Plugging it back in failed! In the previous tutorial we installed and got Rayhunter, EFF’s IMSI detector, working. Turns out, I was unable to re-connect to the Orbic through the Rayhunter webUI the second time around owing to udev permission problems. After troubleshooting the Rayhunter WebUI, I’ve devised this solution:
First, let’s make sure everything is good to go by updating and fixing missing.
sudo apt update --fix-missing
Next, install adb
sudo apt install adb
Then, we have to determine the vendor ID of our connected Orbic.
lsusb
Here it’s 05c6 and yours is too.
Now we have to establish our udev permissions.
sudo nano /etc/udev/rules.d/51-android.rules
Add the following line:
SUBSYSTEM=="usb", ATTR{idVendor}=="05c6", MODE="0666", GROUP="plugdev"
Save and exit.
Now we have to change the permissions of the file:
sudo chmod a+r /etc/udev/rules.d/51-android.rules
Reload udev rules:
sudo udevadm control --reload-rules
sudo udevadm trigger
Unplug the Orbic.
Restart ADB:
adb kill-server
adb start-server
Plug the Orbic back in and assign it to the VM when prompted.
Now run:
adb devices
Then run:
adb forward tcp:8080 tcp:8080
And that’s it for troubleshooting Rayhunter WebUI!
Now that we can access the webUI we can see there are no warnings, but in the interest of ruling out false negatives, let’s look at some PCAP files in Wireshark. IMSI catchers like to run downgrade attacks, so there are a few indicators we can look for, like the code A5/0 for disabled encryption and/or the IMSI being sent in plaintext.
OK… I looked at the PCAPs and they’re pretty intense, with many indicators suggesting our Orbic interacted with a CSS, and just as many indicators suggesting it didn’t. Unpacking all that is going to need its own video, so… to be continued! If you’ve caught a catcher by watching the watchers, be sure to let the EFF know by contacting them via Signal, username: ElectronicFrontierFoundation.90. Also, be mindful of their disclaimer.
Be sure to like, subscribe to the cyberspacemanmike Youtube channel, and turn on notifications to be alerted when we dissect and analyze the PCAPs.
This has been “Troubleshooting Rayhunter WebUI.” Thanks for watching, bye!