Paper: Evaluating_GSM_hopping_V1.2.pdf
github source code for hopping airprobe: https://github.com/BogdanDIA/airprobe-hopping
I thought I should put my USRP at work and also exercise some of the gnuradio features that I plan to use in the future.
I got interested by the GSM security reading some of the stories about GSM A5/1 and how it has been cracked by some smart guys. I knew about Airprobe and the fact that it does not have support for GSM hopping channels and I thought that adding support for that will help the community to advance the research in the security on this matter.
That was it and after couple of weeks of work the support for hopping channels in Airprobe is ready. There are many things to do in order to make it fully automatic but the whole point is to use it for security research not for unattended use.
I captured the whole story in the following paper, the source is available as patches to Airprobe here: Evaluating_GSM_hopping, Evaluating_GSM_hopping_V1.1.pdf, Evaluating_GSM_hopping_V1.2
Patches for airprobe: airprobe_hopping.tgz
Very important note: One some machines the pfb check for N/i oversampling ratio does not work. You will get the following error:
RuntimeError: gr_pfb_channelizer: oversample rate must be N/i for i in [1, N].
The only fix I have for now is commenting the check inĀ gr-filter/lib/pfb_channelizer_ccf_impl.cc and rebuilding gnuradio:
//if(fltp != 0.0)
//throw std::invalid_argument(“pfb_channelizer: oversample rate must be N/i for i in [1, N]”);
LE: seems on gnuradio 3.7 this does not happen anymore