A GSM Base Station With Software Defined Radio

gsmIf you’re wondering how to get a better signal on your cellphone, or just want to set up your own private cell network, this one is for you. It’s a GSM base station made with a BeagleBone Black and a not too expensive software defined radio board.

The key component of this build is obviously the software defined radio. [Julian] is using a USRP B200 radio for this project. It’s not cheap, but it is a very nice piece of hardware capable of doing just about anything with GNU Radio. This board is controlled by a BeagleBone Black, a pretty cheap solution that puts the total cost of the hardware somewhere around $750.

The software side of the build is mostly handled by OpenBTS, the open source project for the software part of a cell station. This controls the transceiver, makes calls and SMS, and all the backend stuff every other cell station does. OpenBTS also includes support for Asterisk, the software of choice for PBX and VoIP setups. Running this allows you to make calls and send texts with your SDR-equipped, Internet-enabled BeagleBone Black anywhere on the planet.

35 thoughts on “A GSM Base Station With Software Defined Radio

      1. It’s tighter than a fish’s butt hole in Australia. The only way we got approval for trailing OpenBTS in Australian Antarctic territory (Antarctica FFS!) was by special ministerial approval.

    1. Depends where you live. If you form a company you could quite easily get a low powered development license in most of Europe.

    2. Chris Paget had a talk about GSM ISMI catchers on Defcon 18, where he amongst other things mentions the spectrum rules (in the US).

      So in the US you (at least technically) legally could run a GSM station.

  1. Am I the only one thinking how much the price of a IMSI-catcher has dropped. Like 20 years ago it would have been a large 7 figure sum.

    1. Watch “Wideband GSM Sniffing [27C3]” and pick up a few debugging devices for GSM (about 19 mins in, but you should watch the whole video). It really does depend on what your “games” is, as to exactly what hardware you use.

    1. Short answer probably. The HackRF is half duplex it can either receive or transmit – https://www.kickstarter.com/projects/mossmann/hackrf-an-open-source-sdr-platform/comments?cursor=4074602#comment-4074601

      Even with a custom firmware GSM downlink and uplink are typically 35MHz each, the HackRF by design does 20MHz, because of HighSpeed USB 2.0.

      But in the article it does say that a RTL SDR could be used, which is rx and only 2.4MHz.
      “UHD capable Ettus USRP or RTL SDR solution (this HOWTO assumes the former – yes they’re expensive)”

      1. The downlink band itself is quite wide, but the actual GSM carrier itself has a bandwidth of 270KHz. If you can sample 1-2MHz you can do it.

        The base station absolutely needs full duplex.

    2. The HackRF’s crystal clock is too inaccurate to be used for basestation applications. The HackRF also lacks any sort of method of timestamping RX and TX samples, most SDRs such as the B200 and bladeRF use FPGAs to achieve that.

  2. Spelling out acronyms the first time they’re used prevents readers from having to go to another website to look them up. GSM – Global System for Mobile Communications

  3. Awesome! Now this caught my attention as something to follow. It’s probably one of the most innovative and thought provoking articles I’ve read on HAD in ages.

  4. The USRP B200 is way too expensive for what it is, I spent half as much getting OpenBTS running on a RaspberryPi with a bladeRF.

    1. The B200 is $25 more expensive than the comparable bladeRF, has a much better front-end, a far larger user community, and a highly respected company behind it.

  5. Two questions, perhaps naive:

    1. If this setup and a cellular device were operated in a shielded environment, would it prevent the system from interfering with cell phones outside the shielded environment?

    2. Assuming proper shielding, would operating the setup without an FCC license still be illegal in the US?

      1. Thanks Truth, that’s a cool video. I’m a bit surprised that the shielding around a microwave leaks so much. Good enough for consumer use, but insufficient around highly sensitive equipment.

  6. i need this. i need a device that can enable me offer telecom service from the coverage range of 30km using a small cell network device. please any one tell me where i can get this device which every configuration is made is just for me to setup the device and start earning with the device which will enable only call and sms.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s