that - you won't need to research it right now - someone must have exploited it long time ago
See also the POLS project on SourceForge:
http://pols.sourceforge.net/software
even if some sendt that info i doubt all do
as it's not an official part of the std.
Is'nt this illegal???
Thanx for everyone replied,
I got soem sort of a info.
ganesh
the only thing which could be illegal is that the cellphone operators send
that info to the call reciever which is why i say that for those very legal reasons i doubt all operators send it and it's not a native part of the gsm std
Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
jdlumley said:
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
Click to expand...
Click to collapse
There is an exchange server that is blocking all devices besides Blackberries? Never heard of one like that. What happens when you try to set up the account using HTC Mail?
It is already setup with HTC mail. It works when i'm on my work wifi because i'm already past the firewall that is blocking devices from the exchange server. When I try to access remotely, I get denied. It works fine with all blackberries. I know this because I tried with a blackberry and it worked fine. They only allow blackberries because that is he only kind of device they issue.
bump - someone help me on this please.....
Flipz?
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
jdlumley said:
Flipz?
Click to expand...
Click to collapse
Really?
tooshort
azyouthinkeyeiz said:
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
Click to expand...
Click to collapse
Thanks for the info but we use BES which then connects to the exchange server. The only reason it works is because the firewall allows BB device IDs. If I could spoof to appear to be a BBC I would be fine.
Also regarding your statement about spoofing, the bill is specific to spoofing caller ID and not specific to cell phones. Also, isn't law yet; requires further approval.
jdlumley said:
The only reason it works is because the firewall allows BB device IDs.
Click to expand...
Click to collapse
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
azyouthinkeyeiz said:
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
Click to expand...
Click to collapse
First off, you obviously don't know much about Exchange and the way ANY device interacts with it. BES is esentially a tunnel to get you from your BB to the exchange server. The BES still needs to get through the firewall to get to the exchange server. The firewall can be configured in many different ways. The most common are A) allow the entire BES access or B) allow specific device IDs access. Are you starting to understand?
Secondly, you're a f*cking idiot. Congress is not the final approver of this bill. Obama has not signed off on it, which means it is not law yet. And it is specific to Caller ID. If you had even processed the title of the bill correctly in your peanut-sized brain, you would know this. Please check your facts before you post and make yourself look like a douchebag.
http://news.yahoo.com/s/ytech_wguy/20100415/tc_ytech_wguy/ytech_wguy_tc1637
Now if there are any devs out there that can shed some light on where the device ID is stored or even how to spoof it, please respond!
Not worth it...
PS.. Take a guess as to what your "DEVICE ID" is..
Wow.... I already know what my device ID is. I asked how to change or spoof it.
My device ID is: HTCAnd444430*
Ya know.... they should really make you pass a test to be able to post on forums. Then I would have to deal with idiots like azyouthinkeyeiz.
Um....wouldn't common sense dictate that any sort of spoofing be ethically challenging? Well I would like to think that some things are just better not left to chance. I am not trying to be all goody goody and claim I don't do anything that isn't entirely lawful......but with how nutty the FCC can be, trying to spoof your device ID is akin to MAC spoofing to bypass security measures even if it is not for malicious intent. It can't and won't end well.
Just my two cents....
Off topic... but I wonder what that bill means, if anything, for those of us using Google Voice configured to display our GV number instead of our 'real' number.
Although not the answer you are looking for, you can do this using Nitro Touchdown Exchange.
Sent from my HERO200 using the XDA mobile application powered by Tapatalk
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Ok, lets stop the name calling.
To the OP: Am I correct in assuming you've asked the Exchange Admins to add the Hero device ID and they denied the request? If so, then don't mind me. It seemed like the logical first step.
I haven't read the bill which passed (yet) but I will... Just a few notes.
The Bill has passed both Senate and House versions, it is NOT law yet, but probably will be soon. I see some issues though with the terms being somewhat Vague. Yes, it will be nice that telemarketers and such will no longer being able to hide, but INTENT is a big glaring need which has to be addressed. I mean, come on... There are PERFECTLY legitimate reasons for not wanting to give your number to someone or to give the impression you are calling from a number, i.e., masking your location.
(Honey, I'm at my friend John's house playing cards, be home late tonight)... Lmao...
To make this type of instance a Federal Crime is just "out of this world ridiculous". Big Brother on Steroids... Or what one Judge said recently, that "those who seek anonymity are only doing so for Illegal purposes". NOT!!!... So I wonder then is Ghost writers can be arrested and pseudonyms result in a 10 year stint... Come on... What next? E-mails must be your name? How about that Federal Registry/I.D. #, hell, why don't we just use our Social Security number for everything??? Forget Credit cards, bank accounts, etc...
But anyway, welcome to the New U.S. of A... where all you get to do is breathe without it being tracked, watched, cataloged, traced, recorded, stored, etc., all without your knowledge, permission or ability to resist.
Who was it that said: "Just because I'm paranoid - doesn't mean they aren't watching me!"...
azyouthinkeyeiz said:
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Click to expand...
Click to collapse
You obviously do not know squat about exchange servers, corporate networks, etc... if you have not heard of ISA. ISA is a popular firewall, which my company uses with the exchange server. ISA can and is configured to manage access to certain phone models based off Device ID. All of the allowed devices IDs are BlackBerry IDs. I know for a fact my problem has nothing to do with BlackBerries using a BES. Remember, I have access on wifi, just not remotely and my friends on the exchange team confirmed this for me.
I work in IT but do not manage the exchange/ISA servers. Even if I did, our environment would require a change control for a change like this. We have asked to have our device IDs added to access the exchange server but the change committee has not decided yet if they will grant it. Again you would know nothing about these things as you are a Sprint techie.
I'm not on these boards with the intention of being rude and name calling as you are. I am sorry I lowered my standards and insulted you; I just can't stand ignorant people that think they know everything when really most everything they say/type is false. I simply created this topic in search of a way to change my device ID. I do not care if it is unlawful, wrong, yadda, yadda, yadda. If you or anyone else that reads this knows how to do this, please respond.
To the fellow that suggested Nitro Touchdown. I tried this software but it only allows you to spoof your client agent ID. ISA is configured by Device ID. Thanks for the suggestion but no luck there.
I never said I had never heard of ISA.. I said there's not a firewall that only blocks non-blackberries.. You can block whatever you want with firewalls, its not a feature that it blocks blackberries..
I am telling you the answer, even with ISA, the problem you are having is, the option on the admin side of ISA, is to allow all devices, to allow all devices from BES, or to allow user privileges. There is no button for blackberry/HTC/Apple.. You cannot access the server because you cannot pass through BES without a PIN..
I did no name calling, read back, you stooped there yourself pretty harshly, and I am still helping you... [mirror]
LISTEN- You can connect on your work's wifi, because it is directly accessing the server from an IP on the LOCAL NETWORK.. When you connect to the server on your phone through the mobile network, you are accessing from the PUBLIC DOMAIN.. Which from your explanations, indicates that they allow access only through BES... Since "it only allows blackberries"...
Changing your device ID (if even possible) is going to create more problems than it solves. You basically have 2 options for the device ID:
1 - Change the stored device ID in the handset. This will break all kinds of functionality as every single call the OS makes to getDeviceID() will return an invalid value. My guess is that no applications are coded to respond correctly to a BB device.
2 - Only use a different device ID in the email software. This would require you to write a custom application to get Exchange support.
If you can connect with a desktop PC via VPN, you might want to take a look at RoadSync -- it provides Exchange access over VPN via a proxy server. I believe the current version only has support through 1.6, so if you're running 2.1 you may have to roll back your rom to install it.
Hi there,
I am using an Android Phone in Germany. In the last months a lot of people klicked some adds in their apps and found themselves in a specific kind of value-added-service subscription. Apparently the MSISDN (through which the caller is identified) is transmitted and some dubious value-added service providers like EriXXXon IPX for example charge you about 80€/month for a completely useless subscription for services you never ordered. The cashing works through your local cell-network provider. Since the contract itself was concluded not with your network provider, but with some third party in Far Far Away the provider refuses to refund the money. One would have to contact the Far Far Away company which surprisingly would not respond to your pleas. The network provider on the other hand says, that there is no technical possibility to simply block or disable those services via customer demand. And currently there are no laws in Germany (and Europe afaic) that would prevent this kind of rip-off.
So my question: Is there a possibillity to simply block the sending of the MSISDN during a WAP-Request? Because thats seems to be the protocol over which the MSISDN is transmitted. WAP-Billing is a surplus technology with all those smartphones out there, so maybe it would be sufficient to simply switch off WAP transmission completely while leaving all the other internet protocols switched on.
Any help (e.g. like an app ) would be very much appreciated.
None of you with a hint? An idea? Or the same problem? What a pity...
WAN-MSISDN : disable added-value-services by MSIDN: WANTED.
O yea, I have, fearing the drowsy minute late at the end of a working day where I can not practice "CONSTANT VIGILANCE!" claimed by "defence against the dark arts" teacher Moody... Still it is as you described and none of us willingly to be ripped-of german sheep had yet the nerve to shout at our providers to shut out the gild of thieves by wire. Could be that they had a lot of homework to do that got neglected AND at the end have a slightly better reputation, but astonishingly some painfully reduced $$$ (i.e. €€€) Signs on their added-value-service-statistics.
Just MHO
Perhaps I come back in a year when I will have plunged in such a trap, will have given the case to some advocacy (because my insurance will pay for it) and have undergone some trial sessions. Lets say you'll hear that I won in about 4 years, and will have lost valuable time like 100h, and could gain no compensation from the fraudy company using WAN MSISDN transmission by the title of some german court
I read you can mail your provider and tell them to disable billing of added-value-services.
"Des Weiteren bieten einige Provider wie Telekom oder Vodafone an, Inkasso-Forderungen per Rechnung sperren zu lassen."
see computerbild in dowmain .de
(search for) / artikel / cb-Tipps-Handy-Smartphone-Abo-Gefahr-App-WAP-Werbung-5888480.html
Yours
Andi
ld browser
BloodyCkickenSoup said:
Hi there,
I am using an Android Phone in Germany. In the last months a lot of people klicked some adds in their apps and found themselves in a specific kind of value-added-service subscription. Apparently the MSISDN (through which the caller is identified) is transmitted and some dubious value-added service providers like EriXXXon IPX for example charge you about 80€/month for a completely useless subscription for services you never ordered. The cashing works through your local cell-network provider. Since the contract itself was concluded not with your network provider, but with some third party in Far Far Away the provider refuses to refund the money. One would have to contact the Far Far Away company which surprisingly would not respond to your pleas. The network provider on the other hand says, that there is no technical possibility to simply block or disable those services via customer demand. And currently there are no laws in Germany (and Europe afaic) that would prevent this kind of rip-off.
So my question: Is there a possibillity to simply block the sending of the MSISDN during a WAP-Request? Because thats seems to be the protocol over which the MSISDN is transmitted. WAP-Billing is a surplus technology with all those smartphones out there, so maybe it would be sufficient to simply switch off WAP transmission completely while leaving all the other internet protocols switched on.
Any help (e.g. like an app ) would be very much appreciated.
Click to expand...
Click to collapse
This will not happen if you will use loader droid for these kind of surfing where apps like clauncher mobogenie pop outs and start to download without your permission. Even wap will ask you before subscription that you will be charged 2$for this subscription...when you do it on loader droid downloading subscriptions are not automatic without your permissions..
Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
imarvind said:
Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
Click to expand...
Click to collapse
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
rootSU said:
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
Click to expand...
Click to collapse
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Thanks anyway. I'll look elsewhere
imarvind said:
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Click to expand...
Click to collapse
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
rootSU said:
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
Click to expand...
Click to collapse
I full quote.
Anyway, on serious networks the are always port-security enabled and several checks at access and distributions layers. Say that, @imarvind, even if you can import your certificate, this is does not mean that you can reach connectivity