Korean researchers from the Institute of Advanced Technologies have published a toolkit called ltesniffer that allows for passive mode traffic organization between a base station and a cell phone within 4G LTE networks. The toolkit includes utilities for traffic interception and API implementation, providing third-party application functionality. Using the PDCCH physical canal, the toolkit gathers information about traffic from the base station, such as the RNTI (Radio Network Temporary Identifier) and DCI (Download Control Information).
However, Ltesniffer does not decode encrypted messages transmitted between mobile phones and the base station, providing access only to information transmitted in an open format. To intercept traffic only from the base station, a programmable transceiver (SDR) userp b210 with two antennas is required, while intercepting traffic from a mobile phone to the base station requires a more expensive SDR such as the usRp x310 with two additional receivers and an accurate synchronization of time and signal strength.
The Ltesniffer toolkit offers multiple features such as real-time decoding of incoming and outgoing LTE control channels, advanced LTE and LTE Pro support, data transfer mode and duplex channels support, automatic physical level setting for each phone, and support for LTE Security API, among others.
Overall, the Ltesniffer toolkit provides a potent tool for traffic interception, but the necessary equipment such as an SDR and a powerful computer CPU and RAM must be available. The toolkit’s cost starts at $2,000 with the userp b210 and can go up to $11,000 with the usRp x310.