1. August 2010 by admin.

OpenBTS : An Opensource Telephone Network

Telecom industry is one of the rapid growing industry all over the world. The entrance of open-source team into the telcom industry  made a revolutionized change  in the industry. Asterisk was a typical example for it which was a featured PBX for home users, enterprises, VoIP service providers and telecoms in such a low cost that anyone even imagined.Asterisk is  both an Open Source Community and a commercial product from Digium.

Now again another open source coming which  allows standard GSM-compatible mobile phones to make telephone calls without using existing telecommunication providers’ networks.ie we can build up our own network just like vodafone,airtel or any.The project was started by Harvind Samra and David A. Burgess and named it as OpenBTS.. OpenBTS is notable for being the first free software implementation of the industry-standard GSM protocol stack.Thanks to them for making it possible.:)

A normal GSM network working is as follows.The end point of the system will be BTS (Base Transceiver Station) which send radio frequency singal to and from mobile devices or a modem.The BTScomes under BSC(Base station Controller) with makes the communication between there radio signals with  MSC/VLR.The MSC/VLR is responsible to authenticate the user against the database (HLR – Home Location Register, AuC -Authentication Center), call setup and call routing.A typical GSM network diagram is shown below.

The OpenBTS  replaces the entire setup with USRP(Universal Software Radio Peripheral), and a computer as hardware.USRP  to receive and transmit the GSM signaling(GNURadio is the driver software for this),OpenBTS package play the role of MSC/VLR and Asterisk software PBX will be used to connect calls.The below diagram shows a typical openBTS network.

Potential applications include:

• rural/village telephony and text messaging
• cellular coverage in remote areas (e.g. ships, oil rigs)
• law enforcement and security operations
• rapidly deployable emergency communications
• network emulation and handset testing.

To know more click here. 

(source: http://bipinb.com/openbts-an-opensource-telephone-network.htm)

—
Alan Spicer

DBA Alan Spicer Telcom / Alan Spicer Marine Telecom
Computer Services, Wired/Wireless Networking,
Cell/Sat/Landline Communications, General Consulting…
Marine, Business, Small Office and Home Office (SOHO)

* Cost Savings and Integration of Multiple Internet Technologies
on board Sail and Motor Yachts * Documentation, Operating
Instructions, and Support after the Sale *

* http://www.marinetelecom.net/
* http://www.internetforyachts.net/
* http://www.wifiyacht.net/
* 954-683-3426

Mobile Internet! Step up to the HSPA 3G Fast Internet!

Ericsson W35 released in the USA. This you’ve gotta SEE!!
Better looking presentation than W25 (you might not want to
hide this one in the Doghouse!) + High Speed Upload which
the W25 did not have.
http://www.marinetelecom.net/Ericsson_W35/

Livewire: Access Controller (Service Selector):
http://www.marinetelecom.net/Livewire_Service_Selector

Posted in Cellular Voice and Internet | No Comments »

1. August 2010 by admin.

I’ve been trying to get this video off of youtube … but the one I saw had other interviews / material that I wanted to skip. So I was trying to download the video to split it and eliminate the content that I didn’t want. Meanwhile I found this one… so here it is. More details of how this hardware and software is done to make a GSM Base Station.There is a LiveCD by the way OpenBootTS that can help setup the software environment. But you still have to buy that Software Defined Radio box. He says it is $1500. But I've seen it (there is a newer version) priced at $600. That's a whole lot better, but still not cheap.

Posted in Cellular Voice and Internet | No Comments »

1. August 2010 by admin.




GSM Cell Phone Interception 1 - Christopher Paget - KJ6GCG

Amateur Radio Operator Chris Paget, KJ6GCG, demostrates insecurity in GSM networks by creating an emulation of a cell phone network in European 900 Mhz GSM frequency range - which is also U.S. Amateur Radio 900 Mhz band.

He supposedly used Amateur Radio Equipment and Open Source Software. Note that this system would only affect Quad Band phones since the U.S. GSM cellular band is 850 and 1900 Mhz. This works on Quad Band phones because they have he European 900 and 1800 Mhz band as well. Such a phone might received the 900 Mhz band signal stronger than the local 850 or 1900 Mhz signal and decide to switch to that frequency … especially if that signal was sending what looks like a valid Network ID, say AT&T’s GSM network ID.

Shown in this picture is a 900 Mhz Yagi Antenna.

He had to maneuver around legalities and reportedly was even contacted by the FCC before the show.

More hits for this come up in a google search. His call sign comes up by his name in a search on QRZ.com.

http://www.google.com/search?hl=en&rlz=&q=paget%20ham%20radio%20gsm&um=1&ie=UTF-8&sa=N&tab=iw

http://www.qrz.com/db/KJ6GCG

Updated with a response from the GSM Association below.

Researcher Chris Paget pulled off a stunt at the Defcon security conference Saturday that required as much legal maneuvering as technical wizardry: eavesdropping on the cell phone calls of AT&T subscribers in front of thousands of admiring hackers.

With about $1,500 worth of hardware and open source software, Paget turned two on-stage antennas into a setup capable of spoofing the base stations that connect the GSM cell phone signals used by AT&T and T-Mobile. Paget set his hardware to impersonate an AT&T signal, and dozens of phones in the room connected to his fake base station. “As far as your cell phones are concerned, I’m now indistinguishable from AT&T,” he told the crowd.

Paget invited anyone with an AT&T phone to make a call, and using his GSM hijacking trick, routed their calls through a voice-over-Internet system that connected their calls even while recording the audio to a USB stick–which he promptly destroyed with a pair of scissors to make sure he hadn’t violated any privacy laws. The hack, after all, was intended to show the fundamental insecurity of GSM cell signals–not spy on callers.

(more at the link) http://blogs.forbes.com/firewall/2010/07/31/despite-fcc-scare-tactics-researcher-demos-att-eavesdropping/

Update: The GSM Association responded in a statement that lists the limitations to Paget’s method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call’s encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he’s tested–including iPhone and Android phones–has had this option enabled.)

In summary, the GSM Association spokeswoman writes, “The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications.  The great majority of users will make calls with no reason to fear that anyone might be listening.  However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls.”

(more at the link) http://blogs.forbes.com/firewall/2010/07/31/despite-fcc-scare-tactics-researcher-demos-att-eavesdropping/

(Alan’s additional Note: Someone would have to have pretty good reason to spend $1500.00 or more in equipment, including setting up directional antennas … and aiming them at a target area. In a room that’s one thing. But out in the real world … Someone would have to have property or an office in an area adjacent to a target. They would have to have a real good reason to go to all of that trouble. I doubt that the general public has anything to worry about.) 

* Here we go, I have been searching around a little bit more. Supposedly the software used was OpenBTS. Some articles have been calling it OpenBST (in other words mis-spelling it.)

http://timbuktuchronicles.blogspot.com/2010/05/build-your-cellular-network-openbts.html

Friday, May 14, 2010Build Your Cellular Network-OpenBTS
The DIY wireless network space gathers steam from Fabfi covered earlier to OpenBTS:
Tech Review reports (subscr reqd):

The task of running a cellular network has usually been reserved for major carriers. But now an open-source project called OpenBTS is proving that almost anyone can cheaply run a network with parts from a home-­supply or auto-supply store. Cell-phone users within such a network can place calls to each other and–if the network is connected to the Internet–to people anywhere in the world.

On their website it is described as:

…an open-source Unix application that uses the Universal Software Radio Peripheral (USRP) to present a GSM air interface (”Um”) to standard GSM handset and uses the Asterisk software PBX to connect calls. The combination of the ubiquitous GSM air interface with VoIP backhaul could form the basis of a new type of cellular network that could be deployed and operated at substantially lower cost than existing technologies in greenfields in the developing world.

http://openbts.sourceforge.net/

 The OpenBTS® Project

OpenBTS is an open-source Unix application that uses the Universal Software Radio Peripheral (USRP) to present a GSM air interface (”Um”) to standard GSM handset and uses the Asterisk® software PBX to connect calls. The combination of the ubiquitous GSM air interface with VoIP backhaul could form the basis of a new type of cellular network that could be deployed and operated at substantially lower cost than existing technologies in greenfields in the developing world.

In plain language, we are working on a new kind of cellular network that can be installed and operated at about 1/10 the cost of current technologies, but that will still be compatible with most of the handsets that are already in the market. This technology can also be used in private network applications (wireless PBX, rapid deployment, etc.) at much lower cost and complexity than conventional cellular.

Small open BTS example from OpenBTS web site

A larger system prototype example from OpenBTS web site

Rapid deployment prototypes in field test, September 2009. Each box is self-contained BTS unit, runs on a 12-16 VCD supply, has a service radius of about 10 miles in rural conditions and backhauls through any IP connection to a VoIP carrier. Robust, simple, inexpensive.

OpenBTS Development Kit (hardware) - http://kestrelsignalprocessing.mybigcommerce.com/categories/OpenBTS-Hardware/

—

Alan Spicer, Radio Amateur KA4UDX,

Alan Spicer Telecom / Marine Telecom

http://www.marinetelecom.net - http://www.wifiyacht.net

communications (at) marinetelecom.net

+1 954-683-3426

Posted in Cellular Voice and Internet | No Comments »