Loading... # 0x00 环境搭建 平台:Ubuntu 18.04 x64 硬件:820T2 & SDR ## 安装依赖包 ``` apt install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy gnuradio gnuradio-dev rtl-sdr librtlsdr-dev osmo-sdr libosmosdr-dev libosmocore libosmocore-dev gr-osmosdr m4 automake ``` ## 编译 gr-gsm ``` git clone https://github.com/ptrkrysik/gr-gsm.git cd gr-gsm mkdir build cd build cmake .. make sudo make install sudo ldconfig ``` ## 编译kalibrate **根据自己的硬件选择对应的版本** kalibrate-hackrf (kalibrate For HackRF) ``` git clone https://github.com/scateu/kalibrate-hackrf.git cd kalibrate-hackrf ./bootstrap ./configure make sudo make install ``` kalibrate-rtl(kalibrate For rtl-sdr) ``` git clone https://github.com/steve-m/kalibrate-rtl.git cd kalibrate-rtl ./bootstrap ./configure make sudo make install ``` # 0x01 扫描基站 ## kal 扫描GSM900频段 ``` kal -s GSM900 -g 40 ``` ## gr-gsm (HackRF、BladeRF) 在编译完成的gr-gsm项目中,App目录里有用于扫描、解码gsm流量的脚本 ``` grgsm_scanner -v ``` # Sniffer 嗅探 通过扫描我们获取到了基站的中心频率、信道、ARFCN值、LAC、MCC、MNC值等参数信息如下 ``` ARFCN: 34, Freq: 941.8M, CID: 29001, LAC: 16889, MCC: 460, MNC: 0, Pwr: -29 |---- Configuration: 2 CCCH, not combined |---- Cell ARFCNs: 11, 15, 34, 50 |---- Neighbour Cells: 5, 7, 9, 34, 36, 39, 40, 41, 43, 45, 47, 48, 52, 608, 610, 619, 630, 632, 635 ARFCN: 40, Freq: 943.0M, CID: 29002, LAC: 16889, MCC: 460, MNC: 0, Pwr: -31 |---- Configuration: 2 CCCH, not combined |---- Cell ARFCNs: 7, 18, 22, 40 |---- Neighbour Cells: 5, 7, 9, 34, 36, 39, 40, 41, 43, 45, 47, 48, 52, 608, 610, 619, 630, 632, 635 ``` 上面的输出表示在 941.8 - 943.0 MHz 频率间发现 GSM 基站信号 使用 gqrx 查看瀑布图 ``` gqrx ``` Device 中选择自己的设备 Device String 中添加 ``` ,derect_samp=2 ``` 点击 OK 即可进入 gqrx 图形界面,点击左上角开始监听 最后修改:2022 年 01 月 03 日 © 允许规范转载