FORUMS
Remove All Ads from XDA
Win Honor 9 Lite

[SECURITY] [APP][WIP] IMSI Catcher/Spy Detector

1,451 posts
Thanks Meter: 2,184
 
By E:V:A, Recognized Developer on 2nd January 2012, 03:30 AM
Thread Closed Email Thread
30th January 2012, 01:43 AM |#11  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,184
 
More
Quote:
Originally Posted by mai77

...
On an i9000 but the code to access the engineering menu (*#197328640# in Dialer) worked just the same – I’m assuming it’s standard across all recent Samsungs, not just the Galaxy S series.

Menu 1,8,3,1 displays the current ciphering status, i.e. whether or not your current call is currently encrypted.

Right, and that's why I have been trying to reverse engineer the Service Mode application, to find out where all that info is coming from, including other parts needed from that app. But I'm new to all this Android stuff, so... Instead this led me to the RIL, but since the interesting parts of the RIL is closed source I tried to figure out what is happening in the modem. This finally led me to post this new thread:

"How to talk to the Modem with AT commands":
http://forum.xda-developers.com/show....php?t=1471241

Any tips/ideas how to get this info would be great!

I suspect there will be several different way to get to this, but all may prove relevant...
 
 
30th January 2012, 09:27 AM |#12  
mai77's Avatar
Senior Member
Thanks Meter: 580
 
More
Arrow atdebug.apk
at-command debug tool on android
http://forum.xda-developers.com/show...57&postcount=1

you have to know the device name though
31st January 2012, 06:56 PM |#13  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,184
 
More
Quote:
Originally Posted by mai77

at-command debug tool on android
http://forum.xda-developers.com/show...57&postcount=1
you have to know the device name though

Yeah, I saw that, but it doesn't work, because the developer is making false assumptions on both which serial device is used, and it's permissions...
17th February 2012, 10:18 AM |#14  
mai77's Avatar
Senior Member
Thanks Meter: 580
 
More
http://developer.android.com/referen...lLocation.html

to monitor cell data


import com.android.internal.telephony.Phone
import com.android.internal.telephony.PhoneFactory
...
PhoneFactory.makeDefaultPhones(this)
Phone phone = PhoneFactory.getDefaultPhone()



then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though
The Following 2 Users Say Thank You to mai77 For This Useful Post: [ View ] Gift mai77 Ad-Free
23rd February 2012, 08:48 PM |#15  
kerberos7's Avatar
Senior Member
Thanks Meter: 32
 
More
Quote:
Originally Posted by mai77

http://developer.android.com/referen...lLocation.html

to monitor cell data


import com.android.internal.telephony.Phone
import com.android.internal.telephony.PhoneFactory
...
PhoneFactory.makeDefaultPhones(this)
Phone phone = PhoneFactory.getDefaultPhone()



then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though

News ?

Sent from my Galaxy Nexus using xda premium
15th March 2012, 06:06 AM |#16  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,184
 
More
I just updated original post #2 with the procedure for finding out if the ciphering indicator is enabled/disabled on your SIM card. However, this procedure need to be implemented in code/application for practical use. Alternatively, there may be some IPC calls that could be used to get these data...if we knew where to look.
15th March 2012, 06:18 AM |#17  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,184
 
More
Quote:
Originally Posted by mai77

then error:
The com.android.internal.telephony.Phone can not be resolved.
The com.android.internal.telephony.PhoneFactory can not be resolved, because it is a private API. no easy way to use it. still possible, though

You could probably use "reflection" to get and use those methods... try googling/stackexchange for that.. We appreciate you attempt!
24th March 2012, 12:35 AM |#18  
mai77's Avatar
Senior Member
Thanks Meter: 580
 
More
AT+CRSM=176,28589,0,0,3
results in error code on a Galaxy.

quite some number of xda members have found their entry "Ciphering" ON/OFF in the engineering menu of their phones, e.g. Galaxies. But I didnt come across a reliable report of success. Galaxy Y contains that entry too, but the bit appears unchangeable and might be a placebo menu entry alongside some other placebo toggles.
10th April 2012, 12:47 PM |#19  
Junior Member
Thanks Meter: 1
 
More
I am very much impressed with the informative and interesting discussion. Thanks for sharing such great content with us.
14th April 2012, 10:51 AM |#20  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,184
 
More
Quote:
Originally Posted by mai77

AT+CRSM=176,28589,0,0,3
results in error code on a Galaxy...

Hi, Sorry for late reply. You have a GT-S5360 (FCC ID: a3lgts5360), but these come in several different versions. What baseband processor is this using? If it's a X-GOLD-based one (XMM 6x60), the command above should work. If on the other you have some other modem, like Qualcomm etc, there is no telling what would happen, even though the +CRSM is a GPP 27.00x "standard". What error do you get, and how do you connect to your phone? (I.e. Make sure you're actually talking to your phone modem and not to some other internal modem device in your PC.)

Also, like I already mentioned in #2:
1) the bit is not changeable on most SIM cards.
2) the actual ServiceMode menu functionality is contained in the Baseband firmware on X-GOLD, for Qualcomm, I don't know, even if it available.
14th April 2012, 11:17 AM |#21  
mai77's Avatar
Senior Member
Thanks Meter: 580
 
More
Question no SIM mode
to clarify, there are two prerequisites which are often not met:

- the baseband processor has to support the command
- even then, to be successful, the bit has to be changeable on the SIM
----------------------------------------------------------------------------------------------------------

separate questions:

how does ciphering work, when the phone is in emergency mode w/o SIM ?
is it poss to detect "ciphering indication" while in emergency mode ?
Thread Closed Subscribe to Thread

Tags
catcher, ciphering, detector, imsi, osmocom, spy
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes