Personal tools

Difference between revisions of "Eth0:2012 Winter/GSM hacking"

From Eth0Wiki

Jump to: navigation, search
(Created page with 'We already know for a while that GSM is [http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html insecure], that it's possible to sniff with [http://events.ccc.de/congres…')
 
Line 9: Line 9:
  
 
The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [http://sourceforge.net/mailarchive/message.php?msg_id=27953143] [http://246tnt.com/openbts/frontend.html] [http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTSBM2009RF]
 
The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [http://sourceforge.net/mailarchive/message.php?msg_id=27953143] [http://246tnt.com/openbts/frontend.html] [http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTSBM2009RF]
 +
 +
[[User:DrWhax|DrWhax]] will bring an motorola c115 and usb <-> serial cable. (hopefully I got all this shipped before saturday.)

Revision as of 19:08, 10 January 2012

We already know for a while that GSM is insecure, that it's possible to sniff with inexpensive hardware and that operators don't care. It's also possible to run a completely open source GSM base station using OpenBTS and not-so expensive hardware. Time to start playing with GSM!

Dekkers will bring the following hardware for playing with GSM to eth0:

  • USRP B100 with RFX1800 daughterboard.[1]
    • I've already managed to get OpenBTS running and do voice calls (using the DECT guard band that doesn't need a permit), but the range for doing voice calls without duplexer/amplifier/etc. is about 2 metres.
  • A motorola C115 and a C118
  • A Sysmocom USB serial cable (CP2102) [2]
  • 2 TB hard disk with partially downloaded A5/1 rainbow tables

The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [3] [4] [5]

DrWhax will bring an motorola c115 and usb <-> serial cable. (hopefully I got all this shipped before saturday.)