technosabby at gmail.com
Thu Oct 21 20:30:48 UTC 2010
Hello Deiter ,Sylvian
As u advised I completed reading GSM standard, and dig down source code
AFAIK , i have recognized the files and parameters where i need to
change values to tune for particular TCH, and also understood that
how important signaling is to be involved .
I just want to know one thing that is , during the channel request MS
send burst on RACH with RA ref number, where this RAF or RA reference
number stored on MS side , because when Immediate assignment send
from the network it must be match before tuning to particular SDCCH, i
want to apply a trick here i will copy the RA reference from the
immediate assignment message and will replace with original one stored
in MS, hence MS will think this channel is for me and tune to the
SDCCH accordingly, further it will keep on listening all process like
authentication, location updating , again the TCH channel information
is send SDCCH without encryption
as only authentication procedure needs Kc Ki and SRES, SDCCH is not
encrypted and all MS hosting on that SDCCH can decode TCH parameter
like FN , TS, ARFCN hopping sequence.
but again i need to clarify how L1ctl.c and L23_api.c fetch the decoded data,
from immediate assinment masseg.
as it is written printf..........%u . From where this will scan or fetch.
if i will be able to know, where MS kept stored the input values
advised in signaling messages by BTS on PCH, or AGCH. so i can
manipulate them and land on CCCH,
and then SDCCH then TCH.
kindly tell me if it is feasible , or there is more i need to think.
More information about the baseband-devel