Download a free trial version Cell Analysis 0.1.6 (unlimited time with limited features)


md5sum:  d585b6475513304fce272eb386140e75


  • Calypso Chipset Phones: required to have OsmocomBB properly installed, Cell Analysis use the binaries “cell_log” and “ccch_scan“.
  • RTL-SDR: you need to have kalibrate-rtl and airprobe properly installed. RTL Cell Analysis will use the binary “kal” and “” script
  • UHD USRP: you need to have properly installed the driver UHD, as well as kalibrate-uhd and airprobe properly installed.

Aside these, the following packages are also required:

Apart from the above binary, also use any typical Unix / Linux installation as “awk” and “cut“.

Project Roadmap

  • Small web interface to check monitoring status, alarm management and cell traffic and unique identyties
  • 3G

5 thoughts on “Download”

  1. Does your CellAnalysis project work only for OsmocomBB compatible phones? Is it working for other mobiles also?

    1. Hi NeoBee,

      Yes, as the OsmocomBB modified firmware allow to scan for cells in the whole GSM spectrum and sniff broadcast traffic. If you are interested in use other phones, CellAnalysis can be adapted to work with XGoldmon phones (Samsung Galaxy S2 and S3), but in this case you will only receive the traffic from your SIM mobile network operator without scanning for new cells.

      Let me know if you need help adapting the script.


    1. Hi Alex,

      First I recommend to delimit the fixed perimeter you really need to monitor, depending the size and type of your Head Quarter could be only one meeting room to an entirely building floor. Once defined the area, define and apply a monitoring policy in order to detect fake stations attacks in the perimeter. The monitoring policy should contain which SW you want to use (CellAnalysis) and the SDR board to capture the GSM traffic;
      – Persistent attacks (fake stations targeting voice interception) in time are easy to detect and don’t need expensive SDR boards
      – IMSI catching attacks require very quick and expensive SDR capable to capture big samples of the GSM spectrum at one time, as well as computers to process this captures fast, so you can achieve a next to real time monitoring refresh frequency.
      Also you will need to define an incident response procedure; How to react when an attack is being detected.

Leave a Reply

Your email address will not be published. Required fields are marked *