Jump to content

TPU-Data User Wireshark SMS


bass

Recommended Posts

Hi,

I just try to capture GSMTAP packets from my OpenBTS. unfortunately I could not get SMS content as plain text. anybody know how to figure out this problem?

some sources said with standart wireshark they could get content sms in plain text. I had tried to copy its hex stream and decode with 7bit encoder which was provided online, but the result was same, I got nothing.

Many Thanks,
Bass

Link to comment
Share on other sites

I was under the impression that GSM typically used some level of encryption for its transports. Did you deactivate/not configure this for your OpenBTS 'tower'?

Maybe something for a separate thread, but could you describe your setup? What you're doing here sounds really fascinating.

Link to comment
Share on other sites

Unless you can force it to lower bands, 3g and above generally I believe are encrypted. 2g and lower bands I believe can be read more easily though. Google Georgia Weidman for some of her videos on capturing phone traffic.

https://secupwn.github.io/Android-IMSI-Catcher-Detector/

Edited by digip
Link to comment
Share on other sites

hi cooper,

I used default configuration on my openBTS. only changing the GSMTAP config with "1" to enable wireshark for capturing the openbts packets.

here is its pcap file :
https://drive.google.com/open?id=0B2PfFt7P5kAgcjJaQUNBeVFuMGM&authuser=0



hi digip,
what I know is openbts run on 2G not 3G. then, open encryption also optional, in this case my configuration is "GSM.Cipher.Encrypt 0" (default, without encryption).

Link to comment
Share on other sites

anyway, I have send this issue to ask.wireshark also. they said that TP-data malformed. but still confuse, how come, because i used "fresh" openbts installation and without any chnges the parameter, except gsmtap fiture. :sad:

is there anyone here ever capture messge over OpenBTS before? some of tutorial I saw, could get it as plain text also without any changing on its configurations..

Link to comment
Share on other sites

You may need an additional plugin or settings enabled, but wireshark should be capable of reading the unencrypted 2G data. Try display filter gsm_map.ms.sai_Present but if you already see the data and malformed, I'm thinking it may be still encrypted or something else not setup properly.

http://wiki.wireshark.org/GsmProtocolFamily

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...