# OAI setup
#### Clone OAI
> clone openair-cn
#### Install libraries
```bash!
sudo apt install -y openssh-server git vim net-tools libboost-all-dev mysql-server phpmyadmin
```
#### Edit hosts file
```bash!
sudo sed -i '1,/^[^#]*$/c\127.0.0.1 localhost\n127.0.1.1 labuser.openair4G.eur labuser\n127.0.1.1 hss.openair4G.eur hss' /etc/hosts
```
#### Copy .conf files
```bash!
sudo mkdir -p /usr/local/etc/oai/freeDiameter && sudo cp ~/openair-cn/etc/{mme.conf,hss.conf,spgw.conf} /usr/local/etc/oai && sudo cp ~/openair-cn/etc/{acl.conf,hss_fd.conf,mme_fd.conf} /usr/local/etc/oai/freeDiameter && sudo chown -R $USER:$USER /usr/local/etc/oai
```
#### Edit build_helper file
```bash!
sed -i -e 's/Ubuntu 14.04\/16.04/Ubuntu 14.04\/16.04\/18.04/' -e 's/"ubuntu16.04")/\"ubuntu18.04")/' -e 's/"ubuntu16.04")/\"ubuntu18.04")/' -e 's/libgnutls-dev/libgnutls28-dev/' -e 's/libconfig8-dev/libconfig-dev/' -e 's/gccxml/castxml/' -e 's/iproute/iproute2/' -e 's/\$SUDO apt-get remove -y libgnutls-dev/#\$SUDO apt-get remove -y libgnutls28-dev/' ~/openair-cn/build/tools/build_helper
sed -i 's/"ubuntu16.04") return 0 ;;/&\n "ubuntu18.04") return 0 ;;/; s/"ubuntu16.04")\n specific_packages="libtasn1-6-dev"/&\n "ubuntu18.04")\n specific_packages="libtasn1-6-dev"/; s/^ \$SUDO apt-get remove -y uhd/#&/; s/^ \$SUDO apt-get remove libuhd-dev libuhd003 uhd-host -y/#&/; s/^ \$SUDO update-alternatives --set liblapack.so/#&/; s/libuhd003/libuhd-dev/; s/gccxml/castxml/; s/\biproute\b/iproute2/g; /libatlas-dev \\/d; s/libconfig8-dev/libconfig-dev/; s/libgnutls-dev/libgnutls28-dev/' ~/openairinterface5g/cmake_targets/tools/build_helper
```
#### Build OAI
```bash!
sudo find ~/openair-cn -type f -exec chmod +x {} \; && cd ~/openair-cn/scripts && for target in hss mme spgw; do yes | sudo ./build_$target -i && yes | sudo ./build_$target; done
sudo find ~/openairinterface5g -type f -exec chmod +x {} \; && cd ~/openairinterface5g/cmake_targets/ && sudo ./build_oai -I -c -C && sudo ./build_oai -w USRP --eNB -c -C && sudo ./build_oai -I --eNB -x --install-system-files -w USRP && sudo ./build_oai --eNB -t ETHERNET
```
#### Edit .conf files
```bash!
sudo sed -i 's/MYSQL_user = "@MYSQL_user@";/MYSQL_user = "root";/;s/MYSQL_pass = "@MYSQL_pass@";/MYSQL_pass = "linux";/;s/OPERATOR_key = "1006020f0a478bf6b699f15c062e42b3";/OPERATOR_key = "11111111111111111111111111111111";/;s/#OPERATOR_key = "11111111111111111111111111111111";/#OPERATOR_key = "1006020f0a478bf6b699f15c062e42b3"; # OP key for oai_db.sql/' /usr/local/etc/oai/hss.conf
sudo sed -i 's/MME_INTERFACE_NAME_FOR_S1_MME = "eth0";/MME_INTERFACE_NAME_FOR_S1_MME = "lo";/;s/MME_IPV4_ADDRESS_FOR_S1_MME = "192.168.11.17\/24";/MME_IPV4_ADDRESS_FOR_S1_MME = "127.0.1.1\/8";/;s/MME_IPV4_ADDRESS_FOR_S11_MME = "127.0.11.1\/8";/MME_IPV4_ADDRESS_FOR_S11_MME = "127.0.3.1\/8";/;s/SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2\/8";/SGW_IPV4_ADDRESS_FOR_S11 = "127.0.3.2\/8";/' /usr/local/etc/oai/mme.conf
sudo sed -i 's/SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2\/8";/SGW_IPV4_ADDRESS_FOR_S11 = "127.0.3.2\/8";/;s/SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP = "eth0";/SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP = "lo";/;s/SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP = "192.168.11.17\/24";/SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP = "127.0.2.1\/8";/;s/PGW_INTERFACE_NAME_FOR_SGI = "eth3";/PGW_INTERFACE_NAME_FOR_SGI = "wlp58s0";/;s/PGW_MASQUERADE_SGI = "no";/PGW_MASQUERADE_SGI = "yes";/;s/"172.16.0.0\/12"/"10.118.127.0\/24"/' /usr/local/etc/oai/spgw.conf
sudo sed -i 's/Identity = "yang.openair4G.eur"/Identity = "labuser.openair4G.eur"/' /usr/local/etc/oai/freeDiameter/mme_fd.conf
sed -i -e 's/= 7;/= 3;/g' -e 's/2685000000L/1825000000L/g' -e 's/-120000000;/-95000000;/g' -e 's/"127.0.0.3"/"127.0.1.1"/g' -e 's/"127.0.0.2\/24"/"127.0.1.2\/8"/g' -e 's/"127.0.0.5\/24"/"127.0.2.2\/8"/g' ~/openairinterface5g/targets/PROJECTS/GENERIC-LTE-EPC/CONF/enb.band7.tm1.50PRB.usrpb210.conf
```
#### Certify EPC
```bash!
sudo ~/openair-cn/scripts/check_hss_s6a_certificate /usr/local/etc/oai/freeDiameter hss.openair4G.eur && sudo ~/openair-cn/scripts/check_mme_s6a_certificate /usr/local/etc/oai/freeDiameter labuser.openair4G.eur
```
#### Reset mysql p/w
```bash!
echo -e "linux\nlinux" | sudo passwd root && sudo mysql -u root -p"linux" -e "DROP USER IF EXISTS 'root'@'localhost'; CREATE USER 'root'@'localhost' IDENTIFIED BY 'linux'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;"
```
#### Edit DB
```bash!
MYSQL_PWD=linux mysql -u root -e "DROP DATABASE IF EXISTS oai_db; CREATE DATABASE oai_db; USE oai_db; SOURCE ~/openair-cn/src/oai_hss/db/oai_db.sql; INSERT INTO apn VALUES ('1','oai.ipv4','IPv4'); UPDATE pgw SET ipv4='10.118.126.202' WHERE id='3'; UPDATE mmeidentity SET mmehost='labuser.openair4G.eur' WHERE idmmeidentity='1';"
```
#### Run OAI
```bash!
cd && sudo ./openair-cn/scripts/run_hss
sudo ./openair-cn/scripts/run_mme
sudo ./openair-cn/scripts/run_spgw
sudo -E ./openairinterface5g/cmake_targets/lte_build_oai/build/lte-softmodem -O ./openairinterface5g/targets/PROJECTS/GENERIC-LTE-EPC/CONF/enb.band7.tm1.50PRB.usrpb210.conf
```
# Lab: Make your phone "No Service"
#### Device setup
> Install antenna on USRP(Universal Software Radio Peripheral)
>
> Connect USRP to your native Ubuntu PC via USB cable
> 
> 
#### Phone telecom configuration
> Edit your configuration files:
> > MME's conf:
> > MCC (Mobile Country Code)
> > MNC (Mobile Network Code)
>
> > eNB's conf:
> > MCC
> > MNC
> > Band Number
> > Frequency
> For example:
> Chunghwa Telecom's
> MCC: 466
> MNC: 92
> 
```bash=
sudo vim /usr/local/etc/oai/mme.conf
```
```bash=78
{MCC="466" ; MNC="92"; MME_GID="4" ; MME_CODE="1"; } # YOUR GUMMEI CONFIG HERE
);
# ------- MME served TAIs
# TA (mcc.mnc:tracking area code) DEFAULT = 208.34:1
# max values = 999.999:65535
# maximum of 16 TAIs, comma separated
# !!! Actually use only one PLMN
TAI_LIST = (
{MCC="466" ; MNC="92"; TAC = "1"; } # YOUR TAI CONFIG HERE
```
> EARFCN -> frequency
> try band 3, EARFCN 1400
> 
>
```bash=
sudo vim ~/openairinterface5g/targets/PROJECTS/GENERIC-LTE-EPC/CONF/enb.band7.tm1.50PRB.usrpb210.conf
```
```bash=18
mobile_country_code = "466";
mobile_network_code = "92";
```
```bash=33
eutra_band = 3;
downlink_frequency = 1825000000L;
uplink_frequency_offset = -95000000;
```
#### Restart OAI & Toggle airplane mode on your phone
```bash=
cd
sudo ./openair-cn/scripts/run_hss
sudo ./openair-cn/scripts/run_mme
sudo ./openair-cn/scripts/run_spgw
sudo -E ./openairinterface5g/cmake_targets/lte_build_oai/build/lte-softmodem -O ./openairinterface5g/targets/PROJECTS/GENERIC-LTE-EPC/CONF/enb.band7.tm1.50PRB.usrpb210.conf
```
> Toggle airplane mode = Reconnect base station
> 
> No Service
#### Meaning
##### Reasons for USRP Signal Detection
Mobile phones typically try to connect to the eNB that sends the strongest signal; thus, if a USRP device is broadcasting nearby, the phone may automatically attempt to connect. If there are no stronger signals in the vicinity, it is natural for the phone to try connecting to the USRP signal. This behaviour is based on the selection of signals according to strength and quality.
##### Causes of "No Service" Message
The "No Service" message is likely caused by the HSS being unable to find user authentication information. The HSS should hold subscriber information and authentication details, but the HSS used in the experiment lacks user data, resulting in a denial of authentication. This HSS is a private one and not the same as an actual telecom operator's HSS.
##### Impact of Private USRP on the Network
If a private USRP broadcasts a sufficiently strong signal, a mobile phone may prioritise connecting to that signal. An increase in illegal transmission devices could prevent nearby devices from connecting to the official network, posing a risk of communication failure. Most countries impose strict regulations against illegal transmission devices.
##### Solutions for eNB Malfunction
If an official eNB malfunctions, mobile phones will search for other eNB signals. If the error is temporary, they may reconnect to the normal eNB without needing to move. However, if abnormal signals persist for an extended period, users may need to relocate to an area where a functioning eNB signal is available.
##### Security Risks of a Mobile Phone Connecting to a Private USRP
Connecting to a private USRP poses various security risks, such as the potential collection of unique identifiers like the IMSI. Collected IMSI information can be misused for tracking users’ locations or activities. Attackers may also attempt MITM attacks or impersonate users using intercepted data.
##### Security Risk Mitigation Technologies
Technologies such as IMSI Catcher prevention techniques and IMSI encryption have been proposed. In 5G, an encrypted method called SUCI (Subscription Concealed Identifier) has been introduced to replace IMSI, enhancing security. It is crucial to avoid connecting in unsafe environments and to block illegal USRP usage as soon as it is detected.
#
> [name=Joon]
>
> experiment environment:
> > software:
> Ubuntu 18.04.6 LTS (amd64)
> VMware Workstation 17 Player (Non-commercial)
> Windows 11
>
> > hardware:
> > > OAI setup:
> intel CPU
> NVIDIA GPU
> >
> > > Lab:
> intel NUC
> USRP
> iPhone 11 Pro
>
> reference:
> > OAI setup:
> [copy paste in VMware](https://andjjip.tistory.com/273)
> [show line numbers in vim](https://zenoahn.tistory.com/19)
> [mysql command instruction](https://blog.uncletom.co.kr/24)
> [delete certain files in Ubuntu](https://blog.naver.com/hjy5405/222878053110)
>
> > Lab:
> [MCC & MNC](https://zh.wikipedia.org/zh-tw/%E7%A7%BB%E5%8A%A8%E8%AE%BE%E5%A4%87%E7%BD%91%E7%BB%9C%E4%BB%A3%E7%A0%81)
> [Taiwan's 4G frequency](https://www.mobile01.com/topicdetail.php?f=18&t=5441521)
> [cellular frequency](https://www.sqimway.com/lte_band.php)
> [SUCI technology on 5G](https://www.techplayon.com/5g-identifiers-supi-and-suci/)
>
> [chatGPT](https://chatgpt.com/)
>
> based on:
> [OAI EPC - OAI eNB](https://hackmd.io/@jhong/oai)
Sign in with Wallet
Connect another wallet