- Download sources into ~/gprs_sniffer
git clone git://git.osmocom.org/osmocom-bb.git git clone git://git.osmocom.org/libosmocore.git git clone git://git.srlabs.de/gprsdecode.git wget http://srlabs.de/dl/gprs_multi.patch
- Download ARM cross compiler
wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2
- Compile and install libosmocore
cd ~/gprs_sniffer/libosmocore autoreconf -i ./configure make sudo make install
- Compile gprsdecode
cd ~/gprs_sniffer/gprsdecode
make
- Prepare OsmocomBB's burst_ind branch
cd ~/gprs_sniffer/osmocom-bb git checkout origin/sylvain/burst_ind git checkout d1cb8ea9b784c7acbafbb2fdcedbdf4655c2f6f5 patch -p1 < ~/gprs_sniffer/gprs_multi.patch
- Compile OsmocomBB
cd src export PATH=$PATH:~/gprs_sniffer/gnuarm-3.4.3/bin make
- Run OsmocomBB firmware
# Conect Motorola phone with USB cable cd ~/gprs_sniffer/osmocom-bb/src ./host/osmocon/osmocon -m c123xor -p /dev/ttyUSB0 ./target/firmware/board/compal_e88/layer1.compalram.bin # Switch on Motorola phone
- Run OsmocomBB host software (in 2. terminal)
cd ~/gprs_sniffer/osmocom-bb/src
./host/layer23/src/misc/cell_log
- Adjust to active network
# look for active networks in the output: cell_log.c:334 Sync ARFCN 29 (rxlev -52, 289 syncs left) cell_log.c:190 Cell: ARFCN=29 MCC=222 MNC=01 (Italy, TIM) # in this case, network is TIM, and ARFCN is 29 # kill cell_log with ctrl-c, and rerun with correct ARFCN: ./host/layer23/src/misc/layer23 -a 29 # Data channel assignments look like this layer3.c:243 GSM48 IMM ASS (ra=0x72, chan_nr=0x0a, HSN=44, MAIO=0, TS=2, SS=0, TSC=0)l1ctl.c:506 Tx Dedic.Mode Est Req (maio=0, hsn=44, chan_nr=0x0a) # Red lines indicate signal strength # In this case 3 out of 4 slots are used: l1ctl.c:261 BURST IND: @(2064231 = 1556/13/06) ( -50 dBm, SNR 255) l1ctl.c:261 BURST IND: @(2064231 = 1556/13/06) ( -50 dBm, SNR 1) l1ctl.c:261 BURST IND: @(2064231 = 1556/13/06) ( -50 dBm, SNR 255) l1ctl.c:261 BURST IND: @(2064231 = 1556/13/06) ( -50 dBm, SNR 255) # wait for session end or kill with ctrl-c # A file like "bursts_20110821_1648_29_2094723_0a.dat" is produced
- Run GPRS decoder
# Start Wireshark, capturing on interface "lo" ~/gprs_sniffer/gprsdecode/gprsdecode bursts_20110721_1648_29_2094723_0a.dat
- Optional: Test with sample data
wget http://srlabs.de/dl/gprs_262_80_0001_0000_20110710_2251_875_494777_0f.dat ~/gprs_sniffer/gprsdecode/gprsdecode gprs_262_80_0001_0000_20110710_2251_875_494777_0f.dat wget http://srlabs.de/dl/gprs_262_80_0001_0000_20110710_2252_875_514147_0f.dat ~/gprs_sniffer/gprsdecode/gprsdecode gprs_262_80_0001_0000_20110710_2252_875_514147_0f.dat
- Optional: Build Wireshark from source
svn co http://anonsvn.wireshark.org/wireshark/trunk wireshark cd wireshark ./autogen.sh ./configure make sudo make install
- Optional: Uplink sniffing
# the default firmware captures 4 downlink slots, # for uplink you need to compile a different firmware. # open "osmocom-bb/src/target/firmware/layer1/prim_sniff.c" # at line 288, modify #if 1 to 0 # go back to 'Compile and install libosmocore'