Personal tools

Eth0:2012 Winter/GSM hacking

From Eth0Wiki

Revision as of 19:08, 10 January 2012 by DrWhax (talk | contribs)
Jump to: navigation, search

We already know for a while that GSM is insecure, that it's possible to sniff with inexpensive hardware and that operators don't care. It's also possible to run a completely open source GSM base station using OpenBTS and not-so expensive hardware. Time to start playing with GSM!

Dekkers will bring the following hardware for playing with GSM to eth0:

  • USRP B100 with RFX1800 daughterboard.[1]
    • I've already managed to get OpenBTS running and do voice calls (using the DECT guard band that doesn't need a permit), but the range for doing voice calls without duplexer/amplifier/etc. is about 2 metres.
  • A motorola C115 and a C118
  • A Sysmocom USB serial cable (CP2102) [2]
  • 2 TB hard disk with partially downloaded A5/1 rainbow tables

The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [3] [4] [5]

DrWhax will bring an motorola c115 and usb <-> serial cable. (hopefully I got all this shipped before saturday.)