From 45e4aa4133fa737e69cb7aba5b1d910da96352be Mon Sep 17 00:00:00 2001
From: FlUxIUS <sebastien.dudek@penthertz.com>
Date: Wed, 22 Jul 2020 21:48:20 +0200
Subject: [PATCH] Adding SDR LTE scanning feature base on SRSLTE

---
 .gitmodules               |  3 +++
 engines/sdr/srslte_pss.py | 53 +++++++++++++++++++++++++++++++++++++++
 modmobmap.py              | 25 ++++++++++++++++--
 thirdparty/srsLTE         |  1 +
 utils/logprocess.py       | 48 +++++++++++++++++++++++++++++++++++
 5 files changed, 128 insertions(+), 2 deletions(-)
 create mode 100644 engines/sdr/srslte_pss.py
 create mode 160000 thirdparty/srsLTE

diff --git a/.gitmodules b/.gitmodules
index e69de29..64ada83 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "thirdparty/srsLTE"]
+	path = thirdparty/srsLTE
+	url = https://github.com/PentHertz/srsLTE.git
diff --git a/engines/sdr/srslte_pss.py b/engines/sdr/srslte_pss.py
new file mode 100644
index 0000000..1bc5b1e
--- /dev/null
+++ b/engines/sdr/srslte_pss.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# ----------------------------------------------------------------------------
+# "THE BEER-WARE LICENSE" (Revision 42):
+# <sebastien.dudek(<@T>)penthertz.com> wrote this file. As long as you retain this notice you
+# can do whatever you want with this stuff. If we meet some day, and you think
+# this stuff is worth it, you can buy me a beer in return FlUxIuS ;)
+# ----------------------------------------------------------------------------
+
+from __future__ import print_function
+from core.mLog import Cellslogger
+from core.mKB import *
+import os
+
+class srslte_pss(object):
+    @Cellslogger
+    def go2logs(self, cell):
+        return cell
+
+    def parseFifo(self):
+        kb = mKB()
+        FIFO = kb.config['file']
+        if os.path.isfile(FIFO) == False:
+            try:
+                os.mkfifo(FIFO)
+            except:
+                pass
+        if 'SM_cells' not in kb.data:
+            kb.data['SM_cells'] = {}
+        while True:
+            with open(FIFO) as fifo:
+                while True:
+                    data = fifo.read()
+                    if len(data) == 0:
+                        break
+                    infos = data.split(':')[1]
+                    isplit = infos.split(';')
+                    tmpcell = {}
+                    tmpcell2 = {}
+                    for cell in isplit:
+                        pcell = cell.split('=')
+                        tmpcell[pcell[0]] = pcell[1]
+                    cid = tmpcell['CID'] + '-' + tmpcell['DL_EARFCN']
+                    tmpcell2[cid] = {    'FREQ' : tmpcell['FREQ'],
+                                         'PLMN' : "-1",
+                                         'type' : "4G",
+                                         'eARFCN' : int(tmpcell['DL_EARFCN']),
+                                         'POWER' : tmpcell['POWER'], 
+                                     }
+                    self.go2logs(tmpcell2)
+
+
diff --git a/modmobmap.py b/modmobmap.py
index 3f26ccd..48ff7f0 100755
--- a/modmobmap.py
+++ b/modmobmap.py
@@ -11,6 +11,7 @@
 from __future__ import print_function
 from utils.logprocess import *
 
+SRSLTE_PATH = "thirdparty/srsLTE/" # thirdparty project
 
 def phone_actions(args):
     cops = None
@@ -50,7 +51,7 @@ if __name__ == "__main__":
     parser.add_argument('-m', '--module', dest='module', required=False, default='servicemode',
             help='Module to use (e.g: "servicemode" by default).')
     parser.add_argument('-b', '--bands', dest='bands', required=False, default=None,
-            help='Bands to use for SDR engines (for GSM: GSM900, DCS1800, GSM850, PCS1900, GSM450, GSM480, GSM-R). A list can be provided separated with commas.')
+            help='Bands to use for SDR engines (for GSM: GSM900, DCS1800, GSM850, PCS1900, GSM450, GSM480, GSM-R. For LTE provide band indexes such as 28 for B28 at 700 MHz, etc.). A list can be provided separated with commas.')
     parser.add_argument('-n', '--networks', dest='networks', required=False, default=None,
             help='Networks in MCCMNC format splitted with commas')
     parser.add_argument('-o', '--cached_operator', dest='operators', required=False, default=False, action='store_true',
@@ -59,19 +60,39 @@ if __name__ == "__main__":
             help='Android SDK path')
     parser.add_argument('-a', '--at', dest='atmode', required=False, default=None,
                         help='AT access mode. If host put something like "/dev/ttyUSBxx. By default it uses ADB."')
+    parser.add_argument('-g', '--args', dest='dargs', required=False, default=None,
+                        help='Device args for SDR engines')
     parser.add_argument('-f', '--file', dest='file', required=False, default=None,
                                         help='File to parse. For the moment it could be used in combination with AT mode host.')
     args = parser.parse_args()
     
+    phoneinteract = False
+
     kb = mKB()
     kb.config['androidsdk'] = args.androidsdk
+    kb.config['device_args'] = args.dargs
     if args.file is not None:
         kb.config['file'] = args.file
     if args.module == "xgoldmod":
         startXgoldmodCollect()
+        phoneinteract = True
+    elif args.module == "srslte_pss":
+        kb.config['SRSLTETOOLS_PATH'] = SRSLTE_PATH + "build/lib/examples/"
+        kb.config['file'] = "celllog.fifo"
+        if args.file is not None:
+            kb.config['file'] = args.file
+
+        if args.bands is not None:
+            kb.config['bands'] = args.bands
+        else:
+            print ("Bands argument not set! Using band 7 by default instead.")
+            kb.config['bands'] = "7"
+        startSrsLTEPSS()
     elif args.module == "grgsm":
         processGRGSM(args.bands)
     else:
         startServiceModeCollect()
-    if args.module != "grgsm":
+        phoneinteract = True
+
+    if phoneinteract is True:
         phone_actions(args)
diff --git a/thirdparty/srsLTE b/thirdparty/srsLTE
new file mode 160000
index 0000000..fc89f55
--- /dev/null
+++ b/thirdparty/srsLTE
@@ -0,0 +1 @@
+Subproject commit fc89f556bdd0c4826c4a65986b43591e1ba4b9f3
diff --git a/utils/logprocess.py b/utils/logprocess.py
index 3fb6ef5..1d03ea8 100644
--- a/utils/logprocess.py
+++ b/utils/logprocess.py
@@ -12,6 +12,7 @@ from __future__ import print_function
 from engines.android.generic.ADBshell import *
 from engines.android.samsung.ServiceMode import *
 from engines.host.diag.xgoldmod import *
+from engines.sdr.srslte_pss import *
 from engines.host.serial.AT import AT
 from utils.colors import *
 from core.mKB import *
@@ -53,6 +54,53 @@ def startXgoldmodCollect():
     th.start()
 
 
+def startSrsLTEPSSProcess():
+    import subprocess
+    state = True
+    bands = mKB.config['bands'].split(",")
+    while state:
+        try:
+            for band in bands:
+                commandstring = [mKB.config['SRSLTETOOLS_PATH']+"cell_search_modmobmap", "-b", band]
+                if mKB.config['device_args'] is not None:
+                    commandstring.append("-a")
+                    commandstring.append(mKB.config['device_args'])
+                p = subprocess.Popen(commandstring, stdout=subprocess.PIPE)
+                p.wait()
+        except (KeyboardInterrupt, SystemExit):
+            state = False
+            cells = kb.data['SM_cells']
+            saveCells(cells)
+
+
+def startSrsLTEPSSCollect():
+    srs = srslte_pss()
+    th = Thread(target=srs.parseFifo)
+    th.daemon = True
+    th.start()
+
+
+def startSrsLTEPSS():
+    th = Thread(target=startSrsLTEPSSProcess)
+    th.daemon = True
+    th.start()
+    startSrsLTEPSSCollect()
+    state = True
+    while state:
+        try:
+            pass
+        except (KeyboardInterrupt, SystemExit):
+            state = False
+            cells = kb.data['SM_cells']
+            saveCells(cells)
+
+
+def startSrsLTEPSSCollect():
+    srs = srslte_pss()
+    th = Thread(target=srs.parseFifo)
+    th.daemon = True
+    th.start()
+
 def startServiceModeCollect():
     sm = ServiceMode()
     sm.androidsdkpath = mKB.config['androidsdk']