Hello
I have read that silent-calls in GSM can be used to make a call to a target MS and listen to it without having the target knowing it. Is this theoretically possible ? If yes, can it be done in OpenBSC or any such way exists to do this or any other alternative does exists?
BR
Snehasish
On Sat, Nov 03, 2018 at 12:06:33PM +0000, Snehasish Kar wrote:
I have read that silent-calls in GSM can be used to make a call to a target MS and listen to it
Not listen to it in terms of audio. You can't eavesdrop on an MS with a slient call.
You *can* open a channel and receive measurement reports from it, so that you see which other cells it sees at which receive levels, and how far it is from the current cell (TA). From that you could derive its position.
The silent call has been one of the earliest features in Osmocom, but until recently has been broken in osmo-msc. IIUC it is now fixed again in current master, but might not be in a release yet.
There's also the APDU a.k.a. the RR App Info (I hope I got the names right), which may or may not contain GPS positioning data that the MS is sending to the core net.
In both cases the owner of the MS has no explicit idea that they are sharing any details on their position.
~N
Thanks Neel, it was of real help.
BR
________________________________ From: Neels Hofmeyr nhofmeyr@sysmocom.de Sent: Monday, November 5, 2018 12:46:23 AM To: Snehasish Kar Cc: openbsc@lists.osmocom.org Subject: Re: Help with silent call
On Sat, Nov 03, 2018 at 12:06:33PM +0000, Snehasish Kar wrote:
I have read that silent-calls in GSM can be used to make a call to a target MS and listen to it
Not listen to it in terms of audio. You can't eavesdrop on an MS with a slient call.
You *can* open a channel and receive measurement reports from it, so that you see which other cells it sees at which receive levels, and how far it is from the current cell (TA). From that you could derive its position.
The silent call has been one of the earliest features in Osmocom, but until recently has been broken in osmo-msc. IIUC it is now fixed again in current master, but might not be in a release yet.
There's also the APDU a.k.a. the RR App Info (I hope I got the names right), which may or may not contain GPS positioning data that the MS is sending to the core net.
In both cases the owner of the MS has no explicit idea that they are sharing any details on their position.
~N
Neel,
The APDU that you are referring here is the one used with binary SMS. If so, is then we consider the SMS-PP envelope or the SMS-Deliver approach, in both the cases, we require to know the Ki, Kc and TAR for successful execution of the command(packed in the APDU). How to predict these or any alternative to by-pass this, exists?
BR
Snehasish
________________________________ From: Neels Hofmeyr nhofmeyr@sysmocom.de Sent: Monday, November 5, 2018 12:46:23 AM To: Snehasish Kar Cc: openbsc@lists.osmocom.org Subject: Re: Help with silent call
On Sat, Nov 03, 2018 at 12:06:33PM +0000, Snehasish Kar wrote:
I have read that silent-calls in GSM can be used to make a call to a target MS and listen to it
Not listen to it in terms of audio. You can't eavesdrop on an MS with a slient call.
You *can* open a channel and receive measurement reports from it, so that you see which other cells it sees at which receive levels, and how far it is from the current cell (TA). From that you could derive its position.
The silent call has been one of the earliest features in Osmocom, but until recently has been broken in osmo-msc. IIUC it is now fixed again in current master, but might not be in a release yet.
There's also the APDU a.k.a. the RR App Info (I hope I got the names right), which may or may not contain GPS positioning data that the MS is sending to the core net.
In both cases the owner of the MS has no explicit idea that they are sharing any details on their position.
~N
On Fri, Nov 16, 2018 at 01:36:41PM +0000, Snehasish Kar wrote:
Neel,
s
The APDU that you are referring here is the one used with binary SMS.
No, I'm referring to the RR Application Information message. The one pointer I'm finding now is 3GPP 48.018 3.4.21 Application Procedures and 9.1.53 in the same.
All we did with that in Osmocom so far was dump this APDU to the log and the subscriber database, though that was using old openbsc (osmo-nitb). Right now with osmo-bsc / osmo-msc we simply ignore it.
I'm not familiar with any details on decoding it.
~N
-
Neels Hofmeyr -
Snehasish Kar -
Snehasish Kar