LTE sniff
Aller à la navigation
Aller à la recherche
1- Information on the environment
We use an Android phone configured to connect with 4G Networks.
The android app CellInfo Viewer confirm our *Earfcn*, for us it's 6300.
The frequency our phone is listening to can be deduced from the Earfcn.
We can calculate the frequency with niviuk.free.fr.
Earfcn 6300 correspond to 806Mhz on LTE frequency band.
LTE-Cell-Scanner/build/src$ ./CellSearch -g 40 -s 806000000 LTE CellSearch (release) beginning. 1.0 to 1.1.0: OpenCL/TDD/HACKRF/bladeRF/ext-LNB added by Jiao Xianjun(putaoshu@gmail.com) PPM: 0 correction: 1 HACKRF device FOUND! Use HW begin with 806MHz actual 806MHz 1.92e+06MHz Search frequency: 806 to 806 MHz with freq correction: 0 kHz Search PSS at fo: -140 to 135 kHz Examining center frequency 806 MHz ... try 0 input level: avg abs(real) 0.0901816 avg abs(imag) 0.0900797 Hit PAR [13.4983 12.8747]dB PSS XCORR cost 5.65892s Hit num peaks 3 try peak 0 tdd_flag 0 Detected a FDD cell! At freqeuncy 806MHz, try 0 cell ID: 476 PSS ID: 2 RX power level: -25.3461 dB residual frequency offset: -3301.78 Hz k_factor: 1 try peak 0 tdd_flag 1 try peak 1 tdd_flag 0 Detected a FDD cell! At freqeuncy 806MHz, try 0 cell ID: 232 PSS ID: 1 RX power level: -26.449 dB residual frequency offset: -3310.88 Hz k_factor: 1 try peak 1 tdd_flag 1 try peak 2 tdd_flag 0 Detected a FDD cell! At freqeuncy 806MHz, try 0 cell ID: 181 PSS ID: 1 RX power level: -27.9678 dB residual frequency offset: -3330.92 Hz k_factor: 1 try peak 2 tdd_flag 1 Detected the following cells: DPX:TDD/FDD; A: #antenna ports C: CP type ; P: PHICH duration ; PR: PHICH resource type DPX CID A fc freq-offset RXPWR C nRB P PR CrystalCorrection ppm FDD 476 2 806M -3.3k -25.3 N 50 N 1/6 0.999995903521185 -4.1 FDD 232 2 806M -3.31k -26.4 N 50 N 1/6 0.999995892223039 -4.11 FDD 181 2 806M -3.33k -28 N 50 N 1/6 0.999995867358836 -4.13
We can now track signal received from antenna around us.
LTE-Cell-Scanner/build/src$ ./LTE-Tracker -f 806000000
LTE-Tracker confirm that our phone listening on physical antenna number 476 correspond to a physical antenna sniffed by the hackrf.