GSM Sniffer環境--c118+osmocombb
環境准備
Kali2.0+64位
更新系統
apt-get update && apt-get dist-upgrade -y
安裝必要的軟件包依賴
apt-get install build-essential libgmp3-dev libmpfr-dev libx11-6 libx11-dev texinfo flex bison libncurses5 libncurses5-dbg libncurses5-dev libncursesw5 libncursesw5-dbg libncursesw5-dev zlibc zlib1g-dev libmpfr4 libmpc-dev
安裝GNU的依賴,因為osmocomBB是依賴於GNU的
aptitude install libtool shtool automake autoconf git-core pkg-config make gcc
新建工作目錄,例如osmocombb,然后下載官方提供的一個構建arm編譯器預編譯環境的shell腳本
mkdir osmocombb
cd osmocombb
wget http://bb.osmocom.org/trac/raw-attachment/wiki/GnuArmToolchain/gnu-arm-build.3.sh
然后在osmocombb目錄下新建一個src文件夾,切換進去,下載必要的文件包
mkdir src
cd src
wget http://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
wget http://ftp.gnu.org/gnu/binutils/binutils-2.21.1a.tar.bz2
wget ftp://sources.redhat.com/pub/newlib/newlib-1.19.0.tar.gz
下載完成之后切換到osmocombb目錄,給之前的shell腳本賦予運行權限
cd ..
chmod +x gnu-arm-build.3.sh
之后運行腳本
./gnu-arm-build.3.sh
編譯完成后
Build complete! Add /root/osmocombb/install/bin to your PATH to make arm-none-eabi-gcc and friends
accessible directly.
把這個路徑添加到環境變量中,這里的路徑是根據你當前所生成的目錄來的,請自行修改。執行下面的命令來添加環境變量
export PATH=$PATH:/root/osmocombb/install/bin
開始編譯osmocomBB固件了。首先需要git下來osmocomBB的源文件。切換到osmocombb目錄下面執行下面的命令來克隆osmocombb的源碼
git clone git://git.osmocom.org/osmocom-bb.git
切換到osmocom-bb目錄執行下面的命令來保持獲取到的是最新的代碼
cd osmocom-bb
git pull --rebase
需要一個osmocom的庫libosmocore,這個庫里面包含osmocom很多項目所需要的文件,而不僅僅是BB這個項目,比如還有SIMTRACE以及OpenBSC等
git來克隆libosmocore
git clone git://git.osmocom.org/libosmocore.git
編譯libosmocore需要一些軟件包的依賴,這里先安裝一下依賴,以保證編譯能夠順利的進行。執行下面的命令安裝
apt-get install build-essential libtool shtool autoconf automake git-core pkg-config make gcc libpcsclite-dev
依賴問題解決后就可以開始編譯libosmocore了,切換到libosmocore目錄下面執行下面的命令
cd libosmocore
autoreconf -i
./configure
make
make install
cd ..
ldconfig
ldconfig命令一定不要忘記執行,否則osmocomBB編譯后運行時會出現找不到libosmocore.so.4的錯誤
切換到osmocombb/osmocom-bb/src目錄下面,執行下面命令
cd osmocombb/osmocom-bb/src
make
lsusb命令查看USB設備
開始刷機
cd /dev //查看USB編號
cd osmocombb/osmocom-bb/src/host/osmocon
./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bin
此窗口全程不關
接下來GC,sniffer
三個窗口:
窗口一~掃描可用基站:
cd ~/osmocom-bb/src/host/layer23/src/misc/
./cell_log -O
掃描結束后,選擇一個基站編號(ARFCN)
窗口二~開始監聽:
cd ~/osmocom-bb/src/host/layer23/src/misc/
./ccch_scan -i 127.0.0.1 -a 基站編號
窗口3:[抓包分析]
wireshark -k -i lo -f 'port 4729'
錯誤
1.在運行腳本的時候會出現編譯錯誤,這個卡了我兩天時間
In file included from /root/armtoolchain/src/gcc-4.8.2/gcc/cp/except.c:1005:0:
cfns.gperf: In function ‘const char* libc_name_p(const char*, unsigned int)’:
cfns.gperf:101:1: error: ‘const char* libc_name_p(const char*, unsigned int)’ redeclared inline with ‘gnu_inline’ attribute
cfns.gperf:26:14: note: ‘const char* libc_name_p(const char*, unsigned int)’ previously declared here
cfns.gperf: At global scope:
cfns.gperf:26:14: warning: inline function ‘const char* libc_name_p(const char*, unsigned int)’ used but never defined
Makefile:1058: recipe for target 'cp/except.o' failed
make[1]: *** [cp/except.o] Error 1
make[1]: Leaving directory '/root/armtoolchain/build/gcc-4.8.2/gcc'
Makefile:3903: recipe for target 'all-gcc' failed
make: *** [all-gcc] Error 2
出現這種情況應該是因為Kali本身安裝了gcc-7.2.0,與sh中自行定義下載的gcc-4.8沖突,可以編輯sh文件將gcc改成我們的Kali自身的版本
GCC_SRC=gcc-7.2.0.tar.gz
GCC_VERSION=7.2.0
2.編譯libosmocore時會出現錯誤 "No package 'talloc' found"
去https://www.samba.org/ftp/talloc/ 下載最新版的安裝就行了
wget https://www.samba.org/ftp/talloc/talloc-2.1.10.tar.gz
tar -zxvf talloc-2.1.10.tar.gz
cd talloc-2.1.10
./configure
make
make install
3.編譯osmocom-bb時報錯
/root/armtoolchain/osmocom-bb/src/target/firmware/include/endian.h:5:10: fatal error: sys/_types.h: 沒有那個文件或目錄
#include <sys/_types.h>
^~~~~~~~~~~~~~
compilation terminated.
Makefile:488: recipe for target 'timer.lo' failed
make[4]: *** [timer.lo] Error 1
make[4]: Leaving directory '/root/armtoolchain/osmocom-bb/src/shared/libosmocore/build-target/src'
Makefile:366: recipe for target 'all' failed
make[3]: *** [all] Error 2
make[3]: Leaving directory '/root/armtoolchain/osmocom-bb/src/shared/libosmocore/build-target/src'
Makefile:507: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/root/armtoolchain/osmocom-bb/src/shared/libosmocore/build-target'
Makefile:379: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/root/armtoolchain/osmocom-bb/src/shared/libosmocore/build-target'
Makefile:34: recipe for target 'shared/libosmocore/build-target/src/.libs/libosmocore.a' failed
make: *** [shared/libosmocore/build-target/src/.libs/libosmocore.a] Error 2
4.刷機時報fmtools error(具體報的忘了)
c123xor改為c123
報錯原因應該是虛擬機供電原因
5.基站掃描時出現
<000e> cell_log.c:443 Measure from 0 to 124
<000e> cell_log.c:443 Measure from 512 to 885
<000e> cell_log.c:443 Measure from 955 to 1023
<000e> cell_log.c:434 Measurement done就不動
vi osmocom-bb/src/target/firmware/board/compal/highram.lds
vi osmocom-bb/src/target/firmware/board/compal/ram.lds
vi osmocom-bb/src/target/firmware/board/compal_e88/flash.lds
vi osmocom-bb/src/target/firmware/board/compal_e88/loader.lds
vi osmocom-bb/src/target/firmware/board/mediatek/ram.lds
找到里面的這一串代碼
KEEP(*(SORT(.ctors)))
在下面加入
KEEP(*(SORT(.init_array)))
保存即可,全部修改好,在進入osmocom-bb/src重新編譯一下
$ make -e CROSS_TOOL_PREFIX=arm-none-eabi-