Ziggy’s Embedded BTS

It started as a small challenge. “I challenge you to make a Base-Station image for embedded devices” dared me my friend Simone, and I decided he is right and it’s time for a BladeRF Base-station image targeting the armhf architecture. While googling on the subject, I found others struggling with same problems I did, and I also found some developers asking “why even do it [compiling BTS for embedded]”. My answer to those developers will be:

(a) Because we can!

Because we can!

(b) Today’s embedded devices are more powerful than yesterday’s BTS. We have Quad-Core with 8GB-RAM ARM devices, perfectly suitable for running a base-station.

(c) HackRF, BladeRF, USRP, and other RF gadgets alike, are the perfect combo for embedded systems, and even osmo-trx is specifically crafted for ARM devices.

Starting the build process, I initially went with those two tutorials and followed all steps – including compiling uhd – just for the fun of it (even on a 32 cpu’s machine its time consuming), and got everything working, but the image size grew to a monstrous 3gb. I decided to make a separate image with the binaries only, which was a reasonable 1.3gb big. But then I decided to do it the right way – make debian package for each project, and thus build myself a really tiny image using debootstrap and my packages. Coming from Arch Linux, I’m not a big fan of debian packaging, so there is still plenty of room for improvements. Once I packaged everything, I ended up with an armhf image I can chroot-to from most of my ARM-based devices, and enjoy running Asterisk, OpenBTS, Yate, YateBTS using my HackRF or BladeRF from mobile. Here is how you can do it yourself in 2 steps:

1. Set up an ARM build system and prepare debian packages & repository for armhf architecture.

get the sources to build armhf packages, including the armhf-specific patches (removing google-coredumper, for example.)

git clone https://github.com/z4ziggy/zebts.git

we’re getting the sources on the host system since chroot/qemu-arm has some weird networking issues (among others)

./build.sh get_src

create ext2 image, 20GB size, and install debian sid on

dd if=/dev/zero of=zebts.build.img seek=20G bs=1 count=0
mke2fs -F zebts.build.img
mount -o loop zebts.build.img mnt
qemu-debootstrap --no-check-gpg --arch=armhf sid mnt ftp://ftp.debian.org/debian/

copy needed files to chroot’ed system and unmount

cp pkg.lst mnt/root
cp -a src mnt/root
mkdir mnt/root/debs
umount mnt

chroot the build system and install build dependencies

./chroot.sh zebts.build.img
echo -e "deb http://ftp.debian.org/debian sid main\ndeb-src http://ftp.debian.org/debian sid main\n" > /etc/apt/sources.list
apt-get update
apt-get install `cat /root/pkg.lst`

build debian packages in a curtain order and install them – this WILL take a few hours

cd /root/src
for d in bladeRF hackrf liba53 airspy osmo-trx yate yatebts openbts smqueue smqueue/SR; do (cd $d; dpkg-buildpackage -b -j32; dpkg -i ../*.deb && mv ../*.deb /root/debs); done

you might have a few left-over processes hanging on your mount. we can safely kill them and unmount

lsof -t mnt/ | xargs kill -9
umount mnt{/dev,}

prepare a debian repository

mount -o loop zebts.build.img mnt
(cd mnt/root/debs && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz)
cp mnt/root/debs/* debs/
umount mnt

2. Set up a minimal embedded BTS image

create tiny ext2 image, 1GB size, and install debian sid on

dd if=/dev/zero of=zebts.tiny.img seek=1G bs=1 count=0
mke2fs -F zebts.tiny.img
mount -o loop zebts.tiny.img mnt
qemu-debootstrap --no-check-gpg --arch=armhf sid mnt ftp://ftp.debian.org/debian/

bind the debs/ directory to where we will chroot next

mount -o bind debs mnt/mnt

chroot the tiny image, install our packages and cleanup

./chroot.sh zebts.tiny.img
echo -e "deb http://ftp.debian.org/debian sid main\ndeb-src http://ftp.debian.org/debian sid main\n" > /etc/apt/sources.list
echo -e "deb file:/mnt ./\n" >> /etc/apt/sources.list
apt-get update
apt-get install airspy bladerf bladerf-firmware-fx3 bladerf-fpga-hostedx115 bladerf-fpga-hostedx40 hackrf liba53 openbts osmo-trx smqueue yate yatebts sipauthserve asterisk
apt-get clean

you will have a few left-over processes hanging on your mount. we can safely kill them and unmount

lsof -t mnt/ | xargs kill -9
umount mnt{/mnt,/dev,}

shrink the image to minimum size

resize2fs -M zebts.tiny.img

Thats it. To test your new tiny ARM image, use

./chroot.sh zebts.tiny.img

You can download my own tiny image from here, but I have to worn you – I will keep it updated only as long as I’ll be using it, which might won’t be long. For history reasons, you can still use the old method for compiling everything yourself (including uhd, gnuradio, openbts, etc) using the build.sh script.

10 thoughts on “Ziggy’s Embedded BTS

    1. I made an ARM image which i’ve chroot’ed it.
      The android was connected to the bladerf via GTA cable with power extension.
      And I only tested SMS, but calls should be working also with proper APN configuration.

    1. running from android (ARM) will provide you decent performance with several connections. And try it for yourself to see if it hangs, and regarding costs – google for your desired hw.

  1. Can i just install this on a laptop and just use a GSM or 3G/4G Adapter/Dongle ? Or something like that? I understand it wont be ass good, but could it work just at home, perhaps testing it on my neighbours and so ?

    And is it possible to use for Wifi as well? Either just Wifi signals, or with a GSM/3G Adapter for connecting to The GSM Network and then connect with my phone via Wifi ? And if just Wifi, can i use it too spoof Wifi connections, or as a man in the middle attack? So they connect to my “Node” trough a tunnel where i can sniff all the data?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s