以下所有操作基于Ubuntu下,所有基于Ubuntu、Debian等Linux版本均可使用。
一、以Root权限进行接下来的所有操作:
$ sudo -s
二、安装编译osmocomBB所需的软件包:
$ apt-get install libtool shtool autoconf git-core pkg-config make gcc libusb-dev libpcsclite-dev libusb-0.1-4 libpcsclite1 libccid pcscd
三、下载所需要的GnuARM ToolChain
基于x86架构
$ wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 $ tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 $ mv gnuarm-* ~/gnuarm
基于64位架构
$ wget http://www.gnuarm.com/bu-2.16.1_gcc-4.0.2-c-c++_nl-1.14.0_gi-6.4_x86-64.tar.bz2 $ tar xf bu-2.16.1_gcc-4.0.2-c-c++_nl-1.14.0_gi-6.4_x86-64.tar.bz2 $ mv gnuarm-* ~/gnuarm
这样子就已经完成了关于OsmocomBB的交叉编译环境的搭建,剩下就是最关键的设置环境变量
$ export PATH=~/gnuarm/bin:$PATH
建议是直接编辑~/.bashrc的内容,把上面的这个段话直接加到最后。
四、编译libosmocore:
$ git clone git://git.osmocom.org/libosmocore.git $ cd libosmocore/ $ autoreconf -i $ ./configure $ make $ make install $ cd .. $ ldconfig
ldconfig命令一定不要忘记执行,否则osmocomBB编译后运行时会出现找不到libosmocore.so.4的错误。
五、编译OsmocomBB:
$ git clone git://git.osmocom.org/osmocom-bb.git $ cd osmocom-bb $ git checkout --track origin/luca/gsmmap $ cd src $ make
基本上已经完成所有的编译操作了!Enjoy你的玩具吧!
六、模块连接
第一步,将CP2102模块插入电脑USB 登陆linux操作系统运行如下命令
$ lsusb
出现"......cp210x UART Bridge......",说明连接成功
当我们处理完以上的操作之后,就在osmocomBB套件目录下进行相关固件刷写操作,请记住这个操作过程只是临时性的,固件只是以RAM TO ROM的途径下进行临时刷写,关机后原有的摩托罗拉系统依然会存在的。
cd ~/osmocom-bb/src/host/osmocon/
启动osmocon刷写所需要的固件,通常大家都是直接刷写Layer1的固件。
./osmocon -m c123xor -p /dev/ttyUSB0 ../../target/firmware/board/compal_e88/layer1.compalram.bin
看清楚c123xor是基于C118的,非C118的手机请不要使用这个,并且记住C118的固件目录就是compal_e88,在输入以上命令之前,手机必须连接好连接线以及TTL,并且确保手机必须为关机状态。命令输入完成后,直接轻按一下手机的红色开机键,当前命令窗口会出现以下类似信息:
got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 1b . got 4 bytes from modem, data looks like: f6 02 00 41 ...A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/layer1.compalram.bin): file_size=56016, hdr_len=4, dnload_len=56023 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/56023) handle_write(): 4096 bytes (8192/56023) handle_write(): 4096 bytes (12288/56023) handle_write(): 4096 bytes (16384/56023) handle_write(): 4096 bytes (20480/56023) handle_write(): 4096 bytes (24576/56023) handle_write(): 4096 bytes (28672/56023) handle_write(): 4096 bytes (32768/56023) handle_write(): 4096 bytes (36864/56023) handle_write(): 4096 bytes (40960/56023) handle_write(): 4096 bytes (45056/56023) handle_write(): 4096 bytes (49152/56023) handle_write(): 4096 bytes (53248/56023) handle_write(): 2775 bytes (56023/56023) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up
看到以上的信息就证明你的固件刷写操作已经成功了,下来的操作可以是扫描基站或者其他简单而快速的方法:
扫描基站
~/osmocom-bb/src/host/layer23/src/misc/cell_log -O
扫描某一个基站,例如30
~/osmocom-bb/src/host/layer23/src/misc/ccch_scan -i 127.0.0.1 -a 30
将扫描基站的日志保存到本地
dumpcap -i lo -w ~/mobilelog/Cell.log
打开WireShark实时读取相关的信息
sudo wireshark -k -i lo -f 'port 4729'
在 wireshark 的 filter 中对 gsm_sms 的包进行过滤显示
多机连接的情况下进行监听,只需重复刷机操作后,查看cell_log的扫描结果,输入ccch_scan针对单一基站的扫描命令
~/osmocom-bb/src/host/layer23/src/misc/ccch_scan -i 127.0.0.1 -a 116
注:本文仅供研究学习,请勿用于非法用途。扩展阅读
相关文章