<div dir="ltr">The chance to get caught is even higher.<br>Operating on the GSM bands automatically means the basestations receive what you send.<br>This also means they can (and do) easily recognize if there's something wrong.<br>
At this point the operator might inform the regulator (BNA in germany) who has the equipment to track you down.<br><br>And of course GSM is sensitive - high bitrates at less then -100 dBm with complex access methods.<br><br>
<div class="gmail_quote">On Mon, Aug 11, 2008 at 4:39 PM, Nils Faerber <span dir="ltr"><<a href="mailto:nils.faerber@kernelconcepts.de">nils.faerber@kernelconcepts.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Sébastien Lorquet schrieb:<br>
<div class="Ih2E3d">> getting cell information is far from firmware hacking :)<br>
> Many modems have (maybe undocumented) AT commands to get that info.<br>
> For me, GSM hacking is putting hands in the low level code itself.<br>
<br>
</div>Well, at least for Germany I would strictly advise *not* to do so.<br>
Interesting it is, indeed.<br>
But not advisable.<br>
<br>
You would put yourself in big danger ending up in jail.<br>
<br>
First of all the GSM bands are highly regulated bands. Doing something<br>
there that interferes with regular traffic is strictly forbidden and<br>
causes severe legal action.<br>
<br>
Second the GSM network is pretty fragile - at least to what I learned<br>
from some people that are supposed to know it. So sending wrong data to<br>
the network may cause severe problems withing the GSM network, either<br>
just your cell, your provider or the whole network in your region. In<br>
that case you may again end up in jail.<br>
<br>
All this of course if they get you. Chances are low but not impossible.<br>
<br>
Sidestory to this: The radio traffic control was handled by the German<br>
border patrol (Bundesgrenzschutz) which is now part of the federal<br>
police (Bundespolizei). A friend of mine worked for the red cross and<br>
was responsible for all the radio transmitters. At a big event (several<br>
hundred red cross people and a big truck as central coordination<br>
station) they had a mal-behaving radio transmitter in the control<br>
station (which was equipped with dozens of transmitters). The event has<br>
not even begun the Border patrol knocked at their door. Coming in where<br>
two not very nice looking guys and they carried a small pocket sized<br>
device. They said that one of the transmitters had a failure, ran around<br>
with their pocket gadget and after some seconds pointed at one of the<br>
transmitters and said "Switch off that device - now.".<br>
They located the station-truck through the whole city without knowing<br>
about the event - they simply measured it. For this they had a<br>
Volkswagen "Bus" (aky Bulli) with a slightly extended roof, just 4-5cm<br>
thick. Under that extended roof, they explained, hundreds of small<br>
dipole antennas where located which allowed very precise measurements of<br>
signal strengths and directions. It worked quite well...<br>
<br>
So what shall this story tell?<br>
As soon as you operate a redio transmission device you can be localised<br>
*very* easily. If you do something *almost* harmful to the GMS net, the<br>
operator may recognise this and tell the cell number (and thus rough)<br>
region to the authorities and they can handle the rest.<br>
<br>
So again, it is very very interesting but without *very* good knowledge<br>
of the GSM standards (low-level baseband that is) and very good<br>
knowledge about the hardware you are dealing with (the NEO baseband<br>
hardware) I would not touch it. Any mistake you do can take you directly<br>
to court or jail. And in the days of security panics and terrorist<br>
paranoia you might even end up as enemy of the state.<br>
<br>
Cheers<br>
nils faerber<br>
<br>
--<br>
kernel concepts GbR Tel: +49-271-771091-12<br>
Sieghuetter Hauptweg 48 Fax: +49-271-771091-19<br>
D-57072 Siegen Mob: +49-176-21024535<br>
<font color="#888888">--<br>
</font><div><div></div><div class="Wj3C7c"><br>
<br>
_______________________________________________<br>
hardware mailing list<br>
<a href="mailto:hardware@lists.openmoko.org">hardware@lists.openmoko.org</a><br>
<a href="http://lists.openmoko.org/mailman/listinfo/hardware" target="_blank">http://lists.openmoko.org/mailman/listinfo/hardware</a><br>
</div></div></blockquote></div><br></div>