[Gsmmap] TMSI in osmocom
luca at srlabs.de
Sun Jul 29 20:54:47 CEST 2012
On Thu, 14 Jun 2012 13:57:32 +0200
Bjarne Bachmann <bba at adsl9-ericsson.tranbjerg.arh.tele.dk> wrote:
> I am trying the new live Image to run the gsmmap software.
nice to hear that somebody is testing our last release.
Sorry for the delay, mainly due by our list server.
> It is running without problems until it asks for TMSI?
> In the doc. they write "This TMSI should be obtained from device
> information screens on your mobile"
> On the Osmocom phone or from an other phone? And where to find it on
> a standard phone.
Some mobiles can show the TMSI in special menus,
but this not a very common feature.
(named: Service menu / Engineering screen / etc)
If you have two Osmocom capable phones, you can
run one with the original Osmocom-BB firmware and
read the TMSI from the console interface.
Another way, at your risk, is to guess which is
your TMSI from the ones that are listed by our
software if you enter 00000000 as TMSI.
This procedure is not 100% reliable, and if misused
can lead to other user's interception (illegal).
It can also fail in case the network reallocates
the TMSI at each transaction or you are listening
to the wrong ARFCN.
After this disclaimer, these are the instructions:
- start your gsmmap, until the TMSI is asked
- enter 00000000
- monitor the console output for lines showing CM_REQ
- try to call a number, twice or more, from your mobile
- check if there are duplicate TMSIs in the output
- after locating one, try to call again to verify
If this method doesn't work, you can try receiving calls.
This is done looking for PAGRESP in the console output.
The successive step is to restart the software and use
the TMSI you found. Repeat the steps if no success.
The initial choice of the ARFCN can be tricky in some
areas where there are cells with comparable signal level.
Hope this helps :)
> Best Regards
> Bjarne Bachmann
More information about the Gsmmap