GSM Hacking Pentester Guide

GSM is an ancient technology and nowadays is totally insecure, many countries are removing GSM infrastructure and reusing the frequencies for 5G and other transmissions technologies. Here I will explain the most common public attacks against GSM networks using cheap hardware.

SS7 attacks and attacks using Rogue BTSs are not in scope. (for now…)

what hardware is necessary to capture GSM downstream packets and decrypt SMS and Voice traffic on specific channel. First the hardware is described with a few technical details, then is necessary to understand how the spectrum works and what frequencies we need to use in our own country.

After we know what frequency and downstream channel we want monitor we will capture live data on specific channel and decrypt traffic channel and at the end I will explain how to crack A5/1 encryption using rainbow tables.

GSM SIM Cards

GSM Mobile Station

Capture BTS Broadcast Unencrypted Data

Decrypt SMS Data

Decrypt Voice Channel

GSM A5/1 Decryption

git clone git://git.srlabs.de/kraken

https://opensource.srlabs.de/projects/a51-decrypt

GSM IMSI Catchers