Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

README! The future and continued survival of AIMSICD #926

Open
E3V3A opened this issue Apr 9, 2017 · 91 comments
Open

README! The future and continued survival of AIMSICD #926

E3V3A opened this issue Apr 9, 2017 · 91 comments

Comments

@E3V3A
Copy link
Contributor

E3V3A commented Apr 9, 2017

It has come to my attention that apparently AIMSICD has become even more popular the less it works.

I will say the following not out of disrespect for the many contributors and all the hard labor put into this app, to try to make it work, but as an honest recommendation to all developers here, still thinking this will happen. As it stands right now, it simply will not! And it hasn't worked for the last 2 years (when I left the project), and probably never will unless there is a radical change in matters.

It seem that no one at the CellularPrivacy organization is able to maintain this? SecUpwN lost his account? OpenCID is closing down. The DB is totally broken and useless from all development aspects. The app is bloated with eye-candy, obscure and useless functions and libraries. The translation integration is bloating the commit history to the point its impossible to follow any valuable coding whatsoever.

However, due to recent world political changes and the extremely easy access to SDR home-brew IMSI catchers and constant 2FA hacks using mobile network MiTM techniques. This app is indeed still needed, especially for a wider hardware spectrum. So I am reconsidering to revive my interest in this development effort. BUT

Thus, IFF (If and only if) I am to venture into the revival of this app, it will have to be under the following conditions.

  • The app development will be under a new organization that I am in control of.
  • The app specifications will be strictly held to and hawk-eyed according to my specifications
  • The app detections will be strictly held to and hawk-eyed according to my specifications
  • The app will not have any automatic translations. It will be English only, until the day it's finished. (So no need to worry about RTL, i18 and all that junk.) It should be bloody well simple enough UX that any language should not be necessary.
  • The app will have a bare-bone, ultra minimalistic structure and UI. (No star-wars themes, etc.)
  • The app will again use well known and great SQLite3 DB as originally specified but reduced to need.
  • The detection's will be updated and modularized.
  • The detection should be primarily instantaneous and secondarily retrospective. (I.e. Use obvious detection's first and deeper SQL analysis second.)
  • Minimum API support should be API 21, Lollipop. (If you are really concerned about security and still using AOS less that Marshmallow, you're really not that interested!) I can't be bothered with having to deal with obsolete and outdated API issues and legacy code.
  • Java 8
  • External library free to the greatest extent possible. (Do we really need that 1 MB library, just to use that one method to do diddley?)

What does all this mean?

It means that:

  • The original OS map will be used as originally intended with one dot for every BTS
  • The original SQL ER diagram will be used as intended
  • The original module structure will be used as intended but expanded, reduced and revised
  • The core network data collector will need to be re-written for efficiency and to use all features
  • The AT command shell will be removed moved to a "collector".
  • The neighboring cell shit for Samsung will be removed moved to a "collector".
  • The Femto cell shit will be removed
  • The silent SMS detector will be re-instated as originally working
  • The manual BTS antenna map placement will be developed
  • Nothing will be uploaded to any servers (Dumb people and shitty apps just spam & upload wrong data.)
  • Nothing will be downloaded from any servers, except Map tiles and maybe limited MLS data.
  • A wrapper download app will be on Google Play. That app will check and download latest AIMSICD and check the app signature and hash. Signature certificate will be held by me and one other trusted person, only.
  • I reserve my right to amend to this list, as I'm sure I've forgotten loads of other things.

Anyway, this is just a suggestion that I have not yet decided on. But it is for sure the only condition I would accept, in order to continue on this project. Feel free to burn me or support me. I happy to hear your opinions either way.

@gopi-ar
Copy link

gopi-ar commented Apr 10, 2017

Just a note, OCID isn't closing down. My company Unwired Labs has taken over maintainership of this project and have plans to revive it's dying community and data quality.

@timisagit
Copy link

Hi, I've just found this app and am not a developer so have no comment in regards to the development that has happened and the current state of the application. This app is of interest to me though and it'd be nice if it worked. What would be useful is to be able to use this with limited data usage whilst not on a wlan, downloadable cell data/mapping would be great.

I've a Samsung Galaxy S4 mini and Jolla Sailfish (1) which I'm intending to use for testing, so far they both appear to be working if flaky on the Jolla which I expect.

Here's to the future, where ever it goes..

@He3556
Copy link
Collaborator

He3556 commented Apr 20, 2017

I like the ideas of EVA. The time was not wasted - as long as you learn from your mistakes.
Under this conditions, i would like to start a AIMSICD-light

@E3V3A
Copy link
Contributor Author

E3V3A commented Apr 30, 2017

@gopi-ar Will the OCID API still be freely available? What is your ETA for completing migration?

@E3V3A
Copy link
Contributor Author

E3V3A commented Apr 30, 2017

I have now a version of aimsicd that is based off the march 29, 2016. I have tried to update it by cherry picking to fix known bugs to this date, but without using lombok or realm. It works, but will requre a lot of fixing and trimming, TLC!

What I would really like to know , is if there is any other interest from any of the 2683 star gazers or 540 forkers, to actually help out?

@gopi-ar
Copy link

gopi-ar commented May 1, 2017

@E3V3A the OCID API was never down, only downloads were unavailable until we completed migration. Downloads of the Cells DB are now available in the OCID dashboard.

@E3V3A
Copy link
Contributor Author

E3V3A commented May 4, 2017

@gopi-ar So what is the current status? Because it certainly seem down at the moment.
Right now we only get this response from your servers:

<?xml version="1.0"?>
<rsp stat="fail"><err info="getInArea endpoint is down at the moment" code="1"/></rsp>

@Jinovas
Copy link

Jinovas commented May 5, 2017

I'm not exactly a programmer but I have great experience in analyzing code, QA testing and debugging as well as a lot of pentesting including Rogue AP's. I'm very familiar with the concept of IMSI catchers and the android platform(currently work for google OTA sshhhhh). I'd love to help out anyway I can with this project as I believe it's much needed.

@E3V3A
Copy link
Contributor Author

E3V3A commented May 7, 2017

This project will be reloaded and go ahead!

@mpkosewski @Nordlenning Great! What's your email? I'll send you an invitation to the new project site.

@Jinovas
Copy link

Jinovas commented May 7, 2017

Adding regular email address for public viewing now on my profile. should be up there shortly =]
(waiting on damn verification email lol)

@Jinovas
Copy link

Jinovas commented May 7, 2017

Ok for whatever reason github is taking forever to verify my other email. but here it is anyway

[email protected]

@andr3jx
Copy link
Contributor

andr3jx commented May 7, 2017

Hey, thanks for messaging me EVA! Great to hear that you are back with new ideas for AIMSICD!
I'm open for some testing and adding my salt! However I'm very pessimistic about what we can accomplish with AIMSICD Lite. The last time I checked I read this bachelor thesis which stated that none of the implemented AIMSICD detections could be verified working. It's a nice idea to debloat AIMSICD but this alone is not enough. For me the question is what can be done to improve the detections methods so that they can be verified working reliably.
I will get the next week a new phone (Sony Xperia X Performance) which I can offer for testing / developing (My old Wiko Darkmoon got very obsolete).

@E3V3A
Copy link
Contributor Author

E3V3A commented May 8, 2017

@andr3jx Great to hear from you too!

...this bachelor thesis which stated that none of the implemented AIMSICD detections could be verified working.

I didn't read the thesis yet, but that is exactly the point. I don't think any of them is working. Also posting the OsmocomBB phone detections on this page here is very confusing and completely misleading.

Nothing really new, except this time it will work! Mainly because it will be built to our specifications and not according to opinions of random people. The app will be re-built from the ground up and under a different organization that will keep the project on target. Once the basic data collector module has been re-built and implemented, it should be a very easy and straight forward to implement each test. Then each detection will be separate from all others and can be independently tested and developed. I will provide new diagrams and the new repo hopefully within a week.

@tictakk
Copy link

tictakk commented May 8, 2017

I'm not sure this if this is a thread has turned into a call for volunteers or not, but I would like to show my support as well. I'm a senior undergrad with experience in these topics (wireless networks/programming). I'm not sure how much I'll be able to contribute or what is being sought; I'm more than happy to contribute in any meaningful way.

@Jinovas
Copy link

Jinovas commented May 8, 2017

Thought this app was badass when I found it years ago and I think it worked for most part but I was also total nub to all of it lol now I know it's actual worth and what can be done with imsi catchers.

Been trying to build a lil prototype one myself to better understand and learn more but been having issues getting it to work on my kali box. Gunna try to do a fresh setup tonight I'd I can @_@

For testing I can offer S4 KitKat, S6 6.0.1 Att, nexus 5 & 7 w/6.0.1, Linux w/rtl-sdr(plan on getting higher grade equipment but I a broke betch and just started new job lol)

@nsk
Copy link

nsk commented May 10, 2017

E3V3A invite for test the new build in S8
[email protected]

@unicastbg
Copy link

I can add Mi 5s as a test phone as well as Umi Diamond, both on Android 6. If someone's interested :)

@gopi-ar
Copy link

gopi-ar commented May 18, 2017

@Nordlenning posted something earlier and I'm unable to find that comment. I'd like to respond on behalf of Unwired to a couple of points just to clarify that our stance is and will remain community friendly:

We will not be able to download random OCID Key(Token) within AIMSICD.

We were recently made aware that the old OCID codebase allowed auto-registration from android apps; we haven't stumbled on this end point yet as it wasn't documented by the previous maintainers. If the maintainer / contributors of AIMSICD can reach out to us at contact [at] unwiredlabs.com, we can build this into the new codebase so the app continues to work.

We will have to register youre private e-mail to get private key & enter ocid key in requester in (AIMSICD). We will not be able to download data without this "personal"key.

The moment we re-add this 'anonymous registration' feature to OCID, you can go right ahead and download the data again :-)

This tells me that whatever device you use, Unwiredlabs will know it's you anytime both use/contribute.

In order to prevent downtime to OCID users while we transition maintainership (and TBs of data), we created simple wrappers to Unwired's APIs. The moment we separate the OCID code-base, we'll release a new privacy policy that makes all this completely anonymous except for maybe logging purposes.

@sigenc
Copy link

sigenc commented May 19, 2017

I would like to test on Nexus 6P (7.1.2) CopperheadOS and later Pixel with Copperheados

[email protected]

@E3V3A
Copy link
Contributor Author

E3V3A commented May 19, 2017

AIMSICD Lite have now been reloaded!

The "new" AIMSICDL can now be found here:
https://github.com/5GSD/AIMSICDL

As described in OP there is a huge amount of work to do, to get things back on track. Mainly because we had to back-track to 29 March 2016, but unfortunately that may not be enough as there where even more weird changes before then. Breaking the intended function of the map points, and possibly silent SMS detection, etc. The good news is that (at least) the app doesn't crash and although it takes a long time to get anything, it does get something eventually. However, the app core need to be re-built from ground up.

The repo is still getting setup, so there is no Wiki and no issues as of yet. We will rewrite some of the Wiki with more development details and clearer instruction for how to contribute. (So please don't post any issues there yet.) What you can do in the meantime, is to star and clone the repo for testing. If you wish to actively participate in development chats and possibly join the core team, please send me an email with your PGP fingerprint and signature. I will then forward your info to the 5GSD maintainer who will get back to you. (We will use encrypted emails from now on! So go ahead and setup your PGP keys and S/MIME certs if you haven't already.)

As of today, we need to test AIMSICDL for:

  • silent SMS detetction.
  • All other tests are meaningless as the entire test/detection mechanism will need to be rebuilt. (Core team is working on this internally.)

As for development, you can still contribute by:

  1. Removing all Freefair dependencies.
  2. Remove the AT command interface
  3. Remove the OCID uploader
  4. Getting back the colored status icon on the Menu/navigation bar
  5. Removing all not used resource files, and other what not
  6. See if you can get the speed up for updating the data in the DB viewers...

What's been done so far:

  • removed femto-cell detector
  • removed lots of freefair cancer
  • removed AT functionality from menu
  • removed all other languages and translations + auto-translate integration
  • removed git auto-builds etc.
  • updated gradle dependencies and Min API
  • patched most code-stability changes up to today date, starting since 29 Mar 2016.

Looking forward to new valuable contributions!

@unicastbg
Copy link

I can use HushSms to send silent ping sms for example. But can't send limitless messages as they cost me some money. If that's of any help, please let me know.

@Jinovas
Copy link

Jinovas commented May 19, 2017

Looks like I know what I doing tonight & this weekend! Hoping to get off
early today =)

@Jinovas
Copy link

Jinovas commented May 19, 2017

@unicastbg @E3V3A It's been a while since I looked into silentsms so I'll need to review how it's done again. But depending on that, I have several means to configure and send texts that shouldn't cost anything.

I have a Twilio API that's super cheap I'd be happy to cover. I was using it with python but it can be used with Java as well I'm sure. I was trying to use it to send me alert texts when my little copfinder script detected any law enforcement came within about 2 blocks of my house.

But being unfamiliar with how to use the Twilio API, I setup and used my MX server instead.

@Jinovas
Copy link

Jinovas commented May 19, 2017

Just did a quick search online and this looks interesting. I'll take a closer look in bout hour or so. But wanted to share for those who are way more experienced with code than me =)
https://www.codeproject.com/Articles/1044639/Android-SMS-MMS-API-Sending-SMS-MMS-Receiving-SMS

@E3V3A
Copy link
Contributor Author

E3V3A commented May 24, 2017

I just confirmed that: All tests are broken! (I.e. app has been effectively rendered utterly useless by the github anti-AIMSICD troll community.) However, this was just as expected and the new development will continue as planned.

@Jinovas
Copy link

Jinovas commented May 24, 2017

Right on!

Also, sidenote: I tried out the code link above and got it to work but does not actually send a silentsms. So I may have misread it but certainly a good place to start for trying to build a silentsms check

@quantumpacket
Copy link

This and the official fork are both dead. Sad :(

@whitetornado
Copy link

whitetornado commented Nov 10, 2018 via email

@jetta20162
Copy link

jetta20162 commented Dec 13, 2018

I am trying to continue the development, please check this fork: https://github.com/Jetta20162/Android-IMSI-Catcher-Detector. So far i have upgraded all sdk, gradle, etc and I cleaned up some code and implemented LTE, CDMA and WDCMA support for some parts of the code. (Cell tracking, neighbour cells, etc...). Currently only Android 8+ devices are supported because of new android APIs wont work on lower android versions

@objectorange
Copy link

Is it 'working minimally'?

@jetta20162
Copy link

jetta20162 commented Dec 13, 2018

Is it 'working minimally'?

It can be compiled & should work as before. The Minimum API Level is Android 8.0 and i have cleaned up some old code. The neighboring cell info should now check for GSM/LTE/CDMA/WDCMA types

@vrobolab
Copy link

what about Android 7 (LineageOS 14) ?

@jetta20162
Copy link

jetta20162 commented Dec 13, 2018

what about Android 7 (LineageOS 14) ?

Maybe i will lower the API level later, for now i will develop with Android 8 API, if you want to try it you can download the souurce and change the api level to 6 or 7

@whitetornado
Copy link

whitetornado commented Dec 13, 2018 via email

@jetta20162
Copy link

It will work also with GSM towers? Op do 13 dec. 2018 07:02 schreef jetta20162 <[email protected]:

what about Android 7 (LineageOS 14) ? Maybe i will lower the API level later, for now i will develop with Android 8 API, if you want to try it you can download the suource and change the api level back to 6 or 7 if you want — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#926 (comment)>, or mute the thread https://github.com/notifications/unsubscribe-auth/AI4Inxaszrqma6v_Zs4JsqooF7WYRfalks5u4e1-gaJpZM4M4Jn_ .

At the moment it will at least work like the old version.

@E3V3A
Copy link
Contributor Author

E3V3A commented Dec 15, 2018

@jetta20162

It can be compiled & should work as before.

It will never work as before (as I have already mentioned here and elsewhere dozens of times). At least not as long as people keep insisting to try to revive this dinosaur carcass. After the implementation of the changes that was made after I left the project, all of the most important and relevant functionality was broken.

Either way, because of the greatly matured mobile technology in the Android field. We now have access to all the things necessary to truly make this a possibility again. This means that we have debug and mobile radio network packet access for almost all hardware platforms. (Qualcomm, MTK, Samsung etc.). However, everyone should know that the advance on the catcher side has progressed beyond crap-ware and is essentially impossible to circumvent and very hard to detect, since ~2 years ago. But there are some countermeasures available, to make this harder.

The bottom line, is that:

So don't get fooled by side-lined forks (as recently posted above) claiming to be operational.
Check the commit history and you will see essentially nothing new has been done, apart updating some gradle versions.

@jayrmartinignaciojr
Copy link

Jajaja

@Justindeveloping1
Copy link

Im really interested in this and i am new to this but stings force into 2G and still shows 3g 4g lte on cellular phones, cant we block forced 2g or atleast ring a bell that we can have a trigger to airplane mode and back for a few seconds, or am i too late?

@SyntaxxxErr0r
Copy link

Oh I am all a glow and giddy go hear you say this .. it would be great if more developers were not focused on the eyecandy.. I want DATA...

not pretty moving pictures.... I I wanted pretty moving pictures I'd watch TV. But I don't watch TV. Nor do I feel inclined to begin doing so.

@Justindeveloping1
Copy link

Justindeveloping1 commented Jul 2, 2019 via email

@SyntaxxxErr0r
Copy link

Awesomeness.. I personally am not much of a coder, however, I seem to have a bit of a nack for code linting. Bug hunting, testing etc. I'm more than happy to assist with those. As my monicker suggests I tend to make a lot of syntax errors, but don't let that fool you, while my own work is guaranteed to fail the first few hundred times (exaggerated but close enough) when proofreading and assisting others I set the bar higher than what I expect of myself. I also prefer analyzing data over writing the tools that gather it. I think I just wrote myself into a loop.. I might need to give myself the 3 finger salute. -weg-

@Justindeveloping1
Copy link

Justindeveloping1 commented Jul 2, 2019 via email

@PeekFreansCDN
Copy link

This all makes me terribly upset. One of open sources largest weaknesses and strengths simultaneously.

@objectorange
Copy link

objectorange commented Jul 11, 2019

I don't have the bandwidth to jump into the implementation as I'm full bore on 1M5.io but I'm definitely interested in including this as a component with 1M5 to assist in Stingray identification, blocking, and jamming. When we get enough BTC to aid in developing this, we'll provide some. Android is pretty corrupted by Google so we've opted to focus strictly on laptops, cell phones, and drones that support full JVMs (e.g. Purism).

@objectorange
Copy link

objectorange commented Jul 11, 2019

@beerisgood @PeekFreansCDN why don't you jump in?

@objectorange
Copy link

Why did @E3V3A quit on this? Who is the original lead dev on this? What's the back story?

@Justindeveloping1
Copy link

Justindeveloping1 commented Jul 12, 2019 via email

@objectorange
Copy link

objectorange commented Jul 12, 2019

@Justindeveloping1 it doesn't appear you were the original lead dev on this project considering your profile just joined? I don't think this project is something a self-proclaimed 'noob' should lead right?

@objectorange
Copy link

Over 90 contributors is pretty impressive. It looks like many of the original devs are no longer even associated with the project. Not even @E3V3A. All of the people on the team now don't even seem very active on github in general.

@objectorange
Copy link

objectorange commented Jul 12, 2019

Could just using end-to-end encryption negate needing to block an IMSI catcher? Maybe that's why this project died? Of course using apps like Facebook doesn't use end-to-end encryption although Tor uses payload encryption which should negate IMSI catchers although they could see you connecting to a Tor entrance node if they're aware of what nodes are entrance nodes but they couldn't see content nor what you're browsing.

@ghost ghost deleted a comment Aug 1, 2019
@paulyc
Copy link

paulyc commented Sep 20, 2019

https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/fork

@deltabravozulu
Copy link

With consideration for the fact that nothing ever happened, I hereby vote for @Justindeveloping1 to head this project and become the lead developer such that he may clear all up.

@unicastbg
Copy link

Following the same logic - that something is better than nothing, I also vote for anyone who's up for this challenge. Serious skills needed here, no doubt about it. But on the other hand, if it's even still possible to do it, I believe a lot of people will be interested. And this could lead to some profit, cause I personally would like to thank the person/group of people who developed a working version of this software with a donation or by purchasing a registered version/license.
I did it once already, I'll do it again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests