[Q] Need a Location App Help - Other Tools & General Discussion

The target of the software is to gather some network info remotely avoiding any notification to the target mobile user and not installing any software in the target mobile.
Let me explain the idea in detail. First of all, we know that if we press *#06# then we can see the IMEI number of the set. So, there might be some secret way or code so that anybody can get the IMEI number of any mobile set with the help of just target mobile number.
That was just an example. However, there are some system of ping to check the reachability in IP network. In GSM network also there should be some secret code by which ping, trace route targeting a mobile number is possible. By these, the availability of the target can be confirmed. By the trace route result, we can obtain the path Of the pong reply or ping, present cell id. The individual cell ID also carries the name of the area in Unicode which is displayed in many sets optionally. That text may also be obtained from that. Actually, we want to do this by developing and installing an android software. In that car, we need to know the coding, programming language and special DLL or header that has to be called for this purpose.
2. Is there any way to call or search IMEI in any mobile network? Is it possible to find out the mobile number by inquiring with IMEI number from any mobile?
3. There is a way to configure a GSM modem with a cloned SIM may be so that the target mobile's all traffics including voice and SMS, may be data also. By default, all SIM's destination priority setting is 0. In the case, the modem has the higher priority so that at first the traffics reach there, modem software captures and records the traffic and then throws again to the target device. It's clear that here, the modem acts in transparent mode so that the target do not feel anything as well as it does not catch eyes of operators. We want to do this.
As here, I'm throwing the complete requirement along with technical description. Please let me know any further requirement.

Related

Some help needed for Voip Dialplan on Wm6

Hello every one,
Using different cabs and advices from this forum, I managed to get using the native internet calling feature of my device.
I'm able to make calls, but something is still bothering me with the dialling process: I have to re-enter the entire phone number that I want to call before every call I place since my sip provider (Voipbuster) requires that the number starts with (00) plus the (international area code) while all my numbers in contact are stored like (+) plus (international area code).
Can any one helps me out with an Ipdialplan.xml model, that fixes this issue?
Of course, it should works no matter the total amount of digits the contact number includes. 11, 12 etc.
Thanks in advance.
Here you go
http://msdn2.microsoft.com/en-us/library/aa921921.aspx
ipdialplan
You can also have a look on my post, with an example :
http://forum.xda-developers.com/showpost.php?p=1540809&postcount=3

identify if IMSI catchers were used with field test?

Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.

GSM, Cell ID tracking by operator or big brother

Hi everyone
I read a lot about tracking mobile phone with the Cell ID and neighbour Cells via GSM service [1]
the GSM protocol can initiate a scan of the neighbor cells and their signal strength which leads to a position accuracy <100m
Does someone know more about it?
second using silent/stealth sms to receive cell id [2][3][4] (no English infos found you got censored? ) google translate if you don't speak German...
this special sms type does not show any information on your handset, its silent! So you can't detect when you receive one.
On which level of the phone is this behavior handled? Baseband/Radio or the OS?
As example on Android you get the kernel source and all the source of the standard apps running on it. Probably a way modify the way it reacts if it is in this part of the code.
The Radio/Baseband is NOT?[needs clarification] open source, so no chance here?
Is there a way to detect this behavior?
[1] http://en.wikipedia.org/wiki/GSM_localization#Handset_Based
[2] http://de.wikipedia.org/wiki/Short_Message_Service#Spezielle_Nachrichtentypen
[3] http://www.heise.de/mobil/artikel/ueberwachung-per-Mobilfunk-222789.html
[4] http://www.heise.de/newsticker/meld...ung-wird-zur-Massendienstleistung-130253.html
Hi mopodo,
just FYI, "silent sms" can be sent wia WM, a tool called "Hush SMS" allows this.
And there is no information carried via this SMS back to the originator.
Cell-ID based tracking can only be done by the owner of a cell tower, i.e. the operator. And since this requires lots of time, they (regularly) only do this on request of the prosecution.
But I do not know more about this topic, the above information is what I (supposedly) know about this.
Regards
Zuzler said:
Hi mopodo,
just FYI, "silent sms" can be sent wia WM, a tool called "Hush SMS" allows this.
And there is no information carried via this SMS back to the originator.
Cell-ID based tracking can only be done by the owner of a cell tower, i.e. the operator. And since this requires lots of time, they (regularly) only do this on request of the prosecution.
But I do not know more about this topic, the above information is what I (supposedly) know about this.
Regards
Click to expand...
Click to collapse
try to read more about CITA and ECITA : enhanced cell id timing advance hahaha
ghassen32 said:
try to read more about CITA and ECITA : enhanced cell id timing advance hahaha
Click to expand...
Click to collapse
Welcome to the forum! Tell us a little on what you know about CITA?

[SECURITY] [APP][WIP] IMSI Catcher/Spy Detector

UPDATE: 2015-01-14IMPORTANT!
Although this thread is still open, it is no longer updated with relevant info.
Please go to our official GitHub Site for the latest developer news and join
our development efforts in our back rooms...
​
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
For all the latest changes see our CHANGELOG.
For all the latest WIP alpha releases, see RELEASES.
The minimum supported AOS API version is 16, thus
AIMSICD will only work on Jelly Bean 4.1 or later.​---
Call for help to develop an IMSI catcher detector application for Android OS.
Q: What is an IMSI catcher?
A: It is a fake cell tower (aka. Base Transceiver Station, BTS) used to track and monitor specific (groups of) people in the near vicinity of that BTS.
In the light of last years highly publicized events in the many Arabic nations and the German state sponsored rootkit discovery, etc etc. It is of the highest priority to start developing anti/counter-spy applications for the people living in rogue states such as Syria, Iran etc. In addition, it may play an important role in finding (and preventing) other rogue applications that attempt to send silent SMS's to high-cost premium services.
Recently there have been some publicity surrounding the Osmocom BB's, application patch known as "Catcher Catcher" which is used to detect mobile phone tracking and spying, originating from the Mobile Phone Service Provider side. (I.e. something that generally can only be provided by state sponsored government and security forces.)
Relevant links include:
http://bb.osmocom.org/trac/
http://www.youtube.com/watch?v=YWdHSJsEOck
http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html
http://gsmmap.org/cgi-bin/gsmmap.fcgi?risk=1
http://lab.ks.uni-freiburg.de/projects/imsi-catcher-detection/wiki/Software
http://opensource.srlabs.de/projects/catcher/wiki
For a tutorial on how to compile and help populate the Gsmmap database, see here.
In the News:
http://www.h-online.com/security/ne...iles-and-security-measures-shown-1401668.html
http://www.actualtoday.com/gsm-hacking-osmocom-patch-discovered-silent-sms-and-eavesdropping
This information started 2010 and was extended to last years 28C3 event...
How can you help?
I would very much like to have contact with anyone who can provide more in-depth knowledge how this could possibly be implemented on the AOS. There are several way you can help, eventhough you may not be an expert on HW or even android.
Help populate the Gsmmap database.
Follow and help/develop the OsmocomBB project.
Compile OsmocomBB for an Android phone, so that it can be used as a USB host. (Preferably for one of the more popular models like the Samsung galaxy S.)
Help mapping out the Android baseband AT command set or the internal RIL function, so that we can obtain as many GSM radio parameters as possible.
Reverse engineer the vendor RIL of the phone above.
Reverse engineer the Modem firmware so that we can use the phone as a native catcher-catcher.
Find provide documentation of the closed source modem(s) most used in androids.
Share other relevant experience you may have in this matter.
Find or provide links to documentation of anything baseband related, not already widely known!
Stay legal, or this project will close really quickly!
NOTE: This is not to prevent IMSI catchers, but to inform the "victims" that they are being subject to tracking/monitoring.
A few other items:
For the Software Change Log, our Github.
For Phone Support Log, see Post #7 below.
We have contacted EFF and The Guardian Project and hope to join their efforts and provide support to counter illegal tracking and tapping.
Thanks to SecUpwN, we now have our own GitHub HERE.
Have made a preliminary Developer Roadmap.
Added some important links.
Licensing Proposal: This will be a community project licensed under a GPLv3 license:
---Glossary: (Harald Welte)
The BSS (Base Station Subsystem)
MS (Mobile Station): Your phone
BTS (Base Transceiver Station): The cell tower
BSC (Base Station Controller): Controlling up to hundreds of BTS
BP/CP (Baseband/Cellular Processor): Your phone radio/modem processor (usually an ARM 7/9)
The NSS (Network Sub System)
MSC (Mobile Switching Center): The central switch
HLR (Home Location Register): Database of subscribers
AUC (Authentication Center): Database of authentication keys
VLR (Visitor Location Register): For roaming users
EIR (Equipment Identity Register): To block stolen phones​
Our Support:
We have as a goal to become a strong supporter of the EFF and The Guardian Project.
Part of all future donations will go to EFF. Intellectual and technological support will
also be given where possible.
​
The GSM Ciphering Indicator
According to the 3GPP GSM standards/specifications [1] for handsets,
there should be a Ciphering Indicator (CI) showing the user when the
GSM phone/data connection is not using encryption. Unfortunately for
many people in the rest of the world, this feature have not been
properly (if at all) implemented in the Android OS, AFAIK [2]. The
second culprit is the fact that your cellular service provider have
disabled showing this CI on the vast majority of SIM cards issued
around the world.
The only options for circumventing these privacy problems are:
Write an application that present the current ciphering status. (Easy)
Write an application that hijacks the baseband processor (modem)
SIM binary-code (in the firmware) to force-enable CI and possibly
also the use of A5/3. (Hard)
Make and use a copy of your SIM card that has CI enabled. (Hard)
Lobby your cellular service provider to always use A5/3 ciphering. (Hard)
(A5/1 was never used and A5/2 can be cracked on-the-fly!)
Force Google to fix the issue! This is hard, since the issue is
already >2 years old at "medium priority", and in addition it
does not resolve the service provider disabled CI in their SIM
cards.
As you can see the issue at hand does not look to be resolved
anytime soon. So I lobby for (1) or (2). But to do that we need
some background knowledge. Then I will show you how to read the
CI setting from your SIM card. Then we will figure out how to
write such an application!
References:
[1] 3GPP GSM 02.07: http://www.3gpp.org/ftp/Specs/archive/02_series/02.07/0207-710.zip
[2] Android Issue 5353: https://code.google.com/p/android/issues/detail?id=5353
[3] Dieter Spaar's Blog: http://www.mirider.com/weblog/2010/08/03/#20100803-ciphering_indicator
[4] 3GPP GSM 11.11: ???
Some 3GPP GSM Terminology:
Code:
EF - Elementary Files
AD - Administrative (Data) Field
BCD - Binary-Coded Decimal (compressed)
CHV - Card Holder Verification (usually your SIM code)
TLV - Tag, Length, Value
BER-TLV - Object that conform to the Basic Encoding Rules (BER)
RFU - Reserved for Future Use
Background:
[1] § B.1.26 Ciphering Indicator
The ciphering indicator feature allows the ME to detect that
ciphering is not switched on and to indicate this to the user,
as defined in GSM 02.09.
The ciphering indicator feature may be disabled by the home network
operator setting data in the "administrative data" field (EF-AD) in
the SIM, as defined in GSM 11.11.
If this feature is not disabled by the SIM, then whenever a
connection is in place, which is, or becomes unenciphered,
an indication shall be given to the user.
Ciphering itself is unaffected by this feature, and the user can
choose how to proceed.
[3] Ciphering Indicator in mobile phones
According to GSM 02.07 B.1.26, there should be a Ciphering Indicator
in the ME to allow a user to detect if ciphering is not switched on.
The Ciphering Indicator can be turned off by the network operator
clearing (what is formerly known as) the OFM (Operational Feature
Monitor) bit in the "administrative data" field of the SIM.
(See GSM 11.11, 10.3.18)
Usually the Ciphering Indicator is turned off, at least in those SIMs
I have seen so far. And you usually cannot modify the administrative
data in the SIM. But would a phone actually display something if the
Ciphering Indicator is enabled and ciphering is not on?
[4] § 10.2.18 The SIM Administrative Data field
All data on your SIM card is stored in a special filesystem hierarchy.
To not delve too far into the murky depths of SIM data storage, we
jump straight to the particular file we are interested in. It is an
elementary file (EF) called Administrative Data (AD), whose
filename/identifier is just a number, like always in the SIM-card
filesystem. In this case it is known '6FAD' (Hex for 28589).
"
This EF contains information concerning the mode of operation according
to the type of SIM, such as normal (to be used by PLMN subscribers for
GSM operations), type approval (to allow specific use of the ME during
type approval procedures of e.g. the radio equipment), cell testing
(to allow testing of a cellbefore commercial use of this cell),
manufacturer specific (to allow the ME manufacturer to perform specific
proprietary auto-test in its ME during e.g. maintenance phases).
"
Technical Summary:
Code:
-----------------------------------------------------------
Name: EFAD (Administrative Data)
Identifier: '6FAD' (28589)
File size: 3+X bytes
-----------------------------------------------------------
Byte Description
-----------------------------------------------------------
1 UE operation mode
2-3 Additional information (incl. cipher indication)
4 Length of MNC of IMSI
5-X RFU
-----------------------------------------------------------
UE Operation Mode: (byte 1)
-----------------------------------------------------------
This is the mode of operation for the MS.
Coding: (Initial value)
'00' - normal operation
'80' - type approval operations
'01' - normal operation + specific facilities
'81' - type approval operations + specific facilities
'02' - maintenance (off line)
'04' - cell test operation
NOTE: All other values are RFU (reserved for future) use
-----------------------------------------------------------
Additional Information: (byte 2-3)
-----------------------------------------------------------
Coding:
- Specific facilities code (if b1=1 in byte 1);
- ME manufacturer specific information (if b2=1 in byte 1).
Ciphering indication is enabled by enabling both the specific
facilities bit (b1) in byte-1 AND the cipher indicator bit (b1)
in byte-3. Thus the administrative data field has to be:
Byte-1: 0x01 0000 0001
Byte-2: 0x00 0000 0000
Byte-3: 0x01 0000 0001
Byte-4: 0x02/3 0000 001x
-----------------------------------------------------------
Length of MNC in the IMSI: (byte 4)
-----------------------------------------------------------
The length indicator refers to the number of digits,
used for extracting the MNC from the IMSI.
This value codes the number of digits of the MNC in
the IMSI. Only the values (b1-b2) '0010' and '0011' are
currently specified, all other values are reserved
for future use.
-----------------------------------------------------------
Relevant Documents:
TS 22.101
TS 31.102
TS 33.102
-----------------------------------------------------------
How to read the Ciphering Indicator in your SIM
Since there is no API call (AFAIK) for directly reading the SIM data
fields, we are going to use your modems standard AT commands. You can
normally do this in two ways. (1) By connecting your phone via USB to
your PC and use a terminal application to send AT commands (ATCs)
directly to the Baseband Processor (BP), aka "modem". (b) To connect
directly to the modem "device" via some terminal program within the
Android Operating System (AOS). For all the details surrounding this,
please see this thread.
Once you've got an AT command terminal session working, you are free
to issue the relevant AT commands to read from your SIM card. The
particular command we are interested in, is the +CRSM command. This
command can read/write various data directly from SIM card files.
==================================================
If you know of any equivalent or valid AOS API call for reading
this type of SIM data, please let us know!
==================================================
The +CRSM syntax is as follows:
Code:
AT+CRSM=<command>[,<fileid> [,<P1>,<P2>,<P3> [,<data> [,<pathid>]]]]
<command> This is the operation to be performed:
176 READ BINARY
178 READ RECORD
192 GET RESPONSE
214 UPDATE BINARY
220 UPDATE RECORD
242 STATUS
<fileid> This is an integer which is the identifier of a elementary
datafile (EF) on SIM. Mandatory for every command except
STATUS and may be e.g.:
Hex Dec File
---------------------
6F37 28471 ACMmax
6F07 28423 IMSI
6F39 28473 ACM
6F41 28481 PUKT
6F42 28482 SMS
Structure:
[CLA INS P1 P2 P3 Data]
The bytes have the following meaning:
CLA Is the class of instruction (ISO/IEC 7816-3 [25]), 'A0' is used in the GSM application;
INS Is the instruction code (ISO/IEC 7816-3 [25]) as defined in this subclause for each command;
P1, P2, P3 Are parameters for the instruction. They are specified in table 9. 'FF' is a valid value for
P1, P2 and P3. P3 gives the length of the data element. P3='00' introduces a 256 byte data transfer
from the SIM in an outgoing data transfer command (response direction). In an ingoing data transfer
command (command direction), P3='00' introduces no transfer of data.
SW1 and SW2 Are the Status Words indicating the successful or unsuccessful outcome of the command.
-------------------------------------------------------------------------------
Dec. <sw1> <sw2> Description
-------------------------------------------------------------------------------
144 0x90 0x00 normal entry of the command, indicating OK
103 0x67 0xXX incorrect parameter P3
0x6B 0xXX incorrect parameter P1 or P2
0x6D 0xXX unknown instruction code given in the command
0x6E 0xXX wrong instruction class given in the command
0x6F 0xXX technical problem with no diagnostic given
0x9F 0xXX length XX of the response data
0x92 0x0X update successful but after using an internal retry routine X times
0x92 0x40 memory problem
0x94 0x00 no EF selected
0x94 0x02 out of range (invalid address)
0x94 0x04 file ID not found; pattern not found
0x94 0x08 file is inconsistent with the command
0x98 0x02 no CHV initialized
0x98 0x04 Access condition not fullfiled / unsucc. CHV verify / authent.failed
0x98 0x08 in contradiction with CHV status
0x98 0x10 in contradiction with invalidation status
0x98 0x40 Unsuccessful CHV-verification. Or UNBLOCK CHF / CHV blocked /UNBL.blocked
0x98 0x50 Increase cannot be performed. Max. value reached
-------------------------------------------------------------------------------
For example, you could also read your IMSI code from your SIM card,
but this is a little more tricky as that operation involves a parity
bit-field in the second byte, while using a compressed BCD coding.
Reading the AD field (containing cipher indication)
Also see +CSIM and +CSCS
Code:
[B]AT+CRSM=176,28589,0,0,3[/B]
+CRSM: 144,0,"000000"
==> Bytes: 1-3 = 00,00,00
byte1: "MS operation mode"
byte2: "Specific facilities" B1
byte3: "Specific facilities" B2 (+ cipher indication)
==> [COLOR=Red]Ciphering indication is disabled[/COLOR]
Note: a response like this "+CRSM: 103,3" indicates that there is
a problem with P3 and that the value for P3 should be 3.
How to write AD and enable the Cipher Indicator in your SIM
Now, this is the most tricky part while being poorly documented.
The problem is that since this is an "administrative operation", it
may require something called a "facility lock password". However it
is not clear to me what this is. Is it just a CHV PIN/PUK or is it
something only known to the OEM or cellular service provider?
Anyone who could provide proper guidance here, will be offered
a beer! (Also see: +CLCK, +CPWD, +CSIM for reference.)
Going through the reading hoops above, we guess that the
proper write command should be like this:
Code:
AT+CRSM=214,28589,0,0,3,"010001"
However, we know from reading other SIM files (IMSI) that sometimes
the data is returned in compressed BCD format. That is, it could be
that the 1st and last pairs of 01's should be swapped to 10's.
So that we have:
Code:
AT+CRSM=214,28589,0,0,3,"100010"
Any ideas?
Also interested
+1 (never know what can happen in a state governed by Sarkozy... :S )
Wouldn't it help to use a Database like openbmap.org (I'm not allowed to link yet) to distinguish an IMSI-Catcher from a base station?
XdxH62 said:
Wouldn't it help to use a Database like openbmap.org (I'm not allowed to link yet) to distinguish an IMSI-Catcher from a base station?
Click to expand...
Click to collapse
been reading up on this.. quite fascinating.
Phone Support Log
This is a list of phones that have been claimed (but not verified) to work with AIMSICD. If you absolutely want to post success stories, do include exact phone model, API level (AOS version), and whether your using a special ROM, and the result from "uname -a" command.
DO NOT POST IF THE AIMSICD DOESN'T WORK FOR YOU!
This App is not even Beta version yet, so we don't expect it to work for anyone than
ourselves at the moment. As soon as this changes, you will find out here!
Current AIMSICD Version: 0.1.6-alpha
Code:
GT-I9100T Android 4.1.2 Official stocked, rooted
Samsung Galaxy Nexus, CM 11.0 M5
HTC ONE M7 (PN0710000) AOKP M7 Generic (KitKat 4.4.2)
Click to expand...
Click to collapse
---
Old original post/message:
XdxH62 said:
Wouldn't it help to use a Database like openbmap.org (I'm not allowed to link yet) to distinguish an IMSI-Catcher from a base station?
Click to expand...
Click to collapse
Unfortunately not. If you had followed the links above, you would have seen gsmmap... It does help trying to map the likelyhood that someone outside an intelligence organization is using one, but you can technically fake any such valid BTS as well. You need other methods... See refs/docs.
Click to expand...
Click to collapse
ghost stations
XdxH62 said:
Wouldn't it help to use a Database like openbmap.org (I'm not allowed to link yet) to distinguish an IMSI-Catcher from a base station?
Click to expand...
Click to collapse
sure, that would make perfect sense. this way you would immediately spot "ghost base stations" that miraculously appear for one day only ...
*#0011# | Network Info
*#32489# | Cipher Info <--- does anybody get anything out of this (OFM-bit)
*#197328640# | General Service Mode GT-S5360 Galaxy Y : -1-7-3-1-1- in LA4 modem Fw.
*#745# | RIL Dump Menu
mai77 said:
sure, that would make perfect sense. this way you would immediately spot "ghost base stations" that miraculously appear for one day only ...
Click to expand...
Click to collapse
That's partially correct, but you need to ensure (at least) two things.
1. That the "detector" you're using is not moving around!
2. That the database you're comparing with have not already been corrupted.
Therefore, you can (and should use a database), but you need a much more advanced algorithm for determining when and how this BTS appeared combined with other criteria.
in 97%+ of real cases, an IMSI catcher would be in operation for a short while only. this change should be detectable by comparing cell IDs and such of some area in a town, which hardly changes over time.
On an i9000 the code to access the engineering menu (*#197328640# in Dialer) worked – I’m assuming it’s standard across all recent Samsungs, not just the Galaxy S series.
Menu 1,8,3,1 displays the current ciphering status, i.e. whether or not your current call is currently encrypted.
from youtube :
mai77 said:
...
On an i9000 but the code to access the engineering menu (*#197328640# in Dialer) worked just the same – I’m assuming it’s standard across all recent Samsungs, not just the Galaxy S series.
Menu 1,8,3,1 displays the current ciphering status, i.e. whether or not your current call is currently encrypted.
Click to expand...
Click to collapse
Right, and that's why I have been trying to reverse engineer the Service Mode application, to find out where all that info is coming from, including other parts needed from that app. But I'm new to all this Android stuff, so... Instead this led me to the RIL, but since the interesting parts of the RIL is closed source I tried to figure out what is happening in the modem. This finally led me to post this new thread:
"How to talk to the Modem with AT commands":
http://forum.xda-developers.com/showthread.php?t=1471241
Any tips/ideas how to get this info would be great!
I suspect there will be several different way to get to this, but all may prove relevant...
atdebug.apk
at-command debug tool on android
http://forum.xda-developers.com/showpost.php?p=19485757&postcount=1
you have to know the device name though
mai77 said:
at-command debug tool on android
http://forum.xda-developers.com/showpost.php?p=19485757&postcount=1
you have to know the device name though
Click to expand...
Click to collapse
Yeah, I saw that, but it doesn't work, because the developer is making false assumptions on both which serial device is used, and it's permissions...
http://developer.android.com/reference/android/telephony/gsm/GsmCellLocation.html
to monitor cell data
import com.android.internal.telephony.Phone
import com.android.internal.telephony.PhoneFactory
...
PhoneFactory.makeDefaultPhones(this)
Phone phone = PhoneFactory.getDefaultPhone()
then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though
mai77 said:
http://developer.android.com/reference/android/telephony/gsm/GsmCellLocation.html
to monitor cell data
import com.android.internal.telephony.Phone
import com.android.internal.telephony.PhoneFactory
...
PhoneFactory.makeDefaultPhones(this)
Phone phone = PhoneFactory.getDefaultPhone()
then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though
Click to expand...
Click to collapse
News ?
Sent from my Galaxy Nexus using xda premium
I just updated original post #2 with the procedure for finding out if the ciphering indicator is enabled/disabled on your SIM card. However, this procedure need to be implemented in code/application for practical use. Alternatively, there may be some IPC calls that could be used to get these data...if we knew where to look.
mai77 said:
then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though
Click to expand...
Click to collapse
You could probably use "reflection" to get and use those methods... try googling/stackexchange for that.. We appreciate you attempt!
AT+CRSM=176,28589,0,0,3
results in error code on a Galaxy.
quite some number of xda members have found their entry "Ciphering" ON/OFF in the engineering menu of their phones, e.g. Galaxies. But I didnt come across a reliable report of success. Galaxy Y contains that entry too, but the bit appears unchangeable and might be a placebo menu entry alongside some other placebo toggles.
I am very much impressed with the informative and interesting discussion. Thanks for sharing such great content with us.
mai77 said:
AT+CRSM=176,28589,0,0,3
results in error code on a Galaxy...
Click to expand...
Click to collapse
Hi, Sorry for late reply. You have a GT-S5360 (FCC ID: a3lgts5360), but these come in several different versions. What baseband processor is this using? If it's a X-GOLD-based one (XMM 6x60), the command above should work. If on the other you have some other modem, like Qualcomm etc, there is no telling what would happen, even though the +CRSM is a GPP 27.00x "standard". What error do you get, and how do you connect to your phone? (I.e. Make sure you're actually talking to your phone modem and not to some other internal modem device in your PC.)
Also, like I already mentioned in #2:
1) the bit is not changeable on most SIM cards.
2) the actual ServiceMode menu functionality is contained in the Baseband firmware on X-GOLD, for Qualcomm, I don't know, even if it available.

How to Simulate Your Phones Connection Speed to 4G (LTE)

Hello,
I'd like to start with this as my first post on this wonderful forum, Because I'll still be sharing awesome contents henceforth.
I found this wonderful app and I thought I should share it with my friends.
It's about how you can simulate your phones connection speed to 4G(LTE).
We all know that in terms of connection speed, 4G is better than 3G, so for those that wants to have a fast speed connection, try this app.
I'll share the Download link at the end of this post.
3G to 4G converter provides multiple functionalities. Following features are included in one single app:
– Get Phone Details like IMEI Number, Service Provider Name, Android ID, Phone type like GCM or CDMA
– Get Sim Details Serial Number, Country details, Operator Name, Subscriber ID and Operator Code.
– Get WIFI connection details : Link speed, Frequency, IP Address, Network, RSSI, MAC Address and SSID
– Internet speed testing meter.
– Check if your mobile supports VoLte or not.
– 3G to 4G and 4G to 3G converter simulator.
> HACK: Don't Close the app after converting, let it run in the background.
Download Link
datafilehost*com/d/fe5a6f81
Change *com to dot(.com)
> Disclaimer: I am not in anyway promoting this app, neither am I an affiliate or neither do I receive commission for each download.

Categories

Resources