GSM-----------Global System for Mobile Communications, originally Group Spécial Mobile
OsmocomBB---Firmware to run in our Calypso Based Device (Motorola C123)
USB to 2.5mm Jack cable (I will show you how to make this)
- What I am doing.
- What are my objectives.
- Why the above equipment.
- Why am I doing this.
- What do I get out of this.
What I am doing
I will be creating a BTS with the cheapest hardware equipment available to do this.
What are my objectives
Read above and then think of what a BTS can do.
Why the above Equipment
- Ummmm coz its really cheap (the equipment)
- Coz I want a BTS really bad (the things you can
exploitresearch with this) - Coz testing IPV4/IPV6/TCP..... is too overrated and and everyone is doing it... who will do GSM
Why am I doing this (now am just repeating myself)
What do I get out of this
Everything and Nothing ----> yes its every bit of knowledge till where i stop and its nothing since I know Telcos will probably ignore my rant :(
..... ok lets get rolling.
REQUIREMENTS:
Hardware:
Hardware:
- PC
- Calypso Chipset Supported Device (Motorola c113,c115,118.....)
- USB to 2.5mm Jack cable
Software:
- *nix Based OS
- OsmocomBB
- OpenBTS
STEPS
- Install OpenBTS (and Asterisk)
- Install OsmocomBB
- Configure Everything
- Create USB -2.5 mm Jack* am not going to go into this.... its a pain i dont want to remember (not that its very hard ... its just i burnt a finger and probably someones house while at it)
- Test
- and......play
- Install OpenBTS (and Asterisk)
Well this has so many ways to do this, from compiling the source and if you have Ubuntu 12.04 (I did this also on 7.3 (wheezy) 64-bit) x86-64 architecture as your OS Debian packages exist to do this , you need also to install this as a first:
libtool
libosip2
libortp
libusb-1.0
g++
sqlite3
libsqlite3-dev (sipauthserve only)
libreadline6-dev
libncurses5-dev
Well after that the following downloaded packages need to be installed (N.B the packages you are about to install are specific for UHD ----USRP Hardware Driver---- devices)
sudo dpkg -i openbts-public_3.2_amd64.deb
sudo dpkg -i smqueue-public_3.2_amd64.deb
sudo dpkg -i sipauthserve-public_3.2_amd64.deb
Running OpenBTS
(from OpenBTS root)
cd /OpenBTS
sudo ./OpenBTS
system ready
use the OpenBTSCLI utility to access CLI
You should see something like this..... well if you have your devices connected and configured
use the OpenBTSCLI utility to access CLI
cd /OpenBTS
sudo ./OpenBTSCLI
Once you have OpenBTS up and running, you need to change the following configuration parameters in the database (/etc/OpenBTS/OpenBTS.db):
Control.GSMTAP.TargetIP = 127.0.0.1 GSM.Radio.NeedBSIC = 1 GSM.Radio.Band = 1800 GSM.CellSelection.Neighbors = (set to empty string) GSM.RACH.MaxRetrans = 3 GSM.RACH.TxInteger = 8 GSM.Radio.C0 = <your ARFCN (see note)> Control.LUR.OpenRegistration = ^63905.*$ (note: in this example only IMSIs with MCC 639 and the MNC 05 will be allowed to register to the network, change that accordingly)
Installing OsmocomBB
this part is really fun but also very tricky especially if you don't have an arm cross compiler (this enables us to compile the arm code to firmwares for the software to be loaded in to the calypso based device read (Motorola C123)so here is a good place to start :
am guessing you have done the necessary, many people ask me where the usb to 2.5 mm cable is available for purchase and i would say here
now that we have nearly everything done, play around with Osmocom if its your first time.... clearly if you need to know what it does i would suggest you go to my PDFs link and get more info on the 2G networks before doing anything past what you are doing.
Now.... this is how to work a BTS from the cheap device.....
P.S you need to do a filter replacement as such and in-case you destroy your board like i also did you will need to do... this look at photo
"When attempting this for the first try, I soldered / desoldered components a few times and ended up destroying the pads and traces so much that there was no way I could put the original filters or balun back on the PCB.
So in a last attempt to make the phone do something, I tried something a little unorthodox (actually proposed by h0rizon on IRC :). Instead of doing a proper unbalanced to balanced signal convesion, I just connected one of the RITA balanced line to the ground using a DC blocking cap. And then connected the other balanced line to the input via a capacitor as well. For DCS1800 you need to add a capacitor of your own, but for EGSM, there is a capacitor in the input SAW matching that does the trick so you only need a wire.
The quite dirty results is shown on the side. It's ugly but it actually works ... The signal is maybe distorded or a litte more noisy, that has yet to be determined. So if you screw up, you can always fall back to this :)
" cited from http://246tnt.com/gsm/rx_filter.html
4 comments:
Hi,
Great to see that openBTS can be implemented using motorola c123. I always thought that it required some UHD -- USRP device.
In the blog you are installing packages specific for UHD, why do you need that when no UHD is used? I also got the point that you used filter to make BTS out of a cheap device(here its motorola c123).
I thought that this wouldn't be possible, comparable to the way cable modems can't transmit on the downstream frequency used by other cable modems
It's really nice to be able to make things like that yourself!! You gave really detailed description of the topic! hopefully it won't be too difficult for anyone either!
Post a Comment