[Crypto-chi] IMSI Catchers / How to break two cell phones

joe fuentes joseph.fuentes at live.com
Mon Jan 26 11:03:03 CST 2015 

I'm sorry I missed the SS7 talk last Sat nite but I had some previous commitments.  As a telecommunications engineer, SS7 was one of my areas of expertise including SS7 over IP (SS7/IP) called Sigtran.  In all of my experiences, my customers both domestic and international (Japan Telecom, Telefonica de Argentina etc) had all their SS7 networks completely isolated from the outside world.  I'd be interested to see how this wuz able to occur. Any chance for a repeat of this pres? 
Joe 

Date: Mon, 26 Jan 2015 09:36:43 -0600
From: rutzennick at gmail.com
To: cryptoparty-chi at groups.sshchicago.org
Subject: Re: [Crypto-chi] IMSI Catchers / How to break two cell phones

I mentioned SS7 to a coworker and it turns out, he was on the team that built it many years ago and he was one of the people who designed the emergency response with GPS coordinates thing.  Small world.
On Jan 25, 2015 2:59 PM, "Freddy Martinez" <freddymartinez9 at gmail.com> wrote:
Hi Folks,



Thanks everyone for staying late and talking IMSI Catchers / SS7

attacks at Triple C last night.  If you want the slides or references,

please email me off the list. (I don't intend to publish my talk, they

are a draft for another project).



Below are my experiences with Android phones. Good luck and please

email me with questions.



I was able to get SnoopSnitch and AIMSICD installed on a LG Nexus 5.

It took a bit longer than expected (2 days).  First I tried to do it

on a pre-paid Moto G but that didn't work  The problem is that AT&T

locked the bootloader and Motorola is just horrible when it comes to

locked bootloaders. So if you want to get a dedicated phone for IMSI

catcher catching, I recommend getting the Moto E online (pay cash for

an Amazon gift card) and that *should* have an unlockable bootloader.

But don't get an AT&T Moto G.  It's a waste of time and money.



So I unlocked and rooted the Lexus 5. Before you start, you *need* to

use 4.4.4, the 5.0 and 5.0.1 OS have incompatible kernels (that

baseband!).



So first unlock the bootloader. I recommend the Clockwork recovery

image. (use the clockwork-touch image! It has to be touch). Then

rename your files and load them



mv recovery-clockwork-touch-6.0 recovery.img

fastboot flash recovery recovery.img



But that still didn't work (OS was 5.0.1) so I went to the google

developers page and found

reinstalled stock Android 4.4.4 (in my case ktu84p).  Reboot into the

bootloader and then run



./flash_all.sh



Finally boot into recovery mode and push the SU package for root.

Sideload it using ADB.



adb sideload UPDATE-SuperSUv2.45.zip



reboot and install the apk's as normal.



That worked. Happy hunting.



Freddy M

_______________________________________________

cryptoparty-chi mailing list

cryptoparty-chi at groups.sshchicago.org

http://groups.sshchicago.org/listinfo/cryptoparty-chi



_______________________________________________
cryptoparty-chi mailing list
cryptoparty-chi at groups.sshchicago.org
http://groups.sshchicago.org/listinfo/cryptoparty-chi 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://groups.sshchicago.org/pipermail/cryptoparty-chi/attachments/20150126/6d695eb5/attachment.html>

More information about the cryptoparty-chi mailing list