OsmocomBB on the Motorola C117: Repurposing a 17 Year Old 2G / GSM Mobile Telephone For Hacking!
The newest addition to my cellular hacking inventory is an old Motorola C117 sourced from eBay and a serial cable from Sysmocom in Germany. The significance of this 2G GSM mobile phone from the mid 2000's is that it's onboard baseband chip (the processor that controls all the radio functions of a mobile telephone) is a Texas Instruments 'Calypso.'
The classified internal documentation for the TI Calypso chip was publicly leaked via the internet and ultimately led to the extensive reverse engineering of it. OsmocomBB is a free and open-source software project from Osmocom that stemmed from these leaked documents and reverse engineering efforts. In addition to the C117, OsmocomBB supports many other GSM mobile telephones containing the Calypso chipset.
In this video, I am taking a preliminary look at some of the basic functions of the OsmocomBB 'mobile app' which can be loaded after the custom Layer 1 firmware has been uploaded to the phone. Then commands can be sent via terminal to control the functionality of the phone, all from software! Very cool. I send some SMS messages and make some voice calls to a Samsung S8 phone, among other commands (mainly information about the cell, the subscriber etc.)
Australia switched off all of it's GSM networks back in 2018, so I am running YateBTS with a BladeRF 2.0 xA4 to simulate a small 2G cellular network.
Thanks to @cemaxecuter7783 his amazing DragonOS linux!
NOTE: I have received a lot of emails recently from individuals having issues with uploading the firmware .bin files to Calypso phones. From what I can see, the contributing factor causing these issues appear to be that a virtual machine is being used, or a serial/USB cable that they constructed themselves is being used.
Osmocom-BB will not work in a virtual machine and it is always better to install Linux directly onto your PC. If you aren't a regular Linux user, make a bootable USB to preserve whichever operating system is installed on your computer. Bare-metal Linux is always the better option for avoiding incompatibility issues with vitalization and USB passthrough.
I don't have much experience with custom home-made Calypso data cables, however I recommend buying a pre-made CP2102 cable from Sysmocom. I own two of these cables and they are of very high quality and work perfectly for Osmocom-BB on bare-metal Linux.
COMMANDS:
sudo /etc/Osmocom-BB/Bin/osmocon -s /tmp/osmocom_l2 -m c123xor -p /dev/ttyUSB0 -c /etc/Osmocom-BB/Firmware/e88/layer1.highram.bin
sudo /etc/Osmocom-BB/Bin/mobile -i 127.0.0.1 -c /etc/Osmocom-BB/Config/mobile.cfg
telnet 127.0.0.1 4247
sudo tshark -Y '!icmp && gsmtap' -i lo
HARDWARE:
Motorola C117
Sysmocom Serial Cable
i7 8th Gen Laptop
SOFTWARE
DragonOS Focal
OsmocomBB
