From richie.isc at gmail.com Sun Oct 7 18:04:09 2012 From: richie.isc at gmail.com (richie) Date: Sun, 7 Oct 2012 18:04:09 +0000 (UTC) Subject: [PATCH] build: Fix make rule for building crc%gen.h References: Message-ID: Try this: --------------------------------------------------------- Installing Osmocombb (Prerequisites): 1.- For Debian the package names are (http://bb.osmocom.org/trac/wiki/GettingStarted): $ sudo aptitude install libtool shtool autoconf git-core pkg-config make gcc 2.- GNUArm (http://bb.osmocom.org/trac/wiki/toolchain) The toolchains that are known working are the GNUArm.com ones. They provide a ARM GCC 3.4.3 for x86 here and a ARM GCC 4.0.2 for x86_64 here. The toolchain is relocatable and can be extracted in your home directory. For x86 wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 mv gnuarm-* ~/gnuarm For amd64 wget http://www.gnuarm.com/bu-2.16.1_gcc-4.0.2-c-c++_nl-1.14.0_gi-6.4_x86-64.tar.bz2 tar xf bu-*_gcc-*-c-c++_nl-*_gi-*_x86-64.tar.bz2 mv gnuarm-* ~/gnuarm To be able to use the toolchain, add the crosscompilers to your PATH export PATH=~/gnuarm/bin:$PATH -------------------------------------------------------------- Installing Osmocombb: 3.- Firsts steps (http://bb.osmocom.org/trac/wiki/GettingStarted): $ git clone git://git.osmocom.org/osmocom-bb.git $ cd osmocom-bb $ git pull --rebase $ cd src $ make Si nos manda el siguiente error (If throw this error): /bin/bash: osmocom/core/crc16gen.h: No existe el fichero o el directorio make[3]: *** [osmocom/core/crc16gen.h] Error 1 Then: $ cd shared/libosmocore $ autoreconf -i $ ./configure $ make $ su Como root (As root): # make install Salimos de root (Root exit): # exit Continuamos (Then): $ cd ../.. $ make Nos manda el siguiente error (And if throws error): configure: error: source directory already configured; run "make distclean" there first make: *** [shared/libosmocore/build-host/Makefile] Error Hacer (Then do): $ cd shared/libosmocore $ make distclean $ cd ../.. $ make And it should work :) From case at SDF.ORG Mon Oct 1 05:37:39 2012 From: case at SDF.ORG (John Case) Date: Mon, 1 Oct 2012 05:37:39 +0000 (UTC) Subject: Why not a nexus chipset ? Message-ID: Usually a reference platform is something for developers and is not widely distributed. With android, the reference platform is a mass market device in the hands of millions of people worldwide. So, if there is a goal of a completely open phone - FaiF all the way through - why isn't one of the nexus phones a natural target for reverse engineering and spec-leaking ? One of the issues with the calypso chipset that I have seen discussed here is what OS to run on the upper layers of the phone - and this is a non-issue, since the nexus phones have been designed from the ground up to run linux. Even if you decline to put android specifically on it, you could run any other variant you like. I am not trivializing the work that has gone into calypso, and I realize that different nexus variants may have totally different baseband components, so you would have to choose one specific nexus model ... but isn't the real difficulty simply the secrecy of the specs of the chipset, and leaked specs solve the problem whether it is a 2G calypso or a 4G OMAP ? From 246tnt at gmail.com Mon Oct 1 11:50:33 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Mon, 1 Oct 2012 07:50:33 -0400 Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: 1) We're not the one that decide which chipset specs are leaked ... Also, we had a complete working gsm stack example for that chipset as a guide (the specs are not always complete / correct / enough). There is nothing even closely like that for any of the newer chips that I know of. 2) Most modern chipsets have cryptographic securities preventing the loading of a custom baseband firmware on them. 3) 3G / 4G chipsets are _vastly_ more complicated. As it is for the calypso there aren't that many people with the skills to work on the firmware, so for more complicated chipset the situation might be even worse. 4) When you're experimenting with stuff that can brick / destroy your phone (and I have a couple of dead ones ...), you don't want to do that on your brand new 600$ phone. Cheers, Sylvain From whitequark at whitequark.org Mon Oct 1 13:28:35 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Mon, 01 Oct 2012 17:28:35 +0400 Subject: Why not a nexus chipset =?UTF-8?Q?=3F?= In-Reply-To: References: Message-ID: Sylvain Munaut ????? 01.10.2012 15:50: > 1) We're not the one that decide which chipset specs are leaked ... > Also, we had a complete working gsm stack example for that chipset as > a guide (the specs are not always complete / correct / enough). There > is nothing even closely like that for any of the newer chips that I > know of. Enter Galaxy S II GT-i9100. > 2) Most modern chipsets have cryptographic securities preventing the > loading of a custom baseband firmware on them. For some reason, the baseband does not verify, well, anything. Both AP and BP have capabilites for checking the signature, but keys are zeroed. You can load whatever you want on the BP, dump RAM, etc. Sammy has omitted the NOR flash for the BP and used a RAM chip instead, hence the BP is "flashed" at every boot. > 3) 3G / 4G chipsets are _vastly_ more complicated. As it is for the > calypso there aren't that many people with the skills to work on the > firmware, so for more complicated chipset the situation might be even > worse. For some reason, the baseband has been compiled with debugging info turned on. Prior to flipping any bit in any register it writes a textual description to the debug port, which is trivially accessible through USB. No soldering required. > 4) When you're experimenting with stuff that can brick / destroy your > phone (and I have a couple of dead ones ...), you don't want to do > that on your brand new 600$ phone. For some reason, the boot process is guided by the AP. Unless you do something really evil, you have completely zero chances of bricking your beloved $600 phone. > > Cheers, > > Sylvain It's also a pretty nice cellphone. -- WBR, Peter Zotov. From 246tnt at gmail.com Mon Oct 1 14:22:26 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Mon, 1 Oct 2012 10:22:26 -0400 Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: Hi, > Enter Galaxy S II GT-i9100. Interesting info and target. But, do you have links to the datasheet, programmers manual and source code of the baseband ? It might expose a shitload of debug info, but without reference material, this is gonna take much much longer if you want to rewrite a stack from scratch. Cheers, Sylvain From whitequark at whitequark.org Mon Oct 1 14:31:44 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Mon, 01 Oct 2012 18:31:44 +0400 Subject: Why not a nexus chipset =?UTF-8?Q?=3F?= In-Reply-To: References: Message-ID: <2866725ce18e75c97e35c025ed74c723@whitequark.org> Sylvain Munaut ????? 01.10.2012 18:22: > Hi, > > >> Enter Galaxy S II GT-i9100. > > Interesting info and target. > But, do you have links to the datasheet, programmers manual and > source > code of the baseband ? Quite unfortunately, no. Here are all sensible HW-related links I was able to collect: http://forum.xda-developers.com/showthread.php?t=1108103 http://forum.xda-developers.com/showthread.php?t=1104139 http://forum.xda-developers.com/showthread.php?t=1264021 http://forum.xda-developers.com/showthread.php?t=1649278 http://forum.xda-developers.com/showthread.php?t=1316501 http://forum.xda-developers.com/showthread.php?t=1313588 http://forum.xda-developers.com/showpost.php?p=25970245&postcount=22 http://forum.xda-developers.com/showthread.php?t=1483053 http://www.anandtech.com/show/4686/samsung-galaxy-s-2-international-review-the-best-redefined/10 http://forum.xda-developers.com/showthread.php?t=820275&page=10 http://forum.xda-developers.com/showthread.php?t=1372365&highlight=i9100 The baseband boot/RIL protocol is reverse-engineered at https://github.com/grindars/android_hardware_samsung_freeril > > It might expose a shitload of debug info, but without reference > material, this is gonna take much much longer if you want to rewrite > a > stack from scratch. > > Cheers, > > Sylvain -- WBR, Peter Zotov. From maciej.grela at gmail.com Mon Oct 1 21:34:11 2012 From: maciej.grela at gmail.com (Maciej Grela) Date: Mon, 1 Oct 2012 21:34:11 +0000 Subject: Why not a nexus chipset ? In-Reply-To: <2866725ce18e75c97e35c025ed74c723@whitequark.org> References: <2866725ce18e75c97e35c025ed74c723@whitequark.org> Message-ID: 2012/10/1 Peter Zotov : > Sylvain Munaut ????? 01.10.2012 18:22: > >> Hi, >> >> >>> Enter Galaxy S II GT-i9100. >> >> >> Interesting info and target. >> But, do you have links to the datasheet, programmers manual and source >> code of the baseband ? Hi, The situation with Galaxy S II is very interesting. Where did you find the information about BP processor debug access and running your own code from BP SRAM ? I've read through the links from xda-dev you provided but I couldn't locate this information. Regards, Maciej Grela From whitequark at whitequark.org Mon Oct 1 21:49:23 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Tue, 02 Oct 2012 01:49:23 +0400 Subject: Why not a nexus chipset =?UTF-8?Q?=3F?= In-Reply-To: References: <2866725ce18e75c97e35c025ed74c723@whitequark.org> Message-ID: Maciej Grela ????? 02.10.2012 01:34: > 2012/10/1 Peter Zotov : >> Sylvain Munaut ????? 01.10.2012 18:22: >> >>> Hi, >>> >>> >>>> Enter Galaxy S II GT-i9100. >>> >>> >>> Interesting info and target. >>> But, do you have links to the datasheet, programmers manual and >>> source >>> code of the baseband ? > > Hi, > > The situation with Galaxy S II is very interesting. Where did you > find > the information about BP processor debug access and running your own > code from BP SRAM ? I've read through the links from xda-dev you > provided but I couldn't locate this information. > > Regards, > Maciej Grela My colleague/friend Sergey Gridassov[1] has been developing a replacement RIL[2] for SGS2 and found everything of the above. He probably won't be posting to this list because he's not a native English speaker, but if there is enough interest (and it seems that there is), I could prepare and post the relevant instructions. It's pretty trivial actually. [1]: http://github.com/grindars [2]: https://github.com/grindars/android_hardware_samsung_freeril -- WBR, Peter Zotov. From maciej.grela at gmail.com Mon Oct 1 22:00:46 2012 From: maciej.grela at gmail.com (Maciej Grela) Date: Mon, 1 Oct 2012 22:00:46 +0000 Subject: Why not a nexus chipset ? In-Reply-To: References: <2866725ce18e75c97e35c025ed74c723@whitequark.org> Message-ID: 2012/10/1 Peter Zotov : > Maciej Grela ????? 02.10.2012 01:34: > >> 2012/10/1 Peter Zotov : >>> >>> Sylvain Munaut ????? 01.10.2012 18:22: >>> >>>> Hi, >>>> >>>> >>>>> Enter Galaxy S II GT-i9100. >>>> >>>> >>>> >>>> Interesting info and target. >>>> But, do you have links to the datasheet, programmers manual and source >>>> code of the baseband ? >> >> >> Hi, >> >> The situation with Galaxy S II is very interesting. Where did you find >> the information about BP processor debug access and running your own >> code from BP SRAM ? I've read through the links from xda-dev you >> provided but I couldn't locate this information. >> >> Regards, >> Maciej Grela > > > My colleague/friend Sergey Gridassov[1] has been developing a replacement > RIL[2] > for SGS2 and found everything of the above. He probably won't be posting to > this list because he's not a native English speaker, but if there is enough > interest (and it seems that there is), I could prepare and post the relevant > instructions. It's pretty trivial actually. > Please do publish them. This is pretty cool. Regards, Maciej Grela From pabs at debian.org Mon Oct 1 15:12:28 2012 From: pabs at debian.org (Paul Wise) Date: Mon, 1 Oct 2012 23:12:28 +0800 Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: On Mon, Oct 1, 2012 at 10:22 PM, Sylvain Munaut wrote: > But, do you have links to the datasheet, programmers manual and source > code of the baseband ? We were discussing this on IRC and Peter pointed out this: http://forum.xda-developers.com/showthread.php?t=1483053 -- bye, pabs http://wiki.debian.org/PaulWise From francisg at fnop.net Mon Oct 1 15:16:41 2012 From: francisg at fnop.net (Francisco Guerreiro) Date: Mon, 1 Oct 2012 16:16:41 +0100 Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: only thing missing is the actual source code and that will probably continue missing :( On Mon, Oct 1, 2012 at 4:12 PM, Paul Wise wrote: > On Mon, Oct 1, 2012 at 10:22 PM, Sylvain Munaut wrote: > > > But, do you have links to the datasheet, programmers manual and source > > code of the baseband ? > > We were discussing this on IRC and Peter pointed out this: > > http://forum.xda-developers.com/showthread.php?t=1483053 > > -- > bye, > pabs > > http://wiki.debian.org/PaulWise > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From case at SDF.ORG Wed Oct 3 17:52:31 2012 From: case at SDF.ORG (John Case) Date: Wed, 3 Oct 2012 17:52:31 +0000 (UTC) Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: Paul, On Mon, 1 Oct 2012, Paul Wise wrote: > On Mon, Oct 1, 2012 at 10:22 PM, Sylvain Munaut wrote: > >> But, do you have links to the datasheet, programmers manual and source >> code of the baseband ? > > We were discussing this on IRC and Peter pointed out this: > > http://forum.xda-developers.com/showthread.php?t=1483053 k I am looking at the list of devices covered by this xda-dev posting - most interesting is the Samsung Galaxy Nexus - again, this is a reference handset, something that in the past was in the hands of developers only, but now many people around the world are using. So that's very interesting, which was the point of my OP - the google nexus phones represent a particularly ripe avenue for osmocom since they are reference handsets, and presumably the "warez" that you need are in many more hands than previous chipset docs and code. Perhaps there is a flaw in my assumption ? The bad news is that the list of devices from the xda-dev posting does NOT include the Galaxy S II GT-i9100, which was mentioned earlier in this thread. I wonder: - how did the calypso docs leak in the first place ? Was it indeed a real breach of intellectual property, or did they just get published by TI since they were uninteresting in some way ? How nefarious is the story there ? - What would it actually cost to get the documentation and code needed for either of these two items we are discussing above ? If I go to Qualcomm and sign up as a developer (under a corp name, etc.) .... is it $10k ? $100k ? Or are the docs you need not available at any price ? I would like to think that the "warez" needed for one of these targets are so widely distributed (because of the android ecosystem and the aggressive push there) that simply putting out a loud and wide "call for leaks" would yield some results... From mhtajik at gmail.com Wed Oct 3 21:52:26 2012 From: mhtajik at gmail.com (Mh) Date: Thu, 4 Oct 2012 01:22:26 +0330 Subject: Why not a nexus chipset ? In-Reply-To: References: Message-ID: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> TI or Qualcomm will not sell "you" their IP , no matter what . there is a very complicated "legal" process behind these kinds of deals , specifically a regulation process done outside the vendor , that is usually a government organization . you would however be able to purchase protected DSP style working components and NDAed dox with 6-figure deals . there is a different type of business you can look into though , take a look at Lyrtech's stuff for example . you can buy at least as good as HDL crystal clear IP from them licensed and hassle free with support and dox and all , but they target specially built systems , usually huge expensive SDRs . the alleged TI's leaks , mo matter what the circumstance , are not to my experiences of much practical importance . if you got the engineering resources and enough money to put such stuff into use , you may as well code it all from scratch , since most specs are already public . the Patents usually prevent people from certifying , therefore , prevent selling big time for serious profit and limiting the market . its not like they are Nuclear missile code secrets . difference between engineering and reverse engineering in Software ecosystem and Telecom ecosystem is exactly in the time/resource/profit formulation . kids code a virus or crack a code over a couple of nights using ollydbg , although they need to learn a lot of math and electric shit before doing baseband scale maneuver . they almost never do , or Apple offer them Jobs ;) M. On ????????, ??? ??, ???? at ??:??, John Case wrote: > > Paul, > > On Mon, 1 Oct 2012, Paul Wise wrote: > > > On Mon, Oct 1, 2012 at 10:22 PM, Sylvain Munaut wrote: > > > > > But, do you have links to the datasheet, programmers manual and source > > > code of the baseband ? > > > > We were discussing this on IRC and Peter pointed out this: > > > > http://forum.xda-developers.com/showthread.php?t=1483053 > k > > I am looking at the list of devices covered by this xda-dev posting - most > interesting is the Samsung Galaxy Nexus - again, this is a reference > handset, something that in the past was in the hands of developers only, > but now many people around the world are using. > > So that's very interesting, which was the point of my OP - the google > nexus phones represent a particularly ripe avenue for osmocom since they > are reference handsets, and presumably the "warez" that you need are in > many more hands than previous chipset docs and code. Perhaps there is a > flaw in my assumption ? > > The bad news is that the list of devices from the xda-dev posting does NOT > include the Galaxy S II GT-i9100, which was mentioned earlier in this > thread. > > I wonder: > > - how did the calypso docs leak in the first place ? Was it indeed a real > breach of intellectual property, or did they just get published by TI > since they were uninteresting in some way ? How nefarious is the story > there ? > > - What would it actually cost to get the documentation and code needed for > either of these two items we are discussing above ? If I go to Qualcomm > and sign up as a developer (under a corp name, etc.) .... is it $10k ? > $100k ? Or are the docs you need not available at any price ? > > I would like to think that the "warez" needed for one of these targets are > so widely distributed (because of the android ecosystem and the aggressive > push there) that simply putting out a loud and wide "call for leaks" would > yield some results... From case at SDF.ORG Wed Oct 3 22:12:54 2012 From: case at SDF.ORG (John Case) Date: Wed, 3 Oct 2012 22:12:54 +0000 (UTC) Subject: Why not a nexus chipset ? In-Reply-To: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> Message-ID: On Thu, 4 Oct 2012, Mh wrote: > TI or Qualcomm will not sell "you" their IP , no matter what . there is > a very complicated "legal" process behind these kinds of deals , > specifically a regulation process done outside the vendor , that is > usually a government organization . you would however be able to > purchase protected DSP style working components and NDAed dox with > 6-figure deals . Ok. So if there was to be a free-as-in-freedom Galaxy Nexus, with full control of all layers, it would be the result of a real, material breech, or leak. Someone would have to do Something Bad. > there is a different type of business you can look into though , take a > look at Lyrtech's stuff for example . you can buy at least as good as > HDL crystal clear IP from them licensed and hassle free with support and > dox and all , but they target specially built systems , usually huge > expensive SDRs . But the point here is an end user (like me) having a secure and free-as-in-freedom phone, so unless we're going to create a community-backed reference platform (which would be great, of course) this doesn't help a lot. Are there any 3G handsets currently for sale that have this (more open) system underneath ? > the alleged TI's leaks , mo matter what the circumstance , are not to my > experiences of much practical importance . if you got the engineering > resources and enough money to put such stuff into use , you may as well > code it all from scratch , since most specs are already public . the > Patents usually prevent people from certifying , therefore , prevent > selling big time for serious profit and limiting the market . its not > like they are Nuclear missile code secrets . difference between > engineering and reverse engineering in Software ecosystem and Telecom > ecosystem is exactly in the time/resource/profit formulation . kids code > a virus or crack a code over a couple of nights using ollydbg , although > they need to learn a lot of math and electric shit before doing baseband > scale maneuver . they almost never do , or Apple offer them Jobs ;) You're approaching this as if I want to build and market cell site equipment, or build my own infrastructure ... of course that is interesting, but really all I want is a somewhat modern phone that I can control and feel somewhat secure in using, which means either isolataing the basebadn processor (see my other thread about using USB GSM modems with a galaxy music player) or breaking the baseband of a platform more useful than calypso... I do wonder, however, if these open reference chipsets exist, why we are looking at calypso as the basis for the "other" osmocom projects (like the baseband dev kit that has been proposed...) it seems like your example would be less of a dead end... From mhtajik at gmail.com Wed Oct 3 23:21:39 2012 From: mhtajik at gmail.com (Mh) Date: Thu, 4 Oct 2012 02:51:39 +0330 Subject: Why not a nexus chipset ? In-Reply-To: References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> Message-ID: <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> Correct , "Dead End" . if you are aiming at somewhat "All Layers Open for All" in any of Industrialized Telecom Standards , like GSM , UMTS , LTE -- you are either alone or one of the already huge Cartel vendors , the usual suspects . i am specifically referring to business-oriented closed-circuit cold-blooded capitalistic side of the issue . it is big bucks and involves elements of serious power . like Oil business , you simply can not dig a whole and start a shop today . a whole layers of politics and beneficiaries are involved to stop you doing that . internationally recognized organizations like ITU , also , for more or less same reasons do not let some one man company or a small scale team who is not already in bed with big players to go solo , and be available everywhere . Note that i am not in essence , talking about "Security" , whatever that means to you or the next person . you might be well , or feel safe , with your standards under your treat model for your whole life using primitives like 2Gs . in fact i believe this is valid for , figuratively speaking , 99.9 of consumers . it is import an to differentiate between Patents , Licenses , Lobbying for money and ownership all the way down to technical details of how to implement some A5/3 efficient code that can not be tempered with by an evil rouge element in or mitm the network that cancels the whole point for good . you will not reach to a widely usable phone , that all the details of it is free and open by all means . business , export restrictions , regulations and shareholders are responsible for that , good or bad . you CAN define specifics of a secure system based on your priorities and test and certify to see if it fits your criteria or not on the other hand . what society you belong to ? - Freedom of software warriors - Political Activist , Reporter in a Hostile environment or some Humanitarian effort type - Business opportunity research - Military and Dark ops - Finance with 7+ figure daily account exchange - a dude with 007s up his ass after leakage of those topless pix - a Kind smily average father - into white slavery , drug smuggling , dark international arms sales Secure and "Feel Alright" might have different interpretations in each group but that "Open" mobile phone internationally available , legal and realistic is as you put it correctly , a Dead end. M. On ???????, ??? ??, ???? at ?:??, John Case wrote: > > On Thu, 4 Oct 2012, Mh wrote: > > > TI or Qualcomm will not sell "you" their IP , no matter what . there is > > a very complicated "legal" process behind these kinds of deals , > > specifically a regulation process done outside the vendor , that is > > usually a government organization . you would however be able to > > purchase protected DSP style working components and NDAed dox with > > 6-figure deals . > > > Ok. So if there was to be a free-as-in-freedom Galaxy Nexus, with full > control of all layers, it would be the result of a real, material breech, > or leak. Someone would have to do Something Bad. > > > > there is a different type of business you can look into though , take a > > look at Lyrtech's stuff for example . you can buy at least as good as > > HDL crystal clear IP from them licensed and hassle free with support and > > dox and all , but they target specially built systems , usually huge > > expensive SDRs . > > > But the point here is an end user (like me) having a secure and > free-as-in-freedom phone, so unless we're going to create a > community-backed reference platform (which would be great, of course) this > doesn't help a lot. Are there any 3G handsets currently for sale that > have this (more open) system underneath ? > > > > the alleged TI's leaks , mo matter what the circumstance , are not to my > > experiences of much practical importance . if you got the engineering > > resources and enough money to put such stuff into use , you may as well > > code it all from scratch , since most specs are already public . the > > Patents usually prevent people from certifying , therefore , prevent > > selling big time for serious profit and limiting the market . its not > > like they are Nuclear missile code secrets . difference between > > engineering and reverse engineering in Software ecosystem and Telecom > > ecosystem is exactly in the time/resource/profit formulation . kids code > > a virus or crack a code over a couple of nights using ollydbg , although > > they need to learn a lot of math and electric shit before doing baseband > > scale maneuver . they almost never do , or Apple offer them Jobs ;) > > > You're approaching this as if I want to build and market cell site > equipment, or build my own infrastructure ... of course that is > interesting, but really all I want is a somewhat modern phone that I can > control and feel somewhat secure in using, which means either isolataing > the basebadn processor (see my other thread about using USB GSM modems > with a galaxy music player) or breaking the baseband of a platform more > useful than calypso... > > I do wonder, however, if these open reference chipsets exist, why we are > looking at calypso as the basis for the "other" osmocom projects (like the > baseband dev kit that has been proposed...) it seems like your example > would be less of a dead end... From case at SDF.ORG Thu Oct 4 03:07:14 2012 From: case at SDF.ORG (John Case) Date: Thu, 4 Oct 2012 03:07:14 +0000 (UTC) Subject: Why not a nexus chipset ? In-Reply-To: <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> Message-ID: On Thu, 4 Oct 2012, Mh wrote: > you will not reach to a widely usable phone , that all the details of it > is free and open by all means . business , export restrictions , > regulations and shareholders are responsible for that , good or bad . > you CAN define specifics of a secure system based on your priorities and > test and certify to see if it fits your criteria or not on the other > hand . what society you belong to ? Well, I disagree. First of all, if we assume that the Internet is available in some fashion, you can have a general purpose unix computer in your hand, with no mobile chipset, and use SIP. It's not common, but it's workable and it is indeed free all the way through (depending on your configuration and your OS choice). If you consider that the Samsung Galaxy Player is *hardware identical* to one of the worlds most popular android phones (except for the missing mobile chipset), I would say that's a "widely usable phone". And further, if we choose strategy "B", where we encourage, or facilitate a leak of baseband IP, then you can go that route. And that is why I think the reference platform of google nexus phones is very interesting and very unique ... the ps3 breaks, and other breaks like that, were possible because millions of people had these hardware identical boxes in their own houses - you can't let the cat that far out of the bag and expect the secrets will stay secret. CSS, playstation, iTunes, and whatever dvd-jon is working on this week all show that to be true. One clarification: I wasn't saying that pursuing an open mobile platform was a dead end, I was saying that pursuing calypso was a dead end. From peter at stuge.se Thu Oct 4 13:08:33 2012 From: peter at stuge.se (Peter Stuge) Date: Thu, 4 Oct 2012 15:08:33 +0200 Subject: Why not a nexus chipset ? In-Reply-To: References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> Message-ID: <20121004130833.18638.qmail@stuge.se> John Case wrote: > I was saying that pursuing calypso was a dead end. I disagree. There are still quite a few people in the world who can learn about low-level details of 2G cell phone networks, and that is valuable. I think your approach to stay with a non-cell phone device is admirable, but in practise it's not nearly as convenient and so it doesn't scale. It might be good enough for some, but in any case it can't really be called a cell phone. //Peter From mhtajik at gmail.com Thu Oct 4 14:51:01 2012 From: mhtajik at gmail.com (Mh) Date: Thu, 4 Oct 2012 18:21:01 +0330 Subject: Why not a nexus chipset ? In-Reply-To: <20121004130833.18638.qmail@stuge.se> References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> <20121004130833.18638.qmail@stuge.se> Message-ID: you have a point here , but Students are using stuff ranging from Sagem trace phone and its software and API goodness down to Matlab working simulations for more than two decades . there is a misconception that i observe in recent years when attention to telecom networks bolded in blackhat style communities and later in open source "software" society : it is one thing to learn , say , GSM by coding hacking reversing setting up openbts reflashing motorola or nokia whatever old phones -- and there is another thing referred to as Building total Open Cellphones total Open BSCs etc for real use and wide spread Cells . and 1st is valuable , and it is not new , its just getting more attention as the business is growing . the 2nd is just delusion . regarding to another point in this thread : i'd love to see leaks . its just good to have other's property all over the place ( i personally don't like it if its done to me but quite frankly i'd enjoy take a look at any interesting leaks , whether GSM or other things that is getting more common nowadays on web , and i am not ashamed of calling my own dual standard , bullshit - because it is and humans were/are always full of it , hats off to Louie CK by the way ) -- therefore i see it as a good idea to make a wave and encourage some retard engineer with access to internal network of one of these 2-3 vendors to leak shit . remember Microsoft's source partial leak ? i've still got it and although it never had any use for me , very suddenly when i am going through archives some nights i take a look at some random .cpp , there are always a comment or even dialogue between coders inside a function that worth a long good laugh . then what ? having access to someone's IPs , specially with nowadays lawyers , Licensing or Patents disputes , government who sells kilohertz of air for billions.. is not realistically do any good . add to this and the previous mails , the fact that life is too short and many things happen to a Person or small teams , like the one who developed one of the best Linux Files systems then killed his ex wife in some Stupid move and now doing time . to have something "Steady" for wide area use for long time it needs infrastructure , funds , motivated people , buying and selling stocks.. . for cellphone style communications , such establishments already exist . the ones to my understanding many "Hackers" want to bypass , while paying tax to their government , that pays membership fees to remain a member of , say , ITU and play other roles in restrictions ( no matter how we judge this ) . this was my "dead end" answer to John based on . it is not just about "Calypso" . On ???????, ??? ??, ???? at ??:??, Peter Stuge wrote: > John Case wrote: > > I was saying that pursuing calypso was a dead end. > > I disagree. > > There are still quite a few people in the world who can learn about > low-level details of 2G cell phone networks, and that is valuable. > > I think your approach to stay with a non-cell phone device is > admirable, but in practise it's not nearly as convenient and so > it doesn't scale. It might be good enough for some, but in any > case it can't really be called a cell phone. > > > //Peter From case at SDF.ORG Thu Oct 4 22:29:41 2012 From: case at SDF.ORG (John Case) Date: Thu, 4 Oct 2012 22:29:41 +0000 (UTC) Subject: Why not a nexus chipset ? In-Reply-To: <20121004130833.18638.qmail@stuge.se> References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> <20121004130833.18638.qmail@stuge.se> Message-ID: On Thu, 4 Oct 2012, Peter Stuge wrote: > John Case wrote: >> I was saying that pursuing calypso was a dead end. > > I disagree. > > There are still quite a few people in the world who can learn about > low-level details of 2G cell phone networks, and that is valuable. Ok, I'll qualify that ... I think that pursuing calypso as the only working component of osmocom, and to the exclusion of all else, is a dead end. If Harold gets the open implementation of calypso up and running as a dev kit and we can all build imsi catchers with that, that's great - I will buy 10. In term of making peoples lives better and giving people more security and freedom, there needs to be a 3G (or even LTE) platform. I am repeating myself, but again: when was the last time a reference handset was in the hands of millions of people ? And had been produced as a showcase of running a free OS ? If these kids can break the PS3, one of these nexus platforms should be able to be cracked wide open. > I think your approach to stay with a non-cell phone device is > admirable, but in practise it's not nearly as convenient and so > it doesn't scale. It might be good enough for some, but in any > case it can't really be called a cell phone. I'm just looking for control and security in my mobile computer ... I see two different routes to get there: 1. Gain complete, end to end (BP + AP) control over some hardware platform (obviously preferable) 2. Just find a computer I like and add a USB modem to it (only thing currently workable) So it's not what I want, and certainly not what I would push others toward - it's just the only option... From peter at stuge.se Thu Oct 4 22:42:03 2012 From: peter at stuge.se (Peter Stuge) Date: Fri, 5 Oct 2012 00:42:03 +0200 Subject: Why not a nexus chipset ? In-Reply-To: References: <9DF9BA6D9C814F18B0F251AB1916E07F@gmail.com> <7208C1CC767B4D02962B49AF5EC972F9@gmail.com> <20121004130833.18638.qmail@stuge.se> Message-ID: <20121004224203.3650.qmail@stuge.se> John Case wrote: >>> I was saying that pursuing calypso was a dead end. >> >> There are still quite a few people in the world who can learn about >> low-level details of 2G cell phone networks, and that is valuable. > > Ok, I'll qualify that ... I think that pursuing calypso as the only working > component of osmocom, and to the exclusion of all else, is a dead end. I don't think anyone in the osmocom family of projects excludes anything. If you want to go for making an open 3G or LTE platform then go for it! It's no small undertaking however. //Peter From whitequark at whitequark.org Tue Oct 2 22:14:56 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Wed, 03 Oct 2012 02:14:56 +0400 Subject: Why not a nexus chipset =?UTF-8?Q?=3F?= Message-ID: <0b8243c7585c385f0c70b1d13705dd44@whitequark.org> Maciej Grela ????? 02.10.2012 02:00: >> My colleague/friend Sergey Gridassov[1] has been developing a >> replacement >> RIL[2] >> for SGS2 and found everything of the above. He probably won't be >> posting to >> this list because he's not a native English speaker, but if there is >> enough >> interest (and it seems that there is), I could prepare and post the >> relevant >> instructions. It's pretty trivial actually. >> > > Please do publish them. This is pretty cool. > > Regards, > Maciej Grela Assuming you know C, consider this code: https://github.com/grindars/android_hardware_samsung_freeril/blob/jellybean/libsamsung-ipc/SamsungModem.cpp The boot process is IROM->PSI->EBL->SecureImage. Authenticity of PSI is not checked. He has verified this by changing the magic constant 0xDEADDEAD and booting PSI. Speaking about 0xDEADDEAD, it's a command ID which makes the PSI make a complete RAM dump. So, then he has sent the modified command and successfully obtained a dump. The rest should be obvious from the source. -- WBR, Peter Zotov. From osmocom at ngolde.de Tue Oct 2 22:06:01 2012 From: osmocom at ngolde.de (Nico Golde) Date: Wed, 3 Oct 2012 00:06:01 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? Message-ID: <20121002220601.GA19802@nybble.binarybase.org> Hi all! I *think* Harald is pretty busy and also unlikely to attend prospective meeting tomorrow. Also there is bank holiday tomorrow in Germany and at least I personally will use that to stay away from technology for a bit, so I won't come. Nevertheless, I thought I'd write this email to remind people that in theory there is a meeting tomorrow and discuss if other people attend. I personally would propose to shift the meeting to next week (for purely selfish reasons ;). As far as I know, there is no formal presentation tomorrow. Anyway, will anyone attend tomorrow or is everyone in favor of shifting a week? In case it takes place, for the people who did not attend so far, the usual snippet from Harald's mails: Oct 3, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Cheers Nico From peter at stuge.se Tue Oct 2 22:20:10 2012 From: peter at stuge.se (Peter Stuge) Date: Wed, 3 Oct 2012 00:20:10 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <20121002220601.GA19802@nybble.binarybase.org> References: <20121002220601.GA19802@nybble.binarybase.org> Message-ID: <20121002222010.7759.qmail@stuge.se> Hi Nico, all, Thanks for the email! Nico Golde wrote: > Anyway, will anyone attend tomorrow or is everyone in favor > of shifting a week? I can attend tomorrow, but since there is nothing scheduled and I also don't have any suggestions for discussion topics I have nothing against shifting one week. > If you are interested to show up, feel free to do so. In principle this is correct, but please stay tuned to this mailing list discussion so that you do not end up ringing the doorbell at CCC Berlin without there being anyone around to answer it. :) //Peter From kevredon at mail.tsaitgaist.info Wed Oct 3 08:36:58 2012 From: kevredon at mail.tsaitgaist.info (Kevin Redon) Date: Wed, 03 Oct 2012 10:36:58 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <20121002222010.7759.qmail@stuge.se> References: <20121002220601.GA19802@nybble.binarybase.org> <20121002222010.7759.qmail@stuge.se> Message-ID: <1349253355-sup-4566@dennou> Hi, I will not be there either, and have nothing against shifting it :) kevin Excerpts from Peter Stuge's message of Wed Oct 03 00:20:10 +0200 2012: > Hi Nico, all, > > Thanks for the email! > > Nico Golde wrote: > > Anyway, will anyone attend tomorrow or is everyone in favor > > of shifting a week? > From philipp.maier at runningserver.com Wed Oct 3 09:33:29 2012 From: philipp.maier at runningserver.com (Philipp Fabian Benedikt Maier) Date: Wed, 03 Oct 2012 11:33:29 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <1349253355-sup-4566@dennou> References: <20121002220601.GA19802@nybble.binarybase.org> <20121002222010.7759.qmail@stuge.se> <1349253355-sup-4566@dennou> Message-ID: <506C0669.4080701@runningserver.com> Hi folks. Same herel. See you (hopefully) next week. I wish you all a nice holiday. regards, Philipp From osmocom at ngolde.de Mon Oct 8 10:11:35 2012 From: osmocom at ngolde.de (Nico Golde) Date: Mon, 8 Oct 2012 12:11:35 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <506C0669.4080701@runningserver.com> References: <20121002220601.GA19802@nybble.binarybase.org> <20121002222010.7759.qmail@stuge.se> <1349253355-sup-4566@dennou> <506C0669.4080701@runningserver.com> Message-ID: <20121008101135.GA19680@nybble.binarybase.org> Hi, * Philipp Fabian Benedikt Maier [2012-10-03 13:56]: > Same herel. See you (hopefully) next week. I wish you all a nice holiday. I planned for this week now. Anyone else attending? Kind regards Nico From ml at mail.tsaitgaist.info Mon Oct 8 23:19:46 2012 From: ml at mail.tsaitgaist.info (Kevin Redon) Date: Tue, 09 Oct 2012 01:19:46 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <20121008101135.GA19680@nybble.binarybase.org> References: <20121002220601.GA19802@nybble.binarybase.org> <20121002222010.7759.qmail@stuge.se> <1349253355-sup-4566@dennou> <506C0669.4080701@runningserver.com> <20121008101135.GA19680@nybble.binarybase.org> Message-ID: <1349738380-sup-4190@dennou> Hi, I will. kevin Excerpts from Nico Golde's message of Mon Oct 08 12:11:35 +0200 2012: > Hi, > * Philipp Fabian Benedikt Maier [2012-10-03 13:56]: > > Same herel. See you (hopefully) next week. I wish you all a nice holiday. > > I planned for this week now. Anyone else attending? > > Kind regards > Nico From t-openbsc at tobias.org Tue Oct 9 08:01:44 2012 From: t-openbsc at tobias.org (Tobias Engel) Date: Tue, 09 Oct 2012 10:01:44 +0200 Subject: Oct 3, 8pm / Osmocom Berlin User Group meeting? In-Reply-To: <1349738380-sup-4190@dennou> References: <20121002220601.GA19802@nybble.binarybase.org> <20121002222010.7759.qmail@stuge.se> <1349253355-sup-4566@dennou> <506C0669.4080701@runningserver.com> <20121008101135.GA19680@nybble.binarybase.org> <1349738380-sup-4190@dennou> Message-ID: <5073D9E8.2050701@tobias.org> Me too. -Tobias On 09.10.12 01:19, Kevin Redon wrote: > Hi, > > I will. > > kevin > > Excerpts from Nico Golde's message of Mon Oct 08 12:11:35 +0200 2012: >> Hi, >> * Philipp Fabian Benedikt Maier [2012-10-03 13:56]: >>> Same herel. See you (hopefully) next week. I wish you all a nice holiday. >> >> I planned for this week now. Anyone else attending? >> >> Kind regards >> Nico > > From case at SDF.ORG Wed Oct 3 18:04:02 2012 From: case at SDF.ORG (John Case) Date: Wed, 3 Oct 2012 18:04:02 +0000 (UTC) Subject: How much protection does an add-on GSM modem give me vs. built into phone ? Message-ID: I use an old 2G dumbphone. I would like to switch and begin carrying a unix computer with me, but two things bother me: 1. When cellular device is added to computer, and integrated in a deep way (as it is in an android phone) there seem to me a lot of instances where the computer is subservient to the cellular partsof the phone. I am thinking about things like carrier published updates to applications and carrier updates to SIM data, etc. - I want to participate on the mobile phone network, but I do not want the carrier to have any access to my unix computer. It seems to me that they have a lot of access, though, when I use something like an android phone. 2. Exploits ... baseband exploits, mobie network exploits, forced dialing, speaker/mic toggling, root exploits like I saw described from rogue cellsites at defcon 2 years ago ... I want nothing to do with this. So my current thought is to not buy a phone at all, but instead buy a unix computer - perhaps the samsung galaxy player ? It is a near-clone of Samsung i9000, but without any phone hrdware (but it does have speaker and mic, so you could use it as a very nice SIP device). And my idea is that when I do not have WIFI access, I could connect a USB GSM modem to this unix computer and use the GSM modem ONLY for data, and connect SIP calls that way. My questions: 1. Am I correct that embedding the mobile components into the computer (like in a mobile phone) give my carrier many more vectors for accessing the computer side of things, and ive "mallory" many more vectors for attack ? I spoke very generally above about those methods - what are the actual names for these behaviors ? 2. Am I correct that if I connect a external GSM modem to my unix computer, I am nullifying most of these, and I am not giving my carrier any abiity to update/examine/alter/access my unix computer .... and am also avoiding things like secretly enabling the microphone, baseband exploits, etc. ? Any additional thoughts on using a computer instead of a phone, and then adding a GSM modem when that is the only way to get SIP connectivity ? Thanks. From case at SDF.ORG Wed Oct 3 21:09:17 2012 From: case at SDF.ORG (John Case) Date: Wed, 3 Oct 2012 21:09:17 +0000 (UTC) Subject: How much protection does an add-on GSM modem give me vs. built into phone ? In-Reply-To: References: Message-ID: > First, stay away from Qualcomm-based phones. In them the baseband controls > all physical memory, as documented in the Replicant project, and thus has > control over the application processor (the "unix computer"). Ok. So what I am shooting for is a firewall between the baseband processor and the application processor, and I was indeed correct that in a "real" mobile phone there is a lot of bleeding between the two. > Second, even Infineon-based phones are not completely safe, however you can > use Replicant on the Nexus S, and thus there is no proprietary binaries (on > the Unix side) and less risk of meddling from a third party. However, this > won't prevent a baseband exploit from doing evil stuff. In addition there > are Android vulnerabilities constantly appearing, last one as you may have > heard concerned the SGS3's NFC stack. Well, that is why I said "unix computer" and not specifically android - if I am running a computer (like a samsung galaxy player) then I could do something besides android, and perhaps gain quite a bit of control. > Finally, the scenario you suggest (connecting a 3G USB modem) to a computer > seems very impractical although it adds a layer of safety since the > microphone will be fully under the control of the system you trust. However > battery life will probably be very, very short as compared to your current > 2G phone. Yes, ok. Battery life is bad, as well as the physical logistics of connecting a full sized USB dongle to a micro-USB port, etc. > By the way, as documented in presentations at CCC, Blackhat, etc. GSM > networks are not safe, there are multiple vulnerabilities ranging from > offline decryption of comms to active mitm attacks. 3G networks use > stronger, mutual authentication and do not suffer from this. In several > phones, such as the Nexus S, you can force the network mode to 3G only and > therefore have a better level of security. Yes, but the real trick I am interested is isolating (or at least controlling) the interaction between the baseband processor and the application processor. Using a computer with a USB dongle gives me that control ... would I have that same level of control if we had free software running on the baseband processor, or is there still additional bleeding possible simpy by virtue of being built into the computer ? Also, just for my own notes, what is the industry term for "making changes to application processor side of customers handset?" I have heard of some regular examples of how carriers update things and enforce changes to phones in this way (or relock them ?) but what is the term for that behavior ? Thanks. From peter at stuge.se Wed Oct 3 22:32:48 2012 From: peter at stuge.se (Peter Stuge) Date: Thu, 4 Oct 2012 00:32:48 +0200 Subject: How much protection does an add-on GSM modem give me vs. built into phone ? In-Reply-To: References: Message-ID: <20121003223248.10129.qmail@stuge.se> John Case wrote: > the real trick I am interested is isolating (or at least > controlling) the interaction between the baseband processor and the > application processor. Using a computer with a USB dongle gives me that > control ... would I have that same level of control if we had free software > running on the baseband processor, or is there still additional bleeding > possible simpy by virtue of being built into the computer ? In a smartphone it's almost not possible to distinguish the "computer" from the "GSM modem" anymore, because of how the hardware is constructed, so yes. > what is the industry term for "making changes to application processor > side of customers handset?" Maybe you're looking for FOTA - Firmware Over The Air? //Peter From gnutoo at no-log.org Thu Oct 4 10:26:02 2012 From: gnutoo at no-log.org (Denis 'GNUtoo' Carikli) Date: Thu, 4 Oct 2012 12:26:02 +0200 Subject: How much protection does an add-on GSM modem give me vs. built into phone ? In-Reply-To: <20121003223248.10129.qmail@stuge.se> References: <20121003223248.10129.qmail@stuge.se> Message-ID: <20121004122602.7389d9e3@gnutoo-desktop> On Thu, 4 Oct 2012 00:32:48 +0200 Peter Stuge wrote: > John Case wrote: > > the real trick I am interested is isolating (or at least > > controlling) the interaction between the baseband processor and the > > application processor. Using a computer with a USB dongle gives me > > that control ... would I have that same level of control if we had > > free software running on the baseband processor, or is there still > > additional bleeding possible simpy by virtue of being built into > > the computer ? > > In a smartphone it's almost not possible to distinguish the > "computer" from the "GSM modem" anymore, because of how the > hardware is constructed, so yes. In some yes, in some no... it depend on how the smartphone was designed: On one end some smartphones (openmoko GTA02,golden delicious GTA04), the baseband is isolated(tough on GTA04 it has access to a GPS with no antenna(so it can't work)) . And on the other end there are smartphones with qualcomm System on a chip...where the modem and the CPU are in a single chip: The modem part has the audio DSP connected to it, the GPS. And the baseband uses shared RAM memory and shared NAND(if I remember well)... And I'm not sure but maybe the baseband is even needed for booting the main CPU... There are also systems in between like the galaxy S/Neuxs S that uses shared memory but do not have other problems... Denis. From whitequark at whitequark.org Thu Oct 4 11:15:09 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Thu, 04 Oct 2012 15:15:09 +0400 Subject: How much protection does an add-on GSM modem give me vs. built into phone =?UTF-8?Q?=3F?= In-Reply-To: <20121004130719.58b0aec7@gnutoo-desktop> References: <20121003223248.10129.qmail@stuge.se> <20121004122602.7389d9e3@gnutoo-desktop> <20121004130719.58b0aec7@gnutoo-desktop> Message-ID: <83f1341a5b0600493218788dd0aeae06@whitequark.org> Denis 'GNUtoo' Carikli ????? 04.10.2012 15:07: > On Thu, 04 Oct 2012 14:53:08 +0400 > Peter Zotov wrote: > >> Denis 'GNUtoo' Carikli ????? 04.10.2012 14:26: >> > On Thu, 4 Oct 2012 00:32:48 +0200 >> > Peter Stuge wrote: >> > >> >> John Case wrote: >> >> > the real trick I am interested is isolating (or at least >> >> > controlling) the interaction between the baseband processor and >> >> the >> >> > application processor. Using a computer with a USB dongle >> gives >> >> me >> >> > that control ... would I have that same level of control if we >> >> > had free software running on the baseband processor, or is >> there >> >> > still additional bleeding possible simpy by virtue of being >> >> > built into the computer ? >> >> >> >> In a smartphone it's almost not possible to distinguish the >> >> "computer" from the "GSM modem" anymore, because of how the >> >> hardware is constructed, so yes. >> > In some yes, in some no... it depend on how the smartphone was >> > designed: >> > >> > On one end some smartphones (openmoko GTA02,golden delicious >> > GTA04), the >> > baseband is isolated(tough on GTA04 it has access to a GPS with no >> > antenna(so it can't work)) . And on the other end there are >> > smartphones >> > with qualcomm System on a chip...where the modem and the CPU are >> in >> > a single chip: >> > The modem part has the audio DSP connected to it, the GPS. >> > And the baseband uses shared RAM memory and shared NAND(if I >> > remember well)... >> > And I'm not sure but maybe the baseband is even needed for booting >> > the >> > main CPU... >> > >> > There are also systems in between like the galaxy S/Neuxs S that >> > uses shared memory but do not have other problems... >> >> In addition to the above, there are some phones where baseband is >> completely >> submissive to the AP, namely Galaxy SII. Basically it's exactly the >> same >> as the USB dongle situation, but the dongle is integrated on the >> phone's >> PCB. > Did you check what the modem transport was(shared memory, high speed > serial etc...)? > > Denis. HSIC. It's basically USB but with a slightly altered physical layer to acommodate the unusual topology. http://www.synopsys.com/dw/dwtb/hsic_usb2_device/hsic_usb2_device.html There is no shared memory or, in fact, any other connections between BP and interfaces of the phone. Audio is transferred via the same USB, for example. GPS technically has some relation with the BP, I'm not absolutely sure which precisely, but you can a) upload reference SiRF firmware to the GPS, thus rendering any changes Samsung put to the latter void and b) AP controls !RESET pins of both GPS and BP. It's trivial to not allow both to run simultaneously. -- WBR, Peter Zotov. From whitequark at whitequark.org Thu Oct 4 11:18:13 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Thu, 04 Oct 2012 15:18:13 +0400 Subject: How much protection does an add-on GSM modem give me vs. built into phone =?UTF-8?Q?=3F?= In-Reply-To: <20121004130719.58b0aec7@gnutoo-desktop> References: <20121003223248.10129.qmail@stuge.se> <20121004122602.7389d9e3@gnutoo-desktop> <20121004130719.58b0aec7@gnutoo-desktop> Message-ID: <8b39c0cb89ccc26f9be090ec66c794d0@whitequark.org> Denis 'GNUtoo' Carikli ????? 04.10.2012 15:07: > On Thu, 04 Oct 2012 14:53:08 +0400 > Peter Zotov wrote: > > Did you check what the modem transport was(shared memory, high speed > serial etc...)? > > Denis. Sorry for the second letter. I just verified the GPS issue with grindars. He says that BP does not communicate with GPS chip directly; both UART and GPIO of the GPS chip are connected to AP. The only thing that will not work with BP off is GSM A-GPS, which is trivially replaced if you have WiFi connectivity or cellular data. -- WBR, Peter Zotov. From whitequark at whitequark.org Thu Oct 4 11:10:39 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Thu, 04 Oct 2012 15:10:39 +0400 Subject: How much protection does an add-on GSM modem give me vs. built into phone =?UTF-8?Q?=3F?= Message-ID: <3051d4f66a581d6a313590335d9ea2f7@whitequark.org> Denis 'GNUtoo' Carikli ????? 04.10.2012 14:26: > On Thu, 4 Oct 2012 00:32:48 +0200 > Peter Stuge wrote: > >> John Case wrote: >> > the real trick I am interested is isolating (or at least >> > controlling) the interaction between the baseband processor and >> the >> > application processor. Using a computer with a USB dongle gives >> me >> > that control ... would I have that same level of control if we had >> > free software running on the baseband processor, or is there still >> > additional bleeding possible simpy by virtue of being built into >> > the computer ? >> >> In a smartphone it's almost not possible to distinguish the >> "computer" from the "GSM modem" anymore, because of how the >> hardware is constructed, so yes. > In some yes, in some no... it depend on how the smartphone was > designed: > > On one end some smartphones (openmoko GTA02,golden delicious GTA04), > the > baseband is isolated(tough on GTA04 it has access to a GPS with no > antenna(so it can't work)) . And on the other end there are > smartphones > with qualcomm System on a chip...where the modem and the CPU are in a > single chip: > The modem part has the audio DSP connected to it, the GPS. > And the baseband uses shared RAM memory and shared NAND(if I remember > well)... > And I'm not sure but maybe the baseband is even needed for booting > the > main CPU... > > There are also systems in between like the galaxy S/Neuxs S that uses > shared memory but do not have other problems... In addition to the above, there are some phones where baseband is completely submissive to the AP, namely Galaxy SII. Basically it's exactly the same as the USB dongle situation, but the dongle is integrated on the phone's PCB. > > Denis. -- WBR, Peter Zotov. From andrew at carrierdetect.com Thu Oct 4 20:38:42 2012 From: andrew at carrierdetect.com (Andrew Back) Date: Thu, 4 Oct 2012 21:38:42 +0100 Subject: Testing (or even type approval). Message-ID: Hello, I've picked up what appears to be most of a Rohde & Schwarz TS8916B GSM Type Approval system (CRTC02 equipment, a Sofimation SOFI05 radio channel/fading simulator and various RF switching) and wondered if it may be of use in testing the baseband. Or can everything we would want to test be done using simple MS test equipment and/or a BTS with OpenBSC? I did also wonder whether it would be possible to use this to try and achieve type approval, but realise that even if the rest of the hardware could be gathered together it would be a huge learning curve and even then maybe you have to be accredited/authorised for TA (or other challenges would prevent this). In any case, I thought it worth asking the question before it is split up. Regards, Andrew PS. Some photos are at: http://www.flickr.com/photos/carrierdetect/sets/72157631692365280/with/8054445310/ The digital units are PCs running DOS and tests are written in C and compiled to run on DSP boards (2x TX + 2x RX per CRTC02 digital unit) which drive the attached analogue units. GPIB is used for control between these and to also control the SOFI, RF switches and other equipment that is missing (a signal generator and a second SOFI at least). -- Andrew Back http://carrierdetect.com From alexander.chemeris at gmail.com Fri Oct 5 00:17:54 2012 From: alexander.chemeris at gmail.com (Alexander Chemeris) Date: Thu, 4 Oct 2012 20:17:54 -0400 Subject: Testing (or even type approval). In-Reply-To: References: Message-ID: Hi, I wonder could we use a channel simulator to test a BTS instead of the handset? Then it will be very valuable. On Thu, Oct 4, 2012 at 4:38 PM, Andrew Back wrote: > Hello, > > I've picked up what appears to be most of a Rohde & Schwarz TS8916B > GSM Type Approval system (CRTC02 equipment, a Sofimation SOFI05 radio > channel/fading simulator and various RF switching) and wondered if it > may be of use in testing the baseband. Or can everything we would want > to test be done using simple MS test equipment and/or a BTS with > OpenBSC? > > I did also wonder whether it would be possible to use this to try and > achieve type approval, but realise that even if the rest of the > hardware could be gathered together it would be a huge learning curve > and even then maybe you have to be accredited/authorised for TA (or > other challenges would prevent this). In any case, I thought it worth > asking the question before it is split up. > > Regards, > > Andrew > > PS. Some photos are at: > > http://www.flickr.com/photos/carrierdetect/sets/72157631692365280/with/8054445310/ > > The digital units are PCs running DOS and tests are written in C and > compiled to run on DSP boards (2x TX + 2x RX per CRTC02 digital unit) > which drive the attached analogue units. GPIB is used for control > between these and to also control the SOFI, RF switches and other > equipment that is missing (a signal generator and a second SOFI at > least). > > -- > Andrew Back > http://carrierdetect.com > -- Regards, Alexander Chemeris. CEO, Fairwaves LLC / ??? ??????? http://fairwaves.ru From andrew at carrierdetect.com Fri Oct 5 07:09:49 2012 From: andrew at carrierdetect.com (Andrew Back) Date: Fri, 5 Oct 2012 08:09:49 +0100 Subject: Testing (or even type approval). In-Reply-To: References: Message-ID: On 5 October 2012 01:17, Alexander Chemeris wrote: > Hi, > > I wonder could we use a channel simulator to test a BTS instead of the > handset? Then it will be very valuable. I would have thought so, unless you need more than two channels (e.g. to have 3 or more MS each with their own fading profile). The specifications and manual can be found at: http://www.sofimation.com/sofi05.htm It looks like I will have lots of coaxial relays, 20dB/2 watt pads and some splitter/combiners too, so may be able to set up something useful if we knew precisely what we would like to do. Best, Andrew -- Andrew Back http://carrierdetect.com From case at SDF.ORG Thu Oct 4 22:39:58 2012 From: case at SDF.ORG (John Case) Date: Thu, 4 Oct 2012 22:39:58 +0000 (UTC) Subject: 2G / 3G / LTE differences and similarities at layer 1 ... Message-ID: Where can I find some documentation about how different (and similar) 2G / 3G and LTE are at the layer 1 level ? Thanks. From mhtajik at gmail.com Fri Oct 5 00:23:57 2012 From: mhtajik at gmail.com (Mh) Date: Fri, 5 Oct 2012 03:53:57 +0330 Subject: 2G / 3G / LTE differences and similarities at layer 1 ... In-Reply-To: References: Message-ID: i am not aware of a single doc covering this and perhaps suggesting you to go read all the specs is not even funny . i've read a WCDMA book long time ago and it helped me doing many different stuff over the years having the correct big picture in details at background . sounds very general , but take a look . certainly helps . Regards On ????, ??? ??, ???? at ?:??, John Case wrote: > > Where can I find some documentation about how different (and similar) 2G / > 3G and LTE are at the layer 1 level ? > > Thanks. From case at SDF.ORG Fri Oct 5 00:29:26 2012 From: case at SDF.ORG (John Case) Date: Fri, 5 Oct 2012 00:29:26 +0000 (UTC) Subject: 2G / 3G / LTE differences and similarities at layer 1 ... In-Reply-To: References: Message-ID: On Fri, 5 Oct 2012, Mh wrote: > i am not aware of a single doc covering this and perhaps suggesting you > to go read all the specs is not even funny . i've read a WCDMA book long > time ago and it helped me doing many different stuff over the years > having the correct big picture in details at background . sounds very > general , but take a look . certainly helps . How similar (roughly) are 2G GSM, 3G GSM, and LTE at the layer 1 level ? From alexander.chemeris at gmail.com Fri Oct 5 01:54:45 2012 From: alexander.chemeris at gmail.com (Alexander Chemeris) Date: Thu, 4 Oct 2012 21:54:45 -0400 Subject: 2G / 3G / LTE differences and similarities at layer 1 ... In-Reply-To: References: Message-ID: 04.10.2012 20:55 ???????????? "John Case" ???????: > > > On Fri, 5 Oct 2012, Mh wrote: > >> i am not aware of a single doc covering this and perhaps suggesting you to go read all the specs is not even funny . i've read a WCDMA book long time ago and it helped me doing many different stuff over the years having the correct big picture in details at background . sounds very general , but take a look . certainly helps . > > > > How similar (roughly) are 2G GSM, 3G GSM, and LTE at the layer 1 level ? > In short, all three are completely different. It's TDMA/GMSK vs WCDMA vs OFDMA. For the details it's better to find tutorials on every of the three and go through them. Sent from my Android device. -- Regards, Alexander Chemeris CEO, Fairwaves LLC http://fairwaves.ru -------------- next part -------------- An HTML attachment was scrubbed... URL: From dburgess at jcis.net Fri Oct 5 07:46:18 2012 From: dburgess at jcis.net (David A. Burgess) Date: Fri, 5 Oct 2012 00:46:18 -0700 Subject: 2G / 3G / LTE differences and similarities at layer 1 ... In-Reply-To: References: Message-ID: They are completely different in L1. They become more similar as you move up the stack, but they are utterly different in L1. On Oct 4, 2012, at 17:23, Mh wrote: > i am not aware of a single doc covering this and perhaps suggesting you to go read all the specs is not even funny . i've read a WCDMA book long time ago and it helped me doing many different stuff over the years having the correct big picture in details at background . sounds very general , but take a look . certainly helps . > > Regards > > > On ????, ??? ??, ???? at ?:??, John Case wrote: > >> >> Where can I find some documentation about how different (and similar) 2G / >> 3G and LTE are at the layer 1 level ? >> >> Thanks. > > > From Max.Suraev at fairwaves.ru Fri Oct 5 16:43:57 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Fri, 05 Oct 2012 18:43:57 +0200 Subject: rssi chainload Message-ID: <506F0E4D.2050900@fairwaves.ru> Hello. I'm trying to load RSSI firmware into my c123 phone. It's too big to be loaded directly so it should be chainloaded. Unfortunately chainloading is almost undocumented (or I failed to locate the documentation :) As far as I understood it we use chainloader (small one) so it would load actual payload (big one). I've disabled size check in src/host/osmocon/osmocon.c:270 and recompiled latest git. After that I've tried following: ./osmocom-bb/src/host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor -c ./osmocom-bb/src/target/firmware/board/compal_e88/rssi.highram.bin ./osmocom-bb/src/target/firmware/board/compal_e88/chainload.compalram.bin but got only eternal stream of "Sending Calypso romloader beacon..." Could you help me to figure out proper image names? What's the meaning of -c option: the file to be loaded (big one)? And as a last argument we supply actual chainloader (small one)? -- best regards, Max, http://fairwaves.ru From steve at steve-m.de Fri Oct 5 17:18:11 2012 From: steve at steve-m.de (Steve Markgraf) Date: Fri, 05 Oct 2012 19:18:11 +0200 Subject: rssi chainload In-Reply-To: <506F0E4D.2050900@fairwaves.ru> References: <506F0E4D.2050900@fairwaves.ru> Message-ID: <506F1653.5050603@steve-m.de> Hi, On 05.10.2012 18:43, ? wrote: > Hello. > > I'm trying to load RSSI firmware into my c123 phone. It's too big to be loaded > directly so it should be chainloaded. Unfortunately chainloading is almost > undocumented (or I failed to locate the documentation :) It's a bit hidden on the C140 page in the wiki: http://bb.osmocom.org/trac/wiki/MotorolaC140#Bootloader > I've disabled size check in src/host/osmocon/osmocon.c:270 and recompiled latest git. > > After that I've tried following: > > ./osmocom-bb/src/host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor -c > ./osmocom-bb/src/target/firmware/board/compal_e88/rssi.highram.bin > ./osmocom-bb/src/target/firmware/board/compal_e88/chainload.compalram.bin > > but got only eternal stream of "Sending Calypso romloader beacon..." Hm, strange. Did you try -m c123? Does loading other apps without chainloader work? > Could you help me to figure out proper image names? > > What's the meaning of -c option: the file to be loaded (big one)? > And as a last argument we supply actual chainloader (small one)? Yes, thats correct. Regards, Steve From Max.Suraev at fairwaves.ru Fri Oct 5 18:15:52 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Fri, 05 Oct 2012 20:15:52 +0200 Subject: rssi chainload In-Reply-To: <506F1653.5050603@steve-m.de> References: <506F0E4D.2050900@fairwaves.ru> <506F1653.5050603@steve-m.de> Message-ID: <506F23D8.4030907@fairwaves.ru> 05.10.2012 19:18, Steve Markgraf ?????: > >> I've disabled size check in src/host/osmocon/osmocon.c:270 and recompiled latest git. Btw, do I actually have to do that? > Hm, strange. Did you try -m c123? Does loading other apps without > chainloader work? if I use -m c123 than loading proceed up to "handle_write(): finished" but I do not see rssi (or anything at all) on phone's screen. And ./osmocom-bb/src/host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor ./osmocom-bb/src/target/firmware/board/compal_e88/layer1.compalram.bin loads firmware just fine. Am I using the right images (rssi.highram.bin and chainload.compalram.bin)? -- best regards, Max, http://fairwaves.ru From dario.lombardo.ml at gmail.com Sun Oct 7 20:36:01 2012 From: dario.lombardo.ml at gmail.com (Dario Lombardo) Date: Sun, 7 Oct 2012 22:36:01 +0200 Subject: rssi chainload In-Reply-To: <506F23D8.4030907@fairwaves.ru> References: <506F0E4D.2050900@fairwaves.ru> <506F1653.5050603@steve-m.de> <506F23D8.4030907@fairwaves.ru> Message-ID: Have a look at this old thread http://lists.osmocom.org/pipermail/baseband-devel/2012-January/002690.html that goes through the topic. At a first glance you're issuing the right commands, but you can try the alternative suggested way (osmoload jump). Sometimes I must reload the firmware many times before it starts (freeze after handle_write() finished). Bye Dario. On Fri, Oct 5, 2012 at 8:15 PM, ? wrote: > 05.10.2012 19:18, Steve Markgraf ?????: > >> >>> I've disabled size check in src/host/osmocon/osmocon.c:270 and recompiled latest git. > > Btw, do I actually have to do that? > >> Hm, strange. Did you try -m c123? Does loading other apps without >> chainloader work? > > if I use -m c123 than loading proceed up to "handle_write(): finished" but I do not > see rssi (or anything at all) on phone's screen. > > And ./osmocom-bb/src/host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor > ./osmocom-bb/src/target/firmware/board/compal_e88/layer1.compalram.bin > loads firmware just fine. > > Am I using the right images (rssi.highram.bin and chainload.compalram.bin)? > > -- > best regards, > Max, http://fairwaves.ru > From lists at infosecurity.ch Sat Oct 6 14:01:55 2012 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Sat, 06 Oct 2012 16:01:55 +0200 Subject: Subject tagging of this mailing list Message-ID: <507039D3.1020606@infosecurity.ch> Hi, i'd like to suggest to introduce "Subject" tagging for the osmocom mailing lists. Almost all ml i'm subscribed are Subject tagged with [MailingListName] prepended to the subject. Hope can be considered a nice suggestion, to improve the usability of mlist. -naif From peter at stuge.se Sat Oct 6 14:16:15 2012 From: peter at stuge.se (Peter Stuge) Date: Sat, 6 Oct 2012 16:16:15 +0200 Subject: Subject tagging of this mailing list In-Reply-To: <507039D3.1020606@infosecurity.ch> References: <507039D3.1020606@infosecurity.ch> Message-ID: <20121006141615.32292.qmail@stuge.se> Fabio Pietrosanti (naif) wrote: > i'd like to suggest to introduce "Subject" tagging for the osmocom > mailing lists. NAK. It really pollutes the subject line. > Almost all ml i'm subscribed are Subject tagged with [MailingListName] > prepended to the subject. They are all doinitrong. It has quite likely become so widespread because it is controlled by a setting in the GNU Mailman software which is enabled by default. > Hope can be considered a nice suggestion, to improve the usability > of mlist. Please set up filters in your email software that make use one of the many unique headers added by the mailing list, all of which keep the subject line free from noise. Almost all lists I'm subscribed to do not have a stupid prefix in the subject. //Peter From sebastien at lorquet.fr Sat Oct 6 17:51:55 2012 From: sebastien at lorquet.fr (=?ISO-8859-1?Q?S=E9bastien_Lorquet?=) Date: Sat, 06 Oct 2012 19:51:55 +0200 Subject: Subject tagging of this mailing list In-Reply-To: <20121006141615.32292.qmail@stuge.se> References: <507039D3.1020606@infosecurity.ch> <20121006141615.32292.qmail@stuge.se> Message-ID: <50706FBB.5030402@lorquet.fr> Le 06/10/2012 16:16, Peter Stuge a ?crit : > Fabio Pietrosanti (naif) wrote: >> i'd like to suggest to introduce "Subject" tagging for the osmocom >> mailing lists. > NAK. It really pollutes the subject line. > > >> Almost all ml i'm subscribed are Subject tagged with [MailingListName] >> prepended to the subject. > They are all doinitrong. It has quite likely become so widespread > because it is controlled by a setting in the GNU Mailman software > which is enabled by default. > > >> Hope can be considered a nice suggestion, to improve the usability >> of mlist. > Please set up filters in your email software that make use one of the > many unique headers added by the mailing list, all of which keep the > subject line free from noise. Almost all lists I'm subscribed to do > not have a stupid prefix in the subject. > > > //Peter > the 'List-id' header may be the way to go. Sebastien From niceguy108 at gmail.com Sun Oct 7 05:26:06 2012 From: niceguy108 at gmail.com (Bhaskar11) Date: Sun, 7 Oct 2012 10:56:06 +0530 Subject: Compiling Osmocom for Windows Message-ID: <008801cda44c$42dde300$0f00a8c0@notebook> Enthused by the successes of Dieter and Eisencah I have been trying to compile Osmocom under Windows XP using Cygwin and arm-elf-gcc4.6.3 dbsed on the website instructions. Osmocom compiles ok until the last portion. Then it gives some errors (as in TXT file attached). Can anyone please indicate what I am doing wrong. I am writing here after long experimenting to ensure that all dependencies have been included, etc. Can I also request Dieter and Eisencah to share their tips for the rest of us who wish to work on the Windows platform. Thanks in advance. B. ================================= eisencah eisenach Reply | Threaded Nov 06, 2010; 7:50pm Re: osmocom on windows 25 posts Hello everybody. Managed to compile the osmocom program under windows. Could anyone send me the image for the "Hello word" program so I could try to download it into the phone (haven't got to the part where I compile the firmware bit I would want to see osmocom work). Cheers, Mihai. er SpaarReply | Threaded | More Oct 07, 2010; 3:51pmRe: osmocom on windows 36 posts In reply to this post by eisencah eisenach Hello Peter, On Thu, 7 Oct 2010 11:54:28 +0200, "Peter Stuge" <[hidden email]> wrote: > > Does e.g. the CodeSourcery toolchain really need Cygwin? That would > suck. I don't know CodeSourcery, I use GNU ARM directly from www.gnuarm.com. According to the CodeSourcery FAQ, they do not require Cygwin. Are there any benefit using CodeSourcery ? I had issues in the past with the firmware using a different GNU ARM version, so I switched back to 4.0.2 which seems to be the same other use on Linux and so far it works OK. You don't seem to like Cygwin, my experience with it is not that bad, OpenBSC (not with GPRS yet due to the need for the TUN device), OsmocomBB, GNUradio and Airprobe run with minor adjustments (just to name GSM related stuff I use under Cygwin). Best regards, Dieter -- Dieter Spaar, Germany -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: arrow.png Type: image/png Size: 398 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: online.png Type: image/png Size: 234 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: more.png Type: image/png Size: 202 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: flag_gray.png Type: image/png Size: 472 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: icon_unstarred.png Type: image/png Size: 701 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Osmocom-bb make error.txt URL: From holger at freyther.de Sun Oct 7 06:26:03 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Sun, 7 Oct 2012 08:26:03 +0200 Subject: Compiling Osmocom for Windows In-Reply-To: <008801cda44c$42dde300$0f00a8c0@notebook> References: <008801cda44c$42dde300$0f00a8c0@notebook> Message-ID: <20121007062603.GE32292@localhost> On Sun, Oct 07, 2012 at 10:56:06AM +0530, Bhaskar11 wrote: > GEN osmocom/core/crc16gen.h > GEN osmocom/core/crc16gen.h > /bin/sh: osmocom/core/crc16gen.h: No such file or directory The generation of the files fail. Maybe install sed.exe? Take a look at the Makefile. holger From case at SDF.ORG Sun Oct 7 21:17:24 2012 From: case at SDF.ORG (John Case) Date: Sun, 7 Oct 2012 21:17:24 +0000 (UTC) Subject: GSM test sets (HP 8922M, for instance..) Message-ID: There are a lot of HP/Agilent 8922M units for sale very cheap (less than US $500). I know that these devices can simulate a GSM base station, but does that simulation occur over the air, or do I need to connect my handset I am testing to the 8922M with a cable ? I know I need to get a 8322A expansion for the unit - any other details I should look out for ? Also, what is an equivalent test unit for WCDMA (3g) base station simulation (I know these will be more expensive). Thanks. From peter at stuge.se Sun Oct 7 21:51:08 2012 From: peter at stuge.se (Peter Stuge) Date: Sun, 7 Oct 2012 23:51:08 +0200 Subject: GSM test sets (HP 8922M, for instance..) In-Reply-To: References: Message-ID: <20121007215108.16402.qmail@stuge.se> John Case wrote: > I know that these devices can simulate a GSM base station, but does > that simulation occur over the air, or do I need to connect my > handset I am testing to the 8922M with a cable ? It has an N connector for RF output. If you connect an antenna you can test over the air. It can output a fair bit of power, don't have to use that if sitting in front of it. We did some successful initial tests with one of these at one of the Osmocom User Group meetings maybe a month ago. We briefly discussed that it would be interesting to extract test results from it programmatically, and perhaps also to control it. I don't know if any effort has started in that direction however. > I know I need to get a 8322A expansion for the unit - any other > details I should look out for ? That's the 1800 MHz option, yes? Maybe you want 1900 instead. There are also goodies like the improved performance 10 MHz reference. //Peter From case at SDF.ORG Mon Oct 8 05:59:07 2012 From: case at SDF.ORG (John Case) Date: Mon, 8 Oct 2012 05:59:07 +0000 (UTC) Subject: GSM test sets (HP 8922M, for instance..) In-Reply-To: <20121007215108.16402.qmail@stuge.se> References: <20121007215108.16402.qmail@stuge.se> Message-ID: Peter, On Sun, 7 Oct 2012, Peter Stuge wrote: >> I know I need to get a 8322A expansion for the unit - any other >> details I should look out for ? > > That's the 1800 MHz option, yes? Maybe you want 1900 instead. There > are also goodies like the improved performance 10 MHz reference. The (obsolete) product page for 83220A says " ... expands the capabilities of the Agilent 8922 family to comprehensively test DCS 1800 and PCS 1900 equipment..." So do I understand that by itself, the unit handles 900 and 850, and the add-on gives it 1800 and 1900 ? From peter at stuge.se Mon Oct 8 06:07:19 2012 From: peter at stuge.se (Peter Stuge) Date: Mon, 8 Oct 2012 08:07:19 +0200 Subject: GSM test sets (HP 8922M, for instance..) In-Reply-To: References: <20121007215108.16402.qmail@stuge.se> Message-ID: <20121008060720.25628.qmail@stuge.se> John Case wrote: >>> I know I need to get a 8322A expansion for the unit - any other >>> details I should look out for ? >> >> That's the 1800 MHz option, yes? Maybe you want 1900 instead. There >> are also goodies like the improved performance 10 MHz reference. > > The (obsolete) product page for 83220A says " ... expands the capabilities > of the Agilent 8922 family to comprehensively test DCS 1800 and PCS 1900 > equipment..." > > So do I understand that by itself, the unit handles 900 and 850, and the > add-on gives it 1800 and 1900 ? Sounds like it - good! What kind of tests would you like to do? Depending on what you want to do, a different tester may be even better. //Peter From spaar at mirider.augusta.de Mon Oct 8 08:41:38 2012 From: spaar at mirider.augusta.de (Dieter Spaar) Date: Mon, 08 Oct 2012 08:41:38 CEST Subject: GSM test sets (HP 8922M, for instance..) Message-ID: <507291c2.mirider@mirider.augusta.de> Hello John, On Mon, 8 Oct 2012 05:59:07 +0000 (UTC), "John Case" wrote: > > So do I understand that by itself, the unit handles 900 and 850, and the > add-on gives it 1800 and 1900 ? The HP8922M can't simulate a GSM-850 network, only GSM-900 (E-GSM is also possible). The optional extension unit adds GSM-1800 and GSM-1900. However it is possible to generate various GSM test signals on the whole frequency range the HP8922M supports (10 MHz to 1000 MHz for the HP8922M alone) which includes GSM-850. This is uselful for Layer-1 development like it was done for OsmocomBB. And as hint: look for a HP8922M which has the optional spectrum analyzer built in, it can be very usefull sometimes. Best regards, Dieter -- Dieter Spaar, Germany spaar at mirider.augusta.de From case at SDF.ORG Mon Oct 8 06:54:06 2012 From: case at SDF.ORG (John Case) Date: Mon, 8 Oct 2012 06:54:06 +0000 (UTC) Subject: GSM test sets (HP 8922M, for instance..) In-Reply-To: <507291c2.mirider@mirider.augusta.de> References: <507291c2.mirider@mirider.augusta.de> Message-ID: On Mon, 8 Oct 2012, Dieter Spaar wrote: >> So do I understand that by itself, the unit handles 900 and 850, and the >> add-on gives it 1800 and 1900 ? > > The HP8922M can't simulate a GSM-850 network, only GSM-900 (E-GSM is > also possible). The optional extension unit adds GSM-1800 and GSM-1900. > > However it is possible to generate various GSM test signals on the > whole frequency range the HP8922M supports (10 MHz to 1000 MHz for > the HP8922M alone) which includes GSM-850. This is uselful for > Layer-1 development like it was done for OsmocomBB. > > And as hint: look for a HP8922M which has the optional spectrum analyzer > built in, it can be very usefull sometimes. What about the HP8922P ? Does that also have the spectrum analyzer built in ? Thanks. From spaar at mirider.augusta.de Mon Oct 8 09:06:46 2012 From: spaar at mirider.augusta.de (Dieter Spaar) Date: Mon, 08 Oct 2012 09:06:46 CEST Subject: GSM test sets (HP 8922M, for instance..) Message-ID: <507297a6.mirider@mirider.augusta.de> On Mon, 8 Oct 2012 06:54:06 +0000 (UTC), "John Case" wrote: > > What about the HP8922P ? Does that also have the spectrum analyzer built > in ? I don't know the various variants of the HP8922. But the sepctrum analyzer is an optional hardware in the unit, it is called "Option 006" for the HP8922M (on my units the option is printed on the serial number label on the back). Best regards, DIeter -- Dieter Spaar, Germany spaar at mirider.augusta.de From avwiseav at gmail.com Fri Oct 12 09:00:57 2012 From: avwiseav at gmail.com (bob) Date: Fri, 12 Oct 2012 02:00:57 -0700 (PDT) Subject: the sync of multiple ccch_scan in burst_ind branch Message-ID: <1350032457099-4025392.post@n3.nabble.com> Hello List I am studying to start multiple ccch_scan simultaneously,but I meet some problem. I do as following: 1.I have two C118, caonnect them to the same computer 2.dump the sniffer rom ./osmocon -p /dev/ttyUSB0 -s /tmp/osmocom_l2_0 -m c123xor ./sniffer.bin ./osmocon -p /dev/ttyUSB1 -s /tmp/osmocom_l2_1 -m c123xor ./sniffer.bin 3.start the ccch_scan of burst_ind ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 but there is always one ccch_scan give the following output after some time. <0001> app_ccch_scan.c:296 GSM48 IMM ASS (ra=0x99, chan_nr=0x40, HSN=47, MAIO=4, TS=0, SS=0, TSC=2) Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI Unknown SI I think it is an syn problem, maybe caused by the usb bus. does anyone have the idea? thanks! -- View this message in context: http://baseband-devel.722152.n3.nabble.com/the-sync-of-multiple-ccch-scan-in-burst-ind-branch-tp4025392.html Sent from the baseband-devel mailing list archive at Nabble.com. From peter at stuge.se Fri Oct 12 17:51:16 2012 From: peter at stuge.se (Peter Stuge) Date: Fri, 12 Oct 2012 19:51:16 +0200 Subject: the sync of multiple ccch_scan in burst_ind branch In-Reply-To: <1350032457099-4025392.post@n3.nabble.com> References: <1350032457099-4025392.post@n3.nabble.com> Message-ID: <20121012175116.22321.qmail@stuge.se> bob wrote: > Hello List > I am studying to start multiple ccch_scan simultaneously,but I meet some > problem. > I do as following: > 1.I have two C118, caonnect them to the same computer > 2.dump the sniffer rom > ./osmocon -p /dev/ttyUSB0 -s /tmp/osmocom_l2_0 -m c123xor ./sniffer.bin > ./osmocon -p /dev/ttyUSB1 -s /tmp/osmocom_l2_1 -m c123xor ./sniffer.bin > 3.start the ccch_scan of burst_ind > ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 > ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 Why are they using the same socket? //Peter From avwiseav at gmail.com Sat Oct 13 01:42:59 2012 From: avwiseav at gmail.com (bob) Date: Fri, 12 Oct 2012 18:42:59 -0700 (PDT) Subject: the sync of multiple ccch_scan in burst_ind branch In-Reply-To: <20121012175116.22321.qmail@stuge.se> References: <1350032457099-4025392.post@n3.nabble.com> <20121012175116.22321.qmail@stuge.se> Message-ID: <1350092579985-4025394.post@n3.nabble.com> I am sorry.it is a a slip of the pen. ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 I actually use ./ccch_scan -s /tmp/osmocom_l2_0 -a *** -i 127.0.0.1 ./ccch_scan -s /tmp/osmocom_l2_1 -a *** -i 127.0.0.1 but still get the above problem! -- View this message in context: http://baseband-devel.722152.n3.nabble.com/the-sync-of-multiple-ccch-scan-in-burst-ind-branch-tp4025392p4025394.html Sent from the baseband-devel mailing list archive at Nabble.com. From whitequark at whitequark.org Wed Oct 17 05:50:58 2012 From: whitequark at whitequark.org (Peter Zotov) Date: Wed, 17 Oct 2012 09:50:58 +0400 Subject: SIM900D Message-ID: <5f6a32aa60e5ea53d27199b1f26bb828@whitequark.org> Hello folks. I have this GSM module called SIM900D. It has several interesting capabilites. 1. It has builtin commands AT+SIMEI (guess what it does) and AT*CELLLOCK (ARFCN lock). 2. It, as far as I know, does not check firmware signature. 3. It has an API (called "Embedded AT") which can be called from the customer's module running on the same CPU (ARM926EJS). 4. Non-stripped firmware ELFs are available, together with the descriptions of public API. Here is a (Russian) page with all of the relevant datasheets collected. Datasheets are in English. http://www.mt-system.ru/catalog/dokumentacija-na-gsm-modemy-simcom See also: http://www.geekonfire.com/wiki/index.php?title=GPRS_Shield%EF%BC%88SIM900%EF%BC%89_Firmware_Update ftp://ftp.macrogroup.ru/Support/SimCom/Firmware/Sim900/Sim900D -- WBR, Peter Zotov. From Max.Suraev at fairwaves.ru Wed Oct 17 18:21:59 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Wed, 17 Oct 2012 20:21:59 +0200 Subject: modulo and frame number in mframe_sched.c Message-ID: <507EF747.805@fairwaves.ru> Hi. In "struct mframe_sched_item" in target/firmware/layer1/mframe_sched.c both 'modulo' and 'frame_nr' defined as uint16_t. This seems like big space waste considering tight memory environment we're working in. On irc it was suggested that the reason for this is either data alignment or safety concerns. Does structure alignment matters in this case? If so - how exactly? Is it possible for 'modulo' to be bigger than 255? Is it possible for 'frame_nr' to be bigger than 255? -- best regards, Max, http://fairwaves.ru From laforge at gnumonks.org Thu Oct 18 10:15:28 2012 From: laforge at gnumonks.org (Harald Welte) Date: Thu, 18 Oct 2012 12:15:28 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: <507EF747.805@fairwaves.ru> References: <507EF747.805@fairwaves.ru> Message-ID: <20121018101528.GB18868@prithivi.gnumonks.org> Hi Max, On Wed, Oct 17, 2012 at 08:21:59PM +0200, ? wrote: > In "struct mframe_sched_item" in target/firmware/layer1/mframe_sched.c > both 'modulo' and 'frame_nr' defined as uint16_t. This seems like big > space waste considering tight memory environment we're working in. On ARM, it doesn't matter. even if you made those fields uint8_t in the struct mframe_sched_item, they would still be aligned to 32bit boundaries. So you wouldn't change the memory layout at all based on your change. If you really wanted to save memory, then you would have to make the struct packed. This in turn would mean that accesses to the structure members would be unaligned accesses, around which the compiler has to work around by bit-shifting. So you save some memory at the expense of increasing code size (and execution time). Given that the CPU speed is more limited than RAM, I think the current approach makes sense. > Does structure alignment matters in this case? If so - how exactly? see above. > Is it possible for 'modulo' to be bigger than 255? I don't think so, at least not for standard GSM operation. > Is it possible for 'frame_nr' to be bigger than 255? frame_nr can never be bigger than 'modulo'. -- - Harald Welte http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6) From Max.Suraev at fairwaves.ru Thu Oct 18 11:48:15 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Thu, 18 Oct 2012 13:48:15 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: <20121018101528.GB18868@prithivi.gnumonks.org> References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> Message-ID: <507FEC7F.6050203@fairwaves.ru> 18.10.2012 12:15, Harald Welte ?????: > On ARM, it doesn't matter. even if you made those fields uint8_t > in the struct mframe_sched_item, they would still be aligned to 32bit > boundaries. So you wouldn't change the memory layout at all based on > your change. That's odd - after I've changed it to uint8_t the "board/compal_e88/rssi.compalram.elf section `.data' will not fit in region `LRAM'" error is gone. I'm no expert in compiler internals but I think that indicates the change in memory layout. Could you please comment? > Given that the CPU speed is more limited than RAM, I think the current > approach makes sense. > I agree. >> Is it possible for 'modulo' to be bigger than 255? > > I don't think so, at least not for standard GSM operation. > As Sylvain explained on irc having modulo and frame number bigger than 256 might be useful for experimentation with packets which are spread across several frames - to represent them as huge 'fake' multiframe. At least that's how I've understood it. He's surely doing some creepy magic with GSM :-) -- best regards, Max, http://fairwaves.ru From holger at freyther.de Fri Oct 19 07:42:41 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Fri, 19 Oct 2012 09:42:41 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: <507FEC7F.6050203@fairwaves.ru> References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> <507FEC7F.6050203@fairwaves.ru> Message-ID: <20121019074241.GG14524@xiaoyu.lan> On Thu, Oct 18, 2012 at 01:48:15PM +0200, ? wrote: > 18.10.2012 12:15, Harald Welte ?????: > > > Could you please comment? You want to install a utility called pahole and then inspect the .o files that use the multiframe scheduler. The pahole output looks like this: struct gsm_time { uint32_t fn; /* 0 4 */ uint16_t t1; /* 4 2 */ uint8_t t2; /* 6 1 */ uint8_t t3; /* 7 1 */ uint8_t tc; /* 8 1 */ /* size: 12, cachelines: 1, members: 5 */ /* padding: 3 */ /* last cacheline: 12 bytes */ }; From 246tnt at gmail.com Fri Oct 19 07:57:01 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Fri, 19 Oct 2012 09:57:01 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: <20121019074241.GG14524@xiaoyu.lan> References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> <507FEC7F.6050203@fairwaves.ru> <20121019074241.GG14524@xiaoyu.lan> Message-ID: He's talking about this structure : struct mframe_sched_item { const struct tdma_sched_item *sched_set; uint16_t modulo; uint16_t frame_nr; uint16_t flags; }; Which currently is most likely 12 bytes long and if you make modulo and frame_nr to 8 bits, it becomes 8 bytes long and shouldn't generate any unaligned access. However I don't see the gain of space as really that much of an advantage vs the potential time lost looking for bugs when playing with non-standard multiframes. The fact that we are currently almost full memory is just because we still use the compal loader. We should just deprecate that and oompletely and only compile the chain loader and loader with that constrained memory layout. Cheers, Sylvain From Max.Suraev at fairwaves.ru Fri Oct 19 08:29:24 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Fri, 19 Oct 2012 10:29:24 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> <507FEC7F.6050203@fairwaves.ru> <20121019074241.GG14524@xiaoyu.lan> Message-ID: <50810F64.3030907@fairwaves.ru> 19.10.2012 09:57, Sylvain Munaut ?????: > He's talking about this structure : > > struct mframe_sched_item { > const struct tdma_sched_item *sched_set; > uint16_t modulo; > uint16_t frame_nr; > uint16_t flags; > }; > Yes, exactly. Pardon for being unclear. > > However I don't see the gain of space as really that much of an > advantage vs the potential time lost looking for bugs when playing > with non-standard multiframes. > I agree. Btw, is this non-standard multiframes experimentation available in some public repo? Would love to have a look at the code. > The fact that we are currently almost full memory is just because we > still use the compal loader. We should just deprecate that and > oompletely and only compile the chain loader and loader with that > constrained memory layout. > Indeed - I've got error about rssi.compalram.elf file which is too big to be used without chainloading anyway. Maybe we can make this configurable via something like ./configure --enable-compalram-rssi ./configure --enable-chainload-rssi etc. -- best regards, Max, http://fairwaves.ru From holger at freyther.de Fri Oct 19 09:41:22 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Fri, 19 Oct 2012 11:41:22 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> <507FEC7F.6050203@fairwaves.ru> <20121019074241.GG14524@xiaoyu.lan> Message-ID: <20121019094122.GH14524@xiaoyu.lan> On Fri, Oct 19, 2012 at 09:57:01AM +0200, Sylvain Munaut wrote: > He's talking about this structure : Sure, I just wanted to provide any output of pahole so he knows what kind of output to expect. :) From Max.Suraev at fairwaves.ru Fri Oct 19 08:22:16 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Fri, 19 Oct 2012 10:22:16 +0200 Subject: modulo and frame number in mframe_sched.c In-Reply-To: <20121019074241.GG14524@xiaoyu.lan> References: <507EF747.805@fairwaves.ru> <20121018101528.GB18868@prithivi.gnumonks.org> <507FEC7F.6050203@fairwaves.ru> <20121019074241.GG14524@xiaoyu.lan> Message-ID: <50810DB8.2000609@fairwaves.ru> 19.10.2012 09:42, Holger Hans Peter Freyther ?????: > > You want to install a utility called pahole and then inspect the .o files > that use the multiframe scheduler. > Awesome utility, thanks! Just in case somebody would google it - in ubuntu you can obtain it via: sudo aptitude install dwarves -- best regards, Max, http://fairwaves.ru From mailman at lists.osmocom.org Thu Oct 18 11:25:42 2012 From: mailman at lists.osmocom.org (mailman at lists.osmocom.org) Date: Thu, 18 Oct 2012 13:25:42 +0200 Subject: Bounce action notification Message-ID: This is a Mailman mailing list bounce action notice: List: baseband-devel Member: tianxing at timelink.com.hk Action: Subscription disabled. Reason: Excessive or fatal bounces. The triggering bounce notice is attached below. Questions? Contact the Mailman site administrator at mailman at lists.osmocom.org. -------------- next part -------------- An embedded message was scrubbed... From: Mail Delivery System Subject: Mail delivery failed: returning message to sender Date: Thu, 18 Oct 2012 13:15:34 +0200 Size: 4328 URL: From alexander.chemeris at gmail.com Fri Oct 19 13:27:47 2012 From: alexander.chemeris at gmail.com (Alexander Chemeris) Date: Fri, 19 Oct 2012 17:27:47 +0400 Subject: Fwd: Open-source telecom T-shirts In-Reply-To: References: Message-ID: Sorry to those who receive this message twice. I hope Osmocom community finds this small effort interesting as well. ---------- Forwarded message ---------- From: Alexander Chemeris Date: Fri, Oct 19, 2012 at 5:15 PM Subject: Open-source telecom T-shirts To: umtrx , openbts-discuss at lists.sourceforge.net Hi all, We're thinking about making T-shirts with open-source telecom. I've posted a call for ideas in my OpenBTS blog - please contribute. Telecom needs more openness and you could help us promote this! http://openbts.chemeris.ru/2012/10/reklama-open-source-telecom/ We plan to give them for free to the first 10-20 UmTRX buyers. Then you'll be able to buy them from our web-shop or from one of our friends and distributors. If you proposal gets printed, you'll get a free T-shirt as well. PS If you know a good online T-shirt printing service in US or Europe - drop me a line. I've never done this in US/Europe before. -- Regards, Alexander Chemeris. CEO, Fairwaves LLC / ??? ??????? http://fairwaves.ru -- Regards, Alexander Chemeris. CEO, Fairwaves LLC / ??? ??????? http://fairwaves.ru From xuewenyao at hotmail.com Sat Oct 20 13:44:30 2012 From: xuewenyao at hotmail.com (xuewenyao) Date: Sat, 20 Oct 2012 21:44:30 +0800 Subject: =?gb2312?B?SGVscCBwbGVhc2WjoX4gdHJhY2Vsb2cgb2YgZGlmZmVyZW50IHBybw==?= =?gb2312?B?dmlkZXJzIG5lZWRlZA==?= Message-ID: Hi all, I try to study the GSM core network setups of different providers. Therefore, tracelog of gsm providers from different countries is needed. I?m seeking your help for sending me some tracelog with two actions: making a phone call (MO) and sending a sms (MO). It should take no more than 2,3 minintes. Please tell me the provider and the country when you are sending me the tracelog. Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From holger at freyther.de Sun Oct 21 08:32:47 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Sun, 21 Oct 2012 10:32:47 +0200 Subject: Help =?utf-8?B?cGxlYXNl77yB?= =?utf-8?Q?~?= tracelog of different providers needed In-Reply-To: References: Message-ID: <20121021083247.GC28586@xiaoyu.lan> On Sat, Oct 20, 2012 at 09:44:30PM +0800, xuewenyao wrote: > Hi all, > > I try to study the GSM core network setups of different providers. Therefore, tracelog of gsm providers from different countries is needed. I?m seeking your help for sending me some tracelog with two actions: making a phone call (MO) and sending a sms (MO). It should take no more than 2,3 minintes. Please tell me the provider and the country when you are sending me the tracelog. Hi, under which license do you plan to release your results? How do you intend to use the traces provided to you? holger From holger at freyther.de Sun Oct 21 11:49:33 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Sun, 21 Oct 2012 13:49:33 +0200 Subject: Help =?utf-8?B?cGxlYXNl77yB?= =?utf-8?Q?~?= tracelog of?different providers needed In-Reply-To: References: <20121021083247.GC28586@xiaoyu.lan> Message-ID: <20121021114933.GC429@xiaoyu.lan> On Sun, Oct 21, 2012 at 05:18:06PM +0800, xuewenyao wrote: > hi, > > it will be part of my thesis. if you are interested, i will of course upload it when it's finished This only answers one question. What is the license? How will you reward people that help you? How does this benefit the osmocomBB project? What is the name of your thesis? Where are you enrolled? Who is your advisor? holger From holger at freyther.de Sun Oct 21 13:09:06 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Sun, 21 Oct 2012 15:09:06 +0200 Subject: Help =?utf-8?B?cGxlYXNl77yB?= =?utf-8?Q?~?= tracelog?of?different providers needed In-Reply-To: References: <20121021083247.GC28586@xiaoyu.lan> <20121021114933.GC429@xiaoyu.lan> Message-ID: <20121021130906.GA2466@xiaoyu.lan> On Sun, Oct 21, 2012 at 08:35:42PM +0800, xuewenyao wrote: Hi, well this is a community and it works by everyone giving a little and the track record of academics is heavily on the taking side. And your request sounds like another 'academic' that wants to take without providing any benefit to the project and as you notice I am not very happy with that. > i'm not sure what you mean by license. the result won't be a software, so gpl is not suitable. i think all thesis are open to public. Well, your thesis can have a copyright as well (you could even decide to not publish it at all). You can also decide to publish the raw data you collect on the way. Given the fact that you didn't consider this means that you are more on the take side. > i'm a student in bremen. i just thought it will help me to gain some extra points. but i guess it's not a good idea to do so. From peter at stuge.se Sun Oct 21 15:51:55 2012 From: peter at stuge.se (Peter Stuge) Date: Sun, 21 Oct 2012 17:51:55 +0200 Subject: Help =?utf-8?B?cGxlYXNl77yB?= =?utf-8?Q?~?= tracelog?of?different providers needed In-Reply-To: <20121021130906.GA2466@xiaoyu.lan> References: <20121021083247.GC28586@xiaoyu.lan> <20121021114933.GC429@xiaoyu.lan> <20121021130906.GA2466@xiaoyu.lan> Message-ID: <20121021155155.6173.qmail@stuge.se> xuewenyao, please make sure to always reply to the mailing list. > > i'm a student in bremen. i just thought it will help me to gain > > some extra points. What will help you make a better thesis is to experiment yourself. As Holger mentions a lot of work has already been invested in the OsmocomBB project by many different people, and like with all open source software you are allowed to use all that work according to the conditions in the software license. > > but i guess it's not a good idea to do so. It's not a good idea to ask someone else to provide data for your thesis. It is an excellent idea to use OsmocomBB yourself to collect some data for your thesis. In the process of doing so, you will of course start by studying all existing documentation and reading archived correspondence on this mailing list, to immerse yourself in the project and learn how to use it. You'll have to do it yourself. Otherwise it isn't really your thesis. Already while you are still learning about OsmocomBB you are immediately able to contribute things to the community that provides the tools that you are using. You can help teach others through documentation and traning, without doing any programming. The way it works is that you analyze the existing tools and the existing material, learn the tools that you need to use (e.g. wiki syntax, or git for version controlled documentation) and then you submit improvements to any part of the project. You may be able to receive feedback on your improvements from more experienced project participants, and you should iterate until your work is ready to be included in the project. The more you contribute to the project, the more you will find that others want to help you with your personal efforts. Welcome to open source! //Peter From holger at freyther.de Sun Oct 21 17:05:00 2012 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Sun, 21 Oct 2012 19:05:00 +0200 Subject: Help =?utf-8?B?cGxlYXNl77yBfj90cmFj?= =?utf-8?Q?elog=3Fof=3Fdifferent?= providers needed In-Reply-To: References: <20121021083247.GC28586@xiaoyu.lan> <20121021114933.GC429@xiaoyu.lan> <20121021130906.GA2466@xiaoyu.lan> Message-ID: <20121021170500.GC16685@xiaoyu.lan> On Sun, Oct 21, 2012 at 10:02:40PM +0800, xuewenyao wrote: > hi, Hi again, > i didn't realize the difference, not because i'm on the take side, but because i never thought about holding the data as my own asset. it should not be that complicated. My point is, if you ask people to do things for you you need to give them a reason of why they should help you. E.g. if you have a survey you might say that a randomly selected participant will win a 25 Euro voucher from Amazon. Now I don't ask you to buy things from Anazon but to think about why people should help you. One of the reason (non monetary) is to create a "database" that will be available to the community. A good example is the "terminal-profile"[1] initiative started by Kevin. He created a script (forkable) to query the terminal profile, there are clear instructions how to use it and it automatically uploads the data to a database. The database is publicly accessible and the whole content can be downloaded. Do you notice the difference? With Kevin's approach the whole community will benefit, with your request only you will benefit. > > i'm newbie here, but i do try to contribut if i can, and will continune to do so. it is not fare to judge me like that! Well, time will tell and I am happy to correct myself in case you make any contribution (detailed bug report, work in the wiki, bug fixes in the source). cheers holger [1] https://terminal-profile.osmocom.org/ From g.roelant at telenet.be Sat Oct 20 18:58:54 2012 From: g.roelant at telenet.be (g.roelant at telenet.be) Date: Sat, 20 Oct 2012 20:58:54 +0200 (CEST) Subject: failed to read sim card In-Reply-To: <3329a0ec-2397-45aa-ac0f-bca281276998@chipo.telenet-ops.be> Message-ID: Hi, i'm trying to use osmocom-bb to send sms and make phone call with real sim of provider. i succeeded once in recognizing my pay-and-go sim card. but now i'm not lucky anymore here is wat is on screen: <000f> sim.c:1223 init SIM client <0006> gsm48_cc.c:63 init Call Control <0007> gsm480_ss.c:231 init SS <0017> gsm411_sms.c:63 init SMS <0001> gsm48_rr.c:5479 init Radio Ressource process <0005> gsm48_mm.c:1315 init Mobility Management process <0005> gsm48_mm.c:1037 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:5025 init PLMN process <0003> gsm322.c:5026 init Cell Selection process <0003> gsm322.c:5083 Read stored BA list (mcc=0ce mnc=001 0ce, 001) <0003> gsm322.c:5083 Read stored BA list (mcc=0ce mnc=014 0ce, 014) <0003> gsm322.c:5083 Read stored BA list (mcc=0ce mnc=0x00a 0ce, 0x00a) Mobile '1' initialized, please start phone now! VTY available on port 4247. <0005> subscriber.c:601 Requesting SIM file 0x2fe2 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x00 sw2=0x00) <000f> sim.c:952 command failed <000f> sim.c:151 sending result to callback function (type=1) <0005> subscriber.c:657 SIM reading failed <0005> gsm48_mm.c:4379 (ms 1) Received 'MMR_NREG_REQ' event <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_IMSI_DETACH' event in state MM IDLE, PLMN search <0005> gsm48_mm.c:1839 IMSI has been detached. <0005> gsm48_mm.c:1088 Not camping, wait for CS process to camp, it sends us CELL_SELECTED then. <0002> gsm322.c:3917 (ms 1) Event 'EVENT_SIM_REMOVE' for manual PLMN selection in state 'M0 null' <000e> gsm322.c:1614 SIM is removed <0002> gsm322.c:1615 Switch on without SIM. <0002> gsm322.c:814 new state 'M0 null' -> 'M5 no SIM inserted' <0003> gsm322.c:4037 (ms 1) Event 'EVENT_SIM_REMOVE' for Cell selection in state 'C0 null' <0003> gsm322.c:823 new state 'C0 null' -> 'C6 any cell selection' can anyone help? -------------- next part -------------- An HTML attachment was scrubbed... URL: From edachleger at yahoo.com Sun Oct 21 14:54:21 2012 From: edachleger at yahoo.com (Erich Dachleger) Date: Sun, 21 Oct 2012 15:54:21 +0100 (BST) Subject: proof of concept bts Message-ID: <1350831261.43057.YahooMailNeo@web133204.mail.ir2.yahoo.com> Hi list, ? Regarding the interesting video from Russia(Positive hacking days 2012) where Sylvain demonstrates av proof of concept bts, is it a dsp patch of the osmocombb firmware?before one uploads to the c123 phones that one has to? do? The tasks then are modified in this patch or also elsewhere? And then one removes and replaces a tranceiver-code in openbts sourcecode?? ? [I have?tried the tacooper version of osmo-bts but that that code-approach?is for the sysmo-bts, althoug the osmocombb phone proof of concept bts is mentioned in the tacooper thesis online] ? ? Regards Erich -------------- next part -------------- An HTML attachment was scrubbed... URL: From 246tnt at gmail.com Mon Oct 22 09:46:17 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Mon, 22 Oct 2012 11:46:17 +0200 Subject: proof of concept bts In-Reply-To: <1350831261.43057.YahooMailNeo@web133204.mail.ir2.yahoo.com> References: <1350831261.43057.YahooMailNeo@web133204.mail.ir2.yahoo.com> Message-ID: Hi, > Regarding the interesting video from Russia(Positive hacking days 2012) > where Sylvain demonstrates av proof of concept bts, is it a dsp patch > of the osmocombb firmware before one uploads to the c123 phones that one has > to do? The tasks then are modified in this patch or also elsewhere? > And then one removes and replaces a tranceiver-code in openbts sourcecode? The demo consists of : - A new DSP patch - A new ARM firmware for the phone - A complete replacement tranceiver app for OpenBTS You won't find any of theses anywhere yet, so you can stop looking for now. But hopefully you should get some news at 29c3 :p > [I have tried the tacooper version of osmo-bts but that that code-approach > is for the sysmo-bts, althoug the osmocombb phone proof of concept bts is > mentioned in the tacooper thesis online] The osmo-bts code is now geared towards sysmobts hardware, hopefully it should be used in the final version but for now it was easier to reuse openbts as-is. Cheers, Sylvain From akibsayyed at gmail.com Wed Oct 24 10:28:57 2012 From: akibsayyed at gmail.com (Akib Sayyed) Date: Wed, 24 Oct 2012 13:28:57 +0300 Subject: Need NanoBTS Message-ID: Is there anyone who is selling Nano BTS of Ip Access please let me know. -- Akib Sayyed Matrix-Shell akibsayyed at gmail.com akibsayyed at matrixshell.com Mob:- +91-966-514-2243 -------------- next part -------------- An HTML attachment was scrubbed... URL: From philip.peter at gmx.de Wed Oct 24 13:32:12 2012 From: philip.peter at gmx.de (Philip Peter) Date: Wed, 24 Oct 2012 15:32:12 +0200 Subject: Is airprobe still being developed? Message-ID: <5087EDDC.9040209@gmx.de> The last changes in the airprobe svn seem to be 17 months ago. I was wondering whether airprobe is assumed to be stable, without need for further development, has been superseded by a different toolkit or if it has been abandonded. From 246tnt at gmail.com Wed Oct 24 13:39:02 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Wed, 24 Oct 2012 15:39:02 +0200 Subject: Is airprobe still being developed? In-Reply-To: <5087EDDC.9040209@gmx.de> References: <5087EDDC.9040209@gmx.de> Message-ID: On Wed, Oct 24, 2012 at 3:32 PM, Philip Peter wrote: > The last changes in the airprobe svn seem to be 17 months ago. I was > wondering whether airprobe is assumed to be stable, without need for > further development, has been superseded by a different toolkit or if it > has been abandonded. pretty much abandonded Cheers, Sylvain From philip.peter at gmx.de Wed Oct 24 14:09:23 2012 From: philip.peter at gmx.de (Philip Peter) Date: Wed, 24 Oct 2012 16:09:23 +0200 Subject: Is airprobe still being developed? In-Reply-To: References: <5087EDDC.9040209@gmx.de> Message-ID: <5087F693.1020004@gmx.de> Am 24.10.2012 15:39, schrieb Sylvain Munaut: > On Wed, Oct 24, 2012 at 3:32 PM, Philip Peter wrote: >> The last changes in the airprobe svn seem to be 17 months ago. I was >> wondering whether airprobe is assumed to be stable, without need for >> further development, has been superseded by a different toolkit or if it >> has been abandonded. > pretty much abandonded > Has any replacement emerged? I want to do some security analysis, especially on the paging requests and the "random access" and "access grant" channels. I would now start working on implementing uplink sniffing into airprobe, but if there are more current alternatives, that would be welcome. Bye, Philip From 246tnt at gmail.com Wed Oct 24 14:18:28 2012 From: 246tnt at gmail.com (Sylvain Munaut) Date: Wed, 24 Oct 2012 16:18:28 +0200 Subject: Is airprobe still being developed? In-Reply-To: <5087F693.1020004@gmx.de> References: <5087EDDC.9040209@gmx.de> <5087F693.1020004@gmx.de> Message-ID: Hi, >> pretty much abandonded >> > Has any replacement emerged? Not that I know of ... it's been on my TODO list for ... so long ... Everyone I know uses C123 for GSM sniffing, just easier and the demo algo works so much better than airprobe's ... Cheers, Sylvain From Max.Suraev at fairwaves.ru Sat Oct 27 14:28:42 2012 From: Max.Suraev at fairwaves.ru (=?UTF-8?B?4piO?=) Date: Sat, 27 Oct 2012 16:28:42 +0200 Subject: [PATCH] Print decimal MCC and MNC unless format is incorrect. Message-ID: <508BEF9A.6000309@fairwaves.ru> Hello. Right now MCC and MNC value in ./mobile app are printed as hex but without 0x - this is confusing and inconsistent. Attached patch fix that although I'm still puzzled why value printed by "show subscriber 1" looks like hex representation - see example below (with patch applied). Note that 0x385 == 901 and 0x046 == 70 I suspect misuse of gsm48_decode_lai()\gsm48_encode_lai() but unable to pinpoint location yet. show subscriber 1 Mobile Subscriber of MS '1': IMSI: 901701282457741 ICCID: 8901901702282374810 Service Provider Name: Magic SMS Service Center Address: 0015555 Status: U1_UPDATED IMSI detached LAI: MCC 385 MNC 046 LAC 0x03e8 (385, 046) Key: sequence 0 31 64 7e 4c e1 dc 48 00 Registered PLMN: MCC 385 MNC 046 (385, 046) Access barred cells: no Access classes: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 C15 List of preferred PLMNs: MCC |MNC -------+------- 901 |070 (901, 070) List of forbidden PLMNs: MCC |MNC |cause -------+-------+------- 106 |003 |#255 (106, 003) 106 |007 |#255 (106, 007) -- best regards, Max, http://fairwaves.ru From Max.Suraev at fairwaves.ru Sat Oct 27 14:17:46 2012 From: Max.Suraev at fairwaves.ru (Max) Date: Sat, 27 Oct 2012 16:17:46 +0200 Subject: [PATCH 1/1] Print decimal MCC and MNC unless format is incorrect. Message-ID: --- src/host/layer23/src/common/networks.c | 6 +++--- src/host/layer23/src/mobile/subscriber.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/host/layer23/src/common/networks.c b/src/host/layer23/src/common/networks.c index 40b70a1..ad2caa6 100644 --- a/src/host/layer23/src/common/networks.c +++ b/src/host/layer23/src/common/networks.c @@ -1824,7 +1824,7 @@ const char *gsm_print_mcc(uint16_t mcc) { static char string[5] = "000"; - snprintf(string, 4, "%03x", mcc); + snprintf(string, 4, "%03d", mcc); return string; } @@ -1843,12 +1843,12 @@ const char *gsm_print_mnc(uint16_t mnc) /* two digits */ if ((mnc & 0x000f) == 0x000f) { - snprintf(string, 6, "%02x", mnc >> 4); + snprintf(string, 6, "%02d", mnc >> 4); return string; } /* three digits */ - snprintf(string, 6, "%03x", mnc); + snprintf(string, 6, "%03d", mnc); return string; } diff --git a/src/host/layer23/src/mobile/subscriber.c b/src/host/layer23/src/mobile/subscriber.c index 8ebb173..2438637 100644 --- a/src/host/layer23/src/mobile/subscriber.c +++ b/src/host/layer23/src/mobile/subscriber.c @@ -256,7 +256,7 @@ static int subscr_sim_imsi(struct osmocom_ms *ms, uint8_t *data, /* decode IMSI, skip first digit (parity) */ imsi = sim_decode_bcd(data + 1, length); if (strlen(imsi) - 1 > GSM_IMSI_LENGTH - 1 || strlen(imsi) - 1 < 6) { - LOGP(DMM, LOGL_NOTICE, "IMSI invalid length = %d\n", + LOGP(DMM, LOGL_NOTICE, "IMSI invalid length = %zu\n", strlen(imsi) - 1); return -EINVAL; } -- 1.7.10.4 --------------010606030203030402080109-- From andreas at eversberg.eu Tue Oct 30 09:34:54 2012 From: andreas at eversberg.eu (jolly) Date: Tue, 30 Oct 2012 10:34:54 +0100 Subject: [PATCH] Print decimal MCC and MNC unless format is incorrect. In-Reply-To: <508BEF9A.6000309@fairwaves.ru> References: <508BEF9A.6000309@fairwaves.ru> Message-ID: <508F9F3E.30903@eversberg.eu> ? wrote: > Hello. > > Right now MCC and MNC value in ./mobile app are printed as hex but without 0x - this > is confusing and inconsistent. > > Attached patch fix that although I'm still puzzled why value printed by "show > subscriber 1" looks like hex representation - see example below (with patch applied). > > Note that 0x385 == 901 and 0x046 == 70 > > I suspect misuse of gsm48_decode_lai()\gsm48_encode_lai() but unable to pinpoint > location yet. > hi max, you are right, the problem is not the print function, it is the decoding function. it has changed this summer at libosmocore. (commit a9250b9e) i just commited a fix for that to master branch. we must use hexadecimal decoding, because a network code of 70 is not equal a network code of 070. best regards, andreas From st1999 at gmx.de Tue Oct 30 00:05:42 2012 From: st1999 at gmx.de (Stefan Richter) Date: Tue, 30 Oct 2012 01:05:42 +0100 Subject: No subject Message-ID: <20121030000542.66640@gmx.net> http://toshimaya-ds.com/wp-content/plugins/lifenews.php?mighty208.png