Skip to main content

SNIFF GSM USING HACKRFX

​TOOLS USED:


• hackrf_kali


• brategnuradio-companion


• gr-gsmgqrx


• wireshark


INSTALL REQUIREMENTS:

First thing, you want to make sure you have all the required software installed, you can install most of them and their dependencies using your distribution package manager. Let’s start with the libraries and tools for the hackrf itself, on a Debian/Ubuntu distro you’ll install them like so:

sudo apt-get install hackrf libhackrf-dev libhackrf0

Once these libraries are installed, you can plug your hackrf into one of your USB ports and execute the hackrf_info command, at this point you should see something like the following:

# hackrf_info

Found HackRF board.

Board ID Number: 2 (HackRF One)

Firmware Version: 2014.08.1

Part ID Number: 0x00574746 0x00574746

Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f4339e1

You will now install gnuradio which is the software we’ll use to decode the RF signals, gqrx a tool to visualize signal power on certain frequencies and everything else that will be needed in the next steps:

sudo apt-get install gnuradio gnuradio-dev gr-osmosdr gr-osmosdr gqrx-sdr wireshark

Proceed with gr-gsm, the GnuRadio blocks that will decode GSM packets:

sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy

git clone https://github.com/ptrkrysik/gr-gsm.git

cd gr-gsm

mkdir build

cd build

cmake ..

make

sudo make install

sudo ldconfig

Now create the file ~/.gnuradio/config.conf and paste the following contents into it:

[grc]

local_blocks_path=/usr/local/share/gnuradio/grc/blocks

Finally install kalibrate-hackrf, a tool that will hop among known GSM frequencies and will tell you which your country is using:

git clone https://github.com/scateu/kalibrate-hackrf.git

cd kalibrate-hackrf

./bootstrap

./configure

make

sudo make install

FINDING GSM FREQUENCIES:

Each operator in each country uses a different frequency in the GSM possible spectrum, which usually starts from 900Mhz. You can use hackrf_kalibrate to find the frequencies you want to sniff:

./kal -s GSM900 -g 40 -l 40

Note the two gain values, those are important in order to get some results. Leave kalibrate running and after a while you should see an output similar to this:

You will have to use the proper GSM parameter (‘-s’) to correspond to your local operator. Consult this list for verification.

Sometimes you might want to see the frequencies in order to ensure correct results from hackrf_kalibrate, or to save yourself from calculating the correct frequency given by hackrf_kalibrate (notice the +/- Khz sign of each result – this means the top peak with the corresponding power,not 100% correct frequency). Open gqrx and tune it to the first frequency you got from hackrf_kalibrate, for example 940.6Mhz, and you’ll see something like the following picture:

In the above screenshot you can visually see the activity is around 945Mhz.

Once you know the GSM channels frequencies, you can start gr-gsm by running the python script ./airprobe_rtlsdr.py or load the airprobe_rtlsdr.grc file using gnuradio-companion and set one of the channel frequencies you just found in the frequency field. Don’t forget to add ‘gain’ value again, move back to the frequency field and start pressing the UP/DOWN arrows on your keyboard to start scrolling the frequencies in 200Khz steps until you start seeing some data in your console window. The whole process should look something like this:

Now you only need to launch wireshark from another terminal tab with the following command:

sudo wireshark -k -Y 'gsmtap && !icmp' -i lo

If gr-gsm did his job, you should be able to see decoded GSM traffic sniffed by your hackrf.


Labels:

Comments

Post a Comment

Popular posts from this blog

MORE ABOUT RANSOMWARES. PART 1

 Not long ago, a man committed suicide after an automatically generated notice from a computer virus threatened him with jail unless he paid a ransom thousands of dollars. The year was 2014. As incredible as the story seems, it marked the first known time a computer virus actually killed somebody. The next generations stole cash from users around the globe, and Cryptolocker raised the stakes – holding data of hundreds of thousands of users hostage. Despite successive short-lived take downs, the malware has made a comeback as CTB (Curve-Tor-Bitcoin) Locker. This challenging breed of malware is continuously improving, reaching new levels of complexity as smartphones and tablets are increasingly used to store crucial personal and enterprise-level documents. Bitdefender, the anti-malware solutions provider, zooms in on the subject to show how this type of virus works and to tell users how to prevent being locked out and extorted. What is ransomware? Ransomware is a type of malware th
Post a Comment
Read more

TERMINAL ON ANDROID- TERMUX

Let Termux be our topic today. It is an Android application which is a Terminal Emulator distributed by Fredrik Fornwall. It creates exactly the same working environment of Linux Terminal on Android. Take a try. It can be installed from Google Play Store. Navigate from here . After the environment is set, go to App settings from the System Settings and give the App Storage permission.  Basic linux command like cd, ls, pwd, cat, touch and many more or almost all can be made here on this prompt. To install packages like Python or Pip type in packages install <packageName> It's that simple.  Similarly, to execute a program or a package, type <packageName> then, the corresponding help will be appear. Rest is with you. This is how an installation screen appears to be.. Now, about storage. As the initial step, type in termux-setup-storage Typing pwd gives the current working directory and it will be something like /data/data/com.termux/files/
Post a Comment
Read more