And yes, I just forgot, but I think it would be also very instructive
for you to study some of these video presentations :
27c3: Running your own GSM stack on a phone :
http://www.youtube.com/watch?v=ihbRtTzc0NI
25c3: Anatomy of smartphone hardware :
http://www.youtube.com/watch?v=8eewZ6jkNyY&feature=related
DEFCON 18: Practical Cellphone Spying :
http://www.youtube.com/watch?v=wjYAAmHvt-g
Intercepting GSM Traffic :
http://vimeo.com/24117925
25c3: Running your own GSM network :
http://www.youtube.com/watch?v=e_9hPRF5fzA&feature=related
27C3] (en) Wideband GSM Sniffing :
http://www.youtube.com/watch?v=lsIriAdbttc
Shmoocon 2010: GSM: SRSLY? :
http://www.youtube.com/watch?v=bO5McFJBg6k&feature=related
HAR 2009: Airprobe :
http://www.youtube.com/watch?v=5NyH6HgjmKY&playnext=1&list=PLC20287…
Black Hat USA 2010: Attacking GSM Base Station Systems and Mobile
Phone Base Bands :
http://www.youtube.com/watch?v=Cx8iWWg-Ch0&feature=related
Blackhat 2010 Attacking Phone Privacy Karsten Nohl :
http://www.youtube.com/watch?v=M-ooPfZcuGQ&feature=related
HAR 2009: Cracking A5 GSM encryption :
http://www.youtube.com/watch?v=inazpikhFtY&NR=1
LayerOne 2008 - David Hulton - Intercepting Mobile Phone/GSM :
http://www.youtube.com/watch?v=U8VikEf-mdU&feature=related
[27C3] (en) SMS-o-Death :
http://www.youtube.com/watch?v=8bkg3AjY6fs&feature=related
Brucon 2010: GSM security: fact and fiction :
http://www.youtube.com/watch?v=MjD8nrMI8m0
and presentation slides for this one :
http://www.google.fr/url?sa=t&source=web&cd=4&ved=0CC8QFjAD&…
Some GSM lectures that might help :
RohitAcademy :
http://www.youtube.com/user/RohitAcademy#p/u
This should give you a broader picture what is this about and quickly
lead you to other sources...
BR,
Drasko
On Sat, Jun 4, 2011 at 12:34 AM, Drasko DRASKOVIC
<drasko.draskovic(a)gmail.com> wrote:
On Thu, Jun 2, 2011 at 4:43 AM, pramod krishna
<pramodcs47(a)gmail.com> wrote:
HI
This is pramod. I am currently working with mobile platforms. How can i
contribute to your project or start working with your project.
Hi Pramod,
I can list few instructions how to quickly start with OsmocomBB project :
1) Get one of supported target phones. This will be your dev-board.
List of the phones can be found on the OsmocomBB site. I reccomend you
to start with Motorola C123 as it is the project's primary target and
it is probably best supported.
2) Get the appropriate CalypsoSerialCable, or T191 Unlock Cable
(
http://bb.osmocom.org/trac/wiki/CalypsoSerialCable) so you can
connect your phone to the development host and upload your firmware. I
suggest you USB variant, as I had problems with two RS232 models -
none worked correctly giving 5V output instead of needed 3.3V.
3) Get crosss-compiler, if you not already have one. You can compile
it your self (I personally prefer this method) - there various scripts
and you can even use crosstool-ng for this
(
http://freshmeat.net/projects/crosstool-ng/). In any case you will
find instructions here :
http://bb.osmocom.org/trac/wiki/GnuArmToolchain
4) Get and build OsmocomBB with your new toolchain. Insrtuctions are
here :
http://bb.osmocom.org/trac/wiki/GettingStarted
OK, now you are ready to start playing with OsmocomBB :
5) Check out if your equipment runs well by executing one Hello World
on your phone. Locate osmocon program and do :
$ ./osmocon -p /dev/ttyUSB1 -m c123xor
../../target/firmware/board/compal_e88/hello_world.compalram.bin
Now press shortly ON button on your phone (do not hold, you don't
really want to turn it on and start phone's bootloader which will load
the Motorola's soft).
As you can see from the command line, I am using USB cable connected
to my phone, and I am using Motorola C123. This loads hello_world
binary into the RAM and execute it. You should see "Hello World"
message on your display, which will flash.
N.B :Press "ON/OFF" button to turn this OFF __before__ disconnecting
from osmocon program !
6) If all that works, you are ready to load some real protocol stack
software. First :
$ ./osmocon -p /dev/ttyUSB1 -m c123xor
../../target/firmware/board/compal_e88/layer1.compalram.bin
(still do not press ON button)
then :
$ ./mobile -i 127.0.0.1
It wil open a Unix socket and will be ready to exchange messages with
Layer1 phone in your RAM via RS232 cable. You can now press ON button
(shortly, again), and system will start running - Layer1 will be
uploaded to phone's RAM and mobile application will act as Layer23
part of the PS, getting all the measurements from neighbor cells,
etc...
7) At this point you would probably want to telnet to OsmocomBB :
$ telnet localhost 4247
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Welcome to the OsmocomBB control interface
OsmocomBB>
At this point probably nothing will work. It is because you either do
not have SIM card inserted in your phone, or even if you have it -
OsmocomBB code on the master branch has a broken SIM controller
driver. You can get some more information here :
http://bb.osmocom.org/trac/wiki/SIMReader
At this point there are 3 existing strategies :
1. Check out Sylvain's testing branch for a working on-phone SIM driver
2. Use the SAP interface to a PC/SC smartcard reader with SIM inserted.
3. If you want to use GSM test set instead of real network, use test sim
functionality of mobile
Since option 3) is out of the question for me, because I do not have
private GSM network, and option 1) seems more advanced soulution for
what I want to obtain, I am trying at this point to investigate option
2), i.e. to use PC/SC smartcard reader with SIM inserted.
Seems like you will need the SIM to get any signal routed through
Wireshark, but I am not sure. I will have to post this question to the
list and see if someone can help us from here on.
I hope this helps, and I encourage you to share your experiences and
beginner problems at this list, as I am doing. Many people who are
starting with this project will surely benefit from these experiences,
and do not expect more advanced hackers to write these long
explanations - this should be done by the people who are catching up
and are helping others catch up fast.
Best regards,
Drasko