DragonOS Focal YateBTS Calls + SMS w/ BladeRFxA4 (Yate RC2) part 1
Vložit
- čas přidán 11. 09. 2024
- This video takes another look at setting up Yate and YateBTS on DragonOS Focal after Nuand recently released a new version for the BladeRF. In this video, I was able to successfully use a BladeRFxA4 with little to no problems, compared to my previous attempts where I was unable to connect to the BTS at all.
I jump around towards the end of the video, because honestly I'm not that familiar with Yate. Switching between REGXP or add subscriber probably doesn't matter when it comes to making Calls or sending SMS between phones, that's something I'll take another look at.
I think the important thing is to setup the Country Code, Subscriber section, and the BTS configuration. Once that's working, I'm sure the rest will be a breeze.
Hope this helps. Once I'm more familiar with all the options I'd like to expand on setting up and using Yate.
Hardware:
- BladeRFxA4
Tools:
- www.nuand.com/...
- nuand.com/down...
This is rapidly becoming my favorite CZcams channel. Love DragonOS by the way --what a terrific resource. I'm running it on a 5 year old Dell Laptop w/SSD and DragonOS kicks ass on that thing.
Thanks Karl! It’s been fun working on it, plus it’s helped me learn about things I would’ve otherwise never messed with.
You’re my new hero!
Great find- can’t wait to try this. I know if I start on it now tho, there will be zero sleep for work tomorrow..
That’s what I always end up doing then barely functioning the next day.. either that or just can’t seem to sleep ha. But seriously, it seems like Nuand is doing all kinds of new stuff.
Can you make a phone call to a an imsi with pre-configured settings to auto-anwser call? It was along time ago since I have not played with these things. Thanks
Like the phone receiving the call would auto answer it?
@@cemaxecuter7783 yes that is the case. You get the subscriber and launch a call but with configured settings that always auto answer and without screen notice at all /black screen.
That’d be interesting, I’m not sure how the configuration needs to be. I’ll look into it.
Can I hug you mate, you saved my job. It works like a charm...on a virtual machine
That’s awesome to hear!! Make sure you give Nuand a shout out. They made some awesome improvements. You’ll have to give me some tips on yate usage.
Hello, do you run DragonOS on dual boot or Virtual machine. Thank you.
Almost always bear metal, but with my steamdeck and laptop it is dual boot.
Keep up going nice videos man thanks for sharing!
In future your posts on trending
Hello! Is Yate, YateBTS and bladeRF already installed in latest version of DragonOS? Thank you!
Yes it is. You’ll find the fpga sitting in the /usr/src/yate (may be labeled rc3 and yate and YateBTS is already installed system wide. So just like shown in the video, you’d start the apache2 service and configure the webpage as needed, then command line start yate
@@cemaxecuter7783 Got it, thanks!
Is it worth buying the more expensive xA9 version of BladeRF 2.0 for IMSI catcher with YateBTS?I watched a video where xA9 were used. I wonder if xA4 is capable to do the same?
Honestly, I think either nowadays will run both fine. I had borrowed an xA4 and really liked it, but before giving it back I was able to test with the latest firmware, fpga, and YateBTS that Nuand released. It worked great with Crocodile hunter, imsi catcher, YateBTS etc.. I got should of an xA9 and really like it even more because I can run the Bladerf Wiphy fpga, but if you don’t need that then you’re fine with the xA4.
@@cemaxecuter7783 Thanks for info !I ordered xA4 because I need it only for testing GSM network and apps alerting for IMSI catchers. Btw in Europe the same pack of BladeRF 2.0 micro xA4 with 4 Tri-band antennas ,4 amplifiers and plastic case cost 1079 euro with shipping, from Nuand only 744 usd. I have to pay 20% import taxes and still it will be around 750 euro.The downside is that I will have to wait a month.
Holy cow that’s a big price difference. You know, I need to order two more antennas and amps. I only have 1 lna and 1 amp. Also, did you get a case that somehow includes the amps inside? I got the clear case and it doesn’t house the amps.
I was trying to see if I can get this 3d printed
github.com/kismetwireless/cases/tree/main/bladeRF-micro-amps
YateBTS works very well with the xA4, got calls/sms and gprs working easily, thanks for the tutorials. Only problem on my unit is there is a nasty LO leakage peak +600kHz from the GSM carrier. Have you taken a look of the spectrum output of your xA4, do you have it as well? Very unfortunate since I have a test license for one GSM channel (200kHz), and this obviously goes outside of that.. :/
Wow that’s great you got all that working! What I could do is take the spectran I have and look at my bladerf. Is there any kind of tx filter or lna etc that you could add to clean it up?
@@cemaxecuter7783 That would be quite hard unfortunately, only thing would be a sharp bandpass filter giving only the intended GSM carrier, but is quite complicated.. One other option would be to modify the code, so that the peak would be centered "under" the GSM carrier. I tried that already, and while the spectrum seems clean, and the handset can see it, the uplink is not recognized, didn't figure that out yet..
One of these days you how us how to decode GSM packets, or do you have any recommendations sir..?
Thank you for these great tutorials. I am trying to figure out a basic tutorial to initially setup and connect my NUAND BladeRF SDR to my ubuntu system and then run these kind of projects. Kindly suggest if you have covered this one in any of your other tutorials. I have gone through quite a few videos of yours, but could not find anything.
Hi and thank you. Are you asking about connecting it to just a normal install of Ubuntu? I don’t really cover the setup in my videos because I’ve already taken care of that to include making sure the firmware/fpga is available in DragonOS. To setup on a normal install you’d have to install libbladerf and more.
@@cemaxecuter7783 Thank you for the quick reply. I would really appreciate it if you could point me to any such tutorials on the web. It would help out many other people like me who just started working on the NUAND BladeRF.
This is a great resource, lots of info, but it has what you need to get up and running.
@@cemaxecuter7783 Is PyBOMBS a good way to start with NUAND BladeRF?
I’ve not used pybombs - I’d probably suggest sticking to package manager installing for now.
Is bladerf x40 work with yatebts?
I believe so, but don’t quote me on it. I don’t actually have that model to try it.
what is the more stable yatebts2 or yatebts3?
I didn’t really notice a difference, but yaterc3 is included already in DragonOS FocalX along with necessary fpga for bladerf
And nipc reload and nipc list registered doesn't run over telnet.
I tried running it with BladeRF x115 but I don't see any networks on my phone? Does it really work on x115 or should I switch to xA4 ?
I don’t have one to test but are you running it bare metal and not via Vm?
So is it mandatory to preconfigure allowed IMSIs or any MS can register?
You can set it up either way, there’s a variable you can put in one of the fields that allows any imsi. If I recall, in theI video I may have specifically put the prefix that both the SIM cards I had started with. But yes, either way is possible.
@@cemaxecuter7783 are you planning to sell the xA4?
Unfortunately I can’t let it go, it’s one of the few that can do some of the things I want to learn about.
Amazing, it was a matter of minutes to launch a fully functional GSM network. I have a bladerf X40 in my inventory. Can i run the yatebts on Bladerf X40
Hmm I’ve not tried on the bladerfx40. I’ve only used one for a few minutes (borrowed). I think there’s an fpga in there for it so it might work, but not sure.
I love u ❣️
How install yate ? I got this error "fatal error: QSound: No such file or directory , qt4client.o] Error 1
" How to solve this poblem. but yatebts not found thid issue.
YateBTS is already installed on DragonOS.
Hi is yatebts support 3g ?
2g/gsm. You might need OpenBTS-umts maybe?
So so thanks
One more question.Do I have to buy GSM Nuand antennas or their 3-band antennas should work for GSM too?
I have their tri band antennas and I’ve found they work fine with GSM, but I’ve also only tested I think gsm900. I do have some other cellular antennas, but I think the Tri band should be good. You know another thing I REALLY like about the bladerf? The connector! I like how it’s really sturdy. I’ve unfortunately damaged and had to have repaired a b205mini and a LimeSDR mini, I think their connectors are just a bit more fragile. Of course it doesn’t help that I’m unplugging them so much and moving them all over the place.
yatebts it's very easy. make srsLTE!
U use amplifier(rx,tx) for bladerf x4?
SrsLTE is included too. Check my playlists for cellular. There’s all sorts of srsLTE included. Actually, the bladerf now works really well as a UE in srsLTE. I checked it last night.
I do have the small $30 amps but haven’t turned them on yet.
@@cemaxecuter7783 Were you able to send text messages from your computer to your phone without a SIM card? They say that for LTE you have to use a SIM card, but for 3G you don't need a SIM card.
Good question. Both my phones on the gsm network have sims. I didn’t try without. For srsLTE I need to get programmable sims and different phones.I’ve only used another SDR as the UE, not a real phone
Do you usually see “UCN” in the status bar on your phone?
I’ve not seen that, at least not that I can remember.
I assume this will work with Lime sdr as well?
I’m almost confident the answer is yes, can you please let me know? I’ve never got around to getting the SDR model. I’ve just had the mini for some time now.
No problem. I do this as my first project once my gpd pocket 3 arrives.
Should be interesting.
What processor(CPU) for a laptop you recommend for BladeRF and DragonOS?Intel or AMD and what type?
I’ll list off what I have right now and what I’ve also tried in the past,
Intel i7 4910mq
Intel i7 6500u
Intel i5 (don’t recall the specs)
Core Xeon E5620 x2
Intel core 2 duo (really old)
Amd (cheap low end model, can’t recall the specs)
Given what I’ve tried, I’d suggest an i7 or higher for heavy lifting. But even something like my old NUC5PPYB can run the bladerf and most applications. I don’t have much experience with AMD.
@@cemaxecuter7783 So there is no need to buy something like amd 5800H or Intel 10750/10875?I have old Dell XPS with Intel Core i7-2630QM 4 x 2 - 2.9 GHz (Intel Core i7).Is it going to be enough or need to buy something newer?
Honestly I think you’ll find it’ll be perfectly fine to get started. I definitely saw a huge jump in performance from the core 2 duo old laptop i found laying around to the i7, but I don’t think you’ll need much for grgsm and yate. But you know what, if you’re trying to look at the full bandwidth available to the bladerf and process it all, then yes maybe a new laptop would be best. I say try what you have now.
I need to set up YateBTS cell and test some special phones for anti IMSI catching. I have read that YateBTS need a lot of CPU power.Do I need two BladeRF for this task btw?Some people write that I have to use two units for real BTS tower simulation
Pretty sure you’ll be fine with the laptop you have, assuming it has usb3 ports?
Hi Sir how can we change gsm network name, currently it is coming as Test PLMN .... In your video play time ~10.32 it is showing network name as 'DragonOS' where can be configured
All the network configuration is in one of the configuration files, I’m failing to remember the name at the moment. Either the bsc or bts config, if you’re running osmo-nitb scripts then you can look in the /usr/src/osmo-nitb-scripts/configs folder or if you running the newer osmo setup I’ve shown you can look at similar config files in /etc/osmocom/ I’ll get a better answer once I’m at a computer.
plutosdr works too?
Hello. Unfortunately it doesn’t, only the bladerf with this version of YateBTS.
How i can i record IMEI number of phones around ? is it possible to do with blade and Yates ?
From a purely lab learning environment perspective, yes I believe that’s possible. However, outside of that would be considered illegal and potentially disruptive to real services. Additionally most likely phones world be connected or connecting to much better services then gsm
@@cemaxecuter7783 thanks for replay !! only for educational purposes !!! and only in private property environment !!
For that it works pretty well although now thinking about it I’m not sure tjr command line tool showed users.
Can please provide a training session. Is it possible? Please
Possibly, I haven't worked out a good way to do this yet.
This is run on Main OS Or Virtual Machine?
Main bare metal install.
Everry thing it Work! Thk so much. @@cemaxecuter7783
And does yatebts support hackrfone firmware instead of bladeRF
Only the bladerf
@@cemaxecuter7783 thanks processor..
YateBTS also works with LimeSDR ?
This implementation of yatebts is only for the bladeRF.
You can however use DragonOS Focal and the included osmo-nitb-scripts with the LimeSDR.
@@cemaxecuter7783 yup already tried with LimeSDR USB its working great :)
Hello the indispensable professor, I want to ask when I set up the bts, can I recieve calls and texts massages from other mobile networks into my phone as usual, and can anyone connected to my bts still receive calls and massages from other networks like, you are using yatebts can calls and sms from at&t and Verizon enter my phone thanks
You’d only receive calls from other phones on the BTS. I guess depending on where you’re at, you’d have to check your laws because here’s there for sure no way to be broadcasting amongst other networks.
Unless maybe you had Sip setup on Yate, then maybe you’d be able to receive calls from other networks vis that Sip setup. I don’t have much, if any at all, experience with that though.
@@cemaxecuter7783 I truly appreciate processor, thank you
Can SS7 be used without hackrfone
SS7 would most likely be a network connection of some sort (I believe)
My console keeps getting spammed with
2022-05-04_18:44:06.694611 Transmit underrun by 4 timeslots [0x7fd78c003ee0]
skipped 1662
skipped 1107
skipped 701
skipped 763
Tried using Yate RC2 and RC3
I don’t have i super good memory and will have to replay the video or run it again myself but I recall that as to be expected or at least something was spamming my console. However, I know I had a pretty fast cpu/usb3 and had no issues seeing the bts, connecting though requires gsm phone/sim etc. I’ve been thinking about putting rc3 in DragonOS but there’s no notes as to what changed that I can find. If you look in the readme that I think is included in the zip you’ll noticed there’s some tweaks it suggests. What are you running this on?
Do you have a way to hack WhatsApp?
This mean's we can send message and call's. For free with out any money
This is mainly meant for research and most likely, unless you have a license of some sort cannot be transmitted into the open. You can send texts and calls between phones connected to the same small test bts, but to call out to real phones elsewhere you’d have to configure yate with a voip provider of sorts to go out side your test network.
Excellent. I try yateBts 5...work fine. I add a call out script pbx for Goip...i can make a call from yatebts to outside ( local french gsm). I cant make sms out....work in progress. If someone interested by Goip config? Ler me know ...i send it. If someone have an idea for how config yatebts in call in mode..thanks to share. Good job.
Are u asking for settings to auto answer call?
Yes im also interested by this option....thanks.
Hi. What did you have to do to make it able to do outbound calls? It is not working for me though i put in sip account details.
Python remote exploit create small tutorial video bro 👍👍
This is a bit brittle. On a current install of DragonOS, the make command for yate fails as follows:
In file included from qt4client.cpp:22:
qt4client.h:59:10: fatal error: QSound: No such file or directory
59 | #include
| ^~~~~~~~
compilation terminated.
make[2]: *** [Makefile:100: qt4client.o] Error 1
make[2]: Leaving directory '/root/yate/yate/clients/qt4'
make[1]: *** [Makefile:478: ../libyateqt4.so] Error 2
make[1]: Leaving directory '/root/yate/yate/modules'
make: *** [Makefile:186: modules] Error 2
You don’t run make, it’s already made and installed in DragonOS.
You run yate in terminal is what I’m saying, it’s already built and installed in the latest DragonOS.
i have same error and when im trying to install yatebts ./configure show me this message (checking for Yate using yate-config... no
configure: error: Could not find Yate) how can i fix it he can't see Yate becouse QSound not make install yate and you told me us it's okay you can run it but yate
bts can't see it @@cemaxecuter7783
Can i talk to you in whatupp i need you