Cracking GSM With RTL-SDR For Thirty Dollars

Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.

Previous endeavours to listen in and decrypt GSM signals used fairly expensive software defined radios – USRP systems that cost a few thousand dollars a piece. Since the advent of RTL-SDR, the price of software defined radios has come down to about $30 on eBay, giving anyone with a Paypal account the ability to listen in on GSM calls and sniff text messages.

The process of cracking GSM first involves getting the TMSI – Temporary Mobile Subscriber Identifier – a unique ID for each phone in a certain cell. This is done by sending a silent SMS that will send back and acknowledgement an SMS has been received on the victim’s phone, but won’t give the victim any indication of   receiving a message.

From there, the attacker listens to the GSM signals in the cell, receiving bursts attached to a TMSI, and cracking the encrypted stream using 1.6 TB of rainbow tables.

[domi] put up a four-part tutorial series (part 1 above; part 2, part 3, and part 4) that goes over the theory and the actual procedure of cracking text messages and voice calls with a simple USB TV tuner. There are a few limitations; the attacker must be in the same cell as the victim, and it looks like real-time voice decoding isn’t yet possible. Cracking GSM for $30, though, that’s good enough for us.

60 thoughts on “Cracking GSM With RTL-SDR For Thirty Dollars

      1. Ok that may explain that part. But I paid $700 dollars for the package 1 and not only have i not received anything. But all My msgs on telegram were erased. And the account with the same name changed the picture

  1. It’s still not click and drool so that any typical user can do it, but it significantly lowers the bar for those that have the IQ and education to do it.

    It is a little sensational of a headline, 99% of all private investigators lack the brain cells to do this, same ratio of the public also lack the ability. But It does offer an opportunity for a black hat to have yet another attack vector. More scary is the ability to just capture all of the data stream even in encrypted form for later use.

      1. No, but in practical terms, if it keeps the skript kiddies out, it’s a whole lot less chaos.

        It seems like, in cases of stuff that’s extremely clever, like this, the real geniuses write the software, then the also-rans write front-ends that put it into the hands of monkeys. Inconvenience isn’t a philosophy to rely on, but in the period between a crack and a fix it’s probably the best we have.

        Since GSM’s had this hole since 2003, I’m a bit surprised they haven’t fixed it. I know it’s a fairly basic flaw, but if they’d added on some extra optional standard, and kept the old flawed mode for compatibility, by now the problem would have been solved. Tho I’m sure there’s some reason they didn’t do this that I don’t know about.

        My phone’s 3G anyway. Do they use GSM for voice?

        1. GSM’s had the hole from the beginning, because they used roll-your-own crypto (and set a bunch of the key bits to zero as well, probably because of political pressure.) It got discovered when somebody gave Ian Goldberg (a crypto grad student at Berkeley) a copy of the crypto code to evaluate. He took a look at it over lunch time, and it took three hours to crack instead of two because the Chinese restaurant was having the good lunch special that day instead of the boring one.

          Analog cell phones were still around (no crypto), and the Qualcomm CDMA systems had a trivial crypto algorithm because of political pressure (including the threat to deny them import and export permissions if they didn’t cooperate.)

  2. Mmm, it’s a nice reminder than GSM is completely insecure but :

    – There is nothing new here. Even the software he use haven’t been written by him and they’ve been public for years and demonstrated at various conferences for . The only new piece of software is the ‘silent sms’ app he wrote for android but even that’s only an implementation of a small part of the attack presented at 27C3 ( http://www.youtube.com/watch?v=fH_fXSr-FhU ).
    – There are several innacuracies and technical errors in the write up.
    – He also pretty much “skipped” the hacking part, he just recovered the key from his own SIM in part4, no cracking there.
    – There are other pieces missing in the write up that make the described attack unlikely to work on a real network (AMR codec and hopping come to mind). To be clear, those are cracked too and have been for a while (with practical demo showed), they’re just “skipped” in this blog post.

  3. Given the gigantic size of those tables I don’t think there is any hope of live decoding on current purchaseable hardware. The best setup I think would be a gpu server which you send the data off to for crack and decryption with SSDs serving the tables. Eventually as gpu core numbers increase an ram sizes make a 1.6 TB ramdisk possible I could see an the posibility of near live decoding on consumer aquirable equipment.

    1. Because it has it’s key in the simcard, You are cracking the unknown key. That is what the tables are for a time memory cracking. You can take a long time to crack and use little memory or you can pre-calculate part of the process to speed things up, but you need storage for this.

  4. I hate to be a spoil-sport, but receiving cell signals that are not intended for you is illegal in the US. Even listening to that portion of the spectrum is illegal.

    Of course, enforcing this is pretty close to impossible…

    1. It’s actually not. Selling or importing a device that has the ability to listen to those frequencies is what’s illegal. Being in possession of such a device, though, is not illegal (i.e., you can build your own scanner that receives cell frequencies). Actually using it is not illegal, either, but attempting to break the encryption on the received data is illegal. Also, it only covers a narrow range of frequencies that were used for AMPS. Modern cell phones can and do use frequencies outside that band.

      1. It would be impossible to confiscate and enforce restrictions on people’s ability to intercept or monitor anything over the air. A simple crystal detector set can be placed in a close enough proximity to couple and demodulate a targeted signal, if you are close enough to the transmitter, and if one does a little research on the subject, other equipment on the surplus markets and scanner radios are also easy to modify, so it is futile, and the strong language written into legal agreements is put there for the most part to discourage those without proper training/knowledge to attempt it. Monitoring of any and all frequencies is not illegal, as per the original 1934 US Communications Act, which established the FCC and gave it domain over the operation of all the radio spectrum, commercial broadcasting and the telephone companies. What is illegal and what you get in trouble for is taking information from the conversation or data being monitored either content of conversations, and attempt to exploit the information for monetary or other personal gain. You can however be prosecuted under other international/federal/local and state laws or codes, regarding violations of privacy or intruding on the ability of the system/network owners ability to do business, or reduce customer access or otherwise cause harm to the operation of their normal business. People have also been prosecuted for using information to speculate in the stocks and bonds markets for instance.

  5. I thought these hacks only worked on early versions of GSM, which aren’t used in current mobiles UMTS 3G and LTE 4G, with newer technology prefering longer key lengths (brute force hacking time is exponential in key length).

      1. Massive, huge amount of people complain to their network. Network presumably turns on some debugging tech in their towers that triangulates the jammer. Cops turn up sharpish.

        That’s a guess… but presumably the network would do something pretty quick.

        It’s sortof interesting that phone jamming doesn’t seem to go on very much. I suppose because it’s mostly pointless is the main reason. I wonder how many of those jammers get sold online? And how many are ever used?

        1. Seriously, people don’t go running to their provider, just because their reception is bad. A Jammer that jams only th 3G Band will make your phone roll back to GSM. Unless you are surfing on the net, it doesn’t make a difference for you. You can still call and be called on your phone.

  6. The missing bits of information are still public, you just have to go find them. Part of keeping the idiots out… preventing criminal uses by anyone except those who have the time and knowledge to do it.

    It is new to the extent that the RTL-SDR is being used, which was suspected possible for a long time but never tested until now.

    You need a nearly 2TB rainbow table to crack GSM regardless of the tools you have, and good luck with that because there are no seeders on the torrents.

    1. “Never tested until now” ??? The gsm_receive_rtl.py script from airprobe that the guy uses in the article has been imported into git in June 2012 by Steve Markgraf …

    2. Anyone reading this who’s tech savvy and with some financial incentive, can create an easy to use tool, sell it together with the table and the RTL-SDR for relatively cheap. The total hardware costs should not be more than $200 assuming a standard pc is available.

  7. This was actually doable several years ago. Check out Chaos Communication Congress 27, “Wideband GSM Sniffing” (day 2) and “Running your own GSM stack on a phone” (day 3). I can’t remember what the first guys used, the second guys used the TI Calypso GSM chipset one some old Motorola phones

  8. If I’ve understood correctly, the cheap SDR’s(such as the RTL-SDR) doesn’t have enough bandwidth to capture several channels, so if the cellular network uses channel hopping(which is pretty standard), capturing voice is close to impossible. SMS shouldn’t be much of a problem though, provided they are using unencrypted SMS (most providers are).

    However, other SDR’s do have enough bandwidth to capture all GSM channels. I don’t quite think HackRF has enough bandwidth, but some USRP models does have. When you have all channels captured, and you have cracked the key, it’s just a matter of applying the key to the call across all channels.

    Channel hopping in GSM is by no means a security measure, but it does ensure that attackers need a more hefty investment than 30$.

    As usual, the guys with the most expensive toys gets all the fun.

  9. Suppose the crack key is resolved, could it be posible from a pc+rtl-sdr do a call (sms or predefined voice) to a near cellphone whitout comunicating with the cell tower?? what would be the distance range?

Leave a Reply to TomCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.