0x01 硬件连接
红 TXD //TXD是发送数据的引脚
白 RXD //RXD是接收数据的引脚
蓝 GND //GND是接地引脚
0x02 更新Kali环境
sudo apt-key adv --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6
sudo apt-get update
0x03 安装依赖环境
sudo apt-get install build-essential libgmp3-dev libmpfr-dev libx11-6 libx11-dev texinfo flex bison libncurses5 libncurses5-dbg libncurses5-dev libncursesw5 libncursesw5-dbg libncursesw5-dev zlibc zlib1g-dev libmpfr4 libmpc-dev
sudo apt install libtool shtool automake autoconf git-core pkg-config make gcc
sudo apt-get install build-essential libtool libtalloc-dev shtool autoconf automake git-core pkg-config make gcc
sudo apt-get install libpcsclite-dev
0x04 创建ARM编译环境
mkdir armtoolchain
cd armtoolchain
wget https://osmocom.org/attachments/download/2052/gnu-arm-build.3.sh
sudo chmod +x gnu-arm-build.3.sh
mkdir build install src
cd src
wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2(报错就换gcc-7.2.0.tar.gz)
wget https://ftp.gnu.org/gnu/binutils/binutils-2.21.1a.tar.bz2
wget ftp://sources.redhat.com/pub/newlib/newlib-1.19.0.tar.gz
cd ..
./gnu-arm-build.3.sh
export PATH=$PATH:home/kbdancer/armtoolchain/install/bin
source /home/kbdancer/.bashrc
0x05 编译osmocombb
git clone git://git.osmocom.org/libosmocore.git
cd libosmocore/
autoreconf -i
./configure
make
sudo make install
sudo ldconfig -i
cd ..
git clone git://git.osmocom.org/osmocom-bb.git
cd osmocom-bb
git pull --rebase
cd src
make
0x06 运行测试
lsusb //查看usb设备
cd host/osmocon/
sudo ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bin (如果出现问题使用-m c123参数。)
然后轻触手机的开机键,屏幕上会显示刷入固件的一些信息,至此固件刷入成功。
0x07 测试ARFCN频点扫描
cd armtoolchain/osmocom-bb/src/host/layer23/src/misc/
sudo ./cell_log -O
CTRL+C结束掉ARFCN(注意:有的分支不需要手动结束,扫描完成之后会自动结束),直接如下命令进行嗅探测试
sudo ./ccch_scan -i 127.0.0.1 -a 2
sudo wireshark
输入gsm_sms过滤
0x08 引用
---The END---
你的设备还在我这里。。
有现成的设备卖不?
加v:46322332