Cell Investigations
Tracking a phone or cell number is very difficult only for the authorities, you cannot do it because there is no access to data and information from these protocols such as GSM, LTE, UMTS and law. You can do that but in a small radius or frequency (certain) For example
HackRF: HackRF One is an SDR (Software-Defined Radio) device that can capture and transmit signals from 1 MHz to 6 GHz. This means it can capture signals from most radio frequencies used in mobile communications, including GSM, UMTS, LTE, and 5G. HackRF is more advanced and has a wider frequency range compared to RTL-SDR, as well as transmission capabilities, allowing for further experimentation.
RTL-SDR: RTL-SDR is a more affordable SDR receiver and generally works in a frequency range from about 500 kHz to 1.7 GHz. This allows RTL-SDRs to capture many radio signals, including some cellular frequencies such as GSM and some 3G/4G frequencies. However, as the frequency range is more limited, RTL-SDRs may not be able to capture all the higher frequencies used in the latest protocols such as 5G
On this case you can use like sigploit for simulation or other tool, you can see on the refference on the bottom
You can perform several techniques to profile a phone number, note that this is not tracking a location in real time but you can find information about the phone number such as who owns it? Where are they registered? Is this number still active? If you find a number then you can do as below:
- Phone number lookup like reverse phone number and other
- Check the contact name on the phone book, get contact, true call or other
- Check the e wallet
- Check the reset password on social media or email address
- HLR lookup
- SMS Ping
- Fraud checking
- Try search on data breach or data broker
- Dork the phone number
- Search phone number on social media
- Carrier info such as what is provider, MNC, MCC and country
The Home Location Register (HLR) is a database that contains data related to customers authorized to use the Global System for Mobile Communications (GSM) network.
Some of the information stored in the HLR includes the International Mobile Subscriber Identity (IMSI) and the International Mobile Subscriber Directory Number (MSISDN) of each subscription.
HLR is a mobile network information database. HLR is an integral component of GSM, CDMA, and TDMA networks. This method is not a method for tracking location, but rather the area where a cellphone number comes from based on a unique code set by each cellular operator.
HLR will never be accurate. HLR will only show the location of the city where the number was issued or registered, not the location where we are now
The IMSI uniquely identifies each Subscriber Identity Module (SIM) and serves as the primary key for each record in the HLR
MSISDN (also known as Mobile Station International Subscriber Directory Number) is a list of telephone numbers for each subscription
-
HLR is updated whenever the SIM is transferred to another location area.
-
HLR also plays a crucial role in the delivery of Short Message Service (SMS) messages.
-
Before an SMS company forwards a message to the intended recipient, it scans through the HLR to find the recently used Mobile Switching Center (MSC).
-
If the target MSC reports that the recipient's phone is unavailable, a message waiting flag is set in the HLR.
-
If the recipient appears in another MSC (for example, when traveling to another city), they still receive the message because the MSC notifies the HLR once the recipient is detected within its jurisdiction.
-
Other mobile components actively working with the HLR include the Gateway Mobile Switching Center (G-MSC), Visitor Location Register (VLR), and Authentication Center (AUC).
A base transceiver station (BTS) or a baseband unit[1] (BBU) is a piece of equipment that facilitates wireless communication between user equipment (UE) and a network. UEs are devices like mobile phones (handsets), WLL phones, computers with wireless Internet connectivity, or antennas mounted on buildings or telecommunication towers. The network can be that of any of the wireless communication technologies like GSM, CDMA, wireless local loop, Wi-Fi, WiMAX or other wide area network (WAN) technology.
BTS is also referred to as the node B (in 3G networks) or, simply, the base station (BS). For discussion of the LTE standard the abbreviation eNB for evolved node B is widely used, and GNodeB for 5G.
Though the term BTS can be applicable to any of the wireless communication standards, it is generally associated with mobile communication technologies like GSM and CDMA. In this regard, a BTS forms part of the base station subsystem (BSS) developments for system management. It may also have equipment for encrypting and decrypting communications, spectrum filtering tools (band pass filters) and so on. Antennas may also be considered as components of BTS in general sense as they facilitate the functioning of BTS. Typically a BTS will have several transceivers (TRXs) which allow it to serve several different frequencies and different sectors of the cell (in the case of sectorised base stations). A BTS is controlled by a parent base station controller via the base station control function (BCF). The BCF is implemented as a discrete unit or even incorporated in a TRX in compact base stations. The BCF provides an operations and maintenance (O&M) connection to the network management system (NMS), and manages operational states of each TRX, as well as software handling and alarm collection. The basic structure and functions of the BTS remains the same regardless of the wireless technologies.
Curiulation in Cell Phone Tracking:
Triangulation is a mathematical technique used to determine the location of an object using information from at least three known reference points. In the context of cell phone tracking, triangulation involves using data from multiple sources, such as cellular signals, GPS, and Wi-Fi, to determine a cell phone's location with fairly high accuracy. Not just anyone can do it because it requires sensitive data such as IMEI, LAC, CID, etc. which are only accepted by the provider/network provider. However, it can still be used by the police because they are the authorities.
Triangulation is so named because conceptually it looks like forming a triangle using three BTS towers that are simultaneously connected to our cellphone.
Each BTS tower is divided into three sectors, which we can call the Alpha, Beta and Gamma sectors (α, ß, Y). Each sector is used to measure the distance from the user's location to the BTS tower.
Mobile Country Codes (MCC) and Mobile Network Codes (MNC). Mobile Country Codes (MCC) are used in wireless telephone networks (GSM, CDMA, UMTS, etc.) in order to identify the country which a mobile subscriber belongs to. In order to uniquely identify a mobile subscribers network the MCC is combined with a Mobile Network Code (MNC). The combination of MCC and MNC is called HNI (Home network identity) and is the combination of both in one string (e.g. MCC= 262 and MNC = 01 results in an HNI of 26201). If you combine the HNI with the MSIN (Mobile Subscriber Identification Number) the result is the so called IMSI (integrated mobile subscriber identify). Below you can browse/search the list of countries and their MCCs for free in order to identify any MCC, MNC or HNI of the world
Example MCC & MNC on Indonesian and the provider list
CellMapper is an app that can show you the cellular coverage available through a cellular service provider's frequency range. It gives you detailed information about the networks closest to you and even allows you to help by using your own information. You can use apps like NetMonster, SMSping for tester and you can search the location using OpencellID or Cellmapper on this repo
Example
MCC : 510 [Indonesia]
MNC : 10 [PT Telekomunikasi Selullar]
LAC : 5530 [Location Area Code]
CELLID : 36246472 [BTS Unique Identifier]
The LAC CID information can be legally obtained by Law Enforcement through Call Data Record (“CDR”) which is stored by each telecommunication operator for a period of 3 months. Some operators even store CDR for up to 6 months. The Cell ID is usually used as a clue to find out the location of the SMS sender
Tracking phone number not easy, there is law and if you want try you can use NetMonster, SMSping, SDR, Sigploit for simulatioun. I will make changes to the article here and review it and add case study examples
VLR, IMSI, MSISDN, MRSN, Signaling, Teclo, VOIP, GSM, MCC, MSIN, SS7, HLR, VOIP, AOL Signal Int (SIGINT)