C118 sniffing operation principle analysis

Category: Tags: ,

1. Install the UBUNTU system to the virtual machine (search with google, there are many tutorials, please download the system image by yourself.)
2. After installation, follow the tutorial below.
3. If you feel that the system is too cumbersome, you can directly purchase a fully automatic sniffing system.

1. https://www.onlinedown.net/soft/2062.htm download the virtual machine (with installation tutorial)
(Serial number can be searched freely by google, many)
Virtual machine VMware 15 activation key license:

UY758-0RXEQ-M81WP-8ZM7Z-Y3HDA
VF750-4MX5Q-488DQ-9WZE9-ZY2D6
UU54R-FVD91-488PP-7NNGC-ZFAX6
YC74H-FGF92-081VZ-R5QNG-P6RY4
YC34H-6WWDK-085MQ-JYPNX-NZRA2

After installation, start the following operations
ubuntu system:

Link: https://pan.baidu.com/s/1QrGNKrDxzlovL4gUfrfoLw
Extraction code: jou6

1: Install ubuntu system
2: Installation related dependencies:
3: Download and configure the cross-compilation environment
4: Download and compile osmocomBB
5: Modify the problem file
6: Flash into the C118 firmware
7: Query nearby base stations
8: Use wireshark to sniff information
After the system is installed, update the source:

Run the following code

$ sudo passwd ()Enter the password you set when you installed the system three times
$ sudo apt-get update
$ sudo apt-get upgrade

2: Installation related dependencies:
Run the following code

$ sudo apt-get install libusb-0.1-4 libpcsclite1 libccid pcscd
$ sudo apt-get install libtool shtool autoconf git-core pkg-config make gcc build-essential libgmp3-dev libmpfr-dev libx11-6 libx11-dev texinfo flex bison libncurses5 libncurses5-dbg libncurses5-dev libncursesw5 libncursesw5-dbg libncursesw5-dev zlibc zlib1g-dev libmpfr4 libmpc-dev libpcsclite-dev

3: Download and configure the cross-compilation environment
Compilation environment download address: http://pan.baidu.com/s/1skUvToD
After downloading, unzip and see the directory of the toolchain
There are three directories, gnu-arm-build.2.sh, src, build and install in the directory
Enter the src directory and execute respectively:

$ chmod +x gnu-arm-build.2.sh
$ ./gnu-arm-build.2.sh

After compiling, there will be several more files under the current install/bin folder
Add the compiled bin directory to the global:
Run the following code

copy
$ gedit ~/./.bashrc

#Add the code in the last line, save and exit

export PATH=$PATH:/home/chenqihao/softs/sms/osmocombb/install/bin

$ source ~/.bashrc

4: Download and compile osmocomBB
Install talloc
Run the following code

copy
$ wget https://www.samba.org/ftp/talloc/talloc-2.1.7.tar.gz
$ tar -zxvf talloc-2.1.7.tar.gz
$ cd talloc-2.1.7/
$ ./configure
$ make
$ sudo make install

Go back to the osmocombb directory and download osmocom
Install libosmocore
Run the following code

copy

Enter in the client

sudo apt-get install build-esse ntial libtool libtalloc-dev shtool autoconf automake git-core pkg-config make gcc libpcsclite-dev

#Install dependent libraries

git clone git://git.osmocom.org/libosmocore.git

#Clone the libosmocore folder, if you have already downloaded it from the network disk, skip this step, and instead unzip it to libosmocore, zip file, right click on ubuntu to have the unzip option

cd libosmocore/

#Enter libosmocore folder autoreconf -i

#Generate configure file

./configure

#Check the environment for configuration

make

#Compile

sudo make install

#Install sudo ldconfig -i

#Update dynamic link library

cd…

#Back to the superior directory

#Similarly, you can see from the configure and compilation process whether there is any problem, install any package that is missing
Install osmcom-bb
Run the following code

copy
git clone git://git.osmocom.org/osmocom-bb.git

#Clone the folder, if you have already downloaded it from the network disk, skip this step and unzip it instead

osmocom-bb-luca-gsmmap, zip file, right click under ubuntu to have decompression option cd osmocom-bb

#Enter the folder, or enter the unzipped folder osmocom-bb-luca-gsmmap git checkout –track origin/luca/gsmmap

#Switch to the luca/gsmmap branch, if you have already downloaded it from the network disk, skip this step

#If you want to capture the upstream data, you need to add the file in the Makefile under osmocom-bb/src/target/firmwire/

CONFIG_TX_ENABLE macro opens, you can open this file directly in the folder for editing

Uncomment this line if you want to enable Tx (Transmit) Support.

Originally: #CFLAGS +=-DCONFIG_TX_ENABLE

Remove the comment # as: CFLAGS +=-DCONFIG_TX_ENABLE and save and close cd src

#Enter the src folder

make

#Start to compile and generate bin files
back to the top

5: Modify the problem file
Modify the following five files in the osmocom-bb folder, you can open and edit directly from the folder
Run the following code

copy
osmocom-bb/src/target/firmware/board/compal/highram.lds
osmocom-bb/src/target/firmware/board/compal/ram.lds
osmocom-bb/src/target/firmware/board/compal_e88/flash.lds
osmocom-bb/src/target/firmware/board/compal_e88/loader.lds
osmocom-bb/src/target/firmware/board/mediatek/ram.lds

Find this string of code inside

KEEP((SORT(.ctors)))

Add below

KEEP((SORT(.init_array)))

Save it, modify everything, and recompile after entering osmocom-bb/src
Run the following code

copy
$ make -e CROSS_TOOL_PREFIX=arm-none-eabi-

back to the top

6: Flash into the C118 firmware
Connect C118 to the computer
Enter the osmocom-bb directory from the command line
Run the following code

opy
$ cd src/host/osmocon
$ sudo ./osmocon -m c123xor -p /dev/ttyUSB0 …/…/target/firmware/board/compal_e88/layer1.compalram.bin

Click the red button of C118 to start writing firmware
back to the top

7: Query nearby base stations
Run the following code

copy
$ cd src/host/layer23/src/misc
$ sudo ./cell_log -O

Perform the scanned ARFCN:
Run the following code

copy
$ sudo ./ccch_scan -i 127.0.0.1 -a 59

back to the top

8: Use wireshark to sniff information
Run the following code

copy
$ sudo apt-get install wireshark
$ sudo wireshark -k -i lo -f ‘port 4729’

At this point, you can see the mobile phone text messages under the surrounding frequency.

 

Reviews

There are no reviews yet.

Be the first to review “C118 sniffing operation principle analysis”

Your email address will not be published. Required fields are marked *