GSM Hacking: Decrypt SMS Data

Decrypt GSM SMS

In order to decrypt SMS data is necessary to use gnuradio gsm decoder tool grgsm_decode

┌──(kali㉿OffSec)-[~]
└─$ grgsm_decode -h
Usage: grgsm_decode: [options]

Options:
  -h, --help            show this help message and exit
  -m CHAN_MODE, --mode=CHAN_MODE
                        Channel mode. Valid options are 'BCCH' (Non-combined
                        C0), 'BCCH_SDCCH4'(Combined C0), 'SDCCH8' (Stand-alone
                        control channel) 'TCHF' (Traffic Channel, Full rate),
                        'TCHH' (Traffic Channel, Half rate)
  -t TIMESLOT, --timeslot=TIMESLOT
                        Timeslot to decode [default=0]
  -u SUBSLOT, --subslot=SUBSLOT
                        Subslot to decode. Use in combination with channel
                        type BCCH_SDCCH4 and SDCCH8
  -b BURST_FILE, --burst-file=BURST_FILE
                        Input file (bursts)
  -c CFILE, --cfile=CFILE
                        Input file (cfile)
  -v, --verbose         If set, the decoded messages (with frame number and
                        count) are printed to stdout
  -p, --print-bursts    If set, the raw bursts (with frame number and count)
                        are printed to stdout

  Cfile Options:
    Options for decoding cfile input.

    -f FC, --fc=FC      Frequency of cfile capture
    -a ARFCN, --arfcn=ARFCN
                        Set ARFCN instead of frequency (for PCS1900 add 0x8000
                        (2**15) to the ARFCN number).
    -s SAMP_RATE, --samp-rate=SAMP_RATE
                        Sample rate of cfile capture [default=1.0M]
    --ppm=PPM           Set frequency offset correction [default=0]

  Decryption Options:
    Options for setting the A5 decryption parameters.

    -e A5, --a5=A5      A5 version [default=1]. A5 versions 1 - 3 supported
    -k KC, --kc=KC      A5 session key Kc. Valid formats are
                        '0x12,0x34,0x56,0x78,0x90,0xAB,0xCD,0xEF' and
                        '1234567890ABCDEF'

  TCH Options:
    Options for setting Traffic channel decoding parameters.

    -d SPEECH_CODEC, --speech-codec=SPEECH_CODEC
                        TCH-F speech codec [default=FR]. Valid options are FR,
                        EFR, AMR12.2, AMR10.2, AMR7.95, AMR7.4, AMR6.7,
                        AMR5.9, AMR5.15, AMR4.75
    -o SPEECH_OUTPUT_FILE, --output-tch=SPEECH_OUTPUT_FILE
                        tch/f speech output file [default=/tmp/speech.au.gsm].
    --sub-channel=TCH_H_CHANNEL
                        TCH/H sub-channel. [default=0]
    --multi-rate=MULTI_RATE
                        The MultiRate configuration element from the
                        Assignment Command message. Example: 28111a40. See
                        3GPP TS 44.018 - 10.5.2.21aa MultiRate configuration
    --voice-boundary    Enable voice boundary detection for traffic channels.
                        This can help reduce noice in the output.