Friday, August 5, 2016

Sniffing GSM Packets using HackRF or RTL-SDR

These are the steps I followed to capture GSM packets using a HackRF SDR device or an RTL-SDR dongle and view it on Wireshark protocol analyzer.

(1) Download the following Ubuntu live iso image which contains GNURadio pre-configured. Then, prepare a live USB stick using this image. I used Ubuntu startup disk creator for this purpose. This is where we start.

(2) When your live USB stick is ready, boot the laptop with it. Then let's install some packags as follows.

sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy

(3) Now we should download the source code, build locally and install one important module called gr-gsm which has all the necessary tools to capture the GSM packets using HackRF and then directing it to Wireshark with a proper format.

cd Downloads
git clone
cd gr-gsm
mkdir build
cd build
cmake ..
sudo make install
sudo ldconfig

(4) Open the file ~/.gnuradio/config.conf and append following two lines to the end of it. In order to edit and save the file, I didn't need root permission.


(5)  Now, let's install another important package. If you are going to use HackRF for this purpose, you need to install kalibrate-hackrf while if you are going to use RTL-SDR dongle, you need to install kalibrate-rtl.

Installing kalibrate-hackrf:

cd Downloads
git clone
cd kalibrate-hackrf
sudo make install

Installing kalibrate-rtl:

sudo apt-get install librtlsdr-dev

git clone
cd kalibrate-rtl


(6) Now let's run calibrate tool and scan the frequency range for GSM networks.

For HackRF device:

cd kalibrate-hackrf/src
./kal -s GSM900 -g 40 -l 40

For RTL-SDR device:

cd kalibrate-rtl/src
./kal -s GSM900 -g 40

Now we have to wait a while until this tool discovers and lists down all the frequency channels used by GSM networks in the area. We will refer to the data we found here later.

(7) Install Wireshark if you haven't done yet.

sudo apt-get install wireshark

(8) Go to the place where we downloaded gr-gsm. Then open the given GRC script using Gnuradio Companion tool. Update the gain value to 40. Now run the GRC script. We will get a new window where we can select the GSM channel frequency we need to sniff.

cd Downloads/gr-gsm/apps
sudo gnuradio-companion gr-gsmlivemon.grc

(9) While the above tool is running, open a new terminal and enter the following command to run Wireshark with the appropriate filters.

sudo wireshark -k -Y 'gsmtap && !icmp' -i lo

Now we should see a subset of GSM packets from GSM networks are appearing in Wireshark window.



No comments:

Post a Comment