# apt update && apt upgrade # apt install srslte limesuite-dev soapysdr0.6-module-all soapysdr-module-all libuhd-dev # apt remove soapysdr0.6-module-audio soapysdr-module-audio # git clone https://github.com/bbaranoff/srslteconfigs ~/.srs # git clone https://github.com/Synacktiv/modmobjam
Now there will be two frequencies that we name freq1 and freq2
freq1 is the basic LTE frequency earfcn 3050 for example
. We can know this frequency (and the TAC) by typing *#0011# on samsung phone then freq2 is the hopping frequency that we have on phone when freq1 is jammed.
So when we have theses frequencies we can do srslte with modified ~/.srs/enb.conf at first section for the TAC and at [rf] section for the earfcn (corresponding to freq2)
Then we launch srsepc and srsenb
# srsepc # srsenb
Then we jam freq1 with modmobjam. And the victim phone downgrade to 3G thanks