DragonOS FocalX Cellular Security Research w/ LTESniffer (ANTSDR E200, B205mini, PinePhone) part 2
ฝัง
- เผยแพร่เมื่อ 6 ก.ย. 2024
- The purpose of this video is to support security and analysis research on cellular networks. It's also created from an educational perspective to help learn more about cellular networks in general by means of a controlled lab environment and software defined radios. Privacy is respected at all times and any use of this tool or software defined radios in general is on the user to follow all local regulations.
LTESniffer is now included in the latest DragonOS FocalX ISO, but it can also be installed to current DragonOS FocalX systems by using the following PPA.
github.com/alp...
To learn more about LTESniffer please see the following project page
github.com/Sys...
In this second video we'll take another look at setting up and running downlink sniffing w/ the addition of showing how srsRAN is configured to allow a PinePhone to connect. I also show how to use the ANTSDR E200 as a b210 like device after opening the case and installing a second receive antenna. Having two antennas even for just the downlink sniffing is recommended according to the LTESniffer GitHub page. As far as how you can get your hands on an E200.. I'd imagine the E200 will be available to the public soon (not sure exactly when),
www.crowdsuppl...
Once I have all the necessary parts for an X310, I'll do up a video on downlink + uplink sniffing.
If you find this video helpful consider the following,
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @ / cemaxecuter
Another dope video 😊
Does LTE leak mobile GPS coordinates over the clear? I would like to make a map of cell users in the area by TMSI.
Good question, not that I know of. I’m waiting on parts for an x310 so I can try the api w/ downlink and uplink. That’ll reveal way more info
@@cemaxecuter7783 I absolutely love your work, you’re just an absolute beast in this field!
Good morning Aaron. I have been using LTESniffer to successfully decode the downlink frequency of definitely not a cellular carriers LTE cell. Have you had any luck with the '-z 3' argument yet?
Morning! So briefly yes, but I borrowed an x310. I’m waiting on my own two daughter boards to show up. The -z option would only work with something like that setup, as it’s requiring both downlink and uplink sniffed at the same exact time :/
@@cemaxecuter7783 Yep, reading that research paper, I gathered that was the case. Boo :( I tried to sniff uplink and downlink simultaneously with the BladeRF 2.0 using the '-A 2' argument and LTESniffer successfully opened two RX ports.... But there were a heap of overflow zeros and then it crashed. GigE seems like the only way to keep up with the huge data rates of LTE channels. How did you get your hands on a x310 anyways? Aren't they a 10k USD SDR without any daughterboards? :O I am jealous.....
You know I did the -A with the bladeRF and think I experienced the same thing but I guess the -A is just for the two rx antennas which is also important but somehow with the uhd and 2x daughterboards on the x310 is opening both for two different freqs, pretty sick. So long story short.. a kind donor on the x310 / daughter boards 😳😳
But now I wonder why the -A 2 worked okay with the AntSDR e200 which is similar to the b210 (b210 I think is usb3).
@@cemaxecuter7783 Nice man, that is a very nice SDR you have there. Hopefully once this tool propagates throughout the community, some optimizations will be made for dual port SDRs to get uplink and downlink happening properly. I am having fun playing around with the downlink functionality, anyway! The pcap files have been interesting to parse through and analyze. Thanks for your effort in getting this awesome tool working in DragonOS!
Good
antsdr e200 is still in its pre-launch crowdfunding stage. how does it compare to the limesdr mini 2.0?
Hmm that’s a tough one, that fact it can run using uhd is very attractive to me. That allows it to be used in place of traditional uhd equipment and it works really well. For example, on LTESniffer it’s suggested that a b210 he used to account for 2x rx antennas. The LimeSDR mini doesn’t have that. Technically neither does the e200 unless you open it up and attach a second antenna, but the capability is there and uhd sees it and allows it to work.
Hello again. As I continue to learn all there is regarding SDR , Linux,VMs, etc. , I ame across yet another potential rabbit hole. There’s a new feature (to me at least) in Windows called Windows Subsystem for Linux(WSL). Basically allows for certain Linux distros to be installed in windows without traditional virtual machine and thereby without VM issues. Is there a way of using this Feature to install Dragon OS? If not, I think I m just going to use my laptop as the Dragon OS dedicated hardware. Though I did just purchase a SBC with 5” lcd and windows installed that I may use instead. Any thoughts will be appreciated as always. Thanks for your continued hard work
Morning! So I am familiar with WSL, but I know of no such way to install DragonOS in this configuration. I’m pretty certain it would need to be built differently. I would think the best bet is a bare metal install and in second place a Vm install of some sorts. If the SBC is x86_64 that’s an option to.
@@cemaxecuter7783 I think I’ll just use my laptop for dedicated Dragon OS hardware as it is 64 bit architecture. Just now , however , I was reading the docs on the WSL2 update saying that any type of Linux distribution can be installed with WSL2 it’s a matter of “ importing mini root binaries via a Tar file”… At this point it started to go back over my head. Thanks for the info and fast response. Because I insist on doing everything the hard way first, I’m gonna see how far down this rabbit hole I can go.
Has anyone heard of possible plans to be able to use LTESnifffer with the BladeRF 2.0 xa4/5? I believe it would be up to the task, wondering why this is primarily aimed at B210 (pretty expensive).
I’ve used it with it, but two things.. 1 for some weird reason when I ran it with -A 2 for two antennas I had some issues. I’ll have to try it again, I recall with -A 1 it was okay. But 2, it’s still only usable for downlink only. Maybe there’s some tweaks to get it going correctly with two antennas and then it would be similar to the b210.
@@cemaxecuter7783 What was the error message you got? Also did you use an external gpsdo? When you used it, did you get any results? Going to try this in a lab next week.
If I recall, maybe it was just a coincidence, but when the sniffer (e200) was right next to the source it would start and then segfault. It’s only happened a few times so I didn’t pay real close attention. So I have used my bladerf xa series with a -A 1
For some reason it doesn’t like running with both rx antennas. In any case without the x310 it’s limited to just thy down sniffing if I recall correctly.
Ignore half my reply I mixed up questions. I haven’t used a gpsdo yet. I’m trying to get one
You’re the man thank you for the reply!
Zoom in
Noted. I will say I just viewed it landscape on an iPhone, but before hitting full screen I made sure it was on 720 and I could see it all well considering the small phone size.