Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
Hi everyone
I read a lot about tracking mobile phone with the Cell ID and neighbour Cells via GSM service [1]
the GSM protocol can initiate a scan of the neighbor cells and their signal strength which leads to a position accuracy <100m
Does someone know more about it?
second using silent/stealth sms to receive cell id [2][3][4] (no English infos found you got censored? ) google translate if you don't speak German...
this special sms type does not show any information on your handset, its silent! So you can't detect when you receive one.
On which level of the phone is this behavior handled? Baseband/Radio or the OS?
As example on Android you get the kernel source and all the source of the standard apps running on it. Probably a way modify the way it reacts if it is in this part of the code.
The Radio/Baseband is NOT?[needs clarification] open source, so no chance here?
Is there a way to detect this behavior?
[1] http://en.wikipedia.org/wiki/GSM_localization#Handset_Based
[2] http://de.wikipedia.org/wiki/Short_Message_Service#Spezielle_Nachrichtentypen
[3] http://www.heise.de/mobil/artikel/ueberwachung-per-Mobilfunk-222789.html
[4] http://www.heise.de/newsticker/meld...ung-wird-zur-Massendienstleistung-130253.html
Hi mopodo,
just FYI, "silent sms" can be sent wia WM, a tool called "Hush SMS" allows this.
And there is no information carried via this SMS back to the originator.
Cell-ID based tracking can only be done by the owner of a cell tower, i.e. the operator. And since this requires lots of time, they (regularly) only do this on request of the prosecution.
But I do not know more about this topic, the above information is what I (supposedly) know about this.
Regards
Zuzler said:
Hi mopodo,
just FYI, "silent sms" can be sent wia WM, a tool called "Hush SMS" allows this.
And there is no information carried via this SMS back to the originator.
Cell-ID based tracking can only be done by the owner of a cell tower, i.e. the operator. And since this requires lots of time, they (regularly) only do this on request of the prosecution.
But I do not know more about this topic, the above information is what I (supposedly) know about this.
Regards
Click to expand...
Click to collapse
try to read more about CITA and ECITA : enhanced cell id timing advance hahaha
ghassen32 said:
try to read more about CITA and ECITA : enhanced cell id timing advance hahaha
Click to expand...
Click to collapse
Welcome to the forum! Tell us a little on what you know about CITA?
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
jdlumley said:
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
Click to expand...
Click to collapse
There is an exchange server that is blocking all devices besides Blackberries? Never heard of one like that. What happens when you try to set up the account using HTC Mail?
It is already setup with HTC mail. It works when i'm on my work wifi because i'm already past the firewall that is blocking devices from the exchange server. When I try to access remotely, I get denied. It works fine with all blackberries. I know this because I tried with a blackberry and it worked fine. They only allow blackberries because that is he only kind of device they issue.
bump - someone help me on this please.....
Flipz?
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
jdlumley said:
Flipz?
Click to expand...
Click to collapse
Really?
tooshort
azyouthinkeyeiz said:
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
Click to expand...
Click to collapse
Thanks for the info but we use BES which then connects to the exchange server. The only reason it works is because the firewall allows BB device IDs. If I could spoof to appear to be a BBC I would be fine.
Also regarding your statement about spoofing, the bill is specific to spoofing caller ID and not specific to cell phones. Also, isn't law yet; requires further approval.
jdlumley said:
The only reason it works is because the firewall allows BB device IDs.
Click to expand...
Click to collapse
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
azyouthinkeyeiz said:
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
Click to expand...
Click to collapse
First off, you obviously don't know much about Exchange and the way ANY device interacts with it. BES is esentially a tunnel to get you from your BB to the exchange server. The BES still needs to get through the firewall to get to the exchange server. The firewall can be configured in many different ways. The most common are A) allow the entire BES access or B) allow specific device IDs access. Are you starting to understand?
Secondly, you're a f*cking idiot. Congress is not the final approver of this bill. Obama has not signed off on it, which means it is not law yet. And it is specific to Caller ID. If you had even processed the title of the bill correctly in your peanut-sized brain, you would know this. Please check your facts before you post and make yourself look like a douchebag.
http://news.yahoo.com/s/ytech_wguy/20100415/tc_ytech_wguy/ytech_wguy_tc1637
Now if there are any devs out there that can shed some light on where the device ID is stored or even how to spoof it, please respond!
Not worth it...
PS.. Take a guess as to what your "DEVICE ID" is..
Wow.... I already know what my device ID is. I asked how to change or spoof it.
My device ID is: HTCAnd444430*
Ya know.... they should really make you pass a test to be able to post on forums. Then I would have to deal with idiots like azyouthinkeyeiz.
Um....wouldn't common sense dictate that any sort of spoofing be ethically challenging? Well I would like to think that some things are just better not left to chance. I am not trying to be all goody goody and claim I don't do anything that isn't entirely lawful......but with how nutty the FCC can be, trying to spoof your device ID is akin to MAC spoofing to bypass security measures even if it is not for malicious intent. It can't and won't end well.
Just my two cents....
Off topic... but I wonder what that bill means, if anything, for those of us using Google Voice configured to display our GV number instead of our 'real' number.
Although not the answer you are looking for, you can do this using Nitro Touchdown Exchange.
Sent from my HERO200 using the XDA mobile application powered by Tapatalk
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Ok, lets stop the name calling.
To the OP: Am I correct in assuming you've asked the Exchange Admins to add the Hero device ID and they denied the request? If so, then don't mind me. It seemed like the logical first step.
I haven't read the bill which passed (yet) but I will... Just a few notes.
The Bill has passed both Senate and House versions, it is NOT law yet, but probably will be soon. I see some issues though with the terms being somewhat Vague. Yes, it will be nice that telemarketers and such will no longer being able to hide, but INTENT is a big glaring need which has to be addressed. I mean, come on... There are PERFECTLY legitimate reasons for not wanting to give your number to someone or to give the impression you are calling from a number, i.e., masking your location.
(Honey, I'm at my friend John's house playing cards, be home late tonight)... Lmao...
To make this type of instance a Federal Crime is just "out of this world ridiculous". Big Brother on Steroids... Or what one Judge said recently, that "those who seek anonymity are only doing so for Illegal purposes". NOT!!!... So I wonder then is Ghost writers can be arrested and pseudonyms result in a 10 year stint... Come on... What next? E-mails must be your name? How about that Federal Registry/I.D. #, hell, why don't we just use our Social Security number for everything??? Forget Credit cards, bank accounts, etc...
But anyway, welcome to the New U.S. of A... where all you get to do is breathe without it being tracked, watched, cataloged, traced, recorded, stored, etc., all without your knowledge, permission or ability to resist.
Who was it that said: "Just because I'm paranoid - doesn't mean they aren't watching me!"...
azyouthinkeyeiz said:
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Click to expand...
Click to collapse
You obviously do not know squat about exchange servers, corporate networks, etc... if you have not heard of ISA. ISA is a popular firewall, which my company uses with the exchange server. ISA can and is configured to manage access to certain phone models based off Device ID. All of the allowed devices IDs are BlackBerry IDs. I know for a fact my problem has nothing to do with BlackBerries using a BES. Remember, I have access on wifi, just not remotely and my friends on the exchange team confirmed this for me.
I work in IT but do not manage the exchange/ISA servers. Even if I did, our environment would require a change control for a change like this. We have asked to have our device IDs added to access the exchange server but the change committee has not decided yet if they will grant it. Again you would know nothing about these things as you are a Sprint techie.
I'm not on these boards with the intention of being rude and name calling as you are. I am sorry I lowered my standards and insulted you; I just can't stand ignorant people that think they know everything when really most everything they say/type is false. I simply created this topic in search of a way to change my device ID. I do not care if it is unlawful, wrong, yadda, yadda, yadda. If you or anyone else that reads this knows how to do this, please respond.
To the fellow that suggested Nitro Touchdown. I tried this software but it only allows you to spoof your client agent ID. ISA is configured by Device ID. Thanks for the suggestion but no luck there.
I never said I had never heard of ISA.. I said there's not a firewall that only blocks non-blackberries.. You can block whatever you want with firewalls, its not a feature that it blocks blackberries..
I am telling you the answer, even with ISA, the problem you are having is, the option on the admin side of ISA, is to allow all devices, to allow all devices from BES, or to allow user privileges. There is no button for blackberry/HTC/Apple.. You cannot access the server because you cannot pass through BES without a PIN..
I did no name calling, read back, you stooped there yourself pretty harshly, and I am still helping you... [mirror]
LISTEN- You can connect on your work's wifi, because it is directly accessing the server from an IP on the LOCAL NETWORK.. When you connect to the server on your phone through the mobile network, you are accessing from the PUBLIC DOMAIN.. Which from your explanations, indicates that they allow access only through BES... Since "it only allows blackberries"...
Changing your device ID (if even possible) is going to create more problems than it solves. You basically have 2 options for the device ID:
1 - Change the stored device ID in the handset. This will break all kinds of functionality as every single call the OS makes to getDeviceID() will return an invalid value. My guess is that no applications are coded to respond correctly to a BB device.
2 - Only use a different device ID in the email software. This would require you to write a custom application to get Exchange support.
If you can connect with a desktop PC via VPN, you might want to take a look at RoadSync -- it provides Exchange access over VPN via a proxy server. I believe the current version only has support through 1.6, so if you're running 2.1 you may have to roll back your rom to install it.
Hi! Let me introduce a tiny app, available in English in the moment.
This program shows a small info window during incoming/outgoing call. It contents country, region, city (or mobile operator) and LOCAL TIME in that place (worldwide)!
See latest comments and screenshots on cyrket (I'm not allowed to insert links)
Detailed popup customization is supported
The phone base I collected and created (many errors there were fixed by hands) was only available in Russian, but today I released English base, made with help of Google Translate
I know, such translation is buggy (but still much better I expected). I hope you'll help me and other users to have a complete and accurate information about calls - just email me right from the program menu about any issues or comment here.
World time also changes (for example, Russia lost two time zones this March) and if you find any error - post here or email me
You don't need to download phone base. You may download its latest version from the app, but if you want to do it manually, unpack the zip to the sdcard's root
How accurate does it get? I don't get many international calls, but might be useful to know where a landline call from within the UK is coming from?
What happens with mobile calls from with the UK? I assume no detail at all then?
it covers both landline and mobile network all over the world, where it is possible to distinguish between numbers by area codes. just try =) there are more than 25000 records in the base
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
Hi. How do you set this up?
I have placed my Country Code (00351) and set GMT to +1 and when I call from my desk to my phone, it says it's a call from India ...
afaik, country code cant starts with zeros. Please, provide full number (you may hide last four digits) and right country for you I'll check and write settings here
Erm, I think techinally it either starts with two zeros, or a + but you're asking for a single number?
For example, UK is either 0044 or +44
wow. That is new for me. I know that with one leading zero start local calls. And you say two zeros replace + . hmmm. try left country code blank, that may help, I think. and if not, please, type whole number without four last digits
Not sure if this is already obvious but as there seems some uncertainty. AIUI the correct way to state an international number is to prefix it with +. To make a call, the plus sign is replaced with the two (or sometimes three or four) digit international access code which depends on the country one is placing the call from. For Europe this is 00, for the States, 011 etc.
I'm in Portugal, and my number is +35193233xxxx. I have tried leaving it blank, but by default leaves a 7... tried with 00351, with 351 and when calls are incoming still stays it's from India.
I'll wait for further clarification and if nothing happens I'll un-install it.
By the way, it doesn't let me use the +.
Thanks
okay, and what was the incoming number? what it was looking like on the call screen? country code preset replaces leading zero or eight digit. so it doesn't interfere number detection in you case I think
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
The incoming number was looking like this: 91811xxx
It's a mobile number from Vodafone.
Just got a call from Germany, and it identified the Country and city allright. Seems that it doesn't work for calls inside Portugal only...
i see eight digits and no country info in this number. if there are seven digits program says local call and do not provide any information (because there is no trusted information) in eight or more digits it tries to detect country code. it replaces leading 8 or 0 with country code from the settings - for example local russian mobile calls may look like 8916xxxyyzz - we replace 8 with country code 7 and identify it with MTS - the program even say region or city based on x or xx or xxx in the example above. but in your situation I have no idea how to detect that the call is local and country code needs to be put before the number =( I've never heard that income mobile number may be in the format you wrote - it should start with plus sign and country code or 8 or zero (Ukraine, Moldova). I'm whirled
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
Any chance you can convert the database into something human-readable? I'll be glad to cross reference a bunch of Southern California area codes and prefixes so that you can get some more accurate data there.
Also, a program similar to yours got hit with a cease & desist a few months back by some patent trolls because they supposedly hold a patent on this very thing. You're in Russia though so I dunno if their reach extends to you. Just thought I'd give you an FYI.
XStylus said:
Any chance you can convert the database into something human-readable? I'll be glad to cross reference a bunch of Southern California area codes and prefixes so that you can get some more accurate data there.
Also, a program similar to yours got hit with a cease & desist a few months back by some patent trolls because they supposedly hold a patent on this very thing. You're in Russia though so I dunno if their reach extends to you. Just thought I'd give you an FYI.
Click to expand...
Click to collapse
please, email me a t r a n t . s g @ g m a i l . c o m (or from the program menu) to discuss db elements, thanks in advance.
and yeah... i've read that stuff and even contacted the author...
But, my program is better now, I think =) And I will hit 10000 downloads, I hope. That will be enough, I think, for my efforts and hand-made db =))
Uninstallation
How do i uninstall de database, can't find it but i takes 3 mb of internal memory. Anyone has a suggestion!!
castor.troy said:
How do i uninstall de database, can't find it but i takes 3 mb of internal memory. Anyone has a suggestion!!
Click to expand...
Click to collapse
Just remove the DB app. There is no way to leave DB app and remove the DB, android OS restriction (can't modify signed apk on the device)
uninstallation
So when i uninstall WorldCallPlaceAndTime.apk than de database will be removed from my internal memeory?
Castor
castor.troy said:
So when i uninstall WorldCallPlaceAndTime.apk than de database will be removed from my internal memeory?
Castor
Click to expand...
Click to collapse
Sure, man! Do it right now!