Note: I’m running version 19.12.0 which I installed from the repos due to issues with 20.4.0 (latest when I wrote this) and stability on LimeSDR.
I wrote the other day about installing SRS LTE stack,
But installing it is one thing, meeting all the requirements to use it with your SDR hardware turns out to be another whole thing all together.
srsENB is a software defined eNodeB, allowing you to use a Software Defined Radio to serve as an eNodeB, UE and a few other utilities.
SRS’ implementation of the eNB is supposed to be 3GPP R10 compliant and supports eMBMS to boot.
Meeting Dependencies
Installing prerequisites
I’m using a LimeSDR, but these instructions also for for the BladeRF. I found the frequency stability of my BladeRF X40 wasn’t great, meaning when running SRS’s eNodeB the cell wasn’t visible to my UE.
sudo apt install tree vim git g++ make cmake pkg-config python-numpy swig libi2c-dev libusb-1.0-0-dev libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev gnuradio
Install SoapySDR from Source
git clone https://github.com/pothosware/SoapySDR.git
pushd SoapySDR
git checkout tags/soapy-sdr-0.7.2 -b soapy-sdr-0.7.2
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
popd
Install LimeSuite
You can skip this if you’re using a BladeRF
git clone https://github.com/myriadrf/LimeSuite.git pushd LimeSuite #git checkout tags/v19.04.0 -b v19.04.0 mkdir builddir cd builddir cmake .. make sudo make install sudo ldconfig cd ../udev-rules sudo sh ./install.sh popd
Install BladeRF
You can skip this if using a LimeSDR
git clone https://github.com/Nuand/bladeRF.git pushd bladeRF/host/ mkdir build cd build/ cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local -DINSTALL_UDEV_RULES=ON -DBLADERF_GROUP=plugdev .. make sudo make install sudo ldconfig sudo mkdir -p /etc/Nuand/bladeRF/ sudo wget https://www.nuand.com/fpga/hostedx40-latest.rbf --output-document /etc/Nuand/bladeRF/hostedx40.rbf popd git clone https://github.com/pothosware/SoapyBladeRF.git pushd SoapyBladeRF mkdir build cd build cmake .. make sudo make install popd
Install SRS GUI
(Optional but makes life easier and has to be done prior to installing SRSLTE)
sudo apt-get install libboost-system-dev libboost-test-dev libboost-thread-dev libqwt-qt5-dev qtbase5-dev
git clone https://github.com/srsLTE/srsGUI.git
pushd srsGUI
mkdir build
cd build
cmake ..
make
sudo make install
popd
Install SRSLTE (SRSenb & SRSue)
pushd srsLTEmkdir buildcd buildcmake ../makemake testsudo make installsudo ldconfigsudo ./srslte_install_configs.sh servicepopd
Great!! Got today my first SDR the LimeSDR-Mini v1.3 and YES my old Moto G4 Plus was surfing the Internet 4G under default config files with B7 channel (2.6GHz).
I edited my config files including rr.conf and succeded to run the eNodeB in B20 (800MHz) but there are many errors in the air interface, not sure if it is the RF environment and public mobile networks in B20, a bad filtering in LimeSDR-Mini, the antennas… will check tomorrow.
I couldn’t change my network with new PLMN. It seems that SRSLTE only works as a TEST 001-01 network…
I noticed downlink signal was strong so I replaced the Rx antenna with a coax cable plus 50 ohms load, and the 800 MHz problem is gone.
Will report the MCC MNC network change failure in GitHub issues.
Very helpful write-ups. Thanks much.
I understand BladeRF/LimeSDR can be used to view signalling. Would it be possible to use them to change some bits in the signalling mesaages (pentest)?
Hi Salim,
LTE uses MAC (Message Authentication Codes) to verify integrity, so you can’t manipulate messaging from other eNodeBs, but if you’re the eNB you could change some of the messaging if you wanted, as the project is open source you’d just edit and recompile.
Trying to create SRSLTE with LimeSDR USB but im getting these errors can you please help me out thanks
Type to view trace
[FATAL] [UHDSoapyDevice] TuneVCO(CGEN) – failed to lock (cmphl!=3)
setSampleRate Rx fail SoapyLMS7 setSampleRate failed
[ERROR] Tx Calibration MCU error 2 (CGEN tune failed)
[ERROR] Rx calibration MCU error 2 (CGEN tune failed)
i tried to fix Calibration issue using LimeSuiteGui but still no luck 🙁
do you have any idea how to fix it ? or is it hardware issue ?
Nick, I am having same issue as Seema. Here in the States, per FCC ruling, there is a special Band-8, where the Center Freq UL/DL duplexing/spacing is only 39MHz instead of the standard 3GPP Band-8 at 45MHz. In the enb.conf file, I’ve tried:
[rf]
dl_earfcn = 3580
dl_freq = 938
ul_freq = 899 (This here, the LimeSDR chip can’t calibrate TX/RX)
I can set:
[rf]
dl_earfcn = 3580
#dl_freq = 938 (DL is taken by EARFCN #)
ul_freq = 899 desire39mhz/but-0 ul_earfcn=??? (for a 39MHz separation)
With QXDM view, UE can see DL and RACHES, but RRC Setup Request MSG never reaches the ENB.
I’ve tried to upgrade to the latest srsLTE and LimeSuite/Driver. I don’t think the srsenb is setup to use “flexible duplexing” – non standard 45MHz duplexing.
I know that the UE needs to support this non standard duplexing, but the eNB is not even broadcasting on the UL:
Setting frequency: DL=938.0 Mhz, UL=0.0 MHz for cc_idx=0 nof_prb=25
[INFO] Tx calibration finished
[INFO] Rx calibration finished
Any pointer if SRSENB can be re-compile to support is appreciated.
Found the issue, the enb.conf UL/DL freq is in Hz, so I had to set this for UL/DL:
[rf]
dl_earfcn = 3580
dl_freq = 938000000
ul_freq = 899000000
tx_gain = 60
rx_gain = 40
device_name = soapy
then when running, I see this:
==== eNodeB started ===
Type to view trace
Setting frequency: DL=938.0 Mhz, UL=899.0 MHz for cc_idx=0 nof_prb=6
[INFO] Tx calibration finished
[INFO] Rx calibration finished
thank you.
New issue: Not all UE will support this non-standardized duplexing and can NOT send on the Uplink. In the sib.conf SIB-2 section, we can setup:
freqInfo =
{
ul_carrier_freq_present = true; (if set to false, this IE is not sent in the SIB-2)
ul_bw_present = true;
additional_spectrum_emission = 1;
But with the non-standard duplex, the ID that the UE see is:
freqInfo
{
ul-CarrierFreq 0, <— this should be the Carrier Freq of the UL (EARFCN)
ul-Bandwidth n6,
additionalSpectrumEmission 1
So am am not sure how to setup the SIB-2 to calculate the UL CarrierFreq and populate it. Because right now, the UE is sending an RRC Connection Setup / Attach Request on a bogus uplink channel and it never gets into the eNB.