The most talked-about 3D-Secure payment protocol will continue to be rolled out throughout this year 2022 and beyond, those of you who will adapt will continue to survive and thrive and those who will ignore this will be left behind to catch the dust, in this cashoutmoney guide today we will give you an up to date information on making your very own IMSI catcher to bypass 3D-Secure transactions.
This may sound like a plan straight out from a Hollywood blockbuster but we can assure you that it’s not as complicated as you may think and very practical to implement once you understand the mechanics of how the IMSI catcher works.
Recently, there have been many cases of using GSM hijacking + text message sniffing to steal bank cards, let us explain to you by laying out the information on how to sniff the traffic of a GSM Network and will follow the structure in this guide below.
Now, before we delve deeper into the subject, some basic terminology and background information on GSM is provided below as it’s necessary for you to understand and digest this article further ahead as you will scroll down and more importantly how to go about making one for your own team (considering you are part of an underground cybercrime network and a heavy hitter)
SDR stands for “Software Defined Radio” it is a radio broadcast communication technology, which is based on a software-defined wireless communication protocol instead of being implemented through hard-wires.
SDR allows easy signal processing and experimentation with more complex radiofrequency builds.
Ok an RTL-SDR is a Realtek (RTL2832U) TV stick. TV sticks allow transmission of raw I/O samples, which can be used for DAB / DAB + / FM demodulation.
GSM stands for “Global System for Mobile” communication. FYI more than 5 billion people use GSM technology to communicate all over the world.
Operators in every country use a different frequency in the GSM possible spectrum. If you want more info on that you can jump ahead and read more here https://www.worldtimezone.com/gsm.html but doing so will open a new window and take you off the cashoutmoney site.
IMSI stands for “International Mobile Subscriber Identity” and is globally unique for each subscriber. The IMSI consists of 15 digits, which contain the Mobile Country Code (MCC), Mobile Network Code (MNC), and the Mobile Subscriber Identification Number (MSIN). The IMSI is stored in the Subscriber Identity Module also known as your SIM card.
So now you have a little bit of idea of where we are heading with this article, let’s get the “generations” out of the way as well and of course, we always aim is to keep our cashoutmoney articles lean by only touching base on the information that is important and necessary for that particular subject
The first generation of mobile phones was implemented in the 1980s. The data sent from and to the phones were analog and naturally had no security whatsoever.
Additionally, it was only possible to make voice calls with 1G networks, you may remember that ext messaging was not yet possible at that point.
In the 1990s the second generation of mobile phone technology was rolling out. Features such as SMS, data, MMS, voice mail, and call forwarding were implemented also, the radio signals became digital and were encrypted.
Later 2.5G and 2.75G were introduced and both implemented improved techniques for data transfer such as GPRS and EDGE.
The Global System for Mobile Communication (GSM) standard is the most widely used 2G standard and as of 2007, the most widely used mobile phone protocol in general.
3G was slowly rolled out in the 00s, the International Telecommunication Union (ITU) set up specifications that label certain mobile networks like 3G. 3G mobile networks support Global positioning systems (GPS), mobile television, and video conferencing.
It also offers way more data transfer bandwidth and speed. Furthermore, the encryption standard is improved by using two-way authentication between the mobile phone and the base station and having improved encryption standards.
4G is also specified by the International Telecommunication Union (ITU). One of the requirements of 4G is a speed of 100 Mbit/s in a car or train and 1 Gbit/s for pedestrians.
A 4G internal network is also completely IP-based, so no more circuit-switched telephone.
It must be noted that the current 4G standards are not actually fully compliant yet with the ITU specifications. However, they are still considered 4G since they are the closest to 4G speeds and are substantially better than 3G technologies.
The next-generation of telecom networks (fifth generation or 5G) started hitting the market at the start of 2019 and will continue to expand worldwide in 2022 and beyond.
Besides the speed improvement, 5G is expected to unleash a massive IoT (Internet of Things) ecosystem where networks can serve communication needs for billions of connected devices, with the right trade-offs between speed, latency, and cost, this is going to be very interesting, honestly, we can’t wait!
Take a good look at this below as we will explain that for your ease so it will be easier to understand as we are building your knowledge step by step before we go for the kill, so to speak!
MS represents a “mobile station”. The mobile station is a device that can access the GSM network via radio.
The mobile station can be broken down into two separate parts, the mobile hardware, and the SIM card.
No, it’s not bull shit, BS stands for “base station” iit s the antenna and is also called the “cell tower” or “cell site.”
One BS covers a cellular area in the cellular network. The size of this cell can vary from a few hundred meters to several kilometers.
The size of the cell area depends on the landscape features and the population density of the area.
In subway stations and large buildings, relay stations can be placed to act as repeaters. These relay stations then wire the signal to the nearest base station.
BSC means “base station controller” this controls several base stations. It handles the session handoffs between the different base stations when a user is moving through different cells.
If the base stations are not connected to the same BSC, then the Mobile Switching Center (MSC) handles the handover.
MSC is a “mobile switching center” it is responsible for managing the authentication, handover to the other BSCs and routing calls to the landline.
VLR is for “Visitor Location Register” and each MSC has its own Visitor Location Register (VLR). The VLR holds subscriber information of subscribers that are under the care of the MSC (which are copied from the Home Location Register (HLR)).
The VLR, for example, holds the Temporary Mobile Subscriber Identity (TMSI), which is a temporary alias for the IMSI. This is to reduce the frequent broadcasting of the IMSI.
The “home location register” HLR stores personal subscriber information like the IMSI and the phone number. There is only one HLR for every GSM network provider.
AUC means an “Authentication Center” it handles the authentication process of a subscriber to the network.
The AUC holds the shared secret key and generates the random challenge that is used to authenticate.
#WHAT IS AN IMSI CATCHER?
An IMSI Catcher is a device, with the right software it can be used to locate and track all mobile phones that are switched on in a certain area.
The IMSI Catcher does this by “pretending” to be a mobile phone tower so it basically tricks your phone into connecting to it and then revealing your personal details without your knowledge.
IMSI catchers are indiscriminate surveillance tools that could be used to track the activities of your target, they can also monitor calls and edit your target messages and the best part is that they wouldn’t even know it had happened.
#HOW DOES AN IMSI CATCHER WORK IN 2022?
As explained above, IMSI Catchers are devices that act like fake cell towers, which trick a target’s device to connect to them and then relay the communication to an actual cell tower of the network carrier.
The target’s communications in the form of calls, text messages, internet traffic, etc. go through the IMSI Catcher, which can read messages, listen to the calls, and so on.
While all this is happening at the same time your victim will have no knowledge that this is happening as everything will seemingly work as normal, in underground terms we can refer to it as a “Man-In-Middle” attack.
This is possible because mobile phones are always looking for the mobile tower with the strongest signal to provide the best commutation. This is usually the nearest one. At the same time, when a device connects to a cell tower, it authenticates to it via an IMSI number.
However, the tower doesn’t have to authenticate back. This is why every time someone places a device that acts as a cell tower near your phone, it would connect to it and give away its IMSI.
HOW IMSI CATCHER ID YOUR TARGET?
IMSI is a number unique to a SIM card. Once your target’s phone is tricked into connecting to an IMSI catcher, it then reveals its unique number.
You may have heard numerous cases in which cops were able to catch the guy/gal by identifying them, yes that’s right cops in most countries around the world have access to this IMSI catcher so once the police have the IMSI, they can easily determine the identity of that person.
HOW IMSI CATCHER FINDS THE LOCATION?
Once the target’s phone has been tricked into revealing its IMSI, the IMSI catcher can determine its phone’s general location by measuring the strength of the signal from the phone.
Measuring the strength of the signal from different locations permits an ever-more precise determination of the phone’s location.
CAN YOU USE IMSI CATCHER TO INTERCEPT CALLS & TEXTS?
The short answer is “Yes”. There is a lot more to it than just calls and texts.
IMSI Catcher can ‘intercept’ your target’s text messages, “calls” and “Internet traffic”.
This means you can read or listen to your target’s personal communications.
IMSI Catchers can even re-route or edit communications and data sent to and from your target’s phone, isn’t that amazing?
IMSI Catchers can also temporarily block communication service so your target can no longer use their phone to make or receive calls and text messages this holds true even for emergency calls.
Feel free to search any of the hardware below on aliexpress or alibaba as you will find every single piece of hardware needed to make your own IMSI catcher.
You will then use the device for practical purposes to bypass 3D-secure protocols, of course, you can use it for a whole range of things other than just for your cyber criminal activities but we as cashoutmoney team recommends that you use the tools that are needed to do specific jobs and not get into extra-curricular activities that may end up wasting your time, if you are into gathering intel for blackmailing and what not then suit yourself, but always weigh the risks involved before getting into things to see if you have the infrastructure needed to carry out the jobs that you are after or else you can always talk to us (only if you are serious and ready to take action).
So, the hardware that you will need is:
The following software tools are required for practical purposes.
- GR-GSM – A python module used for receiving information transmitted by GSM.
- Wireshark – Captures the wireless traffic.
- IMSI-Catcher – This program shows the IMSI number, country, brand, and operator of cellphones.
- GQRX – Software defined radio receiver.
- RTL-SDR Tools – Gets the information on the RTL SDR dongle.
- Kailbrate – Determines the signal strength.
INSTALLATION GUIDE FOR WIRESHARK, GQRX, GR-GSM, RTL-SDR
sudo apt-get update
sudo apt-get install gnuradio gnuradio-dev git cmake autoconf libtool pkg-config g++ gcc make libc6 libc6-dev libcppunit-1.14-0 libcppunit-dev swig doxygen liblog4cpp5v5 liblog4cpp5-dev python3-scipy gr-osmosdr libosmocore libosmocore-dev rtl-sdr osmo-sdr libosmosdr-dev libboost-all-dev libgmp-dev liborc-dev libboost-regex-dev python3-docutils build-essential automake librtlsdr-dev libfftw3-dev gqrx wireshark tshark
git clone -b maint-3.8 https://github.com/velichkov/gr-gsm.git
sudo make install
sudo apt-get update
git clone https://github.com/steve-m/kalibrate-rtl
./bootstrap && CXXFLAGS=’-W -Wall -O3′
sudo make install
Installation of IMSI Catcher
sudo apt install python-numpy python-scipy python-scapy
#CAPTURING GSM TRAFFIC
Now you have made it this far, we are sure you are very excited to read what lays ahead, for this practical, the RTL-SDR dongle was used (you can easily get that on aliexpress or alibaba as explained above). Once the tools installation process is complete, plugin the RTL-SDR USB dongle into your system.
Open the terminal and run the below command to check the dongle has been plugged in successfully.
In the US Mobile, GSM networks work on HSPA/HSPA+ 1900 MHz, 1700/2100 MHz frequency bands (Uplink and Downlink) but you can easily get your countries frequency or contact our cashoutmoney support and we will get you the frequencies for your country.
The help guide of the “GRGSM Scanner” tool.
See you can easily search for nearby GSM base stations using “Kalibrate” or “GRGSM_Scanner” tools.
Three base stations were found. The signal mentioned above was relatively strong with a frequency of 945.4MHz and 945.6MHz.
In the above manner, we obtained some parameter information of the base station, such as: center frequency, channel, ARFCN value, LAC, MCC, MNC value, etc.
With the above details, we want to sniff the base station frequency. For that the program called “grgsm_livemon” will be used.
The help guide of the “grgsm_livemon” tool.
Run the “Wireshark” before running the “grgsm_livemon” tool to capture the packets.
Select any interface to capture all the data.
Once the sniffing of the frequency starts, a popup window appears,
The frequency button needs to be moved in order to capture the frequency. Once data capture starts it will look like the screenshot below.
Now we need to capture the IMSI details with the help of an “IMSI Catcher” tool
To capture the IMSI and other details like TMSI, Country, Brand, Operator, MCC, MNC, LAC, Cell-ID etc., run the “IMSI Catcher” tool.
In Wireshark, the captured data of the base station’s MNC, MCC, LAI, and other information can be seen.
IMSI CATCHER DETECTION
There are different applications available, which help to find the IMSI Catcher in your location. Once it is installed on mobile, it will automatically detect the IMSI Catcher.
Are you surprised? Well, don’t be let us explain how that works!
Once you have the mobile/cell tower database application installed on your phone, you will see it will show a database of all the cell/mobile towers of phone carriers in your city location and it regularly updates this list.
Now here’s the fun part, every time it detects a cell tower, it checks the list to see if it exists. If it exists, then it is a legitimate one, and there is no one trying to intercept your communications.
However, if the tower is not on the list, there is something suspicious going on and there is a high probability that this is an IMSI Catcher, trying to intercept your communications.
So in such a case, the best course of action that you can take is to turn off your phone and turn it on again, once you are out of that IMSI’s reach, but hey this was just to tell you how one can detect the IMSI catcher but you have nothing to worry about as you will be the one with IMSI catcher and you may find a unicorn before you will find someone who has the cell/mobile tower database app installed on their phone.
But just in case if you would like to do an experiment on your very own IMSI catcher you can do so by installing one of the following Apps to detect your IMSI catcher.
- Android IMSI
- Cell Spy Catcher
- GSM Spy Finder
With that said above, it’s time for us to wrap up this article, today you have learned A 2022 GUIDE TO BYPASS 3D-SECURE BY MAKING AN IMSI CATCHER TO INTERCEPT GSM TRAFFIC.
SIDENOTE: If you are looking for us at cashoutmoney to set one up for you we will charge $5K in BTC for a complete setup and this 5K does not include the tools that you will be ordering from our supplier or else you can order your own tools from alibaba we have given you all the names of the required tools. We will be responsible for setting up your machine + tools + all the software (we will provide + install the software) and will give you hands-on training to use it the equipment for intercepting communications at your will.