Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot.
THIS CODE IS PROOF OF CONCEPT AND SHOULD NOT BE RELIED UPON IN HIGH RISK SITUATIONS
Code is built and tested for the Orbic RC400L mobile hotspot, it may work on other orbics and other linux/qualcom devices but this is the only one we have tested on.
Once installed, rayhunter will run automatically whenever your Orbic device is running. It serves a web UI that provides some basic controls, such as being able to start/stop recordings, download captures, and view heuristic analyses of captures.
An ethically sourced, opt-in only data collection project. Published information is obfuscated to protect transmitters and contributors. Updating existing data requires information only available in physical range of a beacon. Multiple mobile apps for feeding the system can be found on the F-Droid repository.
Git repo: https://codeberg.org/beacondb/beacondb
A business card which is also a cell phone that is programmed to call the person on the card. This is really cool.
The FCC, some FAANGs, and others are motivated to see more innovation in the wireless space to try to see what new tech can come about. Unfortunately, the expertise is surrounded in jargon, domain and tribal knowledge, and can be very frustrating for someone who wants to take the shortcut route to running a mobile network. I aim to try to cut through a lot of the jargon and extra stuff that can get a person lost between the the excitement of operating a mobile network and manifesting it into physical reality.
I had a lot of exposure to testing early stage LTE/5G networks. My motivation is to try to demystify as much of the mobile network as I can for anyone with a strong networking but non-wireless focused background.
The number of IMSI-catchers (rogue cell towers) has been steadily increasing in use by hackers and governments around the world. Rogue cell towers, which can be as small as your home router, pose a large security risk to anyone with a phone. If in range, your phone will automatically connect to the rogue tower with no indication to you that anything has happened. At that point, your information passes through the rogue tower and can leak sensitive information about you and your device. Currently, there are no easy ways to protect your phone from connecting to a rogue tower (aside from some Android apps which are phone specific and require root access).
This project demonstrates how you can create a rogue cell tower detector using a Raspberry Pi and a SIM 900 module. The detector can identify rogue towers and triangulate their location. The demonstration uses a SIM 900 GSM module to fingerprint each cell tower and determine the signal strength of each tower relative to the detector.
A curated list of telco resources and projects.
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
This wiki collects information about prepaid (or PAYG) mobile phone plans from all over the world. Not just any plans though, they must include good data rates, perfect for smartphone travellers, as well as tablet or mobile modem users.
An OpenWRT package repository for packages that have to do with using mobile broadband peripherals. Includes instructions for configuring the use of USB cell modems.
A company that makes lots of specialized shields and hats for the RasPi and Arduino. Antennae, cellular radios, IoT modules, sensors, feedlines, connectors, adapters, and kits.
This program show you IMSI numbers of cellphones around you.
How to create a portable GSM BTS which can be used either to create a private (and vendor free!) GSM network or for GSM active tapping/interception/hijacking … yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception.
vmdialer is a simple app that lets you operate a cellular modem (pre-paid or otherwise) from Virgin Mobile or Verizon on a Linux machine. The cell modem must be activated on a Windows machine before it'll function because the PROM has to be programmed with a special app, but once that's done you can use it with this app.
Note that the exact make and model is "Novatel Wireless MC760".
FrequencyCheck is a website that helps you determine if your current cellphone will work on the cellular networks of a particular country. You can either search for devices compatible with a particular carrier, or carriers compatible with a certain mobile device.
howto build a personal gsm cellular network using linux, a RasPi, and an SDR.
International cellular provider that offers data only SIM cards for iot hackers. You get 1 meg a month of data. They're free to start with but you have to pay shipping. They also offer a device management dashboard for your projects. Entirely self-serve.