Cracking GSM with RTL-SDR for Thirty Dollars

Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.

Previous endeavours to listen in and decrypt GSM signals used fairly expensive software defined radios – USRP systems that cost a few thousand dollars a piece. Since the advent of RTL-SDR, the price of software defined radios has come down to about $30 on eBay, giving anyone with a Paypal account the ability to listen in on GSM calls and sniff text messages.

The process of cracking GSM first involves getting the TMSI – Temporary Mobile Subscriber Identifier – a unique ID for each phone in a certain cell. This is done by sending a silent SMS that will send back and acknowledgement an SMS has been received on the victim’s phone, but won’t give the victim any indication of   receiving a message.

From there, the attacker listens to the GSM signals in the cell, receiving bursts attached to a TMSI, and cracking the encrypted stream using 1.6 TB of rainbow tables.

[domi] put up a four-part tutorial series (part 1 above; part 2, part 3, and part 4) that goes over the theory and the actual procedure of cracking text messages and voice calls with a simple USB TV tuner. There are a few limitations; the attacker must be in the same cell as the victim, and it looks like real-time voice decoding isn’t yet possible. Cracking GSM for $30, though, that’s good enough for us.

53 thoughts on “Cracking GSM with RTL-SDR for Thirty Dollars

  1. It’s still not click and drool so that any typical user can do it, but it significantly lowers the bar for those that have the IQ and education to do it.

    It is a little sensational of a headline, 99% of all private investigators lack the brain cells to do this, same ratio of the public also lack the ability. But It does offer an opportunity for a black hat to have yet another attack vector. More scary is the ability to just capture all of the data stream even in encrypted form for later use.

      1. No, but in practical terms, if it keeps the skript kiddies out, it’s a whole lot less chaos.

        It seems like, in cases of stuff that’s extremely clever, like this, the real geniuses write the software, then the also-rans write front-ends that put it into the hands of monkeys. Inconvenience isn’t a philosophy to rely on, but in the period between a crack and a fix it’s probably the best we have.

        Since GSM’s had this hole since 2003, I’m a bit surprised they haven’t fixed it. I know it’s a fairly basic flaw, but if they’d added on some extra optional standard, and kept the old flawed mode for compatibility, by now the problem would have been solved. Tho I’m sure there’s some reason they didn’t do this that I don’t know about.

        My phone’s 3G anyway. Do they use GSM for voice?

        1. Actually thinking about it my wristwatch is only 2G. But I use that more for watching videos on. 48 quid from Amazon, technology, marvellous!

        2. GSM’s had the hole from the beginning, because they used roll-your-own crypto (and set a bunch of the key bits to zero as well, probably because of political pressure.) It got discovered when somebody gave Ian Goldberg (a crypto grad student at Berkeley) a copy of the crypto code to evaluate. He took a look at it over lunch time, and it took three hours to crack instead of two because the Chinese restaurant was having the good lunch special that day instead of the boring one.

          Analog cell phones were still around (no crypto), and the Qualcomm CDMA systems had a trivial crypto algorithm because of political pressure (including the threat to deny them import and export permissions if they didn’t cooperate.)

      1. can you elaborate please? googling tan via handy is useless due to a skin tanning product called handy tan. im assuming by tan you mean transaction authorization number.

  2. Mmm, it’s a nice reminder than GSM is completely insecure but :

    – There is nothing new here. Even the software he use haven’t been written by him and they’ve been public for years and demonstrated at various conferences for . The only new piece of software is the ‘silent sms’ app he wrote for android but even that’s only an implementation of a small part of the attack presented at 27C3 ( http://www.youtube.com/watch?v=fH_fXSr-FhU ).
    – There are several innacuracies and technical errors in the write up.
    – He also pretty much “skipped” the hacking part, he just recovered the key from his own SIM in part4, no cracking there.
    – There are other pieces missing in the write up that make the described attack unlikely to work on a real network (AMR codec and hopping come to mind). To be clear, those are cracked too and have been for a while (with practical demo showed), they’re just “skipped” in this blog post.

  3. Given the gigantic size of those tables I don’t think there is any hope of live decoding on current purchaseable hardware. The best setup I think would be a gpu server which you send the data off to for crack and decryption with SSDs serving the tables. Eventually as gpu core numbers increase an ram sizes make a 1.6 TB ramdisk possible I could see an the posibility of near live decoding on consumer aquirable equipment.

    1. ?!? Of course there is. 4 * 512Go SSD and a good GPU and you’re good to go. For less than 5k$ you’ve got a very good setup.

    1. Because it has it’s key in the simcard, You are cracking the unknown key. That is what the tables are for a time memory cracking. You can take a long time to crack and use little memory or you can pre-calculate part of the process to speed things up, but you need storage for this.

  4. I hate to be a spoil-sport, but receiving cell signals that are not intended for you is illegal in the US. Even listening to that portion of the spectrum is illegal.

    Of course, enforcing this is pretty close to impossible…

    1. It’s actually not. Selling or importing a device that has the ability to listen to those frequencies is what’s illegal. Being in possession of such a device, though, is not illegal (i.e., you can build your own scanner that receives cell frequencies). Actually using it is not illegal, either, but attempting to break the encryption on the received data is illegal. Also, it only covers a narrow range of frequencies that were used for AMPS. Modern cell phones can and do use frequencies outside that band.

  5. I thought these hacks only worked on early versions of GSM, which aren’t used in current mobiles UMTS 3G and LTE 4G, with newer technology prefering longer key lengths (brute force hacking time is exponential in key length).

      1. Massive, huge amount of people complain to their network. Network presumably turns on some debugging tech in their towers that triangulates the jammer. Cops turn up sharpish.

        That’s a guess… but presumably the network would do something pretty quick.

        It’s sortof interesting that phone jamming doesn’t seem to go on very much. I suppose because it’s mostly pointless is the main reason. I wonder how many of those jammers get sold online? And how many are ever used?

        1. Seriously, people don’t go running to their provider, just because their reception is bad. A Jammer that jams only th 3G Band will make your phone roll back to GSM. Unless you are surfing on the net, it doesn’t make a difference for you. You can still call and be called on your phone.

  6. The missing bits of information are still public, you just have to go find them. Part of keeping the idiots out… preventing criminal uses by anyone except those who have the time and knowledge to do it.

    It is new to the extent that the RTL-SDR is being used, which was suspected possible for a long time but never tested until now.

    You need a nearly 2TB rainbow table to crack GSM regardless of the tools you have, and good luck with that because there are no seeders on the torrents.

    1. “Never tested until now” ??? The gsm_receive_rtl.py script from airprobe that the guy uses in the article has been imported into git in June 2012 by Steve Markgraf …

    2. Anyone reading this who’s tech savvy and with some financial incentive, can create an easy to use tool, sell it together with the table and the RTL-SDR for relatively cheap. The total hardware costs should not be more than $200 assuming a standard pc is available.

  7. This was actually doable several years ago. Check out Chaos Communication Congress 27, “Wideband GSM Sniffing” (day 2) and “Running your own GSM stack on a phone” (day 3). I can’t remember what the first guys used, the second guys used the TI Calypso GSM chipset one some old Motorola phones

  8. If I’ve understood correctly, the cheap SDR’s(such as the RTL-SDR) doesn’t have enough bandwidth to capture several channels, so if the cellular network uses channel hopping(which is pretty standard), capturing voice is close to impossible. SMS shouldn’t be much of a problem though, provided they are using unencrypted SMS (most providers are).

    However, other SDR’s do have enough bandwidth to capture all GSM channels. I don’t quite think HackRF has enough bandwidth, but some USRP models does have. When you have all channels captured, and you have cracked the key, it’s just a matter of applying the key to the call across all channels.

    Channel hopping in GSM is by no means a security measure, but it does ensure that attackers need a more hefty investment than 30$.

    As usual, the guys with the most expensive toys gets all the fun.

  9. Suppose the crack key is resolved, could it be posible from a pc+rtl-sdr do a call (sms or predefined voice) to a near cellphone whitout comunicating with the cell tower?? what would be the distance range?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s