0x00 环境搭建
平台:Ubuntu 18.04 x64
硬件:820T2 & SDR
安装依赖包
apt install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy gnuradio gnuradio-dev rtl-sdr librtlsdr-dev osmo-sdr libosmosdr-dev libosmocore libosmocore-dev gr-osmosdr m4 automake
编译 gr-gsm
git clone https://github.com/ptrkrysik/gr-gsm.git
cd gr-gsm
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
编译kalibrate
根据自己的硬件选择对应的版本
kalibrate-hackrf (kalibrate For HackRF)
git clone https://github.com/scateu/kalibrate-hackrf.git
cd kalibrate-hackrf
./bootstrap
./configure
make
sudo make install
kalibrate-rtl(kalibrate For rtl-sdr)
git clone https://github.com/steve-m/kalibrate-rtl.git
cd kalibrate-rtl
./bootstrap
./configure
make
sudo make install
0x01 扫描基站
kal
扫描GSM900频段
kal -s GSM900 -g 40
gr-gsm (HackRF、BladeRF)
在编译完成的gr-gsm项目中,App目录里有用于扫描、解码gsm流量的脚本
grgsm_scanner -v
Sniffer 嗅探
通过扫描我们获取到了基站的中心频率、信道、ARFCN值、LAC、MCC、MNC值等参数信息如下
ARFCN: 34, Freq: 941.8M, CID: 29001, LAC: 16889, MCC: 460, MNC: 0, Pwr: -29
|---- Configuration: 2 CCCH, not combined
|---- Cell ARFCNs: 11, 15, 34, 50
|---- Neighbour Cells: 5, 7, 9, 34, 36, 39, 40, 41, 43, 45, 47, 48, 52, 608, 610, 619, 630, 632, 635
ARFCN: 40, Freq: 943.0M, CID: 29002, LAC: 16889, MCC: 460, MNC: 0, Pwr: -31
|---- Configuration: 2 CCCH, not combined
|---- Cell ARFCNs: 7, 18, 22, 40
|---- Neighbour Cells: 5, 7, 9, 34, 36, 39, 40, 41, 43, 45, 47, 48, 52, 608, 610, 619, 630, 632, 635
上面的输出表示在 941.8 - 943.0 MHz 频率间发现 GSM 基站信号
使用 gqrx 查看瀑布图
gqrx
Device 中选择自己的设备
Device String 中添加
,derect_samp=2
点击 OK 即可进入 gqrx 图形界面,点击左上角开始监听