The big GSM write-up – how to capture, analyze and crack GSM? – 2.
So. I had some requests asking me about how I did what I did with GSM. What tools did I use, what hardware and what options?
Since I believe strongly that GSM needs to be “out in the hands of the people†meaning everybody should have access to cheap hardware and free, opensource software that helps understanding GSM in practice I thought I will create a series of write-ups describing the whole process from the beginning.
Enjoy!Â
Second step: get your environment up and running
Prerequisites:
native (!) Linux system for OsmocomBB, virtualized/native Linux for RTL-SDR
An easy way to install a native Linux system is using Wubi.
1. RTL-SDR :
http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
This article is the best, it simply covers the whole process from A to Z.
To get the best reception you should always calibrate your RTL-SDR dongle:
http://www.rtl-sdr.com/how-to-calibrate-rtl-sdr-using-kalibrate-rtl-on-linux/
It is important to know that decoding GSM requires quite an amount of processing power (even more if you do it in real-time using gsm_receive) so if you use it in a virtual machine don’t forget to give it at least 2 processor cores. On my machine (Core i5 first generation) using just one core gsm_receive wasn’t usable at all.
2. OsmocomBB:
I assume you completed the first step, so you already have libosmocore installed (!).
First of all you will need to set up an ARM cross compiler, like this:
wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
UPDATE: instead of the above use this tutorial to get a toolchain:
http://bb.osmocom.org/trac/wiki/toolchain
Then clone the OsmocomBB git repository and compile it:
git clone git://git.osmocom.org/osmocom-bb.git cd osmocom-bb/src export PATH=$PATH:/path/to/the/toolchain/gnuarm-3.4.3/bin make
Now it is a good time to do some testing whether OsmocomBB compiled fine or not. Connect your OsmocomBB phone to your PC and run the following command (assuming you are in the src directory):
./host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor -c ./target/firmware/board/compal_e88/rssi.highram.bin ./target/firmware/board/compal_e88/chainload.compalram.bin
If everything is fine your phone should have the RSSI firmware loaded. If you get errors while loading the firmware you need to make sure your cable is fine and you are not using a virtual machine (the virtualized USB controller tends to mess up timings causing the chainloader code to fail).
Now that you can compile and run OsmocomBB code you will be able to run the my modified version of it (will be posted soon).
Receiving, Decoding and Decrypting GSM Signals with the RTL-SDR - rtl-sdr.com
October 14, 2013 @ 07:31
[…] big write up is split into four posts. It starts with an introduction to GSM, then focuses on setting up the environment and required software, then uncovering the TMSI (step to be released later), and then finally shows how to actually […]
Caleb
October 30, 2013 @ 06:23
when will you post the modified OsmocomBB code? 😀
this could just be me, but “native linux system for SomeSoftware” sounds like ubuntu, not specifically a device which will receive firmware.
domi007
October 30, 2013 @ 08:09
The patch file needs to be cleaned, but after that I will upload it to my gsm repo for sure.
When I say native linux I mean ubuntu, debian, even OS X could be fine. What I wanted to emphasize with that is virtualized Linux envuronment will not work for you, because Osmocom heavily relies on timing and the virtualized USB drivers tend to fail on this area.
I had a half day of debugging to figure it out why the code doesn’t work in VMware Ubuntu – turned out a native installation did the job.
Rasoul
December 22, 2013 @ 22:08
The link http://www.rtl-sdr.com/how-to-calibrate-rtl-sdr-using-kalibrate-rtl-on-linux/ is brocken!
domi007
December 22, 2013 @ 23:32
I just tried it and it works for me.
teja
January 10, 2014 @ 07:53
can i know the processor how you done this one
and the coding step by step if you dont mine
Gsm sniffers using rtl sdr
in this i should find the strong gsm signal using spectrum
frequency analyser and
i should dcode the data
so i need some help plz
thnk you
Max
January 17, 2014 @ 20:13
for what you take osmocom-bb in your instructions?
That has nothing to do with rtl-sdr? What do you want to read it?
thank you
domi007
January 18, 2014 @ 13:42
I used osmocom-bb to do the TMSI-uncover attack (phone number to TMSI). It has nothing to do with RTL-SDR, but in a classic attack scenario when you only have a phone number this would be your step #1.
inesa
May 24, 2014 @ 16:38
Hello
The link downloading from gnuarm is broken.do you have other link,please
Thanks
Inesa
domi007
May 30, 2014 @ 09:15
Thanks for noticing, I updated it 🙂
sumesh
May 25, 2014 @ 14:16
Hello,
Very nice write up. I have a question. It is said as “Connect your OsmocomBB phone to your PC…”. Well, mine is iPhone. Can I do the steps with that?
Thanks
domi007
May 30, 2014 @ 09:15
No.
inesa
June 4, 2014 @ 17:58
Hello
Can i take this arm compiler ???
wget http://www.codesourcery.com/sgpp/lite/arm/portal/package7813/public/arm-none-eabi/arm-2010.09-51-arm-none-eabi-i686-pc-linux-gnu.tar.bz2
Thanks
domi007
June 7, 2014 @ 15:39
I’m not sure, OsmocomBB is really picky about compilers, it’s better to stick with the one that works
Nilda
December 3, 2014 @ 14:22
Hi
can any one capture calls and sms in any where or mast bi near to sniffer or in same BTS ?