The big GSM write-up – how to capture, analyze and crack GSM? – 2.

So. I had some requests asking me about how I did what I did with GSM. What tools did I use, what hardware and what options?
Since I believe strongly that GSM needs to be “out in the hands of the people” meaning everybody should have access to cheap hardware and free, opensource software that helps understanding GSM in practice I thought I will create a series of write-ups describing the whole process from the beginning.
Enjoy! :-)

Second step: get your environment up and running

Prerequisites:

native (!) Linux system for OsmocomBB, virtualized/native Linux for RTL-SDR

An easy way to install a native Linux system is using Wubi.

1. RTL-SDR :

http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
This article is the best, it simply covers the whole process from A to Z.

To get the best reception you should always calibrate your RTL-SDR dongle:
http://www.rtl-sdr.com/how-to-calibrate-rtl-sdr-using-kalibrate-rtl-on-linux/

It is important to know that decoding GSM requires quite an amount of processing power (even more if you do it in real-time using gsm_receive) so if you use it in a virtual machine don’t forget to give it at least 2 processor cores. On my machine (Core i5 first generation) using just one core gsm_receive wasn’t usable at all.

2. OsmocomBB:

I assume you completed the first step, so you already have libosmocore installed (!).
First of all you will need to set up an ARM cross compiler, like this:

  wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
  tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2

UPDATE: instead of the above use this tutorial to get a toolchain:
http://bb.osmocom.org/trac/wiki/toolchain

Then clone the OsmocomBB git repository and compile it:

  git clone git://git.osmocom.org/osmocom-bb.git
  cd osmocom-bb/src
  export PATH=$PATH:/path/to/the/toolchain/gnuarm-3.4.3/bin
  make

Now it is a good time to do some testing whether OsmocomBB compiled fine or not. Connect your OsmocomBB phone to your PC and run the following command (assuming you are in the src directory):

./host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor -c ./target/firmware/board/compal_e88/rssi.highram.bin ./target/firmware/board/compal_e88/chainload.compalram.bin

If everything is fine your phone should have the RSSI firmware loaded. If you get errors while loading the firmware you need to make sure your cable is fine and you are not using a virtual machine (the virtualized USB controller tends to mess up timings causing the chainloader code to fail).

Now that you can compile and run OsmocomBB code you will be able to run the my modified version of it (will be posted soon).