matzikratzi at gmail.com
Mon Jul 25 06:08:13 UTC 2011
(In a sort-of-answer to the triangulating mail a while ago:)
> i wanted to know is it possible to triangulate any gsm cellphone with osmocombb??
It would be possible triangulate your own position using osmocombb.
Assumption 1 (A1): The base stations of GSM are very stable and can
keep running for months or years without interruption.
Assumption 2 (A2): Osmocombb has a free running quarter bit counter
that it never restarts when power is on. The timings of different
cells are calculated relative to this free running counter.
To be able to triangulate a phone, we need information about the cells
in the area:
The GSM TDMA system has a periodicity for broadcasted messages such as
sync and SI1. The timing of these can be predetermined as an offset
relative to the free running counter in A2. Note that the offset
includes the propagation time for the signal from the base station to
the mobile station.
If the position of the mobile phone with osmocombb (MS) is known, one
can get the offset for the first base station broadcasts (dt_BS1). If
the MS is moved later to at least three other known positions and the
same offsets are calculated, one can calculate the actual offset
between the MS free running counter and the BS1 without the
propagation time included. At the same time the actual position of the
BS is calculated. 
An MS should do measurements on neighbour cells as well, and can
therefor do exactly the same calculations for several BS:s at the same
time. An interesting aspect of this is that it is then possible to
calculate the difference in timing for several BS:s.
If the positions and relative timings for the BS:s in an area are
known, it is possible to calculate the position of an MS. This time we
do the same calculations, but now the relative timings for the BS:s
and the position are known and the same for the MS is unknown.
An interesting fact is that osmocombb could use the timings for BS:s
from several operators to increase the accuracy of the calculations.
Assumption 1 can be held for granted.
Assumption 2 could be made true if it is not already true. The concept
could probably otherwise be used anyway if that is not accepted.
MS Mobile station (phone, modem)
BS Base station
dt_BSx timing offset from the free running timer to base station number x
More information about the baseband-devel