[Gsmmap] How much of the IMSI Catcher Score can be derived WITHOUT a mobile phone ?

Mm Bsd mmbsd1982 at yahoo.com
Sat Oct 17 20:36:26 CEST 2015


I am looking over the IMSI Catcher metric on this page:


... and I think it's very interesting that many of these measurements could be taken without a mobile phone - perhaps with just a SDR device and GR-GSM and wireshark.

For instance, am I correct that every single one of the "A" metrics and also the K1 metric is all based on information that is broadcast, unencrypted, on the BCCH ?

If the registration timer is also broadcast on BCCH unencrypted, then metric "T1" is also available to a SDR with wireshark.

Finally, I wonder about R1.

F1 (Few paging requests) is obviously available to an SDR, although I see it was removed from the criteria...

Am I correct ?  Can we determine a lot about the IMSI catcher score with just a SDR ?

