THE WHOLE PROCESS OF SETTING UP 2G CAPTURES

INFRASTRUCTURE SETUP

  1. bring some device alive e.g. rtl or hackrf and check GSM downlinks with GQRX and a large bandwidth
  2. center against a strong GSM downlink with smallest bandwidth and manually define an approximate PPM

works only with RTL

  1. scan for 2G BTSen around and write down MNCs / ARFCNs

if you got hackrf here’s a workaround

  1. look for LTE channels and write down their approximate center frequency
  2. define the exact frequency correction and precise PPM with LTE scanner

you are now ready to start digging into some broadcast channel, look for possible hopping channels and inspect immediate assignments.

THE CASE OF A VOICE CALL ON ANOTHER CHANNEL (NO HOPPING)

repeat the commands every time with resp. --args=rtl=0 and --args=rtl=1 to capture a voice call without hopping

HOPPING

deal with hopping using MultiRTL

deal with hopping using channelize


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2023 Pierre-Philipp Braun