Tagged: 4G

QCSuper: Capture 2G/3G/4G/5G Radio Frames with Qualcomm Phones

In the past, we've shown how it's possible to use RTL-SDRs or other SDR devices together with the Airprobe software to analyze data from 2G GSM mobile phones and towers. (Note that it's not possible to listen in on conversations or read SMS data unless you have the encryption code for the recipient phone. This is only capable of showing cell tower basestation telemetry for example).

While not directly related to SDR, readers might be interested to know that a new piece of software called QCSuper has been released which enables similar analysis capabilities for 2G/3G/4G/5G signals through the use of Qualcomm-based phones and modem hardware. To use it you will need a rooted Android phone. The software accesses a diagnostics mode available in Qualcomm devices and makes the data available for view on Wireshark.

[Also seen on Hackaday]

QCSuper Screenshot
QCSuper Screenshot

LibreCellular: Easy 4G Cellular Network with LimeSDR and Intel NUC

We recently came across the LibreCellular project which is aiming to make it easy to implement 4G cellular networks with open source software and low cost SDRs. The project appears to be in the early stages, and seems to be focusing on deploying and modifying existing open source 4G basestation software known as srsRAN which will be used with a particular combination of hardware in order to create a reliable and easy to set up 4G basestation solution.

The reference hardware that they are recommending consists of an Intel NUC single board computer ($699), LimeSDR ($315), LimeRFE front end filtered power amplifier ($699), and Leo Bodnar Mini Precision GPS Reference Clock ($140). All together you can create a 4G basestation for around $1850.

LibreCellular Components for a 4G Basestation: LimeRFE, Leo Bodnar GPS Clock, LimeSDR, Intel NUC.

DragonOS: Installing Crocodile Hunter For Detecting Fake 4G Cell Sites

A few days ago we posted about two SDR related DEFCON talks which were recently released. One of the talks was about detecting fake 4G base stations with a bladeRF SDR and a tool they created called "Crocodile Hunter". It is currently compatible with the bladeRF x40 and USRP B200. The talk summary is posted below as it nicely summarizes what fake 4G base stations are and what Crocodile Hunter can do.

4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor.

In this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can't do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).

The Crocodile Hunter software is apparently a little difficult to install and get running, so Aaron who runs DragonOS YouTube tutorial channel has uploaded a video documenting how to install and configure the software. The tutorial assumes that you are the running the latest DragonOS image which already includes a lot of the prerequisite software, and in his example he uses a USRP B205mini-i SDR.

DragonOS DEF CON 28 Crocodile Hunter Setup (DragonOS LTS PublicR4, srsLTE, USRP B205mini-i)