@Cemaxecuter got outgoing calls working using a third party SIP/IAX provider. Incoming phone calls are not working yet. Please see his two videos here: ua-cam.com/video/8mlNgZSuqIs/v-deo.html and ua-cam.com/video/KVNuO8ofPAM/v-deo.html
Hi, the Boafeng UV-5R has a scan feature built in already, no need to connect it to a PC. But limitation is you can only scan a small portion of VHF and UHF, and only FM modulation. If you want to turn your Macbook into a radio scanner, a much better option is to purchase an RTL-SDR Blog V3 or V4.
Hi. srsRAN does not support making voice calls at this time. In order to enable VoLTE phone calls, a third-party IMS application must be used with it. I have no idea how to do this, sorry. Also, to my knowledge, it is not possible to decrypt 4G traffic at this time, so your 4G internet modem can't be intercepted.
The HackRF is only 'half-duplex', which means it can only transmit OR receive at a single time. SDR's such as the LimeSDR, BladeRF and USRP are 'full-duplex', which means they can transmit AND receive simultaneously. And full-duplex is what is required to operate a cellular base-station.
@@RobVK8FOES Great explanation, thank you very much! Taking advantage of the topic, can I intercept SMS traffic (in clear text) using just hackRf for GSM, 2G, 3G and even 4G? What would be the hardware and software requirements? Would some SPOOFING be necessary? (didactic purposes)
I can't answer that question until you confirm that you would like to intercept your own SMS traffic for the purposes of self-education and experimentation. I don't condone the use of my knowledge and videos for malicious purposes. Please rephrase your question.
@midoedo I think you have emailed me in the past about A5/3 cracking. Nothing has changed since we spoke back then, A5/3 has been cracked, this is a fact. But the research team did not release their method or the software tools they developed to do it. Please see the Def Con talk titled 'GSM: We can hear everyone now'. These are the only people that have demonstrated practical A5/3 cracking, nobody else has done so publicly. And with GSM in the process of being switched-off worldwide, there is no interest in it anymore. Everybody is moving to LTE and 5G research now. It's time to let 2G die, my friend. A5/3 is NEVER going to be publicly cracked in our lifetime.
@CK-ex4hs Wow, a port scanner? You must be the envy of all of your elite hacker buddies! Also, tell me you are a script kiddie without saying you are script kiddie ;)
@lumixS5M2 We are switching 3G off this year, Australia is migrating to 4G and 5G only. September is when the last carrier is hitting the off switch. Greetings @Cemaxecuter!
Sorry for the long video again guys, here's some timestamps to help you navigate:
02:41 Filtering out error messages in YateBTS terminal output
04:12 IMSI catching with YateBTS telnet interface
06:36 Tapping GSM layer 3 messages with Wireshark
09:28 Tapping TCP/IP traffic with Wireshark
13:21 Changing YateBTS welcome SMS
19:13 Hidden SMS menu in YateBTS web GUI
21:31 Capturing and decoding voice calls from YateBTS
27:59 Theoretical, practical man-in-the-middle attack against 2G USB modem
COMMANDS (For copying and pasting)
sudo yate -vvvvv 2>&1 | grep "clipping"
telnet 127.0.0.1 5038
sniffer on
sniffer filter user.register
output on
sudo wireshark -k -Y '!icmp && gsmtap' -i lo
sudo wireshark -k -i sgsntun
featherpad /usr/local/share/yate/scripts/nipc.js
firefox localhost/nipc/custom_sms.php
grgsm_capture -f 935.2M -s 1e6 -g 30 ~/capture_f935.2M_s1e6.cfile
grgsm_decode -p -v -c ~/capture_f935.2M_s1e6.cfile -f 935.2M -s 1e6 -m TCHF -t 4 -o ~/speech.au.gsm
grgsm_decode -p -v -c ~/capture_f935.2M_s1e6.cfile -f 935.2M -s 1e6 -m TCHF -t 5 -o ~/speech.au.gsm
./yatebts_telnet.sh | grep -B 4 "location-area-not-allowed"
./change_mcc_mnc.sh
The video is very cool. Please make in-depth videos on silent SMS and other techniques to obtain the geolocation of a mobile user.
love your content so much. pls continue
Thank you, I certainly will continue making content for you guys!
Good job brother
Keep continue🎉🎉
Thank you!
I love your video bro, pls dont stopp
Thank you!
You are really great, thank you for this series, is it possible that this network is linked to the public network?
@Cemaxecuter got outgoing calls working using a third party SIP/IAX provider. Incoming phone calls are not working yet. Please see his two videos here: ua-cam.com/video/8mlNgZSuqIs/v-deo.html and ua-cam.com/video/KVNuO8ofPAM/v-deo.html
nice one
Thank you!
Hi. I buy a BAOFENG UV-5R. I can conectt this radio with my MAC M1 and use like a scan reciever? Your tutorials are awesome. Greetings from Chile.
Or can see a radio traffic? ( i dont know the terminology, sorry about that 😢)
Hi, the Boafeng UV-5R has a scan feature built in already, no need to connect it to a PC. But limitation is you can only scan a small portion of VHF and UHF, and only FM modulation.
If you want to turn your Macbook into a radio scanner, a much better option is to purchase an RTL-SDR Blog V3 or V4.
@@RobVK8FOES oohhhh. So with this devices i can connect to my mac and scan using a specual software? Sounds great…
Thats insane how big entertaiment you can get sending sms or calling phone
Is it possible to record a 4g phone call in srsRAN or view the traffic from a 4g internet dongle?
Hi. srsRAN does not support making voice calls at this time. In order to enable VoLTE phone calls, a third-party IMS application must be used with it. I have no idea how to do this, sorry. Also, to my knowledge, it is not possible to decrypt 4G traffic at this time, so your 4G internet modem can't be intercepted.
É possível fazer isso com o HackRF One?
Hi. This is not possible to do with a HackRF.
@@RobVK8FOES why?
The HackRF is only 'half-duplex', which means it can only transmit OR receive at a single time. SDR's such as the LimeSDR, BladeRF and USRP are 'full-duplex', which means they can transmit AND receive simultaneously. And full-duplex is what is required to operate a cellular base-station.
@@RobVK8FOES Great explanation, thank you very much!
Taking advantage of the topic, can I intercept SMS traffic (in clear text) using just hackRf for GSM, 2G, 3G and even 4G? What would be the hardware and software requirements? Would some SPOOFING be necessary? (didactic purposes)
I can't answer that question until you confirm that you would like to intercept your own SMS traffic for the purposes of self-education and experimentation. I don't condone the use of my knowledge and videos for malicious purposes. Please rephrase your question.
does it include A5/3 ?
It is not possible to enable any A5 encryption with the free version of YateBTS
@@RobVK8FOES can you listen to A5/3 calls?
@@midoedo It's infinitely more difficult to crack than A5/1 but if you can extract the Ki from your phone you can listen to your own calls
@@VK3HSP it's almost impossible to crack A5/3 but as I recall the vulnerability takes advantage of a step before encryption
@midoedo I think you have emailed me in the past about A5/3 cracking. Nothing has changed since we spoke back then, A5/3 has been cracked, this is a fact. But the research team did not release their method or the software tools they developed to do it. Please see the Def Con talk titled 'GSM: We can hear everyone now'. These are the only people that have demonstrated practical A5/3 cracking, nobody else has done so publicly. And with GSM in the process of being switched-off worldwide, there is no interest in it anymore. Everybody is moving to LTE and 5G research now. It's time to let 2G die, my friend. A5/3 is NEVER going to be publicly cracked in our lifetime.
Is 3g possible or even 4g
Yes, I have personally done this with srsRAN/srsLTE for 4G. There is a video on my channel about it
Ok
Can u show how to crack proxy unlimited bantwith-ipv4-rotate-residential
No.
@@RobVK8FOES you can't anyway
Either way, you'll never know ;)
@@RobVK8FOES no i know, masscan
@CK-ex4hs Wow, a port scanner? You must be the envy of all of your elite hacker buddies! Also, tell me you are a script kiddie without saying you are script kiddie ;)
Hi 2G is no longer active in europe
It’s still in the US (T-Mobile), you sure it’s gone in Europe?
@@cemaxecuter7783 yes i am oma it my photo yt :)
@lumixS5M2 We are switching 3G off this year, Australia is migrating to 4G and 5G only. September is when the last carrier is hitting the off switch. Greetings @Cemaxecuter!
@@RobVK8FOES I liked the use of the dongle you talked about!
Many countries in Europe are still running it. Most are planning a shutdown in 2025/2026 or even later
ROB CAN WE USE HACK-RF ?
Hi Kevin, it is not possible to use a HackRF for cellular base stations. A full duplex SDR is needed, such as LimeSDR, BladeRF or USRP