The big GSM write-up â€“ how to capture, analyze and crack GSM? â€“ 2.
So. I had some requests asking me about how I did what I did with GSM. What tools did I use, what hardware and what options?
Since I believe strongly that GSM needs to be â€œout in the hands of the peopleâ€ meaning everybody should have access to cheap hardware and free, opensource software that helps understanding GSM in practice I thought I will create a series of write-ups describing the whole process from the beginning.
Second step: get your environment up and running
native (!) Linux system for OsmocomBB, virtualized/native Linux for RTL-SDR
An easy way to install a native Linux system is using Wubi.
1. RTL-SDR :
This article is the best, it simply covers the whole process from A to Z.
To get the best reception you should always calibrate your RTL-SDR dongle:
It is important to know that decoding GSM requires quite an amount of processing power (even more if you do it in real-time using gsm_receive) so if you use it in a virtual machine don’t forget to give it at least 2 processor cores. On my machine (Core i5 first generation) using just one core gsm_receive wasn’t usable at all.
I assume you completed the first step, so you already have libosmocore installed (!).
First of all you will need to set up an ARM cross compiler,
wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
UPDATE: instead of the above use this tutorial to get a toolchain:
Then clone the OsmocomBB git repository and compile it:
git clone git://git.osmocom.org/osmocom-bb.git cd osmocom-bb/src export PATH=$PATH:/path/to/the/toolchain/gnuarm-3.4.3/bin make
Now it is a good time to do some testing whether OsmocomBB compiled fine or not. Connect your OsmocomBB phone to your PC and run the following command (assuming you are in the src directory):
./host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor -c ./target/firmware/board/compal_e88/rssi.highram.bin ./target/firmware/board/compal_e88/chainload.compalram.bin
If everything is fine your phone should have the RSSI firmware loaded. If you get errors while loading the firmware you need to make sure your cable is fine and you are not using a virtual machine (the virtualized USB controller tends to mess up timings causing the chainloader code to fail).
Now that you can compile and run OsmocomBB code you will be able to run the my modified version of it (will be posted soon).
Receiving, Decoding and Decrypting GSM Signals with the RTL-SDR - rtl-sdr.com
October 14, 2013 @ 07:31
[…] big write up is split into four posts. It starts with an introduction to GSM, then focuses on setting up the environment and required software, thenÂ uncovering the TMSI (step to be released later), and then finally shows how to actually […]
October 30, 2013 @ 06:23
when will you post the modified OsmocomBB code? 😀
this could just be me, but “native linux system for SomeSoftware” sounds like ubuntu, not specifically a device which will receive firmware.
October 30, 2013 @ 08:09
The patch file needs to be cleaned, but after that I will upload it to my gsm repo for sure.
When I say native linux I mean ubuntu, debian, even OS X could be fine. What I wanted to emphasize with that is virtualized Linux envuronment will not work for you, because Osmocom heavily relies on timing and the virtualized USB drivers tend to fail on this area.
I had a half day of debugging to figure it out why the code doesn’t work in VMware Ubuntu – turned out a native installation did the job.
December 22, 2013 @ 22:08
The link http://www.rtl-sdr.com/how-to-calibrate-rtl-sdr-using-kalibrate-rtl-on-linux/ is brocken!
December 22, 2013 @ 23:32
I just tried it and it works for me.
January 10, 2014 @ 07:53
can i know the processor how you done this one
and the coding step by step if you dont mine
Gsm sniffers using rtl sdr
in this i should find the strong gsm signal using spectrum
frequency analyser and
i should dcode the data
so i need some help plz
January 17, 2014 @ 20:13
for what you take osmocom-bb in your instructions?
That has nothing to do with rtl-sdr? What do you want to read it?
January 18, 2014 @ 13:42
I used osmocom-bb to do the TMSI-uncover attack (phone number to TMSI). It has nothing to do with RTL-SDR, but in a classic attack scenario when you only have a phone number this would be your step #1.
May 24, 2014 @ 16:38
The link downloading from gnuarm is broken.do you have other link,please
May 30, 2014 @ 09:15
Thanks for noticing, I updated it 🙂
May 25, 2014 @ 14:16
Very nice write up. I have a question. It is said as “Connect your OsmocomBB phone to your PC…”. Well, mine is iPhone. Can I do the steps with that?
May 30, 2014 @ 09:15
June 4, 2014 @ 17:58
Can i take this arm compiler ???
June 7, 2014 @ 15:39
I’m not sure, OsmocomBB is really picky about compilers, it’s better to stick with the one that works
December 3, 2014 @ 14:22
can any one capture calls and sms in any where or mast bi near to sniffer or in same BTS ?