Author:雪碧 0xroot @360 UnicornTeam
Osmocom此项目旨意在于自由软件,一个 GPL 协议的 Abis 接口(包含 BSC/MSC/HLR) 其目的是用于实验和研究。

本文档已公布在Osmocom官网:https://osmocom.org/projects/cellular-infrastructure/wiki/Accelerate3g5_--_unicornteam

Demo

Demo on YouTuBe

OpenBSC -- 自由软件旨在实现 BTS (包括 MSC, HLR 功能)
BscHack -- BSC 程序在此
bsc_hack_VTY -- 交互式命令行及配置文件的参考文档 
bs11_config -- 使用 RS232 对 BS-11 进行配置的小工具
ipaccess-find -- 一个用于网络搜索 nanoBTS 的小工具
ipaccess-config -- 一个用于对 nanoBTS 的 NVRAM 进行配置的小工具
isdnsync -- 一个使用 PSTN 作为频率标准的工具 
bsc_msc_ip -- 一个通过 (GSM) A 协议经由 IP 来连接 MSC 的应用
bsc_mgcp? -- 一个愚蠢的 MediaGatewayControlProtocol? (MGCP) 网关
bsc_mgcp_VTY -- 交互式命令行及配置文件的参考文档
bsc_nat -- 一个 BSC NAT/Multiplexer
bsc_nat_VTY -- 交互式命令行及配置文件的参考文档
BS11 -- 西门子的 microBTS -  The Siemens microBTS
BS11_Sales -- BS-11 单元已经卖磬,抱歉。
BS11_Package_List -- 确保装箱无误
BS11_Configuration -- 如何使用 / 配置硬件
BS11_LMT -- 本地维护终端 - The local maintenance Terminal
BS11_Getting_Started -- 着手 BS-11
BS11_Troubleshooting -- 出现问题时
BS11_Internals -- 诸如 PCB 之类照片一瞥
nanoBTS -- the ip.access nanoBTS
nanoBTS_Models -- 现有型号
nanoBTS_Internals -- 诸如 PCB 之类照片一瞥及诊错端口 - Details like PCB photographs and debug port
nanoBTS_multiTRX -- 构建 nanoBTS multi-TRX 的配置
HFC-E1 Evaluation Board -- 用于我们软件的 E1 卡
GSMStandards -- GSM 协议 - The specifications for GSM
A5: 鉴权和编码 - Authentication & Ciphering
A5_GSM_AT_tricks
mISDN -- Linux 的 ISDN 栈 
LegalNotes -- 运行 GSM 基站的一些重要法律声明
HandsetBugs -- 在开发的过程中所观察到的
GSM_Security -- GSM 安全性探秘

0x01环境搭建

PC:Ubuntu16.04

HardWare:ip.access nano3G

SoftWare:Osmocom

1.1 安装交叉编译环境

sudo apt-get update

mkdir osmo
cd osmo
mkdir build install src
wget http://bb.osmocom.org/trac/raw-attachment/wiki/GnuArmToolchain/gnu-arm-build.3.sh
cd src
wget http://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
wget http://ftp.gnu.org/gnu/binutils/binutils-2.21.1a.tar.bz2
wget ftp://sources.redhat.com/pub/newlib/newlib-1.19.0.tar.gz

cd ..
chmod +x gnu-arm-build.3.sh
bash gnu-arm-build.3.sh

1.2 设置交叉编译环境变量

cd install/bin
pwd

vi ~/./.bashrc
export PATH=$PATH:/home/$username(change this to your name)/osm/install/bin

#save and quit
source ~/.bashrc

0x02 源码编译CalypsoBTS

2.1 编译libosmo-dsp

git clone git://git.osmocom.org/libosmo-dsp.git
cd libosmo-dsp/
autoreconf -i
./configure
make
sudo make install
cd ..

2.2 编译osmocom-bb

git clone git://git.osmocom.org/osmocom-bb.git trx
cd trx/
git checkout jolly/testing
cd src/

# It needs TX support
# Just uncomment 'CFLAGS += -DCONFIG_TX_ENABLE' in target/firmware/Makefile

# And make with transceiver support
make HOST_layer23_CONFARGS=--enable-transceiver

2.3 安装依赖包

sudo apt-get install sqlite3 libdbi-dev libdbd-sqlite3 libsctp-dev

2.4 编译 Ortp

wget http://download.savannah.gnu.org/releases/linphone/ortp/sources/ortp-0.22.0.tar.gz
tar -xvf ortp-0.22.0.tar.gz
cd ortp-0.22.0/
./configure
make
sudo make install
sudo ldconfig
cd ..

2.5 编译libosmo-abis

git clone git://git.osmocom.org/libosmo-abis.git
cd libosmo-abis
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

2.6 编译libosmo-netif

git clone git://git.osmocom.org/libosmo-netif.git
cd libosmo-netif/
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

2.7 编译openbsc

git clone git://git.osmocom.org/openbsc.git
cd openbsc/openbsc/
autoreconf -i
./configure
make
sudo make install
cd ../..

2.8 编译osmo-bts

git clone git://git.osmocom.org/osmo-bts.git
cd osmo-bts
autoreconf -i
./configure --enable-trx
make
sudo make install
cd ..

2.9 创建OpenBSC配置文件

# Create the configuration folder if it isn't exist yet
mkdir ~/.osmocom
cd ~/.osmocom
touch ~/.osmocom/open-bsc.cfg
touch ~/.osmocom/osmo-bts.cfg

0x03 源码编译Cellular Infrastructure

3.1 克隆源码

git clone git://git.osmocom.org/libosmocore
git clone git://git.osmocom.org/libosmo-abis
git clone git://git.osmocom.org/openbsc
git clone git://git.osmocom.org/libosmo-netif
git clone git://git.osmocom.org/libosmo-sccp
git clone git://git.osmocom.org/libsmpp34
git clone git://git.osmocom.org/openggsn

3.2 下载&执行自动编译脚本

wget https://osmocom.org/attachments/download/2438/build_2G.sh
chmod 777  build_2G.sh
sudo bash build_2G.sh

0x04 编译OpenBSC 3G

4.1 编译asn1c

git clone git://git.osmocom.org/asn1c
cd asn1c
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

4.2 编译libasn1c

git clone git://git.osmocom.org/libasn1c
cd libasn1c
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

4.3 编译osmo-iuh

git clone git://git.osmocom.org/osmo-iuh
cd osmo-iuh
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

4.4 编译osmomsc

git clone git://git.osmocom.org/osmomsc
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

4.5 编译osmohlr

git clone git://git.osmocom.org/osmohlr
autoreconf -i
./configure
make
sudo make install
sudo ldconfig
cd ..

4.6 编译3G版OpenBSC

cd openbsc/openbsc
autoreconf -fi
./configure --enable-iu
make
sudo make install

0x05 自动化编译上面所述软件

wget https://osmocom.org/attachments/download/2726/3G-config-example.tar
tar zxvf 3G-config-example.tar
cd 3G-config-example/build
./clone_and_build_osmocom_3g.sh
sudo apt-get install rxvt-unicode

add subscribers with auth keys in the HLR database:
https://osmocom.org/projects/cellular-infrastructure/wiki/Getting_Started_with_3G

https://osmocom.org/projects/cellular-infrastructure/wiki/Configuring_the_ipaccess_nano3G

ipaccess-config

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
init3@0xroot:~/osm/openbsc/openbsc/src/ipaccess$ ./ipaccess-config --help
ipaccess-config (C) 2009-2010 by Harald Welte and others
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

Usage: ipaccess-config IP_OF_BTS
Commands for writing to the BTS:
-u --unit-id UNIT_ID Set the Unit ID of the BTS
-o --oml-ip IP Set primary OML IP (IP of your BSC)
-i --ip-address IP/MASK Set static IP address + netmask of BTS
-g --ip-gateway IP Set static IP gateway of BTS
-r --restart Restart the BTS (after other operations)
-n --nvram-flags FLAGS/MASK Set NVRAM attributes
-S --nvattr-set FLAG Set one additional NVRAM attribute
-U --nvattr-unset FLAG Set one additional NVRAM attribute
-l --listen TESTNR Perform specified test number
-L --Listen TEST_NAME Perform specified test
-s --stream-id ID Set the IPA Stream Identifier for OML
-d --software FIRMWARE Download firmware into BTS

Miscellaneous commands:
-h --help this text
-H --HELP Print parameter details.
-f --firmware FIRMWARE Provide firmware information
-w --write-firmware This will dump the firmware parts to the filesystem. Use with -f.
-p --loop Loop the tests executed with the --listen command.

ipaccess-proxy

1
2
3
4
5
6
7
8
9
10
11
12
init3@0xroot:~/osm/openbsc/openbsc/src/ipaccess$ ./ipaccess-proxy --help
Usage: ipaccess-proxy [options]
ipaccess-proxy is a proxy BTS.
-h --help. This help text.
-l --listen IP. The ip to listen to.
-b --bsc IP. The BSC IP address.
-g --gprs IP. Take GPRS NS from that IP.

-s --disable-color. Disable the color inside the logging message.
-e --log-level number. Set the global loglevel.
-T --timestamp. Prefix every log message with a timestamp.
-V --version. Print the version of OpenBSC.

0x06 配置 ip.access nano3G


查找 ip.access nano3G IP

cd osm/openbsc/openbsc/src/ipaccess
sudo ./abisip-find 

配置 ip.access nano3G

telnet 192.168.31.163 8090
dmi>

# PLMN Id == MCC + MNC
set mcc="901" 
set mnc="70" 

# [uarfcnDownlink, 1900 MHz band], [scramblingCode], [dummyCellId]
set rfParamsCandidateList=({9800, 401, 1})

# [lac], [rac]
set lacRacCandidateList=({10422, (99)})
set hnbGwAddress="192.168.31.224" 
action 2061
action 1216
action establishPermanentHnbGwConnection
set csgAccessMode=CSG_ACCESS_MODE_OPEN_ACCESS

0x07 Reference

https://osmocom.org/projects/cellular-infrastructure/wiki/Build_from_Source

http://osmocom.org/projects/baseband/wiki/CalypsoBTS

https://osmocom.org/projects/cellular-infrastructure/wiki/Getting_Started_with_3G

https://osmocom.org/projects/osmocscn/wiki/Osmocom_3G_-_Getting_Started/3

https://osmocom.org/projects/cellular-infrastructure/wiki/Configuring_the_ipaccess_nano3G