{"id":48744597,"url":"https://github.com/fzer0x/SentryRadio","last_synced_at":"2026-04-28T06:01:05.390Z","repository":{"id":336646807,"uuid":"1150533697","full_name":"fzer0x/SentryRadio","owner":"fzer0x","description":"A professional Android forensic tool designed to detect, analyze, and map cellular network anomalies, including potential IMSI Catchers (Stingrays), cell site simulators, and suspicious network downgrades and Silent SMS.","archived":false,"fork":false,"pushed_at":"2026-02-11T13:08:11.000Z","size":2623,"stargazers_count":24,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-11T17:58:34.507Z","etag":null,"topics":["android","android-root","android-security","root","xposed","xposed-framework"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fzer0x.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-05T11:48:43.000Z","updated_at":"2026-02-11T13:03:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fzer0x/SentryRadio","commit_stats":null,"previous_names":["fzer0x/sentryradio"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/fzer0x/SentryRadio","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzer0x%2FSentryRadio","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzer0x%2FSentryRadio/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzer0x%2FSentryRadio/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzer0x%2FSentryRadio/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fzer0x","download_url":"https://codeload.github.com/fzer0x/SentryRadio/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzer0x%2FSentryRadio/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32368534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-root","android-security","root","xposed","xposed-framework"],"created_at":"2026-04-12T10:00:24.384Z","updated_at":"2026-04-28T06:01:05.362Z","avatar_url":"https://github.com/fzer0x.png","language":"Kotlin","funding_links":[],"categories":["Security"],"sub_categories":["IMSI Catcher Detection"],"readme":"# Sentry Radio 📡\n\n**Sentry Radio** is a professional-grade Android forensic tool designed to detect, analyze, and map cellular network anomalies, including potential IMSI Catchers (Stingrays), cell site simulators, and suspicious network downgrades.\n\nBuilt for security researchers and privacy-conscious users, it provides deep insights into the radio stack, monitoring both SIM slots in real-time.\n\n---\n\n## 🚀 Key Features\n\n- **🛡️ Dynamic CVE Intelligence:** Fetches real-time modem vulnerabilities from the NIST NVD API, replacing the static, hardcoded list.\n- **🛠️ System-Level Hardening (Magisk/KSU):** Optional module enforces secure radio parameters directly on the baseband level with automatic reboot detection.\n- **⚡ Advanced Panic Mode:** Full system lockdown with network isolation and hardware radio disable for emergency situations.\n- **🔄 Recovery Controls:** Automated recovery procedures and panic validation for post-incident analysis.\n- **📱 App Update Management:** Automatic detection and notification of app updates via GitHub releases with integrated overlay dialog.\n- **🔄 Reboot Management:** Intelligent reboot detection and overlay prompts after KSU/Magisk module installation or updates.\n- **🛡️ Real-time Threat Detection:** Monitors for encryption deactivation, silent SMS, and suspicious cell handovers.\n- **🚨 Full-screen Overlay Alarms:** Critical alerts now appear over all apps and on the lock screen for immediate notification.\n- **📊 Advanced Radio Metrics:** Tracks PCI, EARFCN, Signal Strength (RSSI/RSRP), Timing Advance, and Neighboring cells.\n- **🌐 Forensic Mapping:** Visualize detected cell towers and your movement on an offline-capable map using OSMDroid.\n- **📡 Dual SIM Support:** Full monitoring for multi-slot devices.\n- **🔍 Database Verification:** Cross-references cell data with OpenCellID, Unwired Labs, and BeaconDB to identify \"fake\" towers.\n- **💾 PCAP Export:** Export radio events to GSMTAP-compatible PCAP files for further analysis in Wireshark.\n- **🔐 Encrypted Credentials:** API keys and sensitive data now encrypted with AES-256-GCM in Android Keystore.\n- **📍 Certificate Pinning:** All API connections protected against MITM attacks with public key pinning.\n\n---\n\n## 🛠️ Requirements\n\n- **Android 10 (API 29) or higher.**\n- **Root Access:** Required for deep radio logcat monitoring and installing the hardening module.\n- **(Recommended) Magisk or KernelSU:** For installing the Sentry Radio Hardening module.\n- **(Optional) Xposed/LSPosed:** For enhanced API hooking and stealth.\n- **Permission:** \"Display over other apps\" (SYSTEM_ALERT_WINDOW) for full-screen alarm overlays.\n\n---\n\n## 📥 Installation\n\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/fzer0x/SentryRadio.git\n   ```\n2. Open in **Android Studio** and build the project.\n3. Install the APK on your rooted device.\n4. Grant Root/Superuser permissions when prompted.\n5. **Enable \"Display over other apps\"** in the app settings to allow full-screen alarms.\n6. (Recommended) Go to the **'Settings'** tab and install the **Sentry Hardening Module** for system-level protection.\n\n---\n\n## ⚙️ Configuration\n\nAdd your API key in the app settings (now encrypted in Keystore):\n- [Free][OpenCellID API Key](https://opencellid.org/)\n- BeaconDB (API-Keyless)\n\n---\n\n## 🛡️ Security (v0.5.0)\n\nSentry Radio now includes enhanced security hardening with advanced emergency controls and radio forensics:\n\n- **Dynamic CVE Scanning:** Live vulnerability checks against the NIST NVD database.\n- **Stationary Cell Monitoring (B1):** Detects suspicious cell changes while stationary (IMSI Catcher activity indicator).\n- **Signal Inconsistency Analysis (B2):** Real-time monitoring for SNR anomalies and unrealistic signal power jumps.\n- **Neighbor Consistency Check (B3):** Identifies isolated cells with zero neighbors, typical for malicious cell simulators.\n- **Advanced Panic Mode:** Full system lockdown with hardware radio disable and network isolation.\n- **Recovery Controls:** Automated recovery procedures with panic validation and forensic analysis.\n- **System-Level Hardening Module:** An optional Magisk/KSU module provides deep system integration to enforce radio security policies with intelligent reboot detection.\n- **App Update Management:** Automatic detection of app updates via GitHub API with secure overlay notifications.\n- **API Key Encryption:** AES-256-GCM encryption in Android Keystore\n- **Certificate Pinning:** Public key pinning prevents MITM attacks on all APIs\n- **Audit Logging:** Security events logged for forensic analysis\n\n---\n\n## 📱 User Interface Tabs\n\nSentry Radio features a comprehensive tabbed interface:\n\n### 1. **Status Tab** - Real-time Dashboard\n- **System Integrity Scan** with CVE database sync status and device's Android Security Patch level.\n- Live threat detection with color-coded severity levels.\n- SIM slot switching (Dual SIM support).\n- Real-time metrics: Signal strength, Timing Advance, Neighbor cell count.\n- Threat gauge showing overall risk level.\n\n### 2. **Map Tab** - Forensic Mapping\n- Interactive offline map (OSMDroid) showing all detected cell towers.\n- Cell tower markers with color-coded status.\n- Auto-sync with API databases (BeaconDB, OpenCellID, UnwiredLabs).\n- Tower details on click (coordinates, samples, range, etc.).\n\n### 3. **Audit Tab** - Event Timeline \u0026 History\n- Complete chronological log of all detected threats.\n- Filter by SIM slot.\n- Click events for detailed analysis.\n- Color-coded event types (IMSI Catcher, Silent SMS, Downgrade, etc.).\n- Includes raw logcat captures for forensic analysis.\n\n### 4. **Security Tab** - Active Defense Controls\n- **Block GSM Registrations** - Prevent 2G/GSM network downgrades.\n- **Reject A5/0 Cipher** - Block unencrypted connections.\n- **Advanced Panic Mode** - Full system lockdown with hardware radio disable.\n- **Recovery Controls** - Automated recovery and panic validation procedures.\n- **Threats Blocked Dashboard** - Real-time statistics of blocked attacks.\n- **Blocking Events Log** - Full history of security actions taken.\n\n### 5. **Analytics Tab** - Advanced Threat Analysis\n- **Threat Summary** - Counts by type (signal, baseband, RRC, handover).\n- **Handover Analysis** - Total handovers, anomalies, ping-pong events.\n- **Network Capability Analysis** - Network degradation detection.\n- **Signal Anomaly Detection** - Unrealistic signal jumps and interference.\n\n### 6. **Settings Tab** - Configuration \u0026 Logging Control\n- **Magisk/KSU Hardening Module:** Install or update the system-level security module.\n- **Database Settings:** API keys for OpenCellID, Unwired Labs, BeaconDB.\n- **Detection Sensitivity:** Slider to adjust threat detection threshold.\n- **Logging Options \u0026 Alarm Control.**\n- **App Update Notifications:** Automatic detection and overlay notifications for new releases.\n\n---\n\n## 🛡️ Security Analysis Layers\n\nSentry Radio analyzes several layers of the cellular protocol:\n- **Physical Layer:** Unrealistic signal jumps or timing advance values.\n- **Protocol Layer:** RRC state transitions and Location Update Rejects.\n- **Security Layer:** Monitoring for Ciphering indicator (A5/0) and silent paging.\n- **Baseband Layer:** Live fingerprinting against the NIST NVD database for known modem vulnerabilities.\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! For major changes, please open an issue first.\n\n---\n\n## ⚖️ License\n\nDistributed under the GNU GPL v3 License. See `LICENSE` for more information.\n\n---\n\n## 📝 Changelog\n**v0.5.0**\n- **Stationary Cell Monitoring:** Added \"Lock-in Mode\" to detect cell changes while the device is stationary.\n- **Signal Inconsistency Monitoring:** Added SNR/SINR analysis to identify suspicious high-power signal anomalies.\n- **Neighbor Cell Inconsistency Monitoring:** Detects isolated cells with zero neighbors, typical for malicious cell site simulators.\n- **eBPF Firewall Integration:** Replaced standard iptables rules in Panic-Mode with deep eBPF-based (cBPF) kernel filtering for absolute network isolation.\n- **SELinux Policy Hardening:** Added Magisk/KSU sepolicy rules to isolate radio device nodes (`/dev/smd*`), restricting access exclusively to Sentry and system radio processes.\n- **Libsu Integration:** Replaced legacy `Runtime.exec` with `libsu` in `ForensicService` for more stable, persistent, and performant root shell management.\n- **Native RIL Parcel Parsing:** Enhanced Xposed module to parse native RIL response parcels directly, providing manufacturer-consistent detection of encryption (A5/0) status beyond simple regex matching.\n- **Xposed Package Hiding:** Implemented advanced stealth by hooking `PackageManager` to hide Sentry Radio and Magisk/Root-related packages from all other apps on the system.\n- **Forensic Engine Update:** Integrated new monitors into the core forensic service.\n\n**v0.4.6**\n- Improve Battery safety\n- Add App/Module On/Off Switch option in Settings\n- Fix Root recognition for some devices\n- Fix some minor bugs\n\n**v0.4.5**\n- **Enhanced Chipset Recognition System:**\n    - Added comprehensive codename-to-technical-name mapping for all major chipset families.\n- **Optimized CVE Database System:**\n    - Added intelligent keyword generation based on device chipset.\n- **Improved Performance:**\n    - Faster loading times with targeted vulnerability fetching.\n\n**v0.4.0-beta**\n- **Advanced Panic Mode \u0026 Recovery System:**\n   - Implemented Extended Panic Mode with full system lockdown and hardware radio disable.\n   - Added automated recovery procedures with panic validation.\n- **App Update Management System:**\n   - Implemented automatic app update detection via GitHub API.\n\n**v0.3.0-beta**\n- **Deep System Hardening (Magisk/KSU Module):**\n   - Introduced the Sentry Radio Hardening Module for Magisk and KernelSU.\n- **Dynamic CVE Vulnerability Management:**\n   - Replaced static vulnerability list with live NVD API v2.0 fetching.\n\n**v0.2.1-beta**\n   - Added security hardening (8 new security modules)\n   - Full-screen Overlay Alarms\n   - Certificate pinning for all APIs\n   - AES-256-GCM encryption for API keys in Keystore\n\n---\n\n## ⚠️ Disclaimer\n\n*This tool is for educational and research purposes only. Monitoring cellular networks may be subject to legal restrictions in some jurisdictions. The developer assumes no liability for misuse.*\n\n**Developed with ❤️ by [fzer0x](https://github.com/fzer0x)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffzer0x%2FSentryRadio","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffzer0x%2FSentryRadio","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffzer0x%2FSentryRadio/lists"}