98 lines
3.2 KiB
Markdown
98 lines
3.2 KiB
Markdown
# Modmobjam
|
|
|
|
A smart jamming proof of concept for mobile equipments that could be powered with [Modmobmap](https://github.com/PentHertz/Modmobmap)
|
|
|
|
For more information, this little tool has been presented during SSTIC rump 2018:
|
|
|
|
- english slides: https://penthertz.com/resources/sstic_rump_2018_modmobjam.pdf
|
|
- french presentation: https://static.sstic.org/rumps2018/SSTIC_2018-06-14_P10_RUMPS_22.mp4
|
|
|
|
## Warning
|
|
|
|
You should be warned that Jamming is illegal and you're responsible for any damages when using it on your own.
|
|
|
|
## Prerequisites
|
|
|
|
- a radio devices that is enabled to transmit signal (HackRF, USRP, bladeRF, and so on.)
|
|
- GNU Radio installed
|
|
- Modmobmap to perform automatic smartjamming: https://github.com/PentHertz/Modmobmap
|
|
|
|
## Usage
|
|
|
|
### Manual jamming
|
|
|
|
If you have a HackRF or any device compatible with osmocom drivers, you can directly run the code provided in ``GRC/jammer_gen.py`` as follows:
|
|
|
|
```sh
|
|
$ python GRC/jammer_gen.py
|
|
```
|
|
|
|
Note that compatible devices with `gr-osmosdr` are the following:
|
|
|
|
* FunCube Dongle through libgnuradio-fcd
|
|
* FUNcube Dongle Pro+ through gr-fcdproplus
|
|
* sysmocom OsmoSDR Devices through libosmosdr
|
|
* Nuand LLC bladeRF through libbladeRF library
|
|
* Great Scott Gadgets HackRF through libhackrf
|
|
* Ettus USRP Devices through Ettus UHD library
|
|
* Fairwaves UmTRX through Fairwaves' fork of Ettus' UHD library
|
|
* RFSPACE SDR-IQ, SDR-IP, NetSDR (incl. X2 option)
|
|
* RTL2832U based DVB-T dongles through librtlsdr
|
|
* RTL-TCP spectrum server (see librtlsdr project)
|
|
* MSi2500 based DVB-T dongles through libmirisdr
|
|
* SDRplay RSP through SDRplay API library
|
|
* AirSpy R820t dongles through libairspy
|
|
|
|
For those who want to use another device, edit the GNU Radio block schema ``GRC/jammer_gen.grc``:
|
|
|
|
```sh
|
|
$ gnuradio-companion GRC/jammer_gen.grc
|
|
```
|
|
|
|
Then you can configure the central frequency with the QT GUI to target a frequency. But this tool has also a feature to do it automatically.
|
|
|
|
### Automatic smartjamming
|
|
|
|
To automate jamming, you can first get a list of we the [Modmobmap](https://github.com/PentHertz/Modmobmap) that saves a JSON file after monitoring surrounding cells in a precise location. This JSON file looks as follows:
|
|
|
|
```sh
|
|
$ cat cells_<generated timestamp>.json
|
|
{
|
|
"****-***50": {
|
|
"PCI": "****",
|
|
"PLMN": "208-01",
|
|
"TAC": "50****",
|
|
"band": 3,
|
|
"bandwidth": "20MHz",
|
|
"eARFCN": 1850,
|
|
"type": "4G"
|
|
},
|
|
"7-***": {
|
|
"PLMN": "208-20",
|
|
"arfcn": 1018,
|
|
"cid": "***",
|
|
"type": "2G"
|
|
},
|
|
"****:-****12": {
|
|
"PLMN": "208-1",
|
|
"RX": 10712,
|
|
"TX": 9762,
|
|
"band": 1,
|
|
"type": "3G"
|
|
},
|
|
[...]
|
|
}
|
|
```
|
|
|
|
After generating this file containing cells to jam, you can launch the RPC client that communicate with ``GRC/jammer_gen.py`` as follows:
|
|
|
|
```sh
|
|
$ python smartjam_rpcclient.py -f cells_<generated timestamp>.json
|
|
```
|
|
|
|
Then leverage the gain for transmission and you should observe that a lot of noise is overflowing the targeted cells with gaussian noise.
|
|
|
|
![Jamming session](https://raw.githubusercontent.com/PentHertz/Modmobjam/master/imgs/jamming_session.png)
|
|
|
|
Please note that the delay between each targeted cell can be set with a provided arguments '-d' (see arguments helper).
|