SMS_Sniffer

0x01:前言:

此用文档是进行SMS的嗅探功能，全部为命令

0x02:环境:

1:系统

• ubuntu-14.04.4-desktop-amd64，
• kali-linux-2.0-i386，
• ubuntu-16.04-desktop-i386
• ubuntu-mate-16.04-desktop-armhf-raspberry

视频教程已与2016.10.05号录好，由于分辨率的问题，有些显示不太清楚，

链接：http://pan.baidu.com/s/1i5LQajV 密码：92au

0x03:代码

1：编译GNU ARM toolchain

####官方文档：http://osmocom.org/projects/baseband/wiki/GnuArmToolchain

sudo apt-get install build-essential libgmp3-dev libmpfr-dev libx11-6 libx11-dev texinfo flex bison libncurses5 libncurses5-dbg libncurses5-dev libncursesw5 libncursesw5-dbg libncursesw5-dev zlibc zlib1g-dev libmpfr4 libmpc-dev -y

mkdir ~/osmocom
cd ~/osmocom
mkdir ~/osmocom/armtoolchain
cd ~/osmocom/armtoolchain
wget http://bb.osmocom.org/trac/raw-attachment/wiki/GnuArmToolchain/gnu-arm-build.3.sh
mkdir build install src
cd ~/osmocom/armtoolchain/src

 

wget http://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
wget http://ftp.gnu.org/gnu/binutils/binutils-2.21.1a.tar.bz2
wget ftp://sources.redhat.com/pub/newlib/newlib-1.19.0.tar.gz

####因为用官方文档的服务器下载非常慢，可以单独下载，然后放在 ~/osmocom/armtoolchain/src
src目录中即可
链接：http://pan.baidu.com/s/1hrXhg3M 密码：2tr5

cd ~/osmocom/armtoolchain
chmod +x gnu-arm-build.3.sh
./gnu-arm-build.3.sh

Press ^C now if you do NOT want to do this.

####提示按回车，编译会持续20分钟左右，(与配置有关)完成后会提示下方信息，

Build complete! Add /home/ubuntu/osmocom/armtoolchain/install/bin to your PATH to make arm-none-eabi-gcc and friends accessible directly

####将提示的路径放在系统变量里面，本路径采用绝对际路径，切记注意！

echo "export PATH=\$PATH:/home/ubuntu/osmocom/armtoolchain/install/bin">>/home/wenzhang/.bashrc
source /home/ubuntu/.bashrc

2：下面进行osmocom-bb的交叉编译

sudo apt-get install build-essential libtool shtool autoconf automake git-core pkg-config make gcc libpcsclite-dev libtalloc-dev git wireshark -y
####下载libosmocore,并且编译

cd ~/osmocom/
git clone git://git.osmocom.org/libosmocore.git
cd ~/osmocom/libosmocore/
autoreconf -i
./configure
make
sudo make install

####下载osmocom-bb,并且编译 origin/luca/gsmmap分支

cd ~/osmocom mkdir ~/osmocom/osmocom_sniffer
cd ~/osmocom/osmocom_sniffer git clone
git://git.osmocom.org/osmocom-bb.git
cd ~/osmocom/osmocom_sniffer/osmocom-bb
git checkout --track origin/luca/gsmmap
cd ~/osmocom/osmocom_sniffer/osmocom-bb/src
make

#关于cell_log扫描不正常问题的解决办法
#修改以下五个文件

#src/target/firmware/board/compal/highram.lds
#src/target/firmware/board/compal/ram.lds
#src/target/firmware/board/compal_e88/flash.lds
#src/target/firmware/board/compal_e88/loader.lds
#src/target/firmware/board/mediatek/ram.lds

在 KEEP(*(SORT(.ctors))) 下面一行加上一句 KEEP(*(SORT(.init_array)))

#然后重新编译一遍

cd ~/osmocom/osmocom_sniffer/osmocom-bb/src
make -e CROSS_TOOL_PREFIX=arm-none-eabi-

3：Enjoy

####把USB2TTL模块插入USB口，连接上C118，运行下面命令后点按开机键

cd ~/osmocom/osmocom_sniffer/osmocom-bb/src/host/osmocon/
sudo ./osmocon -m c123xor -p /dev/ttyUSB0 ../../target/firmware/board/compal_e88/layer1.compalram.bin

#查找附近基站

cd ~/osmocom/osmocom_sniffer/osmocom-bb/src/host/layer23/src/misc/
sudo ./cell_log --only-scan

#进行短信的嗅探，把THE_ATFCN_ID换成你查到的ARFCN

cd ~/osmocom/osmocom_sniffer/osmocom-bb/src/host/layer23/src/misc/
sudo ./ccch_scan -i 127.0.0.1 -a THE_ARFCN_ID

#使用wireshark进行本地抓包，这时候的GSM协议已经被封装上了TCP-IP，可以在本地用wireshark抓到

sudo wireshark -k -i lo -f 'port 4729'