欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

GSM Hacking Part ① :使用SDR扫描嗅探GSM网络

来源:本站整理 作者:佚名 时间:2016-08-10 TAG: 我要投稿


0×00 写在开头
近期,发现Crazy Danish Hacker在YouTuBe发布了一个挺不错的教程视频:使用SDR嗅探监听GSM网络的通信流量(GSM Sniffing Teaser – Software Defined Radio Series)。该教程从电视棒的安装到扫描、嗅探工具的使用、GSM流量包的捕获解密都有详细说明演示:
作为搬运工,在这里将分两三部分参考&总结一下该教程的主要内容,输出一篇中文教程,希望能够给对这方面感兴趣的童鞋带来一定帮助。
0×01 环境搭建
OS:GNU Radio LiveCD
HardWare:电视棒(rtl-sdr)、HackRF、Bladerf 均可
1.安装编译依赖包
sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy
Kali 2.0
apt-get install gnuradio gnuradio-dev rtl-sdr librtlsdr-dev osmo-sdr libosmosdr-dev libosmocore libosmocore-dev cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy
2.编译gr-gsm
git clone https://github.com/ptrkrysik/gr-gsm.git
cd gr-gsm
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
3.编译kalibrate
根据自己的硬件选择对应的版本
kalibrate-hackrf (kalibrate For HackRF)
git clone https://github.com/scateu/kalibrate-hackrf.git
cd kalibrate-hackrf
./bootstrap
./configure
make
sudo make install
kalibrate-rtl(kalibrate For rtl-sdr)
git clone https://github.com/steve-m/kalibrate-rtl.git
cd kalibrate-rtl
./bootstrap
./configure
make
sudo make install
0×01 扫描基站
1.1 kal
kal
error: must enter channel or frequency
kalibrate v0.4.1-hackrf, Copyright (c) 2010, Joshua Lackey
modified for use with hackrf devices, Copyright (c) 2014, scateu@gmail.com
Usage:
    GSM Base Station Scan:
        kal indicator> [options]
    Clock Offset Calculation:
        kal f frequency | -c channel> [options]
Where options are:
    -s    band to scan (GSM850, GSM-R, GSM900, EGSM, DCS, PCS) //指定扫描的网络类型&频段
    -f    frequency of nearby GSM base station
    -c    channel of nearby GSM base station
    -b    band indicator (GSM850, GSM-R, GSM900, EGSM, DCS, PCS)
    -a    rf amplifier enable
    -g    vga (bb) gain in dB, 0-40dB, 8dB step
    -l    lna (if) gain in dB, 0-62dB, 2dB step
    -d    rtl-sdr device index
    -e    initial frequency error in ppm
    -E    manual frequency offset in hz
    -v    verbose
    -D    enable debug messages
    -h    help
kal -s GSM900 -g 40 -l 40 //扫描GSM900频段

1.2 gr-gsm (HackRF、BladeRF)
在编译完成的gr-gsm项目中,App目录里有用于扫描、解码gsm流量的脚本:

grgsm_scanner -h
linux; GNU C++ version 4.8.4; Boost_105400; UHD_003.010.git-197-g053111dc
Usage: grgsm_scanner: [options]
Options:
  -h, --help            show this help message and exit
  -b BAND, --band=BAND  Specify the GSM band for the frequency. Available
                        bands are: P-GSM, DCS1800, PCS1900, E-GSM, R-GSM,
                        GSM450, GSM480, GSM850
  -s SAMP_RATE, --samp-rate=SAMP_RATE
                        Set sample rate [default=2000000.0] - allowed values
                        even_number*0.2e6
  -p PPM, --ppm=PPM     Set frequency correction in ppm [default=0]
  -g GAIN, --gain=GAIN  Set gain [default=24.0]
  --args=ARGS           Set device arguments [default=]

[1] [2] [3]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载