Finally it’s here!
pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB 😉 )
I’ve posted a preview before, take a look at the video to see the tool in action.
The tool is early alpha, so it’s working (for me 😉 ), but it’s neither rock stable nor packaged in any way. But still, I’ll be happy to get bug reports.
BTW, talking about Telco security: There will be another TelcoSecDay on 03/12/2013 at next year’s Troopers! We’ve already some quite interesting talks confirmed.
cheers
/daniel
Hi Daniel,
thanks for the nice tool.
I am having actually the problem, that pytacle keeps sending the keystream without modifying the TA (time advancing) parameter of the unencrypted burst, which results that both bursts (plaintext and ciphertext) dont match and therefore not finding any results in kraken !
can u help me out please !
Hello,
thank you for your awesome programm, would it work with a RTLSDR instead of a USRP ?
RTLSDR Works fine with Airprobe currently.
Best Regards. Kevin.
i’m going crazy.. your tool is working but i want to implement a mitm..
i have the imsi and timsi, but if it is not in my reach it is not possible to sniff a phone like 20km away. is there a way to do that?