[Gsmmap] Trouble triggering snoopsnitch
luca at srlabs.de
Mon Nov 28 16:07:03 CET 2016
Now I can tell you what happened :)
Since OpenBTS-UMTS does not implement CS, the only interaction
with the fake BTS takes place in PS (RAU and PS Attach).
Quite unfortunately I did not include this scenario in the detection
logic because "normal" IMSI catchers would primarily fake a CS
network (call and SMS services are supported by every phone).
So, there is some space for improvement, I will consider to
add this new logic in the next app release.
It would be great if you could send me (privately)
the radio trace (qdmon-*) file that you obtained while playing with
> Yes, pcap is attached.
> Thank you.
> Luca Melette wrote:
> > Hi Joshua,
> > The logic that detects rejected location updates should work for
> > both GSM and UMTS.
> > I can imagine a single case that would stay under the radar, that
> > is, if a mobile already sends the IMSI in the LUR message and the
> > network then rejects it.
> > Would you be able to collect a pcap and share it via mail?
> > Cheers,
> > LM
> >> Hello,
> >> I am attempting to trigger an alert on Snoopsnitch 1.0.1. It is
> >> running on a Nexus 5 running CM and seems to be working (runs
> >> analysis, can run active test).
> >> The phone is running with a valid SIM card and connects to its
> >> normal network fine.
> >> I an running OpenBTS-UMTS into a Ramsey box. I put the phone in the
> >> box and run OpenBTS and when the phone tries to connect I see the
> >> IMSI when the authentication fails (so I successfully caught the
> >> IMSI) but nothing in Snoopsnitch ever triggers.
> >> Is this expected to trigger it? If not, why not? Is there a more
> >> efficient way to show it working?
> >> Thank you.
> >> _______________________________________________
> >> Gsmmap mailing list
> >> Gsmmap at lists.srlabs.de
> >> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
> > _______________________________________________
> > Gsmmap mailing list
> > Gsmmap at lists.srlabs.de
> > https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
More information about the Gsmmap