Personal tools

Eth0:2012 Winter/GSM hacking

From Eth0Wiki

Revision as of 17:09, 10 January 2012 by JeroenDekkers (talk | contribs) (Created page with 'We already know for a while that GSM is [http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html insecure], that it's possible to sniff with [http://events.ccc.de/congres…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

We already know for a while that GSM is insecure, that it's possible to sniff with inexpensive hardware and that operators don't care. It's also possible to run a completely open source GSM base station using OpenBTS and not-so expensive hardware. Time to start playing with GSM!

Dekkers will bring the following hardware for playing with GSM to eth0:

  • USRP B100 with RFX1800 daughterboard.[1]
    • I've already managed to get OpenBTS running and do voice calls (using the DECT guard band that doesn't need a permit), but the range for doing voice calls without duplexer/amplifier/etc. is about 2 metres.
  • A motorola C115 and a C118
  • A Sysmocom USB serial cable (CP2102) [2]
  • 2 TB hard disk with partially downloaded A5/1 rainbow tables

The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [3] [4] [5]