GSM 900 sniffing

… or a short story about osmocomBB

 

Intro

This is going to be rather a short post, mainly because I played with it a few years ago so this is sort of ancient stuff compared to the osmocomBB project now.
Also, I do not have many photos and movies 😀
Most probably I’ll do another round with current software branches and post results someday.

Story

I am a sorta IT security nerd so I track various events, monitor new bugs, releases, etc. I was watching a stream from 27C3 – 27th annual Chaos Communication Congress the other day and stumbled upon a talk by Harald “LaForge” Welte
Harald’s talks are always awesome, decent, and deeply technical.
He was presenting the OsmocomBB project.
Project Osmocom focuses on various aspects of mobile communication and OsmocomBB is a part of it. Of course, it is an Open Source project.

Here is his talks overview:
https://events.ccc.de/congress/2010/Fahrplan/events/3952.en.html
And here is a video of it:

I instantly knew I’ll give it a try in my spare time.

Hardware

All you need to start playing is an old phone with a Calypso baseband chip in it, a serial converter, and a Linux box.
Supported phones are listed on the project’s website. I’m including it here for convenience.

Compal, OEM by Motorola

  • MotorolaC115/C117 (E87)
  • MotorolaC123/C121/C118 (E88) — our primary target
  • MotorolaC140/C139 (E86)
  • MotorolaC155 (E99) — our secondary target
  • MotorolaV171 (E68/E69)
  • SonyEricssonJ100i

 Pirelli/Foxconn, manufactured by Foxconn

  • Pirelli DP-L10

Openmoko, manufactured by FIC

  • Neo 1973 (GTA01)
  • OpenMoko – Neo Freerunner (GTA02)

I’ve bought several of these since it is really cheap – 2-3$ a piece
The model that worked for me best was Motorola C123.
Here is a photo of it:

Serial cable/converter

The connection is made through the earphone jack which also happens to be a serial port in these phones. If it is about a serial converter, there are three main options.

  • PL2303 (cheap, only standard baud rates)
  • FT232 (expensive, non-standard baud rates, the voltage levels are set with the pin VCCIO that you can measure)
  • CP2102 (medium price, non-standard baud rates)

I’ve checked all of the above converters and I decided to stick with FT232.
Here is a photo with a slightly trimmed earphone jack:

Results

Up-to-date instructions can be found on the project’s website, so I’ll skip them. Instead, just watch it in action 🙂

GSM 900 Sniffing from pit on Vimeo.

As you can see, I was able to route GSM traffic through Wireshark.
Also, I load firmware via simple bash scripts just for convenience, so I don’t have to type all those rather long commands.
This is only a tiny piece of what this project is capable of.
Stay tuned for future posts 😉

Cheers.

OUTRO

If you want to get retro gear or hardware modules, please visit our shop

Also, please support our work by spreading info about it.

Without your support, we simply cannot grow and we have a lot of new cool retro hardware (and more) products to come 🙂

Leave a Reply