In this video I show the requirements for GSM sniffing, before we do the actual sniffing and decoding. If you have a proper GSM antenna, then that will be even better but it is not required as I used the default RTL-SDR (whip) antenna. It is important that we set 2G mode on our phone, as we will otherwise (most likely) stay on a 3G or 4G (LTE) network instead.

The Service Mode will be used for guiding us about whether frequency hopping is enabled when we receive an SMS or a phone call (spoiler alert, frequency hopping is generally enabled during phone calls, not as a security measure but to decrease noise), and more importantly, the ARFCN (Absolute Radio Frequency Channel Number) which is the radio channel, or frequency where we receive data from the local BTS (Base Transceiver Station, i.e. “cell tower”).

Service Mode is also available on other types of phone, that I’ve seen during my recent research about GSM sniffing. To find out whether your brand of phone has an equivalent mode, simply google: service mode htc, or field test mode htc

We will need the USB cable from the phone to the computer, in order to speak with the onboard “USB Modem” inside the phone, which is in charge of picking up calls for example. The USB Modem can be queried by us (as will be shown in a later video) to extract the IMSI, TMSI, and current Kc (encryption key).

USB Debugging and USB Tethering are NOT required for this tutorial, even though they may be in the future.

Topics covered:
– Realtek Software Defined Radio
– Wavelength Formula For Antennas
– Forcing 2G Network Mode
– Service Mode On Samsung Galaxy Phones
– Details About Service Mode
– Activating Developer Mode (Not Required)
– Activating USB Tethering (Not Required)

Stay tuned and subscribe for more upcoming videos showing actual hacks!