GSMdump Live-CD and HowTo

Introduction

GSMdump is a studie project at the Hochschule der Medien in Stuttgart. The project takes a look at the GSM protocol. It’s goal is to dump and analyse real GSM-Traffic from an own BTS and also from the four German network-provider with the use of an USRP.

Here you will find a Live-CD based on Ubuntu 10.04 (i386), that contains all necessary tools to dump and analyse GSM traffic. At the moment it is only possible to dump the unencrypted downlink from the BTS to the MS. The CD contains the following preinstalled tools:

  • GNU Radio
  • ariprobe
  • Wireshark

The software is allready configured, you only have to boot it, plug-in your USRP an start some easy-to-use scripts.

HowTo for the Live-CD

About the CD

The Live-CD is based on Ubuntu 10.04 (i386). Some not needed tools were removed from the CD to get some space and keep the image smaller than 700 MB.

All necessary tools to dump and analyse GSM traffic are allready installed and configured. These include:

  • GNU Radio (version 3.1.2)
  • ariprobe
  • Wireshark (revison 26844 and version 0.99.5)

First steps

  • Download the ISO image and copy it to a USB drive or burn it on a CD
  • Boot your PC from this CD
  • Plug in your USRP (the system is configured to speak to the USRP, it should not be necessary to do more here)
  • Start a terminal
  • Try gsmdump.sh (this will scan all ARFCNs for a BTS and show you a summary)

Included Scripts

In ~/Desktop/gsmdump you will find some usefull scripts on the CD. These are in the PATH of the system, so you can start them from every directory.

The scripts have an English help. You can start them with the parameter -h and should get an overview what this script is for and how to use it.

Some important scripts are:

  • gsmdump.sh: will scan all ARFCNs for a BTS and show you a summary. You will find the result in a new folder named like the date and time the script was started. The result includes dumps in Wireshark format and info files about the found provider, IMSIs and TMSIs
  • gsmlive.sh: starts a live capture. Wireshark in version 0.99.5 (linked as gsmshark) will be started and capture the GSM tun device
  • capture.sh: will dump the raw data from the air
  • analysecfile.sh: will create a result like fromgsmdump.sh, but will use a raw file from capture.sh

Files

  • gsmdump.iso, the Live-CD based on Ubuntu 10.04 (i386) with GNU Radio, ariprobe, Wireshark and a lot of usefull scripts installed (version from 25.08.2010).

 

Please note that the versions of the software used for GSMdump are outdated. I recommend you to setup your own workstation with the newest available software. If you still want to get the ISO, you will find it here.

 

Source: GSMDUMP

You may also like...