BestHub
Sign in
Information Security 8 min read

Build a Portable GSM Base Station with BladeRF and Raspberry Pi

This guide walks through assembling a compact, USB‑3.0‑enabled BladeRF SDR, installing Raspbian on a Raspberry Pi, setting up Yate and YateBTS, configuring GSM parameters, and testing the resulting portable base station for network interception and research purposes.

ITPUB
ITPUB
ITPUB
Build a Portable GSM Base Station with BladeRF and Raspberry Pi

Hardware requirements

BladeRF x40 SDR (USB 3.0) with two antennas – see https://www.sparkfun.com/products/675

Raspberry Pi 3

High‑capacity power bank (e.g., 26800 mAh)

Micro‑SD card (≥8 GB) for the OS

Software installation

Flash the Raspberry Pi OS Lite image onto the SD card, boot the Pi, and enable Wi‑Fi and SSH.

Install the required packages:

sudo apt-get update
sudo apt-get install -y git apache2 php5 bladerf libbladerf-dev libbladerf0 automake

Insert the BladeRF into a USB port and verify detection with dmesg. Check the BladeRF version:

sudo bladeRF-cli -i
bladeRF> version

The command prints the firmware, libbladeRF, and FPGA build versions.

Installing Yate and YateBTS

Clone the EvilBTS repository, which contains Yate and YateBTS, and build each component:

git clone https://github.com/evilsocket/evilbts.git
cd evilbts

# Build Yate
cd yate
./autogen.sh
./configure --prefix=/usr/local
make -j4
sudo make install
sudo ldconfig
cd ..

# Build YateBTS
cd yatebts
./autogen.sh
./configure --prefix=/usr/local
make -j4
sudo make install
sudo ldconfig

Create a symbolic link for the web interface and give write permission to the configuration directory:

sudo ln -s /usr/local/share/yate/nib_web /var/www/html/nib
sudo chmod a+w -R /usr/local/etc/yate

Configuration

Edit /usr/local/etc/yate/ybts.conf (using nano or vi) and set the GSM parameters, for example:

Radio.Band=900
Radio.C0=1000
Identity.MCC=YOUR_COUNTRY_MCC
Identity.MNC=YOUR_OPERATOR_MNC
Identity.ShortName=MyEvilBTS
Radio.PowerManager.MaxAttenDB=35
Radio.PowerManager.MinAttenDB=35

Allow any subscriber by editing /usr/local/etc/yate/subscribers.conf:

country_code=YOUR_COUNTRY_CODE
regexp=.*

Warning: Using .* will cause every GSM‑capable phone in range to connect to this base station.

Running the base station

Start Yate in server mode: sudo yate -s If the configuration is correct, the console will display messages similar to:

Starting MBTS...
Yate engine is initialized and starting up on raspberrypi
RTNETLINK answers: File exists
MBTS ready

The BladeRF LED should begin flashing, indicating activity.

Testing

Connect a GSM phone to the network; the phone will select the strongest signal, which is the newly created base station. The web interface is reachable at http://<em>raspberry-pi-ip</em>/nib, where you can view connected subscribers and adjust parameters such as MCC, MNC, and LAC.

With the power bank attached, the setup becomes a portable GSM base station suitable for research or controlled experiments.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

raspberry-pibase stationbladeRFGSMSDRYateYateBTS
ITPUB
Written by

ITPUB

Official ITPUB account sharing technical insights, community news, and exciting events.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment