gopi-ar
commented
7 years ago Just a note, OCID isn't closing down. My company Unwired Labs has taken over maintainership of this project and have plans to revive it's dying community and data quality.
Open E3V3A opened 7 years ago
gopi-ar
commented
7 years ago Just a note, OCID isn't closing down. My company Unwired Labs has taken over maintainership of this project and have plans to revive it's dying community and data quality.
timisagit
commented
7 years ago Hi, I've just found this app and am not a developer so have no comment in regards to the development that has happened and the current state of the application. This app is of interest to me though and it'd be nice if it worked. What would be useful is to be able to use this with limited data usage whilst not on a wlan, downloadable cell data/mapping would be great.
I've a Samsung Galaxy S4 mini and Jolla Sailfish (1) which I'm intending to use for testing, so far they both appear to be working if flaky on the Jolla which I expect.
Here's to the future, where ever it goes..
He3556
commented
7 years ago I like the ideas of EVA. The time was not wasted - as long as you learn from your mistakes. Under this conditions, i would like to start a AIMSICD-light
E3V3A
commented
7 years ago @gopi-ar Will the OCID API still be freely available? What is your ETA for completing migration?
E3V3A
commented
7 years ago I have now a version of aimsicd that is based off the march 29, 2016. I have tried to update it by cherry picking to fix known bugs to this date, but without using lombok or realm. It works, but will requre a lot of fixing and trimming, TLC!
What I would really like to know , is if there is any other interest from any of the 2683 star gazers or 540 forkers, to actually help out?
gopi-ar
commented
7 years ago @E3V3A the OCID API was never down, only downloads were unavailable until we completed migration. Downloads of the Cells DB are now available in the OCID dashboard.
E3V3A
commented
7 years ago @gopi-ar So what is the current status? Because it certainly seem down at the moment. Right now we only get this response from your servers:
<?xml version="1.0"?>
<rsp stat="fail"><err info="getInArea endpoint is down at the moment" code="1"/></rsp>
Jinovas
commented
7 years ago I'm not exactly a programmer but I have great experience in analyzing code, QA testing and debugging as well as a lot of pentesting including Rogue AP's. I'm very familiar with the concept of IMSI catchers and the android platform(currently work for google OTA sshhhhh). I'd love to help out anyway I can with this project as I believe it's much needed.
E3V3A
commented
7 years ago This project will be reloaded and go ahead!
@mpkosewski @Nordlenning Great! What's your email? I'll send you an invitation to the new project site.
Jinovas
commented
7 years ago Adding regular email address for public viewing now on my profile. should be up there shortly =] (waiting on damn verification email lol)
Jinovas
commented
7 years ago Ok for whatever reason github is taking forever to verify my other email. but here it is anyway
jkortana86@gmail.com
andr3jx
commented
7 years ago Hey, thanks for messaging me EVA! Great to hear that you are back with new ideas for AIMSICD! I'm open for some testing and adding my salt! However I'm very pessimistic about what we can accomplish with AIMSICD Lite. The last time I checked I read this bachelor thesis which stated that none of the implemented AIMSICD detections could be verified working. It's a nice idea to debloat AIMSICD but this alone is not enough. For me the question is what can be done to improve the detections methods so that they can be verified working reliably. I will get the next week a new phone (Sony Xperia X Performance) which I can offer for testing / developing (My old Wiko Darkmoon got very obsolete).
E3V3A
commented
7 years ago @andr3jx Great to hear from you too!
...this bachelor thesis which stated that none of the implemented AIMSICD detections could be verified working.
I didn't read the thesis yet, but that is exactly the point. I don't think any of them is working. Also posting the OsmocomBB phone detections on this page here is very confusing and completely misleading.
Nothing really new, except this time it will work! Mainly because it will be built to our specifications and not according to opinions of random people. The app will be re-built from the ground up and under a different organization that will keep the project on target. Once the basic data collector module has been re-built and implemented, it should be a very easy and straight forward to implement each test. Then each detection will be separate from all others and can be independently tested and developed. I will provide new diagrams and the new repo hopefully within a week.
tictakk
commented
7 years ago I'm not sure this if this is a thread has turned into a call for volunteers or not, but I would like to show my support as well. I'm a senior undergrad with experience in these topics (wireless networks/programming). I'm not sure how much I'll be able to contribute or what is being sought; I'm more than happy to contribute in any meaningful way.
Jinovas
commented
7 years ago Thought this app was badass when I found it years ago and I think it worked for most part but I was also total nub to all of it lol now I know it's actual worth and what can be done with imsi catchers.
Been trying to build a lil prototype one myself to better understand and learn more but been having issues getting it to work on my kali box. Gunna try to do a fresh setup tonight I'd I can @_@
For testing I can offer S4 KitKat, S6 6.0.1 Att, nexus 5 & 7 w/6.0.1, Linux w/rtl-sdr(plan on getting higher grade equipment but I a broke betch and just started new job lol)
nsk
commented
7 years ago E3V3A invite for test the new build in S8 evopyro@gmail.com
unicastbg
commented
7 years ago I can add Mi 5s as a test phone as well as Umi Diamond, both on Android 6. If someone's interested :)
gopi-ar
commented
7 years ago @Nordlenning posted something earlier and I'm unable to find that comment. I'd like to respond on behalf of Unwired to a couple of points just to clarify that our stance is and will remain community friendly:
We will not be able to download random OCID Key(Token) within AIMSICD.
We were recently made aware that the old OCID codebase allowed auto-registration from android apps; we haven't stumbled on this end point yet as it wasn't documented by the previous maintainers. If the maintainer / contributors of AIMSICD can reach out to us at contact [at] unwiredlabs.com, we can build this into the new codebase so the app continues to work.
We will have to register youre private e-mail to get private key & enter ocid key in requester in (AIMSICD). We will not be able to download data without this "personal"key.
The moment we re-add this 'anonymous registration' feature to OCID, you can go right ahead and download the data again :-)
This tells me that whatever device you use, Unwiredlabs will know it's you anytime both use/contribute.
In order to prevent downtime to OCID users while we transition maintainership (and TBs of data), we created simple wrappers to Unwired's APIs. The moment we separate the OCID code-base, we'll release a new privacy policy that makes all this completely anonymous except for maybe logging purposes.
sigenc
commented
7 years ago I would like to test on Nexus 6P (7.1.2) CopperheadOS and later Pixel with Copperheados
sigenc@scryptmail.com
E3V3A
commented
7 years ago AIMSICD Lite have now been reloaded!
The "new" AIMSICDL can now be found here: https://github.com/5GSD/AIMSICDL
As described in OP there is a huge amount of work to do, to get things back on track. Mainly because we had to back-track to 29 March 2016, but unfortunately that may not be enough as there where even more weird changes before then. Breaking the intended function of the map points, and possibly silent SMS detection, etc. The good news is that (at least) the app doesn't crash and although it takes a long time to get anything, it does get something eventually. However, the app core need to be re-built from ground up.
The repo is still getting setup, so there is no Wiki and no issues as of yet. We will rewrite some of the Wiki with more development details and clearer instruction for how to contribute. (So please don't post any issues there yet.) What you can do in the meantime, is to star and clone the repo for testing. If you wish to actively participate in development chats and possibly join the core team, please send me an email with your PGP fingerprint and signature. I will then forward your info to the 5GSD maintainer who will get back to you. (We will use encrypted emails from now on! So go ahead and setup your PGP keys and S/MIME certs if you haven't already.)
As of today, we need to test AIMSICDL for:
As for development, you can still contribute by:
Freefair dependencies. What's been done so far:
Looking forward to new valuable contributions!
unicastbg
commented
7 years ago I can use HushSms to send silent ping sms for example. But can't send limitless messages as they cost me some money. If that's of any help, please let me know.
Jinovas
commented
7 years ago Looks like I know what I doing tonight & this weekend! Hoping to get off early today =)
Jinovas
commented
7 years ago @unicastbg @E3V3A It's been a while since I looked into silentsms so I'll need to review how it's done again. But depending on that, I have several means to configure and send texts that shouldn't cost anything.
I have a Twilio API that's super cheap I'd be happy to cover. I was using it with python but it can be used with Java as well I'm sure. I was trying to use it to send me alert texts when my little copfinder script detected any law enforcement came within about 2 blocks of my house.
But being unfamiliar with how to use the Twilio API, I setup and used my MX server instead.
Jinovas
commented
7 years ago Just did a quick search online and this looks interesting. I'll take a closer look in bout hour or so. But wanted to share for those who are way more experienced with code than me =) https://www.codeproject.com/Articles/1044639/Android-SMS-MMS-API-Sending-SMS-MMS-Receiving-SMS
E3V3A
commented
7 years ago I just confirmed that: All tests are broken! (I.e. app has been effectively rendered utterly useless by the github anti-AIMSICD troll community.) However, this was just as expected and the new development will continue as planned.
Jinovas
commented
7 years ago Right on!
Also, sidenote: I tried out the code link above and got it to work but does not actually send a silentsms. So I may have misread it but certainly a good place to start for trying to build a silentsms check
darkerego
commented
7 years ago I can confirm that while HushSMS+ Xposed Module can indeed detect and send silent (and other fun types) of sms messages, but AIMSICD never detects them. It used to, but like E3V3A said, it no longer actually works. It would be great to not need xposed framwork installed to get this functionality... because Android N does not have xposed support yet.
E3V3A
commented
7 years ago @mpkosewski @darkerego
Just to clarify. The app doesn't need any Xposed to work, we only need to re-implement the original code that worked great. But you will probably need to get HushSMS v2.7.6 to test it. Right now testing is way in the future, as we need more developers to join our team to get up to speed. So if you have any app dev skills, there are many small small things you can do to help. First of, by joining our emails and chats where you can get you more details about what is needed.
To re-implement the Silent SMS detection, you need to:
Jun 25, 2015 and patch & test each subsequent SMS related commit, thenJinovas
commented
7 years ago @E3V3A For sure! Shouldn't be hard to grab. And I think I'll need a re-invite because I don't think my Gmail one I wanted to use is working very well especially when trying to view on my mobiles. Plus I do technically already have a fully secure encrypted email anyway I only use for specific things I wanna keep secure. I try to send another email to the person I was talking to previously about joining to see if they can just use that one.
Also, I'm not horribly proficient in Android development, I am however working with a lot more development work now at my current job at google. I'm more knowledgeable with python specifically myself.
I have been doing a lot of diving this past week in learning GSM networks as well how to capture/decode packets. Spent long time last night actually going through your stars and repositories and found a ton of awesome stuff lol
I'd say my specialties lay with networking, Python, reverse engineering(mostly for pentesting/vulnerability findings), debugging/QA to name a few specifics more relevant here. I haven't really found a project or anything yet that I haven't been able to accomplish. Be happy to dive into more development stuff if need be.
Nothing4You
commented
7 years ago @E3V3A is there a reason why you don't provide a public issue tracker? how are people supposed to report issues when testing?
E3V3A
commented
7 years ago @Nothing4You
is there a reason why you don't provide a public issue tracker?
Because we're still in the process to build the new Wiki and adding more clear documentation. So there is no point having people post issues about things we already know how to fix. We think to get some of this done by Thursday. Please stand by. And if you wanna post minor issues, please add them to this thread.
In the meantime, and for those of you who have trouble with email encryption, please follow this:
https://github.com/5GSD/HowTo/blob/master/pgp_smime_setup.md
takiainen
commented
7 years ago Just wanted to inform that radiocells.org is an open cell tower (and wifi hotspot) database. It has all the ocid data as well. Also mozilla has a cell tower database.
I tested this app few times a year or so ago, and always wondered how ocid (or any open database) could be used as a reference. What prevents your adversary from uploading his malicious IMSI catcher cell id and location info into ocid (or whatever) database?
E3V3A
commented
7 years ago @takiainen Sorry, but you're 2 years late to the party. Your comments are absolutely right, which is why we are getting rid of OCID/MLS dependencies in new version, once all tests are working.
ProGamerGov
commented
7 years ago @E3V3A I seem to recall at one point you left AIMSICD during it's development? If this is correct, then was it due to the things you described in this issue? Or issues with the development team?
Also, can you elaborate on these points:
The AT command shell will be removed
The neighboring cell shit for Samsung will be removed
The Femto cell shit will be removed
I think I get removing the AT command shell, as you can't really do anything with, and it doesn't serve a purpose for the user, but what is wrong with Femto cell detection and neighboring cells?
Surely being able to observe the other cell towers that are in range, would be useful for catching fakes? Or does Samsung's neighboring cell thing do something else/waste too many resources/not work accurately enough? Femto cells by their very definition seem like something similar to an IMSI-Catcher, and/or could be modified into one?
takiainen
commented
7 years ago You might find this interesting: https://seaglass.cs.washington.edu/
Jinovas
commented
7 years ago Very nicely done! Good place to get ideas from and improve even =)
darkerego
commented
7 years ago I'd prefer you don't remove the samsung neighboring cells... it finally works well with LineageOS 7.1.1 on my device.
E3V3A
commented
7 years ago @takiainen Yeah, Seaglass is a very well executed project. If AIMSICD had worked 2 years ago... But they are using data collection and retrospective data analysis to get those results. We will use a more localized faster way to get results independent from all around town measurements.
@ProGamerGov @darkerego I'm happy to hear it works on LineageOS N! What baseband are you using on that device? Either way, the way new app will work, it will consist of collector modules for different basebands. One for Samsung Shannon based devices, one for Qualcomm Diag, one for MTK AT commands etc. So yeah, things are not going to be randomly deleted (as in the past) but rather moved into a different module. There are close to no reason to access AT commands on a device where you have diag access for example, except to allow amateurs to screw up their phone. Or if anything AT related, with a "read only" mode, for getting network info.
E3V3A
commented
7 years ago CALL FOR DEVELOPERS
Were starting a new 10 day developer sprint on July 1st, to build the next generation AICD. We estimate that with 6 active developers we can get a working alpha-version (minimalistic app) in about 10 days.
No BS, and no sleepy devs! Our new team will wet vet the PR's.
Signup and chose a topic here: https://github.com/5GSD/AICDm/issues/1 Or send me an email.
If you're wondering WTF happened to AIMSICDL, we've decided it is too laborious to reverse all commits and clean out this, that, and god knows what else, while maintaining that huge blob of deprecated and poorly documented and structured code. So we we're rebooting everything from scratch. However, AIMSICDL will not be useless, rather it will serve as a very important place to find and recycle code and solutions to our future Beta versions.
JonnyTech
commented
7 years ago Our new team will wet the PR's.
Our new team will vet the PR's. ;)
Jinovas
commented
7 years ago Still available for any QA testing if any dev's need some testing/bug reports done.
SM-G920A - Nougat 7.1.1 Nexus 5 Marshmallow 6.0.1
beerisgood
commented
7 years ago First thanks for make that rewrite! I want help, but don't have any programming skills so i only can help test the app on my phone (OnePlus 2) with LineageOS (Android 7.1.2) if that is needed.
Edit: I found other IMSI-catcher. Maybe someone or some code can help you?: Old SnoopSnitch: https://github.com/E3V3A/snoopsnitch - new rebuild: https://github.com/SnoopSnitch/xLite IMSI-catcher: https://github.com/Oros42/IMSI-catcher detect silent SMS: https://github.com/E3V3A/SilentSms various detections: https://github.com/E3V3A/SDR-Detector and see links in readme IMSI Catcher Catcher: https://github.com/E3V3A/icc
darkerego
commented
7 years ago I would love to help write the app, but must be realistic about this; I suck at Android development... That said, however, I do know how to compile APK's, and am happy to test the code and provide feedback or whatever I can do to help (I get the feeling I am not the only one that feels this way).
I have some Samsung and Moto devices that I can use to test with, and it seems that device compatibility is going to be a major key roll in this apps success, so that is why I am bringing it up.
beerisgood
commented
7 years ago Why would you use a old & unsecure Android?
timisagit
commented
7 years ago So far it has been evident that phone manufacturers are only supporting 2 releases of Android onto devices. This means there are a large number of older versions about, mine included. I can't afford to upgrade, this means that the device, whilst perfectly usable is now useless to this project.
I don't disagree with the decision to code to a minimum version, you have to start somewhere. But there are plenty of reasons older software is still in use.
takiainen
commented
7 years ago Have you considered rooting your phone and flashing custom rom? This way you can always get the latest and greatest android version and don't have to worry about poor manufacturer support ever again.
timisagit
commented
7 years ago I've rooted it recently and am preparing to flash as I type, however this is something I'm confident with doing! It does leave the project with either people who run the supported version of Android or those who can update their device to it, potentially losing users who may contribute results.
I will happily support the decision to code to this version though, on the basis that you have to start somewhere and on a more secure version than an un-secure version can only be a positive.
unicastbg
commented
6 years ago What's the current status of this project? When can we expect a built/compiled version? That being said I want to add that I deeply respect the work that goes into this project and the fact it has been resurrected.
FFY00
commented
6 years ago I don't have any experience with android development but I have 3 years of experience programing Java, maybe I could be of some help. I don't really know what I can do regarding the development but I would love to help. I have a LimeSDR shipping in September so that could be of some help for actual testing. Also I'm in the same boat as @timisagit, I have a 4.2 phone and I really need to upgrade it but at the time I can't afford it. There aren't any custom android builds with newer android version for my phone as it is a low key device. Nevertheless, I understand and support the decision.
Gnashspike
commented
6 years ago Hello, I am one of the dumb end users, thus have zero coding or app-building experience. I also haven't the slightest idea about rooting. Kind of timid about bricking my phones. When AIMSICD was working almost two years ago I used it on this phone (Motorola G2/XT1064) and quite probably uploaded some of that ridiculous data you alluded to above.
I've recently acquired a newer device (Moto [Lenovo] G4 Play) running OS 6.0.1, and this device, the G2, is running 6.0. There's probably nothing much I can contribute at this point, but would like to help in any way possible. I value my privacy a great deal, and respect the same for others and sincerely want this project to succeed. I was greatly dismayed when EVA left the project, and it wasn't until recently that I came searching for a glimmer of hope this project was somehow going to be headed in a more desirable direction. After having used cell spy catcher for over a year, and not having access to Snoop Snitch due to rooting fears, and not knowing if my device(s) we're even compatible if rooted (I read the bachelor's thesis you linked), while dealing with constant intrusions, confirmed by my carrier more than once, as having "... All the signs and symptoms of an IMSI Catcher..." on both my devices, as well the proliferation of these nefarious devices not only within law enforcement organizations, but among the darker side of the general public, I want to offer whatever I have available. With EVA in charge again I feel confident that is happening.
I'm certain the last thing any device wants to do is babysit a total no0b, and I desire to be useful and not a burden. Keeping in mind my almost complete lack of understanding, what does my dismal resume offer to this project? If nothing, I'll respectfully kick rocks and bide my time til a.working version comes.to fruition. But if there's ANYTHING I can contribute at this point, please don't hesitate to contact me at this masked email (Blur): bd779ba5@opayq.com. Unfortunately, hushmail.com no longer offers free accounts.
At any rate, good luck with this. I hope to see a working version soon-ish and huge thanks to EVA and the other developers working on this. Cheers!
It has come to my attention that apparently AIMSICD has become even more popular the less it works.
I will say the following not out of disrespect for the many contributors and all the hard labor put into this app, to try to make it work, but as an honest recommendation to all developers here, still thinking this will happen. As it stands right now, it simply will not! And it hasn't worked for the last 2 years (when I left the project), and probably never will unless there is a radical change in matters.
It seem that no one at the CellularPrivacy organization is able to maintain this? SecUpwN lost his account?
OpenCID is closing down.The DB is totally broken and useless from all development aspects. The app is bloated with eye-candy, obscure and useless functions and libraries. The translation integration is bloating the commit history to the point its impossible to follow any valuable coding whatsoever.However, due to recent world political changes and the extremely easy access to SDR home-brew IMSI catchers and constant 2FA hacks using mobile network MiTM techniques. This app is indeed still needed, especially for a wider hardware spectrum. So I am reconsidering to revive my interest in this development effort. BUT
Thus, IFF (If and only if) I am to venture into the revival of this app, it will have to be under the following conditions.
What does all this mean?
It means that:
removedmoved to a "collector".removedmoved to a "collector".Anyway, this is just a suggestion that I have not yet decided on. But it is for sure the only condition I would accept, in order to continue on this project. Feel free to burn me or support me. I happy to hear your opinions either way.