anyone know how to modify gsm phone to set a channel and sniff comunication to pc?

i'd be pretty hard since gsm frequencies are encrypted :-\

GSM Frequencies encrypted? No.................
It is the mode of modulation that is.
And communication between a phone and the pc or any other user device is not done at rf. This is done at baseband level!

motorola can be set to listen a channel,
i need cheap hardware to listen a channel
i don't need expensive hardware (more than 300.000$ - 480.000$)
is to much
i see one hardware who can recover ki from sniff comunication, brute force phone over air
maybe we can build, modify hardware to see comunication between gsm and tower

You are talking about two different things here:
The first post is about communication between the phone and the pc , while your last post is about communication betwen the phone and the base station (tower)
The first one is done at baseband and equipment could be low level and cheap, and thats why we can unlock phones using low-level interface.
While the second is done at rf level, the hardware required, could be expensive and used by the security agents.

But if you find a cheap way of doing this, let me know

hello i am new here and i am interesting in this stuff about sniffing the mobile phone between tower can you eplain to us how to kame that??



thx

You are talking about two different things here:
The first post is about communication between the phone and the pc , while your last post is about communication betwen the phone and the base station (tower)
The first one is done at baseband and equipment could be low level and cheap, and thats why we can unlock phones using low-level interface.
While the second is done at rf level, the hardware required, could be expensive and used by the security agents.

But if you find a cheap way of doing this, let me know

motorola can be set to listen a channel,
i need cheap hardware to listen a channel
i don't need expensive hardware (more than 300.000$ - 480.000$)
is to much
i see one hardware who can recover ki from sniff comunication, brute force phone over air
maybe we can build, modify hardware to see comunication between gsm and tower
can you tell me how to do this


thanks very much

I agree with USERNOME.. I guess what he was trying to say should be that if we can let a PC pretend to be a rf tower. To sniff the communication inside the phone (with any plug-ins?) might be hard, but let a PC pretend to be a tower should be a little easier, as the phone doesn't verify the signature of the tower.. and that is also what passive GSM monitor works with. maybe what we need is a simple rf antenna & a special software.. :rolleyes:

in the passed few days i was trying to search this kind of softwares but it is too hard for me.

Usernome just want to snif communication between mobile device and base station, and to store that communication to pc.

GSM sniffing is an art in itself.It used be possible with just a scanner.You can buy kit but its cost €250,000. and one set up costs twice that.There also illegal.You may aswell give up.But get any progress i'd love to know:)

with twister
on sony erison fone

there is option monitor

when u connect phnoe to twister and twister is connected to pc
press onitor button avalable on sony ericson software

it will give u all data between tower and phone

may be this inforation is helpful for some one in this respect

if any body want i can send type of data sent and reeived during monitor

it inludes word IMSI and lot of numbers

regards

i have twister from long time ago but i don't knowed about this, thanks
not to much but is something

Well it'svery interresting if we can go deeper in that issue...

4 Badil: if you can,please send me log on fertyert2005@yahoo.it

very thanks!

Hi,

GSM-test equipment for sale (usable for detection of unknown or hidden
GSM-devices)

I do have 2 pieces of second-hand GSM test-equipment they can be used for the usual testing and repair of mobile GSM-equipment (phones and modules)


1) Rohde & Schwarz CTS55 (my price: 2250 Euro's)

http://*******.com/c7l4r


2) Willtek series 4100 (my price: 2000 Euro's)

http://www.willtek.com/english/products/tt/4100


Both units are intended for GSM repair-shops or for production testing of units that incorperate GSM-equipment.


Normal uses:
============

Normally the GSM-phones are connected to above test equipment using a direct connection with a cable or with a special holder with a built-in antenna.

Both units simulate a real network basestation the phone under test will then make a connection with the simulated network...after wich various tests can be made such as requesting all kinds of data from the phone
(IMEI#,SIM-info,channels,powe...etc)

Both units come with a test Sim-Card wich simulates a network with a non existing network code ...for example 001...this card must be inserted in the phone under test.
but any other real and existing network can also be programmed into the test-equipment.

As a result above equipment can also be used to simulate your (real)local GSM-network without the need to insert the test-card into the phone under test All you need to do is to insert the correct network-code(s) into the test-equipment these codes are wellknown...so no problem there.

The phone under test must be directly connected to the test-equipment or it must be placed in a so called cradle wich is a special holder with a built-in antenna...the test-equipment only uses very low-power and has very low reception-sensitivity...therefore it will not work when the phone is not directly connected or placed in the special cradle


Other uses:
===========

Now...with some tricks above test-equipment can also be used for other purposes such as:

"Off the air" measurements and grabbing of phone data !

By simply increasing the transmit-power and the reception-sensitivity of the Test-equiupment

You will be able to:


A)

Lock a unknown GSM-phone to your fake basesstation !

B)

Grab phone-data "Off the air" up to a few 100 meters !

C)

Lock a GSM-phone to your fake base-station thus disabling it to make a real call (the same effect as a jammer)

D)

Catch a dialed number from the target phone (without a real connection)


E)

Find hidden GSM-bugs,Spyphones and GSM-trackers by simply presenting a valid network to the area under search, you will then see the unknown phone presented on the screen of the test-equipment

...etc...etc


It's up to your imagination.

If you you are good at this stuff you could even make a real "IMSI-catcher" out of it (needs additional outgoing line)


In order to achieve these additional new uses...all you need to do is increase the power-output and sensitivity of the GSM-test-equipment This can be achieved in various ways:

1)

By adding a transmit and reception amplifier

or

2)

By adding a so called lowcost "GSM-repeater" normally used to increase coverage in "bad-coverage" or "in-building" areas such a repeater is in fact the same as a transmit and reception amplifier only difference is that it is ready built.



Both units can also be programmed with so-called "scripts" wich will allow them to do various functions in sequence.
Ready made scripts are freely downloadable from above manufacturers extensive information is available to make your own scripts and have the equipment do other things.
Script language is simple and exists of a series of commands that you send to the equipment.
Both units can be remote controlled from a standard PC

One example of such a script could be the automatic switching of networks...you could do that by hand but automatic is nicer and quicker An example application could be:


Detection of unknown GSM-bugs in a room
===============================

You place the equipment in a room...the unit will quickly present itself as all local networks (in sequence) and show any unknown GSM-devices Voila...now you have a GSM-detector that will reveal all GSM-bugs even when they are not active (sleeping)

Ofcourse you have to know what you are doing



Detection of unknown GSM-devices in a car ================================

Even better do-able then detecting GSM-bugs in a room since you have a very small area to search.
You place the car in a "faraday-cage" then you place the test-equipment in side that cage....a possible GSM-device will then lock to your simulated basestation and give itself away

If no Faraday-cage (screened room) is available you could do without or drive the car to an area with low GSM activity (levels) and do the test there

As said many new possibilities...i you are interested please read all information and user-manuals first....in order to understand the possibilities.

There is an other unit available (wich i don't have...and at a much higher price) it's called: "willtek 4208 Off-Air Mobile Tester"
it can do all i have mentioned above

http://www.willtek.com/english/products/tt/4208

You can do the same with the second hand equipment i offer here just a few mods are needed...(if wanted i can do those for you at extra
cost)


Prices are ex TAX and transport,availability is 10 days you may contact me private.


Update
======

...the CTS55 is sold..but i could get another one...either new or second hand probably it will be more expensive...the Willtek series 4100 is still available.


Greetings


Tetrascanner
Amsterdam
The Netherlands
http://www.tetrascanner.com
http://groups.yahoo.com/group/gsm-scanner
http://groups.yahoo.com/group/traffic-cams
http://groups.yahoo.com/group/iPod-video
http://groups.yahoo.com/group/ICOM-IC-R1500