Hello everyone, I've been doing a little research in the field of GSM sniffing and cryptography related to cellular networks and have taken an interest in a device known as an IMSI catcher. This device is used to intercept/record/jam GSM cellular communications. There are several devices being sold commercially, however they are only offered to LE/ Gov Agencies (large corporations also use them for corporate espionage). The price of these units is upwards to $500,000 USD. Below is a sample of a commercial IMSI catcher: http://www.cellularintercept.com/pc-14-1-c...ercept-gsm.aspx I would like to research this technology and build a unit that has all the capabilities of the commercial products. Once the project is complete I plan on providing a step-by-step tutorial on how to build an IMSI catcher using compnents readily available to the public. My budget for a working protoype is 15-20K (R&D + Parts), but the goal is to design a unit that a hobbiest can build for under 5K (if possible). I am looking for people that have experience in the field of cellular communications, cellular cryptography and general electronics. I have no problems communicating the entire project through this thread, as the end result is to make our findings available to the community. Anybody that wants to learn about this technology, please feel free to participate. A brief explanation of how an imsi catcher works can be found here: http://www.cryptophone.de/qa/intercept/index.html Basically its a man-in-middle attack where the unit mimics the cellular network's base tower. Once you can get the phone to connect to your base station, you can sniff the information but in order to keep the call alive you must re-transmit the signal to the networks real tower. To do this I read it is best to use a repeater, ones that are commonly used to eliminate network dead zones. So basically the data comes in through a reciever that mimics the cellular tower, goes through preselector/combiner, data passing through is monitored by a laptop or PC, and the signal is then re-transmitted to the real cellular tower. So, first of all we have to find a machine that can mimic a base tower. Something that is reasonably priced and available to the public. The links below show two units that are commonly used for testing GSM equiptment. Typically SIM cards with no network codes are inserted in the phones and the phones are forced to connect to these virtual netwoks for analysis/debugging purposes. These machines are said to be programmable where you can enter the network codes of a (real) GSM network and mimic base station. The receiving range of these units are low so we would need to add juiced up antennas to increase our range. CTS65 http://tinyurl.com/c7l4r 4100 Mobile Fault Finder http://www.willtek.com/english/products/tt/4100 I am trying to peice together as much information as possible. My first goal is to figure out exactly how the base stations work and how to obtain network codes for GSM networks. Does anyone know of any solid resources on this topic? Also has anyone worked with the test devices mentioned above? All feedback is GREATLY appreciated.