02 sms decoding
i have been reading with interest about decoding sms messages on 02 i think the software used is called gsmview but not sure about that
it seem that it can and is done but how it is done i don't know does anybody have any info on this or even better know what is needed and where to get it from
does anyone have gsmview?
i was hoping someone could help me out with the gsmview i have read about it but not found the software anywhere
apparently sms messages somewhere along the line are transmitted via bt to there exchanges or something similar the encryption used is known and can and is decoded but i don't know how this is done what frequency it's transmitted at or what equipment is needed
there is somebody on modshack saying he is doing this but isn't very fourthright in how unfortunatly
Can't be done. End of thread sadly.
Last edited by sparkster; 19th November 2002 at 03:51 AM.
i just wish people would know what there talking about before they come out with shite before they know if it can or can't be doneOriginally posted by hummmm
Can't be done. End of thread sadly.
well just to give you an insight on how it is done read this page about gsmview i think it will change your mind
gsmview
the english bit is below the foriegn bit
and while your at it get your arse over to modshack and read a thread in the members lounge called phreaking there's a guy claiming he is doing it
Last edited by sparkster; 19th November 2002 at 03:51 AM.
@Hummmm ,,, can you give us your expert knowledge and opinion as to why it can't be done m8? ,, without profanities please :rolls:
sparkster
If you tell the truth, you don’t have to remember anything.
Only mods............
End threads......................................Originally posted by hummmm
Can't be done. End of thread sadly.
anything can be sniffed
I would like to be proved wrong, having looked at the traces
on the gsmview page most look like traces taken at the
SS7 end and not sniffed over the air interface and there
seems to be no ciphering taking place. You can monitor
SMS messages easily at the SS7 level as you don't have
the A5 algo to worry about. The air interface is the secure bit.
Quotes:-
> It may be of interest that user data are coded in a 7 bit
> alphabet
The user data should be ciphered using algo such as 5.1 by all
networks in the UK.
>> : User Data
>> 04 00000100 lgth of 7 bit char : 4
>> f4 11110100 t
>> f2 11110010 e
>> 9c 10011100 s
>> 0e 00001110 t
How easy was that! Bobs your uncle - that is magic
Quote:
>>The shown SMS-Trace is not full correct, as for decoding >>purposes the segmented message got connected.
Too right there..
Looks very fishy fishy.... I haven't seen user data like that on the air interface.
You can see paging requests on the SDCCH, the type
of message, the TMSI etc but anything else is ciphered so you
can't see the number of the mobile being paged. It is for
security reasons that the IMSI is not paged and a TMSI is
allocated (and to give more paging capacity) hence that data isn't
transmitted on the air interface.
My experience is only of the UK system so I don't know how
they impliment abroad.
I have played with a number of test handsets, written software
for locating etc so I do have a little practical experience in
the area. I have used a very similar handset to the Sagem
used, an old Orbitel one.
Before you all shout but A5.1 has been cracked...well yes
but we are yet to see this done 'live on the air interface' even
by the ccc - choas computer club and the likes.
For info http://cryptome.org/a51-bsw.htm
Comments ??? more flames...?
Questions ?
Can't access modshack at the mo but will have a look as am
a member there. when it is back up.
If this GSM view software only works with handsets like the
Sagem then Jo Bloggs isn't going to have much luck with his
Nokia 3210. The Ericsson suite of tools for so called trial work
costs a mint and you need a handset with TEMS software. No
idea if Nokia even do one... The engineering mode certainly won't
give you that. Handsets like the sagem just plug into a PC serial
port and chuck back messaging data as requested, layer 2 / 3,
paging channel or SACCH reports. You get them to interface with
the application by sending a simple ASCII string
i.e /d 08981 696969
Hence I doubt the gsm view program is anything much more the
a terminal program with some very basic decode in line with
the GSM specs.
I will have a look at the specs if I can find them somewhere
on the 3gpp website.
Still stick to my orginal quote, but we can keep this thread running
it is good to see something a bit techicial on here...
good to see you back hummmm and after reading what you have wrote you make a good case for what you said in the first place but as i said the guy on modshack claims he is doing it and it can be done quite easily
he was asking for frequencies as he had lost his so it sounds as if he is using a scanner of some description he wouldn't need frequencies for a mobile phone if that was what he was using
i don't know if it can or can't be done fore sure but i have no reason to doubt the guy who claims he can but alas it might be somebody who is missreading pager stuff as sms but i don't think so it's gonna be interesting finding out
Wish the modshack site would return..anyone know what is up
with it ?
Doing this with a scanner would be even harder. GSM uses
digital TDMA and is therefore far from anlogue or the likes of
paging messages which as cosmicma says are easy to decode.
From the look of the gsmview software screen shot there is no
way that was designed for a scanner.
Fact the the guy / girl doesn't know what frequency to look
on doesn't fill me with confidence. Problem is you would
be best to monitor the SDCCH of the strongest serving cell to
you. If you have a mobile with logging software it will do this
automatically. With a scanner you would have to first work out
the frequencies used for the target network. Then tune to
a BCCH (broadcast control channel) and not a traffic channel.
As soon as I can get on the modshack I will join the thread on
there. Not to cut down anyones work but to help where
possible and make sure it isn't a 'my mate put his sky card in
the microwave now it gets all channels' style thread.
I will get some frequencies together from the uk spectrum
allocation.
Think as a board we should be doing more work in areas like this.
There was somework going on with decoding traffic master
messagees which I think use POCSAG as paging messages do.
Thoughts ?
looks like this is real. Front page of this weeks Computer Weekly has an article titled "Hackers can crack GSM network in seconds"
apparently the 128bit encryption they use (Comp 128) is easily crackable and with the right connections and a PC using a mobile they can access voice, data, cell locations, sms etc.
Bug.
Attached article from cw360.com
Hackers can crack GSM networks in 'seconds'
GSM mobile telephone networks have a flawed security algorithm and can be cracked using a PC connected to a mobile phone, security consultancy ISS has warned.
ISS is to publish a white paper in the next month detailing the threat.
It says the risk is increased by the proliferation of handheld devices used to access enterprise systems and the Internet via GSM, a global system for mobile communications.
Mobile phones and handhelds are now used by thousands of UK businesses.
ISS analyst Gunter Ollman said, "Using easily-available equipment someone could choose their favourite financial director and track that person using cell location information to monitor their voice, SMS and mobile Internet traffic for passwords and bank details."
The problem lies in the Comp 128 encryption algorithm in GSM transmissions. Hackers using a PC and mobile phone can crack Comp 128 within seconds.
They could then emulate a GSM base station to gain access to confidential business information or personal details.
Ollman said that more secure algorithms do exist for GSM but carriers do not use them because they are more costly to implement.
He advises business users to be aware of the potential vulnerabilities of GSM and ensure that sensitive business is not conducted on mobile phones.
Ovum analyst Jeremy Green said, "It used to be only governments who had the computing power to do this - now it is within the reach of individuals.
While I don't believe this is a widespread problem businesses may want to think about securing their mobile communications."
Last edited by bugnote; 29th November 2002 at 11:55 AM.
Posting Permissions
Reply With Quote
Social Networking Bookmarks