How to Build Your Own Rogue GSM BTS for Fun and Profit
In this blog post I’m going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking… yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception.
I’m not writing this post to help script kiddies breaking the law, my point is that GSM is broken by design and it’s about time vendors do something about it considering how much we’re paying for their services.
In order to build your BTS you’ll need the following hardware:
A Raspberry Pi 3 ( model 2 and below are too slow ).
An USB battery pack ( I’m using a 26800mAh Anker Astro E7 ).
A microsd for the RPI >= 8GB.
Some patience and time … :)
Let’s start by installing the latest Raspbian image to the micrsd card ( use the “lite” one, no need for UI ;) ), boot the RPI, configure either the WiFi or ethernet and so forth, at the end of this process you should be able to SSH into the RPI.
Next, install a few dependecies we’re gonna need soon:
At this point, you should already be able to interact with the BladeRF, plug it into one of the USB ports of the RPI, dmesg should be telling you something like:
[ 2332.071675] usb 1-1.3: New USB device found, idVendor=1d50, idProduct=6066
[ 2332.071694] usb 1-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2332.071707] usb 1-1.3: Product: bladeRF
[ 2332.071720] usb 1-1.3: Manufacturer: Nuand
[ 2332.071732] usb 1-1.3: SerialNumber: b4ef330e19b718f752759b4c14020742
Start the bladeRF-cli utility and issue the version command:
Now we’re going to install Yate and YateBTS, two open source softwares that will make us able to create the BTS itself.
Since I spent a lot of time trying to figure out which specific version of each was compatible with the bladeRF, I’ve created a github repository with correct versions of both, so in your RPI home folder just do:
git clone https://github.com/evilsocket/evilbts.git
Let’s start building both of them:
sudo make install
sudo make install
This will take a few minutes, but eventually you’ll have everything installed in your system.
Next, we’ll symlink the NIB web ui into our apache www folder:
sudo ln -s /usr/local/share/yate/nib_web nib
And grant write permission to the configuration files:
sudo chmod -R a+w /usr/local/etc/yate
You can now access your BTS web ui from your browser:
Time for some configuration now!
Open the /usr/local/etc/yate/ybts.conf file either with nano or vi and update the following values:
Now, edit the /usr/local/etc/yate/subscribers.conf:
WARNING Using the .* regular expression will make EVERY GSM phone in your area connect to your BTS.
In your NIB web ui you’ll see something like this:
In the “Tapping” panel, you can enable it for both GSM and GPRS, this will basically “bounce” every GSM packet to the loopback interface, since we haven’t configure any encryption, you’ll be able to see all the GSM traffic by simply tcpdump-ing your loopback interface :D
Finally, you can start your new BTS by executing the command ( with the BladeRF plugged in! ) :
sudo yate -s
If everything was configured correctly, you’ll see a bunch of messages and the line:
Yate engine is initialized and starting up on raspberrypi
RTNETLINK answers: File exists
At this point, the middle LED for your bladeRF should start blinking.
Now, phones will start to automatically connect, this will happen because of the GSM implementation itself:
You can set whatever MCC, MNC and LAC you like, effectly spoofing any legit GSM BTS.
Each phone will search for BTS of its operator and select the one with the strongest signal … guess which one will be the strongest? Yep … ours :D
Here’s a picture taken from my Samsung Galaxy S6 ( using the Network Cell Info Lite app ) which automatically connected to my BTS after 3 minutes:
From now on, you can configure the BTS to do whatever you want … either act as a “proxy” to a legit SMC ( with a GSM/3g USB dongle ) and sniff the unencrypted GSM traffic of each phone, or to create a private GSM network where users can communicate for free using SIP, refer to the YateBTS Wiki for specific configurations.
Oh and of course, if you plug the USB battery, the whole system becomes completely portable :)
cPanel is a Unix based hosting control panel. The Graphical interface helps you to manage your Website and web hosting accounts very easily and quickly. The automation tools are designed to simplify the process of website.
cPanel give you a complete control over the various aspects of website and administration through a standard web browser and also streamlines the process such as Creating database, setting up email account and auto responder and managing website files.
Plesk is a hosting control panel similar to cPanel which allows you to manage your hosting account through web based interface. You can use this panel with VPS, Shared and Dedicated server. Plesk also enables you to control thousands of virtual host under a single machine. The control panel allows you to automate many tasks which in turn reduce the cost and resources. It also increases the profitability, efficiency and customer satisfaction.
Create FTP account for users.
Manage and create email account and database like MySQL and PsotgreSQL.
ISPconfig is an open source multilingual control panel which enables you to manage multiple servers under one control panel. ISPConfig is licensed under the BSD license. This open source control panel is also capable of managing FTP, SQL , BIND DNS, Database and Virtual servers.
Manage more than one server from one control panel.
Easy to use web interface for administrator, reseller and client login.
Ajenti, the only open source feature rich, powerful and lightweight control panel that provides responsive web interface for managing small server set-ups and also best suitable for Dedicated and VPS hosting. It comes with many built-in pre-made plugins for configuring and managing server software’s and services such as Apache, Nginx, MySQL, FTP, Firewall, File System, Cron, Munin, Samba, Squid and many other programs like File Manager, Code Editor for developers and Terminal access.
Kloxo is one of the advanced and free web control panel for Redhat and Cent OS distribution. It is featured with leading control panels like FTP, spam filter, PHP, Perl, CGI, and much more. Features like messaging, back up restore and ticketing system modules are inbuilt in kloxo.
It helps end user to manage/run a combination of Apache with BIND and switch the interface between these programs without losing your data.
OpenPanel is an open source web based control panel licensed under GNU General Public. It has an attractive and easy to use interface. It can manage Apache, AWStats, Bind DNS, PureFTPD, Postfix, MySQL databases, IPTables firewall and Courier-IMAP e-mails and more.
Zpanel is a free to download and easy to use enterprise class web hosting control panel for Linux, UNIX, MacOS and Microsoft Windows.
Zpanel is written in purely PHP language and runs on Apache, PHP and MySQL. It comes with core set of essential features to run your web hosting service. The core features includes Apache Web Server, hMailServer, FileZilla Server, MySQL, PHP, Webalizer, RoundCube, phpMyAdmin, phpSysInfo, FTP Jailing and many more.
EHCP (Easy Hosting Control Panel) is a free web hosting software for maintaining a web based hosting server. With the use of EHCP you can manage MySQL databases, email accounts, domain accounts, FTP accounts and much more.
It is the only control panel that has built-in support for Nginx and PHP-FPM with completely throw out Apache and provides good performance for low end servers.
ispCp is a free/open source project founded to built a multi server control and admin panel without any limitations. It is Linux/Unix based web hosting server which is featured with all functions you might expect from a professional hosting tool. ispCP allows you to manage all the server like domains, email accounts, FTP accounts, database on its own.
VHCS is also an open source web based interface control panel for Linux especially designed for IT professionals and hosting service providers. VHCS is written in PHP, Perl and C, which gives you full control over resellers, end user. Within a minute you can configure your servers, create user with domain. You can also manage emails, FTP, Apache vhost, statistic and much more.
Ravencore is a simple hosting panel for Linux which aims to get rigid from expensive commercial software’s like Cpanel and Plesk. The GUI is coded in PHP and the backend in Perl and Bash. It also includes projects like MySQL, Apache, phpMyAdmin,Postfix and Awstats.
Virtulamin is one of the most popular web based hosting control panel for Linux and Unix. The system is especially designed to manage Apache virtual hosts, MySQL databases, BIND DNS Domains, Mail Boxes with Sendmail or Postfix and the entire Server from one friendly interface.
WebMin a super functional and powerful web hosting control panel. The software tool is designed to manage Unix and Linux platform in a simple way. WebMin is capable enough to manage various components of web based environment from setting a webserver to maintaining FTP and email server.
Configure and create virtual server on Apache.
Manage, install or delete a software packages (RPM format).
For security you can set up firewall.
Modify DNS settings, IP address, routing configuration.
Domain Technologie Control (DTC) is a GPL web hosting control panel especially for admin and accounting hosting services. With the help of this web GUI control panel DTC can delegate task like creating emails,FTP accounts, subdomains, database and many more. It manages a MySQL database which contains all hosting information.
DirectAdmin is an open source web hosting control panel that provides graphical admin interface to manage unlimited websites, emails accounts etc. the tasks are automated means DirectAdmin can manage your task automatically to set up and manage websites easily and quickly.
Manage and create email account and manage database.
Create FTP account for users.
Manage frontpage extension, DNS and view statistics.
Built in File Manager to manage uploads
Set up error pages and directory password protection.
InterWorx is a Linux server management system and web hosting control panel. InterWorx has a set of tolls that provides admin user to command their own servers and the end users can over view the operation of their website. This Control panel is basically divided into two operating modes.
Nodeworx: Nodeworx is an administrator mode that helps managing server.
SiteWorx: SiteWorx is a website owner view that helps end users to manage their hosting account and features.
Froxlor is an open source lightweight server management control panel that can be used to manage personal VPS, Dedicated or shared hosting platforms. It’s an alternative to very famous software called cPanel or Webmin, which offers same features to make server administrations easy.
ISPmanager is a commercial web hosting control panel with perfect balance of functionality & price. It comes in two editions: Lite, for managing own VPS and Dedicated servers, and Business, for providing shared and reseller hosting.
ISPmanager has all features, commonly found in premium panels. With its help you can manage websites; create domains, users, databases & many more.
This panel already has 18 years of history and is currently one of the most popular control panels in Russia/CIS countries, and is rapidly gaining wide-spread popularity in many others.