GPRS Sniffing Tutorial
2024-10-16 08:03:24
- Download sources into ~/gprs_sniffer
git clone git://git.osmocom.org/osmocom-bb.git
git clone git://git.osmocom.org/libosmocore.git
git clone git://git.srlabs.de/gprsdecode.git
wget http://srlabs.de/dl/gprs_multi.patch
- Download ARM cross compiler
wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
tar xf bu-.15_gcc-3.4.-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
- Compile and install libosmocore
cd ~/gprs_sniffer/libosmocore
autoreconf -i
./configure
make
sudo make install
- Compile gprsdecode
cd ~/gprs_sniffer/gprsdecode
make
- Prepare OsmocomBB's burst_ind branch
cd ~/gprs_sniffer/osmocom-bb
git checkout origin/sylvain/burst_ind
git checkout d1cb8ea9b784c7acbafbb2fdcedbdf4655c2f6f5
patch -p1 < ~/gprs_sniffer/gprs_multi.patch
- Compile OsmocomBB
cd src
export PATH=$PATH:~/gprs_sniffer/gnuarm-3.4./bin
make
- Run OsmocomBB firmware
# Conect Motorola phone with USB cable
cd ~/gprs_sniffer/osmocom-bb/src
./host/osmocon/osmocon -m c123xor -p /dev/ttyUSB0 ./target/firmware/board/compal_e88/layer1.compalram.bin
# Switch on Motorola phone
- Run OsmocomBB host software (in 2. terminal)
cd ~/gprs_sniffer/osmocom-bb/src
./host/layer23/src/misc/cell_log
- Adjust to active network
# look for active networks in the output:
cell_log.c: Sync ARFCN (rxlev -, syncs left)
cell_log.c: Cell: ARFCN= MCC= MNC= (Italy, TIM)
# in this case, network is TIM, and ARFCN is
# kill cell_log with ctrl-c, and rerun with correct ARFCN:
./host/layer23/src/misc/layer23 -a # Data channel assignments look like this
layer3.c: GSM48 IMM ASS (ra=0x72, chan_nr=0x0a, HSN=, MAIO=,
TS=, SS=, TSC=)l1ctl.c: Tx Dedic.Mode Est Req (maio=,
hsn=, chan_nr=0x0a) # Red lines indicate signal strength
# In this case out of slots are used:
l1ctl.c: BURST IND: @( = //) ( - dBm, SNR )
l1ctl.c: BURST IND: @( = //) ( - dBm, SNR )
l1ctl.c: BURST IND: @( = //) ( - dBm, SNR )
l1ctl.c: BURST IND: @( = //) ( - dBm, SNR ) # wait for session end or kill with ctrl-c
# A file like "bursts_20110821_1648_29_2094723_0a.dat" is produced
- Run GPRS decoder
# Start Wireshark, capturing on interface "lo"
~/gprs_sniffer/gprsdecode/gprsdecode bursts_20110721_1648_29_2094723_0a.dat
- Optional: Test with sample data
wget http://srlabs.de/dl/gprs_262_80_0001_0000_20110710_2251_875_494777_0f.dat
~/gprs_sniffer/gprsdecode/gprsdecode gprs_262_80_0001_0000_20110710_2251_875_494777_0f.dat
wget http://srlabs.de/dl/gprs_262_80_0001_0000_20110710_2252_875_514147_0f.dat
~/gprs_sniffer/gprsdecode/gprsdecode gprs_262_80_0001_0000_20110710_2252_875_514147_0f.dat
- Optional: Build Wireshark from source
svn co http://anonsvn.wireshark.org/wireshark/trunk wireshark
cd wireshark
./autogen.sh
./configure
make
sudo make install
- Optional: Uplink sniffing
# the default firmware captures downlink slots,
# for uplink you need to compile a different firmware.
# open "osmocom-bb/src/target/firmware/layer1/prim_sniff.c"
# at line , modify #if 1 to 0
# go back to 'Compile and install libosmocore'
最新文章
- maven模块
- Ubuntu 12 编译安装 PHP 5.4 及 问题汇总
- locality
- SQLServer2014内存优化表评测
- 超轻量级高性能ORM数据访问组件Deft,比dapper快20%以上
- bin文件格式分析
- 关于socket通讯,如何才能高效?
- ThinkPHP中:检查Session是否过期
- Struts2中五个重要的常量
- Java 基于ArcFace人脸识别2.0 服务端Demo
- flask保存 文件到本地
- 【CF802C】Heidi and Library(网络流)
- winform中devexpress bindcommand无效的解决方法
- 除了/etc/init.d/加启动脚本 或者在/etc/rc.local中加启动命令,还可以通过crontab来完成服务器重启后自动启动服务的操作
- 华为机试正式版(西安c/c++/java),今天下午去机试的题目,新奇出炉了!
- background 背景图片 在IE8中不显示解决方法
- CSS一个属性,让图片后的文字垂直居中,效果看得见
- 20145209刘一阳《JAVA程序设计》第九周课堂测试
- php基础语法(变量)
- MongoDB的角色作用(2)