![]() * regular expression will make EVERY GSM phone in your area connect to your BTS. Now, edit the /usr/local/etc/yate/nf: country_code=YOUR_CONTRY_CODE You can find valid MCC and MNC values here. Open the /usr/local/etc/yate/nf file either with nano or vi and update the following values: Radio.Band=900 You can now access your BTS web ui from your browser: Time for some configuration now! Configuration Sudo ln -s /usr/local/share/yate/nib_web nibĪnd grant write permission to the configuration files: sudo chmod -R a+w /usr/local/etc/yate ![]() Next, we’ll symlink the NIB web ui into our apache www folder: cd /var/www/html/ This will take a few minutes, but eventually you’ll have everything installed in your system. Let’s start building both of them: cd yate Since I spent a lot of time trying to figure out which specific version of each was compatible with the bladeRF, I’ve created a github repository with correct versions of both, so in your RPI home folder just do: git clone Now we’re going to install Yate and YateBTS, two open source softwares that will make us able to create the BTS itself. Download the correct firmware and FPGA image. IMPORTANT Make sure you have these exact versions of the firmware and the FPGA, other versions might not work in our setup. Start the bladeRF-cli utility and issue the version command: $ sudo bladeRF-cli -iįirmware version: 1.6.1-git-053fb13-buildomatic usb 1-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Next, install a few dependecies we’re gonna need soon: sudo apt-get install git apache2 php5 bladerf libbladerf-dev libbladerf0 automakeĪt this point, you should already be able to interact with the BladeRF, plug it into one of the USB ports of the RPI, dmesg should be telling you something like: usb 1-1.3: New USB device found, idVendor=1d50, idProduct=6066 Let’s start by installing the latest Raspbian image to the micrsd card ( use the “lite” one, no need for UI ) ), boot the RPI, configure either the WiFi or ethernet and so forth, at the end of this process you should be able to SSH into the RPI. ![]() An USB battery pack ( I’m using a 26800mAh Anker Astro E7 ).A Raspberry Pi 3 ( model 2 and below are too slow ).Two Quad-band Cellular Duck Antennas SMA.In order to build your BTS you’ll need the following hardware: I’m not writing this post to help script kiddies breaking the law, my point is that GSM is broken by design and it’s about time vendors do something about it considering how much we’re paying for their services. In this blog post I’m going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking … yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception. The last week I’ve been visiting my friend and colleque Ziggy in Tel Aviv which gave me something I’ve been waiting for almost a year, a brand new BladeRF x40, a low-cost USB 3.0 Software Defined Radio working in full-duplex, meaning that it can transmit and receive at the same time ( while for instance the HackRF is only half-duplex ). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |