Download

(August 2017) Download the free version Cell Analysis 0.1.11 (limited features)

cellanalysis_free_0.1.11.tar.gz

tar.gz md5sum:  ae6f63275c57596a1263ee8031f32d4d
tar.gz sha1sum: 06c2c5f2d9aa3ba7a3576522a25a14cdae6b76fd

Dependencies

  • Calypso Chipset Phones: required to have OsmocomBB properly installed, Cell Analysis use the binaries “cell_log” and “ccch_scan“.
  • RTL-SDR: you need to have installed the driver, kalibrate-rtl, arfcncalc and airprobe properly installed. RTL Cell Analysis will use “gsm_receive_rtl.py” script by default.
  • UHD USRP: you need to have properly installed the UHD driver, as well as kalibrate-uhd, arfcncalc and airprobe properly installed.
  • Note to new airprobe users: this article may help you with the installation process (read the “Old Method using Airprobe”).

Aside these, the following packages are also required:

Apart from the above binary, also use any typical Unix / Linux installation as “awk” and “cut“.

Request a full demo

If you are interested to try the full features of CellAnalysis;

  • Multiple devices (parallel processing support) allowing continuous monitoring of the whole GSM spectrum
  • Cell entropy fingerprinting
  • Study of unique subscribers per cell
  • Calculation of cell equation (polynomial regression)
  • Advanced cell profiles management
  • Web interface

Don’t hesitate to request a live demo on site: pedro.cabrera at fakebts.com

Change Log

  • Version 0.1.11
    Output format is changed, using JSON instead of CSV
    Two new hardware formats are added: “modem” and “rtlsdr-RPi”
    The static working mode is removed from the shell-script client.
  • Version 0.1.10
    The code is modified to use as a temporary directory a path based on an environment variable instead of being static (/tmp).
    It improves part of code related to the search of cells using the hardware device SDR BladeRF as well as the monitoring of traffic when it is used as a second device.
  • Version 0.1.9
    A new parameter is added that allows the execution of cellanalysis in an infinite loop, repeating the three phases of the cycle indefinitely until the user cancels the execution. This mode is activated by using the “-l” parameter.
    A new parameter is added to activate the static execution mode for fixed workstations (without any mobility) since in this case the cells that detect can be expected to always be the same with slight variations. By using the “-s” parameter, cellanalysis will store the information of the received cells in a file for each of them and each time it detects the same cell, it will compare that the characteristic values have not been modified.
  • Version 0.1.8
    A new parameter is added that allows to use two devices simultaneously (parameter “-2”, indicating next the name of the second device). Until then the tasks carried out these phases sequentially using a single device, but in this version introduces a new possibility to execute in parallel and independently the first two phases.
    Using two devices, one is responsible for performing only the tasks of the first phase, while the second device will capture the second phase, independently with no waiting times between the two phases.
  • Version 0.1.7
    The code is adapted to be compatible with BladeRF devices of the manufacturer Nuand (in this version a new executable file is not created for this new hardware).
    The 3 files in one are unified (“cell_analysis.sh”, “cell_analysis_uhd.sh” and “cell_analysis_rtl.sh” become only “cell_analysis.sh”).
    With the incorporation of this new Hardware, the architecture of the software is modified again.
    A help function is added, in case the user does not indicate the device will be warned of the correct use of the tool and parameters.
  • Version 0.1.6
    The GPL license is modified by updating the copyright and including the contact details of the author of the code.
  • Version 0.1.5
    Code is adapted to be compatible with Ettus USRP devices, through the UHD driver (USRP Hardware Driver)
    An executable file is added: “cell_analysis_uhd.sh”
    Again, the software architecture is modified to incorporate the dependencies of the new hardware.
  • Version 0.1.4
    Detection of fake stations using RTL-SDR improved (number of subscribers calculation solved)
  • Version 0.1.3
    Code is adapted to be compatible with RTL-SDR devices
    An executable file is added: “cell_analysis_rtl.sh”
    The software architecture is modified, since the drivers of each device are different, as well as the dependencies to search 2G / GSM cells and capture the traffic.
  • Version 0.1.2
    Reorganization of the information displayed on screen.
    Improved detection of the cell channel.
  • Version 0.1.1
    Fixed a problem of compatibility with certain branches of OsmocomBB available in GitHub in version 0.1
    Added the qualitative detection of the signaling.
    Tested ARM platform compatibility with RaspberryPi.

5 thoughts on “Download”

  1. Does your CellAnalysis project work only for OsmocomBB compatible phones? Is it working for other mobiles also?

    1. Hi NeoBee,

      Yes, as the OsmocomBB modified firmware allow to scan for cells in the whole GSM spectrum and sniff broadcast traffic. If you are interested in use other phones, CellAnalysis can be adapted to work with XGoldmon phones (Samsung Galaxy S2 and S3), but in this case you will only receive the traffic from your SIM mobile network operator without scanning for new cells.

      Let me know if you need help adapting the script.

      Regards,
      Pedro

    1. Hi Alex,

      First I recommend to delimit the fixed perimeter you really need to monitor, depending the size and type of your Head Quarter could be only one meeting room to an entirely building floor. Once defined the area, define and apply a monitoring policy in order to detect fake stations attacks in the perimeter. The monitoring policy should contain which SW you want to use (CellAnalysis) and the SDR board to capture the GSM traffic;
      – Persistent attacks (fake stations targeting voice interception) in time are easy to detect and don’t need expensive SDR boards
      – IMSI catching attacks require very quick and expensive SDR capable to capture big samples of the GSM spectrum at one time, as well as computers to process this captures fast, so you can achieve a next to real time monitoring refresh frequency.
      Also you will need to define an incident response procedure; How to react when an attack is being detected.
      Regards,
      Pedro

Leave a Reply

Your email address will not be published. Required fields are marked *