Osmocom-bb (IMSI catcher) + Prebuilt VM

In this post we will see how to make a base station with two motorola compatible phones C 115/118/123 and two cables usb serial jack 2.5mm PL2303
OS: kali rolling 2018.1

VMware or virtualbox : with the VM you can jump directly to running without install software Prebuilt VM (2018.1): HERE Virtual Machine (v2) Don’t double click on the kali-linux-2018.1-vbox-amd64.ova file but it is Kali-Linux-2018.1-vbox-amd64-disk001.vmdk which had to be selected manually in vbox hd I have made the mistake to let the blank kali vm in the zip sorry i must change that there is to much people who as asking me You will have osmocombb at the root folder then. For data support HERE CalypsoBTS GPRS Testing For installation simplified HERE Ansible installation

First step : build the toolchain
To get it more quickly go HERE
# nano /etc/apt/sources.list

add
deb http://old.kali.org kali/sana main non-free contrib

# apt install gcc-4.9 g++-4.9
#nano /etc/apt/sources.list

comment kali sana
#apt-get update && apt-get upgrade
# apt-get install build-essential libgmp-dev libx11-6 libx11-dev flex libncurses5 libncurses5-dev libncursesw5 libpcsclite-dev zlib1g-dev libmpfr4 libmpc3 lemon aptitude libtinfo-dev libtool shtool autoconf git-core pkg-config make libmpfr-dev libmpc-dev libtalloc-dev libfftw3-dev libgnutls28-dev libssl1.0-dev libtool-bin libxml2-dev sofia-sip-bin libsofia-sip-ua-dev sofia-sip-bin libncursesw5-dev libncursesw5-dbg bison libgmp3-dev alsa-oss
# update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 10
# update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 20
# update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 10
# update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-7 20
# update-alternatives --install /usr/bin/cc cc /usr/bin/gcc 30
# update-alternatives --set cc /usr/bin/gcc
# update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++ 30
# update-alternatives --set c++ /usr/bin/g++
# update-alternatives --config gcc
# update-alternatives --config g++

(choose 4.9)
# apt remove texinfo
# cd /root
# wget http://ftp.gnu.org/gnu/texinfo/texinfo-4.13.tar.gz
# gzip -dc < texinfo-4.13.tar.gz | tar -xf -
# cd texinfo-4.13
# ./configure
# make
# make install
# git clone https://github.com/axilirator/gnu-arm-installer.git gnuarm
# cd gnuarm

Run this scripts:
# ./download.sh
# ./build.sh
# export PATH=$PATH:/root/gnuarm/install/bin

Now you have cross-compiler ready you can build osmocom with your firmware

# cd /root
# git clone git://git.osmocom.org/libosmocore.git
# cd libosmocore
# autoreconf -i
# ./configure
# make
# make install
# ldconfig
# cd ..
# git clone git://git.osmocom.org/libosmo-dsp.git
# cd libosmo-dsp
# autoreconf -i
# ./configure
# make
# make install
# cd ..
# git clone https://github.com/osmocom/osmocom-bb trx
# git checkout jolly/testing
# cd src
# nano target/firmware/Makefile

It needs TX support Just uncomment ‘CFLAGS += -DCONFIG_TX_ENABLE
# make HOST_layer23_CONFARGS=--enable-transceiver
# cd /root
#git clone https://github.com/bastienbaranoff/imsi-catcher

Asterisk version (1.8.13.1) :
# nano /etc/apt/sources.list
comment kali rolling and add
deb http://old.kali.org/kali moto main non-free contrib

# apt update
# apt install asterisk-dev
# wget https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.8.13.1.tar.gz && gzip -dc < asterisk-1.8.13.1.tar.gz | tar -xf -
# cd /root/asterisk-1.8.13.1
# nano /root/asterisk-1.8.13.1~dfsg1/main/tcptls.c
ctrl-W SSLv3
and change cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method()), by cfg->ssl_ctx = SSL_CTX_new(SSLv23_client_method());

#./configure CXX=g++-4.9 CC=gcc-4.9
# make
# make install
# nano /etc/apt/sources.list


comment kali moto and uncomment kali rolling
# apt-get update
# apt-get install osmocom-nitb osmo-bts
Download open-core-amr
# tar xvzf opencore-amr-0.1.5.tar.gz
# cd opencore-amr-0.1.5
# ./configure
# make
# sudo make install
# sudo ldconfig

mISDN
# rm -Rf /lib/modules/$(uname -r)/kernel/drivers/isdn/hardware/mISDN
# rm -Rf /lib/modules/$(uname -r)/kernel/drivers/isdn/mISDN/
# depmod -a
# apt-get install git build-essential libtool autoconf automake linux-headers-4.15.0-kali2-all-amd64
# git clone https://github.com/b1-systems/mISDN/
# git clone https://github.com/b1-systems/mISDNuser/
#git clone  https://github.com/bbaranoff/osmocombb-ansible
# cd mISDN
# cp /root/osmocombb-ansible/mISDN.patch mISDN.patch
# patch -p1 < mISDN.patch
As of Debian 8.5, there is an automake version mismatch, fix it via:
# aclocal && automake --add-missing
# ./configure
# cp /root/osmocombb-ansible/mISDN.cfg.default standalone/mISDN.cfg
# make modules
# make modules_install
# depmod -a
# cd ../mISDNuser
# make
# ./configure
# make
# make install
# cd example
# make
# cd
# git clone https://github.com/fairwaves/lcr
# cd lcr
# autoreconf -i
# ./configure --with-sip --with-gsm-bs --with-gsm-ms --with-asterisk
# make
# make install
# ldconfig
# cp chan_lcr.so /usr/lib/asterisk/modules/
# cd ../imsi-catcher

Place ~/imsi-catcher/asterisk folder in /etc
Place interface.conf, routing.conf and options.conf folder in /usr/local/etc/lcr
Place osmo-bts.cfg and open-bsc.cfg in /root/.osmocom
Change in /etc/asterisk/sip.conf with your sip provider login and pass (ex diamondcard)

# apt-get install alsa-oss
# modprobe snd_pcm_oss
# modprobe snd_mixer_oss
# modprobe mISDN_core
# modprobe mISDN_dsp

RUNNING !!!

First search strong rssi
# cd trx/src/
# sudo host/osmocon/osmocon -m c123xor -p /dev/ttyUSB0 -c target/firmware/board/compal_e88/rssi.highram.bin
Ctrl-C remove and put the battery
Shell #1

# cd trx/src/
# host/osmocon/osmocon -m c123xor -p /dev/ttyUSB0 -s /tmp/osmocom_l2 -c target/firmware/board/compal_e88/trx.highram.bin -r 99

Shell #2
# cd trx/src/host/osmocon/osmocon -m c123xor -p /dev/ttyUSB1 -s /tmp/osmocom_l2.2 -c target/firmware/board/compal_e88/trx.highram.bin -r 99

Shell #3
# cd trx/src/host/layer23/src/transceiver/
# sudo ./transceiver -a [YOUR ARFCN FOUND WITH RSSI] -2 -r 99

Shell #4
# osmo-nitb -c ~/.osmocom/open-bsc.cfg -l ~/.osmocom/hlr.sqlite3 -P -m -C --debug=DRLL:DCC:DMM:DRR:DRSL:DNM

Shell #5
# lcr start

Shell #6
# osmobts-trx -c ~/.osmocom/osmo-bts.cfg -r 99

Shell #7
#asterisk
#asterisk -rvvvvvv

if you use FTDI cable you have to modify osmocon command by
known problems. In some situations (like, apparently, using FTDI serial cables), you might need the -m c123 mode for your MotorolaC123 instead of the normal -m c123xor see THIS

To make your imsi catcher work you have to change Location Area Code LAC in ~/.osmocom/open-bsc.cfg to fit with a LAC near you you can find it in RSSI app

92 Comments

  1. Dast says:

    Bonjour, est-il possible d’envoyer un message vers une téléphonne et que ce n’est pas un numéro mais un nom qui apparait quand le message est vu par le destinataire! chez nous à Madagascar l’opérateur utilise cette téchnique pour faire du propagande pour l’éléction! est-il possible de faire la même chose avec osmo-bts ?

    Like

  2. Peseta3 says:

    Hallo Bastien,

    I have problems with the vm,
    I do this
    # nano /etc/apt/sources.list
    add
    deb http://old.kali.org kali/sana main non-free contrib

    and
    apt-get update

    and I get that the old.kali not exist or don´t found it.

    What can it be?

    Like

    1. kli says:

      try in sudo su that way i well save the change end try run after

      Like

  3. Peseta3 says:

    Hallo Bastien,
    in the VM is a file who says
    first of all.
    Where do I get the username and password maybee from Vodafone in Germany.
    May I have there an Acound?
    and for what…
    internet konekt or telefone calls?
    Must I have a sim card for that?
    I don´t know what I have to put in the sip.conf

    Like

    1. Subscribe here and pay 15$ http://www.diamondcard.us you will get id for sip.conf

      Like

  4. your prebuilt vm is not opening
    Failed to open a session for the virtual machine Kali-Linux-2018.1-vbox-amd64.

    The virtual machine ‘Kali-Linux-2018.1-vbox-amd64’ has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in ‘C:\Users\Talhanamekaka\VirtualBox VMs\Kali-Linux-2018.1-vbox-amd64\Logs\VBoxHardening.log’.

    Result Code: E_FAIL (0x80004005)
    Component: MachineWrap
    Interface: IMachine {5047460a-265d-4538-b23e-ddba5fb84976}

    Like

    1. d4std4st1592 says:

      verify on boot security if you are autorize to use vm. the modern machine disable it by default

      Like

  5. Phil says:

    Hi Bastien, Was wondering if it would be possible to contact you regarding some job offer.

    Please contact via the email registered here

    Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.