Listen for GSM traffic

Question

is it possible to use an android phone to collect IMEIs or unique Phone IDs of phones within the same cell? Probably there is already some hack to use osmocom ... what I am looking for is an easy to work solution to scan traffic (by counting car drivers phones )

Answer 1

Well theoretically yes, but the problem here is that you need to know how the radio interface of your android phone works and have a driver for it before you can do that. As far as I know there are no such drivers for GNU Radio. The other problem is that the CPU on your mobile phone is not strong enough to handle the amount of data processing needed to perform such task, it may come a day when you have quad core CPUs with lots of RAM and strong DSP support, but I don't think we are there right now.

Answer 2

Theoretically yes but practically no. In a normal GSM network you will expect Mobile identity IMEIsv data fields to be encoded in a message called Identity Response. This message is sent in a encrypted channel called sdcch/8. You need to decrypt (and find) this exact message in that channel to detect the imei of a given uplink transaction. To be able to catch an uplink data transaction you need to have a radio receiver that is listening on the uplink frequencies and you're android phone does not do that.

You were looking for an easy to work "solution to scan traffic". What I suggest you do is try to find a phone that will give you information about the CCCH channel this is unencrypted and can contain Paging Requests with tmsi or imsi information. The tmsi is more anonymous and it gives you some kind of statistic for counting.

The "easiest" way to do this (today) is to use Nokia 3310 and the dct3 gsmtap project. Filter the pcap file using options in tshark.

There may be more accurate ways of counting cars.