top | item 41913546

(no title)

motrm | 1 year ago

Certainly Qualcomm modems can have their diagnostic mode enabled when you have access to /dev/diag - usually on rooted devices but occasionally on stock.

You can ask the processor to send higher layer information via diag, including the messages the base stations send. There’s also commands to lock on to a specific base station so you’re not constantly moving from cell to cell.

There’s plenty of commercial devices that use this functionality to provide network monitoring and management capabilities for mobile network operators checking out base station functionality in the field. TEMS comes to mind for that but they’re certainly not the only ones.

It’s a deep rabbit hole :-)

discuss

wkat4242|1 year ago

The diagnostic mode just lists the cells and their parameters afaik. It doesn't capture IMSIs or traffic to/from other devices like this does. It's like the network diagnostics menu built into Samsung and Apple phones.

seba_dos1|1 year ago

It isn't even able to list some crucial parameters needed to identify neighboring cells. It's simply dumping data that's already used by the modem for its regular operation.

It does, however, more than just "listing cells" though. You can sniff all the comms, but only between your device and the base station. It won't listen to anything else, you need SDRs for that.

unknown|1 year ago

[deleted]