DragonOS Noble LTE based IMSI Capture Demo w/ LTESniffer Using Dual SDRs (SignalSDR Pro)
Why two SDRs and internal GPSDOs?
FDD LTE splits the uplink and downlink onto different frequencies. To successfully monitor both and reconstruct the connection handshake (including extracting the IMSI), you need two synchronized SDRs. Each SignalSDR Pro here uses its own internal GPSDO, ensuring precise timing and frequency alignment for this type of sniffing.
How does IMSI sniffing work?
When the UE connects to the LTE base station, identity and authentication data are exchanged separately on the uplink and downlink. By capturing both with tightly synchronized SDRs, tools like LTESniffer can reconstruct the exchange and, in a lab environment, extract the IMSI as shown in this demo.
Legal & Ethical Note:
This is an educational demonstration performed entirely in a controlled lab with privately-owned hardware and spectrum. Nothing in this video should be interpreted as an endorsement or encouragement of unauthorized or illegal activities.
Questions, or want a deeper technical dive? Drop a comment below!
WarDragon Pro available here (when in stock): https://cemaxecuter.com/?product=wardragon-pro-kit
Don’t miss out on staying connected: Catch updates on Twitter: https://twitter.com/cemaxecuter
Supporting the channel: If you find this content helpful, please consider supporting the channel through Patreon: https://www.patreon.com/cemaxecuterShow More

DragonOS Noble LTE based IMSI Capture Demo w/ LTESniffer Using Dual SDRs (SignalSDR Pro)
In this video, I walk through using LTESniffer with two SignalSDR Pro ...

DragonOS Noble Compiling FALCON & Decoding LTE PDCCH from Direct-to-Cell Satellites (LibreSDR)
In this video I’m remotely connecting to my solar-powered DragonOS SDR ...

WarDragon Pro Offline TAK Map Concept (goatak)
In this video, I spend some time walking through a small—but ...

DragonOS Noble Tracking Starlink's Direct to Cell Satellites with a Solar SDR Station (Nooelec XTR)
Today I’m putting my remote, solar-powered SDR lookout station to the ...

DragonOS Noble Wireless Hacking Devices Protocol client (Nordic nRF52840 Dongle) part 1
In this video, I showcase a work-in-progress DragonOS Noble ISO, ...

DragonOS FocalX/Noble Quick srsRAN (LTE) Test w/ LibreSDR and GPSDO (Leo Bodnar)
In this short demo, I show DragonOS running srsRAN (LTE) using a ...

DragonOS Noble Testing RF Propagation Analysis w/ SignalServer + GUI in 2025
I received a request to get SignalServer and SignalServer GUI back ...

DragonOS Noble Sniff + Passively Capture LTE IMSI (x310, b205mini, SignalSDR Pro)
Welcome to this educational demo on capturing the IMSI from an LTE UE! ...

DragonOS Noble WSJT-X Quick Test over Wi-Fi HaLow (AirspyHF, SDR++, GridTracker2)
In this video I walk you through my experimental remote SDR setup in ...

WarDragon Pro Quick Spectrum View on the Fly (AntSDR e200, SDR++, OpenWebRX)
** It just occurred to me that I forgot to enable/start the codec ...

DragonOS Noble Quick Setup w/ LiteXM2SDR (GQRX, Soapy)
In this video, I show you how to quickly set up the LiteX M2 SDR on a ...

WarDragon Pro + DragonSync iOS: Tracking & Analyzing Drones in the Field
In this video, I take the WarDragon Pro out for a field test, where ...
1
of 28