Creating your own GSM Network with LimeSDR

This article works with any LimeSDR version.

Installing the required packages

sudo add-apt-repository -y ppa:myriadrf/drivers
sudo add-apt-repository -y ppa:myriadrf/gnuradio
wget https://download.opensuse.org/repositories/network:/osmocom:/latest/xUbuntu_18.04/Release.key
sudo apt-key add Release.key
rm Release.key
echo "deb https://download.opensuse.org/repositories/network:/osmocom:/latest/xUbuntu_18.04/ ./" | sudo tee /etc/apt/sources.list.d/osmocom-latest.list
sudo apt-get update
sudo apt install osmocom-nitb osmo-trx-lms osmo-bts-trx limesuite
  • osmocom-nitb => Network in a Box Package. Contains all needed stuff for managing GSM Network
  • osmo-bts-trx => The Base Transceiver Station software that manages how the network packets will be sent.
  • osmo-trx-lms => The LimeSDR “frontend” for the BTS. This is the piece of software that actually communicates with LimeSDR
  • limesuite => The software and driver for the LimeSDR

Updating the LimeSDR Firmware

LimeUtil --update

Creating the configuration files

!
! OpenBSC configuration saved from vty
! !
password foo
!
line vty
no login
!
e1_input
e1_line 0 driver ipa
network
network country code 901
mobile network code 70
short name HUEHUE
long name HUEBRNetwork
auth policy accept-all
location updating reject cause 13
encryption a5 0
neci 1
rrlp mode none
mm info 1
handover 0
handover window rxlev averaging 10
handover window rxqual averaging 1
handover window rxlev neighbor averaging 10
handover power budget interval 6
handover power budget hysteresis 3
handover maximum distance 9999
bts 0
type sysmobts
band GSM900
cell_identity 0
location_area_code 1
training_sequence_code 7
base_station_id_code 63
ms max power 15
cell reselection hysteresis 4
rxlev access min 0
channel allocator ascending
rach tx integer 9
rach max transmission 7
ip.access unit_id 1801 0
oml ip.access stream_id 255 line 0
gprs mode none
trx 0
rf_locked 0
arfcn 100
nominal power 23
max_power_red 20
rsl e1 tei 0
timeslot 0
phys_chan_config CCCH+SDCCH4
timeslot 1
phys_chan_config SDCCH8
timeslot 2
phys_chan_config TCH/F
timeslot 3
phys_chan_config TCH/F
timeslot 4
phys_chan_config TCH/F
timeslot 5
phys_chan_config TCH/F
timeslot 6
phys_chan_config TCH/F
timeslot 7
phys_chan_config TCH/F
network country code 901
mobile network code 70
short name HUEHUE
long name HUEBRNetwork
auth policy accept-all
  • network country code => That is the MCC of the network operator. It says in which country the operator is operating. For example: 724 is Brazil
  • mobile network code => That is the MNC of the network operator. It says which network operator it is. Every mobile network operator has its own MNC (some of them have more than one).
  • short name => The Short name of the network operator
  • long name => The Long Name of the network operator
  • auth policy => How we will accept the phones that are trying to connect.
!
! OsmoBTS configuration example
!!
!
log stderr
logging color 1
logging timestamp 0
logging level rsl notice
logging level oml notice
logging level rll notice
logging level rr notice
logging level loop debug
logging level meas debug
logging level pag error
logging level l1c error
logging level l1p error
logging level dsp error
logging level abis error
!
line vty
no login
!
phy 0
instance 0
osmotrx rx-gain 40
osmotrx tx-attenuation 50
osmotrx ip local 127.0.0.1
osmotrx ip remote 127.0.0.1
no osmotrx timing-advance-loop
bts 0
oml remote-ip 127.0.0.1
ipa unit-id 1801 0
gsmtap-sapi pdtch
gsmtap-sapi ccch
band 900
trx 0
phy 0 instance 0
log stderr
logging filter all 1
logging color 1
logging print category 1
logging timestamp 1
logging print file basename
logging level set-all info
!
line vty
no login
!
trx
bind-ip 127.0.0.1
remote-ip 127.0.0.1
base-port 5700
egprs disable
tx-sps 4
rx-sps 4
rt-prio 18
chan 0
tx-path BAND1
rx-path LNAW

Running the software stack

sudo osmo-trx-lms
osmo-nitb

Testing the Base Station

Sysmocom Custom Simcard http://shop.sysmocom.de/products/sysmousim-sjs1-4ff
List of networks in an Android Phone. Here the 72470 network I just created
HUEBRNetwork showing in the list

Listing Subscribers

https://gist.github.com/racerxdl/4981f64c17361f5a3a684cda286f21f4

Sending SMS

python sms_broadcast.py "source number" "message"
python sms_spam.py "target number" "number of times" "message"

Bottom Line

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lucas Teske

Lucas Teske

Programming, Hacking, SDR, Satellites. Basically everything technology related. Everything is also posted on my site https://lucasteske.dev/