PDA

View Full Version : GSM Triangulation



xtturbo
11-06-2002, 08:34 AM
Does anyone know of any technologies/devices that can be used to triangulate the co-ordinates of a GSM phone? I heard romours that a device is avaliable in singapore and plugs into a laptop computer. Does anyone have plans for such a device etc?

DavieB
11-06-2002, 08:44 AM
I dont know about tracking a specific phone but of course it would be easyish to track a frequency band (like 1800 or 900 for instance) but multiple phones in the area would screw with it..

I think tracking an indiviual phone would be imposible due to the fact the gsm algo is pretty tight (the air encryption one that is) and sniffing the number from the handshakes would be difficult!

phonedudes
11-06-2002, 09:49 AM
If your trying to track just any cell phone, I will not say its IMPOSSIBLE but almost.

These arent the ANALOG days anymore.
So tracking a frequency will do you NO GOOD since GSM digitally multiplexes up to 7 voice paths per Frequency plus they do frequency reuse. Which means the SAME frequence will be used in 2,3 different parts of the city. Add in all the other things and that makes it just about impossible...

Unless, you had access to the Svc Providers switch. Then all the information is a few keystrokes away :)

Phonedudes :grin:

man0n
11-06-2002, 04:48 PM
I know that this mobile phone tracking service is working in germany and in spain will be offered in shortly by some service provider companies.

DavieB
11-06-2002, 04:53 PM
Mmmmm, I knew they COULD but never new they'd offer it as a service..

Remember tho - In the US they were trying to pass a bill whereby operators would only allow a phone onto the network if it was fitted with a GPS device so it could transmit its coordinates when a 911 call was placed... I wonder if its still being debated :/

It would be a gross violation of human rights IMHO and people would fall away from cellphone use killing the market there and giving the companies more money to invest in the rest of the world!

Mulder3
11-06-2002, 05:39 PM
In portugal, operators are offering mobile tracking service, however they anly tell the area of the cell that phone is connected, not real cordinates, so i have one question: i know that is possible to track mobile phone area, but itīs possible to obtain the exact place?

DavieB
11-06-2002, 06:21 PM
I'm asume so! As long as your phone could easily be "seen" by 2 base stations - then they'd use trig (i believe - I can't be bothered working it out on paper.. :p) to triangulate the coordinates of the device...

The way to locate it to an area is simple - they just check which base stations cell it's in and give an approx location based on the location of the basestation!

In the UK, vodafone tells you the local telephone area code using cell broadcast (cell broadcast only sends a message to phones in one cell) - it wasn't always right due to slight overlaps (cells weren't perfectly set in area codes or areas) and their database SUCKED!

Mulder3
11-06-2002, 08:44 PM
Yes, here in Portugal, they have cell broadcast too and transmit area code in channel 50, however, i am very courious of this triangle and how that you calc the coordinates, do you know any website or something?
Now, other question, since it`s very dificult to track otherīs mobile phone without access to providersīs database, what about tracking my own cell phone, maybe with NetMonitor info????

DavieB
11-06-2002, 09:41 PM
@Mulder3:

Hi,
I am no mathamatician - so there may be an easier way to do this but...
Using Trigonometry (Either a/sinA=b/SinB=c/SinC or a/CosA=b/CosB=c/CosC rules) I can do it! But, the base station would have to have its own way of finding the bearing of the phone, the phone would need to have both base stations in view, and both base stations would need to see each other...
Another assumption is that both base stations are a set/known distance apart!

I have no scanner and its hard to explain (involves some diagramming and illustrated explanation as I do not have the skill to explain it in words alone) - I will attempt to transfer the diagrams to the computer but I dont know how I will get on!

You see, If we knew the signal strength degradation to distance ratio (i.e. for every meter the signal degrades by 5db) and the average signal strength for a phone a meter away from the measurement device then we'd EASILY be able to triangulate the position (assuming also you could tell your phone from the others - same assumption lies with the last method also!!!!!) with a laptop connected to 2 aerials or 2 laptops cross city networked!!!
But random uncertainties (battery strength giving crap signal, radio waves blocked (not defracted) by hills, buildings and stuff, etc) prevent us from making accurate readings - and could throw the entire system off by miles!


Sadly, both ideas have a certain amount of assumptions we can't always make and uncertainties which are garunteed to occur randomly - from what I see the ideas are both unfeasible :(


The use of triangles in this way is called Trigonometry - Its very widely used by engineers, designers, scientists, etc - I am studying it at school at the moment actually...

About using netmon:
I dont think so :( Well, there'd be a lot of values youd need from 2 base stations which you know the exact position of - and I realllllly can't be bothered wrapping my already fried head around that one tonight - LOL!

Anyways - talked enough rubbish for the nights, I'm off :)

Rgds!

xtturbo
12-06-2002, 07:57 AM
lol, you need 3 towers.
hence the name triangulation.

its simply a matter of calculating how far the phone is from each station.

when you do this to 3 towers, there is only 1 point the phone can possibly be.

2 Towers will yeild 2 points.
1 tower = infinite circle.

phonedudes
12-06-2002, 12:41 PM
Where your correct on triangulation I think the point you and everyone is missing is the BASICS on how GSM works.
But without going into a long discussion.

GSM phones transmit digitally in a time slot of a frequency. You can be 1 of 8 on that frequency. How are you going to know which slot your looking for? Also across the town/city or whatever that SAME EXACT FREQUENCY IS USED. How are you going to know that whoever it is your looking for isnt over there?? Also dont forget there is more than 1 frequency.. How are you going to know what frequency to look for?? The phones power level is ADJUSTED by the CELLULAR NETWORK. So not to interfere with other chanells. So how are you going to look for signal strength when you dont know what power to look for?? And we can go on and on.. This is not ANALOG where 1 person talks on 1 frequency

SO IT IS IMPOSSIBLE TO DO UNLESS YOU ARE THE SERVICE PROVIDER (or have access to that data) If you are not the one sending data to the phone you will have no clue what phone is sending what. The only one who can triangulate is the one talking to whatever it is you want to triangulate.(THE CARRIER)

So be done with this topic....

Phonedudes

:D

Kjetil
12-06-2002, 02:56 PM
Hey all:)

Just one question.
In the beginning of the net monitor menue there is information about the varios bts around you
(your phone is messuring the signal strenght from each one)

Is this information sent back to BTS?
If it is it can be bossible to tap different bts
and monitor several phones and the locations of these phones.

Ofcourse this means manage to decrypt the signals.

I've seen some hacking equipment, containing a laptop and a modified digital radio scanner (witch support multiplexing) and a programmable box in between.

With this its possible to monitor each phone and view all sms flying around!!!

Just a thought. The gsm network is a commercial network. It is over 100 different manufactors making cell phones, and have the protocolls and encrypt/decrypt info. It cant be to difficult to get our hands on this info???

man0n
12-06-2002, 03:22 PM
Check this product:
http://www.phonetracker.de/Anwendungen/en/en_anw_personen.html

They are using the tracking service offered in germany already.

phonedudes
12-06-2002, 05:08 PM
The PHONE TRACKER is an interesting product but that DOES NOT allow you to 'FIND' 'Triangulate' someone you didnt attach the device to..
And a quote from the site says : The internet-based mobile phone locating services of the network provider

Which is exactly what we said using the NETWORK PROVIDERS information..

So I guess the question would be, If you want to triangulate anyone without them knowing consider it IMPOSSIBLE but if its for a specific person set up with special equipment then obviously yes you can because it talks to the NETWORK.

Phonedudes

Mulder3
12-06-2002, 05:09 PM
@Kjetil

You can download all GSM sepecs at http://www.etsi.org , ETSI (the European Telecommunications Standards Institute) itīs the institutue behind GSM network, they are the ones who assign new mcc/mnc codes to networks, just like RIPE does with european IP address space.