So today I had a little bit of time to check out Pytacle. I knew from the beginning that it is alpha-quality software, but I still had some expectations. Many times people in the open-source community “advertise” their software as “alpha, as-is, no guarantees” and then it turns out that the code is pretty functional and does the stuff it is supposed to do. Very humble folks, really appealing.
However with Pytacle this was different: it promised a lot of things to do (“Â It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. “) but it failed to achieve anything like that. First of all I looked at the code, which was surprisingly simple compared to the feature list (for example GSM Analyzer tries to do around 2/3 of the stuff Pytacle promises and it has a large codebase consisting of many classes and files) and however I would never judge a program based on its source code’s size (that would truly be horrible) I was still getting skeptical of the single .py file containing mostly GUI definitions.
So after reviewing the source-code I discovered some things:
1. It tries to script together the procedure already known to GSM hackers (capture stuff, then run it through gsm-receive.py, crack the key, decode the conversation), so you still need to have all the tools, but Pytacle tries to figure out a way for you to run them
2. and sadly it doesn’t do very well. It has magic numbers in it hardcoded (“0B” always for Configuration, “06 3f” for Immediate Assignment) which not seem to perform well (or to be honest: at all) in my environment.
I actually tried changing the configuration to 0C, which is the way mobile carriers operate in my country, and fed Pytacle a file with 5 different Immediate Assignments. It told me “No immediate assignments found, sorry…” and it exited.
So, to come to a conclusion: I really appreciate the effort David put into this script, but right now it is useless. It goes through the whole GSM cracking procedure, but it naturally lacks the human intelligence currently needed to distinguish between different Immediate Assignments, cell configurations etc. so it’s almost always destined to fail on you. It is possible to create such input files (basically cleaning out junk from a real-world file, or run a test-network and capture its traffic) which it can interpret and work on, but that is not going to help someone who would like to try stuff on a real network.