GSM Capturing, Decoding with USRP and SDR in Kali Linux Rolling Edition

[scoyok]

Hello All,

Tutorial is in this thread now, Slick added rtl-sdr support, you may still view/download from the link.

Thanks



https://docs.google.com/document/d/1...4ue_WXezI0/pub

http://https://docs.google.com/docum...4ue_WXezI0/pub

Okay gonna start getting this transfered a piece at a time! (Please forgive the formatting, I am copying and pasting then adding the screen shots etc... it looks pretty in the PDF format you can download from the link or we can email it to you, I know there is people waiting for this be put up with the rtl-sdr steps included from slick's notes)



GSM Capturing, Decoding with USRP and SDR in Kali Linux Rolling Edition

This is a full, step by step, tutorial installing GR-GSM, libosmocore, gnuradio companion and everything needed to capture GSM packets and decode in Wireshark. Using the USRP device Hackrf One.

By Community member Scoyok (Scott)

I could not put this together without community member Slick97477 (Bryon)

(He has also modified this tutorial for compatibility with Kali Sana 2.0 KDE(rtl-sdr) coming soon)

I got all the information contained herein from too many places to name them all, here is a few:

https://github.com/mossmann/hackrf
http://www.rtl-sdr.com/tag/airprobe/
https://gnuradio.org/redmine/project...RadioCompanion
http://sdr.osmocom.org/trac/wiki/GrO...ckRFSourceSink
https://z4ziggy.wordpress.com/2015/0...c-with-hackrf/
https://github.com/ptrkrysik/gr-gsm/wiki
http://bb.osmocom.org/trac/wiki/libosmocore
http://hackaday.com/2015/10/10/sdr-t...chael-ossmann/

DISCLAIMER:

IF YOU BREAK ANY OF YOUR DEVICES IN ANY WAY, CAUSE THE END OF THE WORLD, GET ARRESTED, OR NERD RAGE ON YOUR FAMILY, I AM NOT RESPONSIBLE.
I AM NOT RESPONSIBLE FOR HOW YOU USE ANY INFORMATION CONTAINED HEREIN, IT IS INTENDED FOR EDUCATIONAL AND RESEARCH PURPOSES ONLY. IT IS SOLELY YOUR RESPONSIBILITY TO UNDERSTAND AND FOLLOW LOCAL, AND INTERNATIONAL LAWS. DO NOT INTERACT WITH ANY SIGNAL BUT YOUR OWN!


Equipment: Software Defined Radio device, I used the Hackrf One to make this tutorial, it was modified to work in Kali Sana 2.0 with the Rtl-Sdr by Slick97477 aka Bryon (he will post that separately)I installed this dual booting with windows 10 on an amd quad core laptop and on my primary custom machine. Keep in mind that if you have a different SDR you may have to change a few of the drivers specific to yours.
Recommended: I tested this tutorial with fresh install, I only ran these commands before starting this tutorial.

apt update
apt upgrade -y
apt-get install kali-linux-all
apt-get install flashplugin-nonfree
update-flashplugin-nonfree --install

I suggest your install be as fresh as possible, brand new if you can.

WARNING: You have probably noticed that there isn’t a working tutorial up anywhere else yet for Sana or Rolling release. I tried all the different methods from all the sites I could find before coming to this exact order and combInation. DO NOT USE PYBOMBS! DO NOT TRY USING ORIGINAL AIRPROBE! (or the patch airprobe method) these methods will pretty much nuke your install. We are gonna be installing a whole bunch of dependencies that are not native to Kali, the exact order and directory you are in while compiling (using a lot make cmds) has everything to do with success. If you mess up you may have to re-install Kali so have an .iso handy. I run as root all the time, add sudo to the majority of commands if you do not.
Feel free to email me with any questions and I will provide as much support as possible. The second email is Bryon and I’s linked development account solely for support, one of us will get back to you.

Just for me (Scott) [email protected] or for both of us [email protected]
Just for Bryon [email protected]

Finally, this isn’t perfect, I spent a couple of hours late night for a week working on this so there may be a few extra packages that get installed. Posting my progress to Bryon via comments in google docs then playing catch up after working 14 hour days and coming home to a wife and kids. Bryon and I have made the decision to become more publicly active, so look for more coming from us in the future. This is our passion and our work, but family always come first. Be respectful and patient, one of us will get back to you. We want to learn from others and help others learn. If you happen to catch something feel free to let us know.

Keep in mind that some are installed twice on purpose. For whatever reason the package talloc, for example, can be installed now and then later during make it will say “...make failed package libtalloc…” not found. So then you go back into package manager and search again and all of the sudden more talloc dev packages pop up. So, I ask that you just follow the tutorial all the way through step by step and if you have the Hackrf One I know it will work.

EDIT: It is 100% confirmed working on the rtl-sdr now too, tested on three different pc's. Thanks to slick, I will be adding his notes as optional steps where they correspond in this tutorial.

Follow the step by step instructions to make sure your Hackrf One is updated and the drivers are installed. You can check by running hackrf_info:

Selection_031.jpg

STEP 1: Package Downloader

Applications (drop down menu), then to Usual Applications (drop down) then System and Select Package Downloader (has picture of a blue down arrow)

Selection_001.jpg

Once opened search in the search bar for “osmo” and download everything that you even think has anything to do with SDR, GSM, or gr-gsm. Since the programs run on std=gnu++11 and std=c++11 do the same, now we are going to search Talloc (for the first time) as well and select ALL packages for install to meet requirements for libosmocore.

This is necessary to integrate C++ and Python, gr-gsm/gnuradio relies primarily on C++
DOWNLOAD IT ALL, TRUST ME YOU WOULD RATHER HAVE MORE THAN LESS!

STEP: 2 Commands for Dependencies

More dependencies through apt-get and git commands, these are pretty self explanatory

apt-get install hackrf libhackrf-dev libhackrf0

apt-get -y install git-core autoconf automake libtool g++ python-dev swig libpcap0.8-dev

apt-get install gnuradio gnuradio-dev gr-osmosdr gr-osmosdr

apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy

STEP3: Libosmocore

Have to have libosmocore and you will need the following tools:

apt-get install build-essential libtool shtool autoconf automake git-core pkg-config make gcc

and the following (optional) libraries:

apt-get install libpcsclite-dev

git clone https://github.com/ptrkrysik/gr-gsm.git

cd gr-gsm

************PAUSE***********

Go back to Package Downloader and search for Talloc again, there should be somewhere around 7 more 2.1.x packages now the other dependencies have opened up, download them or you will return a “make” failure. Trust me do it.

So, things should be going good, make sure you are in the right directory and that you do this in the right order or any one of these could become very frustrating.

From the gr-gsm directory clone into Libosmocore

git clone git://git.osmocom.org/libosmocore.git
cd libosmocore
autoreconf -i
./configure
make
make install
ldconfig -i
cd ..

STEP 4: Back to setting up gr-gsm now that the dependencies are resolved

****START****

mkdir build
cd build
cmake ..
make
make install
ldconfig

now using a text editor, create a text file named:

config.conf

then paste the following into it:

[grc]
local_blocks_path=/usr/local/share/gnuradio/grc/blocks

****NOTE****

(the places “Home” function in rolling release does not search actual root, go to computer)
You may have to manually locate the file using Places, click Home, click Other Locations (at the bottom), click Computer, (this is the REAL root) open ETC, then Gnuradio, then you save as in text editor ( I used GEDIT) to this location. (If you have a different desktop environment this could be different, email Bryon at [email protected] with any issues)

So when you're done, wherever your gnuradio folder is located in the root of your drive /gnuradio (you will see a conf.d folder in there, that is where the global gnu config file is) place your text file next to it. Your ~/etc/gnuradio folder should look like this:

Selection_002.jpg

STEP: 5 Time for Kalibrate-hackrf

EDIT: If you are using the rtl-sdr please skip to next step 5b

If you are NOT using the Hackrf One you may have to do a little googling to see how to get the correct version for your device. Bryon used the rtl-sdr version located here https://github.com/steve-m/kalibrate-rtl

Now we need Kalibrate-hackrf(dependent on which device you have)

git clone https://github.com/scateu/kalibrate-hackrf.git
cd kalibrate-hackrf
./bootstrap
./configure
make
make install
ldconfig

STEP:5b Kalibrate for the rtl-sdr

git clone https://github.com/steve-m/kalibrate-rtl
cd kalibrate-rtl
./bootstrap
./configure
make
make install
ldconfig

You should have had no errors thus far, if you did more than likely you didn’t fill a dependency or installed something in the wrong directory.

Now let’s test everything out and run a scan for GSM base stations using Kalibrate. You will have to use the proper GSM parameter (‘-s’) to correspond to your local operator, check your countries band range here:


END POST 1