From devinechristophe at gmail.com Mon May 19 11:59:23 2014 From: devinechristophe at gmail.com (Christophe Devine) Date: Mon, 19 May 2014 13:59:23 +0200 Subject: c139/c140 jtag anyone? In-Reply-To: <1380899330.47346.YahooMailNeo@web121004.mail.ne1.yahoo.com> References: <1380812233.84280.YahooMailNeo@web121001.mail.ne1.yahoo.com> <1380899330.47346.YahooMailNeo@web121004.mail.ne1.yahoo.com> Message-ID: Craig, I identified the pinout on the C139, it is somewhat different. On the right, you have now: TX|DLPWR|CTS|RX|GND; this is the modem UART +DLPWR. Irda and JTAG are removed. You can use DLPWR to automatically start the phone by forcing it low. Btw on the C115/C118, you can use nSRST to fully reset the board with a relay (to do so, you will need to modify a battery as I explained in an earlier post). The modem UART is not really necessary unless you plan on debugging the official firmware. On Fri, Oct 4, 2013 at 5:08 PM, Craig Comstock wrote: > I cracked open the shield on my C139 and didn't see the TPs I expected > from the schematic. I thought maybe the angle of the photo on osmocom hid > the TPs but it really didn't. > > I'll try my C115 instead since that is more clear and accessible. Flashing > hello_world on my C115 seemed to fail in a similar fashion as it does on my > C139 so maybe the same issue exists there. > > I was wrong too... it was TP16 not TP6, so I found TP16 but still haven't > located TP8 on the C139 schematic. > > -Craig > > > ------------------------------ > *From:* Craig Comstock > *To:* "baseband-devel at lists.osmocom.org" > > *Sent:* Thursday, October 3, 2013 9:57 AM > *Subject:* c139/c140 jtag anyone? > > I'm at the point w/ flashing firmware where I feel like I need to use a > debugger w/ JTAG. I figured I could probably use serial line logging > somehow but JTAG seems better and I should learn it anyway. > > Has anyone pried open the shield on a c139/c140 and tried attaching to the > JTAG test points that are just inside the shield next to the test points > which are accessible via the battery compartment? > > From what I can gather from the schematics: > TDI - TP8 > TCK - TP17 > TDO - TP16 > > TMS - TP18 > > Looking at the board from the battery compartment side with the top of the > phone pointing North/Up I see at least TP17 is near the right-hand bank of > test points visible from the battery compartment. From left-to-right there > I see something like: TP12, TP18?, TP16?, TP17 so it looks like I have two > of the TPs I need: 17 and 18. > > I can't seem to find TP6 or TP8 anywhere on the schematic. > > -Craig > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xdae3v3a at gmail.com Tue May 6 17:55:56 2014 From: xdae3v3a at gmail.com (E:V:A) Date: Tue, 6 May 2014 10:55:56 -0700 (PDT) Subject: Useful article on patching Nokia DCT4+ firmware In-Reply-To: References: Message-ID: <1399398956552-4026444.post@n3.nabble.com> Andrew Tipton wrote > Hi folks, > > Came across this article in the latest PoC||GTFO journal describing (part > of) the process for patching firmware on Nokia DCT4+ phones. The good > stuff is pages 22-29 of this file: > > http://openwall.info/wiki/_media/people/solar/pocorgtfo03.pdf > > Alas, this does not appear to permit patching the first 1MB of firmware, > so > may not be helpful for OsmocomBB. But perhaps someone with more time on > their hands can take this and run with it... > > > Cheers, > -Andrew That was indeed a very nice and entertaining find. Also the many links within that document should let you find both useful code and contacts. Furthermore, what is interesting is that it also provides a historical perspective of the xgold modems, which should be useful in paving the way to deeper studies in the more modern versions. -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Useful-article-on-patching-Nokia-DCT4-firmware-tp4026377p4026444.html Sent from the baseband-devel mailing list archive at Nabble.com. From msokolov at ivan.Harhan.ORG Thu May 8 20:54:45 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Thu, 8 May 2014 20:54:45 GMT Subject: Useful article on patching Nokia DCT4+ firmware Message-ID: <1405082054.AA10256@ivan.Harhan.ORG> "E:V:A" wrote: > That was indeed a very nice and entertaining find. Also the many links > within that document should let you find both useful code and > contacts. Furthermore, what is interesting is that it also provides > a historical perspective of the xgold modems, which should be useful in > paving the way to deeper studies in the more modern versions. Entertaining as it is, keep in mind that the fellow who did that hack and wrote the article about it got *paid* to make those Kosher phones for the religious customers in question. In the absence of such a paid arrangement, I don't really understand why someone would willingly waste her time trying to hack a "modern" phone, dealing with chips sans docs, tivoized bootloaders and firmware that only exists as binaries without source or even semi-src. The big question is: WHY would anyone willingly choose to suffer through that mess, when instead one can choose to use a phone based on the good old Calypso chipset, with full docs, full schematics for some models, and a published semi-src for TI's reference firmware version? Yes, Calypso is old. Ancient, to be more precise. But so what? It still works! If it ain't broke, don't fix it. Dismissing a perfectly working and usable solution merely because of its mature age is irrational. Yes, Calypso-based phones are no longer made, and every existing model that is still obtainable on ebay etc is crippled in one way or another. But so what? We can solve this problem by building our own Calypso- based "dumbphone", and making it exactly the way we like. Yes, Calypso chips themselves aren't made any more either. But what is the total number of people in the world who would want a "dumbphone" running their own free firmware? Is it greater or less than 100? If the number of people desiring such a phone is <= 100, I already have enough Calypso+etc chipsets for all 100 of us sitting in my desk drawer. If the number of interested persons is > 100, there should be more chips still available in the vast nation of China. Yes, the available surplus of Calypso/Iota/Rita chips won't last forever. But if there really are so many of us to exhaust that supply, then surely we could pay some Chinese chip fab to reverse-eng that old silicon and fab new verbatim clones in whatever quantity we need. I just posted an update to the other mailing list, showing where the free & usable Calypso dumbphone project currently stands and how it is progressing: http://lists.openmoko.org/pipermail/community/2014-May/069469.html VLR, SF From mailman-bounces at lists.osmocom.org Mon May 5 07:00:07 2014 From: mailman-bounces at lists.osmocom.org (mailman-bounces at lists.osmocom.org) Date: Mon, 05 May 2014 09:00:07 +0200 Subject: baseband-devel unsubscribe notification Message-ID: rodrigo at chupelupe.com.ar has been removed from baseband-devel. From ravisharan at iith.ac.in Thu May 8 05:58:47 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Thu, 8 May 2014 11:28:47 +0530 Subject: Error loading firmware onto Motorola C115. Message-ID: Hi, I am trying out osmocom-bb with the Motorla C115. I have compiled libosmocore as a shared library and osmocom successfully. Also, I have compiled a "arm-none'eabi" cross toolchain from scratch. I get the following error: $ osmocon -p /dev/ttyUSB0 -m c123 ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 00 00 .. got 4 bytes from modem, data looks like: 1b f6 02 00 .... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): file_size=25184, hdr_len=4, dnload_len=25191 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/25191) handle_write(): 4096 bytes (8192/25191) handle_write(): 4096 bytes (12288/25191) handle_write(): 4096 bytes (16384/25191) handle_write(): 4096 bytes (20480/25191) handle_write(): 4096 bytes (24576/25191) handle_write(): 615 bytes (25191/25191) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 45 E got 1 bytes from modem, data looks like: 53 S got 1 bytes from modem, data looks like: 16 . Received DOWNLOAD NACK from phone, something went wrong :( got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 Can the error be because of the toolchain ? Or can it be that my device is refusing connection with osmocon ? Thanks in advance. Ravi Sharan -------------- next part -------------- An HTML attachment was scrubbed... URL: From Daniel.Lehne at abv.bg Thu May 8 06:25:02 2014 From: Daniel.Lehne at abv.bg (Daniel Lehne) Date: Thu, 08 May 2014 09:25:02 +0300 Subject: Error loading firmware onto Motorola C115. In-Reply-To: References: Message-ID: <536B233E.7060004@abv.bg> On 8.5.2014 ?. 08:58 ?., Ravi Sharan wrote: > Hi, > I am trying out osmocom-bb with the Motorla C115. I have compiled > libosmocore as a shared library and osmocom successfully. Also, I have > compiled a "arm-none'eabi" cross toolchain from scratch. I get the > following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > > got 1 bytes from modem, data looks like: 00 . > got 2 bytes from modem, data looks like: 00 00 .. > got 4 bytes from modem, data looks like: 1b f6 02 00 .... > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 01 . > got 1 bytes from modem, data looks like: 40 @ > Received PROMPT1 from phone, responding with CMD > read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): > file_size=25184, hdr_len=4, dnload_len=25191 > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 43 C > Received PROMPT2 from phone, starting download > handle_write(): 4096 bytes (4096/25191) > handle_write(): 4096 bytes (8192/25191) > handle_write(): 4096 bytes (12288/25191) > handle_write(): 4096 bytes (16384/25191) > handle_write(): 4096 bytes (20480/25191) > handle_write(): 4096 bytes (24576/25191) > handle_write(): 615 bytes (25191/25191) > handle_write(): finished > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( > got 1 bytes from modem, data looks like: 66 f > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6d m > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6c l > Received FTMTOOL from phone, ramloader has aborted > got 1 bytes from modem, data looks like: 65 e > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 > > > Can the error be because of the toolchain ? Or can it be that my > device is refusing connection with osmocon ? > > Thanks in advance. > > Ravi Sharan Hello, what is the USB port type USB 1.00 may not working, try it on a faster USB port, if possible. Otherwise there is a patch available, optimizing the loader in relation of file reload. The problem is that this patch isn't compatible to actual mainline. This failure is already discussed on the mail-list, you will find it. Best regards! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ravisharan at iith.ac.in Thu May 8 08:31:29 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Thu, 8 May 2014 14:01:29 +0530 Subject: Error loading firmware onto Motorola C115. In-Reply-To: <536B233E.7060004@abv.bg> References: <536B233E.7060004@abv.bg> Message-ID: Hi, The cable is currently hooked onto USB 2.0 port. Will look into the patch and post updates. Thanks. Ravi Sharan On Thu, May 8, 2014 at 11:55 AM, Daniel Lehne wrote: > On 8.5.2014 ?. 08:58 ?., Ravi Sharan wrote: > > Hi, > I am trying out osmocom-bb with the Motorla C115. I have compiled > libosmocore as a shared library and osmocom successfully. Also, I have > compiled a "arm-none'eabi" cross toolchain from scratch. I get the > following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > got 1 bytes from modem, data looks like: 00 . > got 2 bytes from modem, data looks like: 00 00 .. > got 4 bytes from modem, data looks like: 1b f6 02 00 .... > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 01 . > got 1 bytes from modem, data looks like: 40 @ > Received PROMPT1 from phone, responding with CMD > read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): > file_size=25184, hdr_len=4, dnload_len=25191 > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 43 C > Received PROMPT2 from phone, starting download > handle_write(): 4096 bytes (4096/25191) > handle_write(): 4096 bytes (8192/25191) > handle_write(): 4096 bytes (12288/25191) > handle_write(): 4096 bytes (16384/25191) > handle_write(): 4096 bytes (20480/25191) > handle_write(): 4096 bytes (24576/25191) > handle_write(): 615 bytes (25191/25191) > handle_write(): finished > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( > got 1 bytes from modem, data looks like: 66 f > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6d m > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6c l > Received FTMTOOL from phone, ramloader has aborted > got 1 bytes from modem, data looks like: 65 e > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 > > > Can the error be because of the toolchain ? Or can it be that my device is > refusing connection with osmocon ? > > Thanks in advance. > > Ravi Sharan > > Hello, > > what is the USB port type USB 1.00 may not working, try it on a faster USB > port, if possible. > Otherwise there is a patch available, optimizing the loader in relation of > file reload. The problem is that this patch isn't compatible to actual > mainline. > This failure is already discussed on the mail-list, you will find it. > > Best regards! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From msokolov at ivan.Harhan.ORG Thu May 8 17:51:05 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Thu, 8 May 2014 17:51:05 GMT Subject: Error loading firmware onto Motorola C115. Message-ID: <1405081751.AA09924@ivan.Harhan.ORG> Ravi Sharan wrote: > I am trying out osmocom-bb with the Motorla C115. [...] < I get the following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > [snipped the part where everything goes as it should] > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( Try -m c123xor instead of -m c123. HTH, SF From rm.engineer84 at gmail.com Sat May 17 10:29:03 2014 From: rm.engineer84 at gmail.com (R M) Date: Sat, 17 May 2014 06:29:03 -0400 Subject: Error loading firmware onto Motorola C115. In-Reply-To: <1405081751.AA09924@ivan.Harhan.ORG> References: <1405081751.AA09924@ivan.Harhan.ORG> Message-ID: Hi Ravi, If you are looking for a patch that speeds us the download for cygwin environment in Windows then its present in the archives. I had used it while I was trying to get osmocombb working on Windows. I am not able to find it in my machine now and I have switched to linux. Its written by Dieter. Its somewhere in the archives before Jun 25 2011. Hope this helps. Thanks and Regards, RM From ravisharan at iith.ac.in Sat May 17 10:31:13 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Sat, 17 May 2014 16:01:13 +0530 Subject: Error loading firmware onto Motorola C115. In-Reply-To: References: <1405081751.AA09924@ivan.Harhan.ORG> Message-ID: Hi RM, I have currently built osmocombb on Ubuntu. I have checked it with a Linux mint box and my ftdi cable gets unplugged as soon as it gets plugged in. On May 17, 2014 3:59 PM, "R M" wrote: > Hi Ravi, > > If you are looking for a patch that speeds us the download for cygwin > environment in Windows then its present in the archives. > > I had used it while I was trying to get osmocombb working on Windows. > I am not able to find it in my machine now and I have switched to > linux. > > Its written by Dieter. Its somewhere in the archives before Jun 25 > 2011. Hope this helps. > > Thanks and Regards, > RM > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rm.engineer84 at gmail.com Sun May 18 06:52:50 2014 From: rm.engineer84 at gmail.com (R M) Date: Sun, 18 May 2014 02:52:50 -0400 Subject: Error loading firmware onto Motorola C115. In-Reply-To: References: <1405081751.AA09924@ivan.Harhan.ORG> Message-ID: Hi, > I have currently built osmocombb on Ubuntu. I have checked it > with a Linux mint box and my ftdi cable gets unplugged as soon as it gets > plugged in. I did not understand what you mean by the above statement. I am not an advanced linux user. Before you plug in the cable, run this command in terminal: tail -f /var/log/messages Now insert the cable to the computer and check what is written in the terminal. This should help you in figuring out what is wrong. From rm.engineer84 at gmail.com Sat May 10 10:51:37 2014 From: rm.engineer84 at gmail.com (R M) Date: Sat, 10 May 2014 06:51:37 -0400 Subject: Problem with connecting to network Message-ID: Hi, I have recently purchased a SIM card. When I use the SIM in Nokia 3310, and try to manually select a particular cell, it says no access. SIM belongs to the same network. If I insert the same SIM in Blackberry Bold 9780, I am able to manually select the same network and even make phone calls. I have set the Network selection mode in Blackberry to Manual. I have also asked it connect only to 2G networks. To debug the issue, I connected the Nokia 3310 to my laptop and observed the messages it exchanged with the network. From the messages, I see that Nokia 3310 is getting a TIMSI assigned from the same cell. But my Nokia 3310 says, No Access. I also see a "DTAP Radio Resources Management Message Type: Channel Release (0x0d)" message from the Network to the phone. What does the above message mean ? Is there any way for me to further debug the issue ? Thanks and Regards, RM -------------- next part -------------- An HTML attachment was scrubbed... URL: From rp.labs at gmx.ch Sat May 10 11:25:47 2014 From: rp.labs at gmx.ch (Labs) Date: Sat, 10 May 2014 13:25:47 +0200 Subject: Problem with connecting to network In-Reply-To: References: Message-ID: <536E0CBB.1070703@gmx.ch> On 05/10/2014 12:51 PM, R M wrote: > Hi, > > I have recently purchased a SIM card. When I use the SIM in Nokia 3310, > and try to manually select a particular cell, it says no access. SIM > belongs to the same network. > Looks like your 3310 has a network lock. Are you sure that your phone is unlocked? You can test it with 2 different SIM cards for real networks and confirm that it is OK. DCT3 phones can be easily unlocked via IMEI. Regards, R. From rm.engineer84 at gmail.com Sat May 10 15:21:15 2014 From: rm.engineer84 at gmail.com (R M) Date: Sat, 10 May 2014 11:21:15 -0400 Subject: Problem with connecting to network In-Reply-To: <536E0CBB.1070703@gmx.ch> References: <536E0CBB.1070703@gmx.ch> Message-ID: Hi, The phone is not locked to any network. Its an unlocked phone. I have confirmed that. Thanks and Regards, RM On Sat, May 10, 2014 at 7:25 AM, Labs wrote: > > > On 05/10/2014 12:51 PM, R M wrote: > >> Hi, >> >> I have recently purchased a SIM card. When I use the SIM in Nokia 3310, >> and try to manually select a particular cell, it says no access. SIM >> belongs to the same network. >> >> > Looks like your 3310 has a network lock. Are you sure that your phone is > unlocked? You can test it with 2 different SIM cards for real networks and > confirm that it is OK. DCT3 phones can be easily unlocked via IMEI. > > Regards, > R. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rp.labs at gmx.ch Sat May 10 20:13:46 2014 From: rp.labs at gmx.ch (Labs) Date: Sat, 10 May 2014 22:13:46 +0200 Subject: Problem with connecting to network In-Reply-To: References: <536E0CBB.1070703@gmx.ch> Message-ID: <536E887A.6090100@gmx.ch> Hello, In this case it can be some hardware issue with your phone. If your phone was pre 4.24 software version and it was upgraded it is possible to have a corrupted EEPROM and you need to use some software tools to repair it. If that is not the case you can try to identify what hardware component is broken by manually pickup a 900 or 1800 operator and check it if it works. If one is working and one not this means your duplexer has issues and needs to be replaced. Other components that might have issues are the PA and COBBA ICs. Considering that a 3310 you can get for free now it's not worth it to repair it. Regards, R. On 05/10/2014 05:21 PM, R M wrote: > Hi, > > The phone is not locked to any network. Its an unlocked phone. I have > confirmed that. > > Thanks and Regards, > RM > > > On Sat, May 10, 2014 at 7:25 AM, Labs > wrote: > > > > On 05/10/2014 12:51 PM, R M wrote: > > Hi, > > I have recently purchased a SIM card. When I use the SIM in > Nokia 3310, > and try to manually select a particular cell, it says no access. SIM > belongs to the same network. > > > Looks like your 3310 has a network lock. Are you sure that your > phone is unlocked? You can test it with 2 different SIM cards for > real networks and confirm that it is OK. DCT3 phones can be easily > unlocked via IMEI. > > Regards, > R. > > From rm.engineer84 at gmail.com Sun May 11 17:13:03 2014 From: rm.engineer84 at gmail.com (R M) Date: Sun, 11 May 2014 13:13:03 -0400 Subject: Problem with connecting to network In-Reply-To: <536E887A.6090100@gmx.ch> References: <536E0CBB.1070703@gmx.ch> <536E887A.6090100@gmx.ch> Message-ID: Hi, Thanks for your assistance. So far from my analysis, this is what I have got: After the BTS sends Location Update Accept message to the MS, the MS responds with a MM status message saying "Invalid Mandatory Information". In a working case, the MS should respond with a TMSI Reallocation Complete message which is not happening. From rp.labs at gmx.ch Mon May 12 20:48:38 2014 From: rp.labs at gmx.ch (Labs) Date: Mon, 12 May 2014 22:48:38 +0200 Subject: Problem with connecting to network In-Reply-To: References: <536E0CBB.1070703@gmx.ch> <536E887A.6090100@gmx.ch> Message-ID: <537133A6.5040300@gmx.ch> Hello, 3GPP 24.008 subclause 8.5 has an explanation for that message. Sorry but I don't have any other ideas what can be wrong with your Nokia 3310. R. On 05/11/2014 07:13 PM, R M wrote: > Hi, > > Thanks for your assistance. > > So far from my analysis, this is what I have got: > > After the BTS sends Location Update Accept message to the MS, the MS > responds with a MM status message saying > "Invalid Mandatory Information". > > In a working case, the MS should respond with a TMSI Reallocation > Complete message which is not happening. > > From here, I don't know how to proceed further. > > Thanks and Regards, > RM > > > On Sat, May 10, 2014 at 4:13 PM, Labs > wrote: > > Hello, > > In this case it can be some hardware issue with your phone. > If your phone was pre 4.24 software version and it was upgraded it > is possible to have a corrupted EEPROM and you need to use some > software tools to repair it. > > If that is not the case you can try to identify what hardware > component is broken by manually pickup a 900 or 1800 operator and > check it if it works. If one is working and one not this means your > duplexer has issues and needs to be replaced. Other components that > might have issues are the PA and COBBA ICs. Considering that a 3310 > you can get for free now it's not worth it to repair it. > > Regards, > R. > > > On 05/10/2014 05:21 PM, R M wrote: > > Hi, > > The phone is not locked to any network. Its an unlocked phone. I > have > confirmed that. > > Thanks and Regards, > RM > > > On Sat, May 10, 2014 at 7:25 AM, Labs > >> wrote: > > > > On 05/10/2014 12:51 PM, R M wrote: > > Hi, > > I have recently purchased a SIM card. When I use the SIM in > Nokia 3310, > and try to manually select a particular cell, it says > no access. SIM > belongs to the same network. > > > Looks like your 3310 has a network lock. Are you sure that your > phone is unlocked? You can test it with 2 different SIM > cards for > real networks and confirm that it is OK. DCT3 phones can be > easily > unlocked via IMEI. > > Regards, > R. > > > From luca.bongiorni1 at studenti.unimi.it Wed May 14 06:28:01 2014 From: luca.bongiorni1 at studenti.unimi.it (Luca Bongiorni) Date: Wed, 14 May 2014 09:28:01 +0300 Subject: Calypso-BTS: State of Art and Future Improvements In-Reply-To: <77e0a43254531.53730ce7@studenti.unimi.it> References: <76a08a3456410.53730cab@studenti.unimi.it> <77e0a43254531.53730ce7@studenti.unimi.it> Message-ID: <7600e44350b66.53733721@studenti.unimi.it> Hey folks, Since I am planning to delve deeper into the Calypso-BTS... I was wondering if.... after Sylvain and Jolly's last commits into their "*/testing" branches [1][2]... ?- Someone else have made some (private) changes/improvements to the sources?! ?- Is there a TO DO list available for suggested improvements? ?- Is anyone working on it or it would be interested? ? And another question... why those branches have not been merged? Cheers, Luca [1] http://cgit.osmocom.org/osmocom-bb/commit/?h=sylvain/testing&id=1b8f488f396ad10d67a90c3dad5c1aab42f6e8b5 [2] http://cgit.osmocom.org/osmocom-bb/commit/?h=jolly/testing&id=c1d728975f4c062907b024a286c1a72f0ae05c11 **************** Il 5 x mille alla nostra Universit? ? un investimento sui giovani, sui loro migliori progetti. Sostiene la libera ricerca. Alimenta le loro speranze nel futuro. Investi il tuo 5 x mille sui giovani. Universit? degli Studi di Milano codice fiscale 80012650158 http://www.unimi.it/13084.htm?utm_source=firmaMail&utm_medium=email&utm_content=linkFirmaEmail&utm_campaign=5xmille From 246tnt at gmail.com Wed May 14 07:50:18 2014 From: 246tnt at gmail.com (Sylvain Munaut) Date: Wed, 14 May 2014 09:50:18 +0200 Subject: Calypso-BTS: State of Art and Future Improvements In-Reply-To: <7600e44350b66.53733721@studenti.unimi.it> References: <76a08a3456410.53730cab@studenti.unimi.it> <77e0a43254531.53730ce7@studenti.unimi.it> <7600e44350b66.53733721@studenti.unimi.it> Message-ID: Hi, > And another question... why those branches have not been merged? Because there is a bug that breaks the normal "phone" function in the DSP patch. In theory the patch shouldn't do anything if not explicitely enabled via a control bit in the DSP API zone, but in practice, it prevents sync/power detection from working for some reason. Never had the motivation to trace out the bug, (or finish the dsp patch to support multiple timeslots like it was designed to for that matter). Cheers, Sylvain From andreas at eversberg.eu Wed May 14 08:52:00 2014 From: andreas at eversberg.eu (Andreas Eversberg) Date: Wed, 14 May 2014 10:52:00 +0200 Subject: Calypso-BTS: State of Art and Future Improvements In-Reply-To: References: <76a08a3456410.53730cab@studenti.unimi.it> <77e0a43254531.53730ce7@studenti.unimi.it> <7600e44350b66.53733721@studenti.unimi.it> Message-ID: <53732EB0.1090601@eversberg.eu> Sylvain Munaut wrote: >> And another question... why those branches have not been merged? > Because there is a bug that breaks the normal "phone" function in the > DSP patch. In theory the patch shouldn't do anything if not > explicitely enabled via a control bit in the DSP API zone, but in > practice, it prevents sync/power detection from working for some > reason. hi sylvain, check out the patch 6502e7b8. i use this for emi app. best regardds, andreas From 246tnt at gmail.com Wed May 14 13:27:18 2014 From: 246tnt at gmail.com (Sylvain Munaut) Date: Wed, 14 May 2014 15:27:18 +0200 Subject: Calypso-BTS: State of Art and Future Improvements In-Reply-To: <53732EB0.1090601@eversberg.eu> References: <76a08a3456410.53730cab@studenti.unimi.it> <77e0a43254531.53730ce7@studenti.unimi.it> <7600e44350b66.53733721@studenti.unimi.it> <53732EB0.1090601@eversberg.eu> Message-ID: > check out the patch 6502e7b8. i use this for emi app. Yes, I saw that. But it's not a fix, it's a workaround that passes a 1 or 0 across like 4 abstraction levels to load the patch or not depending on wether you'll need it ... Cheers, Sylvain From msokolov at ivan.Harhan.ORG Wed May 14 07:27:15 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Wed, 14 May 2014 07:27:15 GMT Subject: Tracfone C139 break-in procedure Message-ID: <1405140727.AA17789@ivan.Harhan.ORG> Hello fellow hackers, As has been discussed on this list a little over a month ago, Mot C139 phones sold with Tracfone branding usually have firmware version 8.8.17, which contains a bootloader in which the serial break-in and download capability has been disabled. However, this locked-down firmware version still has the **16379# keypad command that switches the headset jack back to the UART and presents a variant of TI's RVTMUX interface on this UART; and there exists a Weendoze program called mot931c.exe that: 1. connects to this RVTMUX interface; 2. does some black magic to break into the otherwise locked-down phone; 3. erases and rewrites flash sector 0, replacing the "bad" bootloader version with a "good" one. The elusive part has been step 2 above - just what does this closed source Winblows binary send to the phone to make the initial break-in? Whoever was responsible for producing the locked-down fw in these Tracfones really did close all of the well-known holes: not only have they tied the nIBOOT pin high directly underneath the BGA and disabled the serial access in their own bootloader, but TI's standard ETM_CORE commands which would normally be available over RVTMUX don't work either. Well, I have finally reverse-engineered what this mot931c.exe tool does (by running it under Wine, pointing the Wine-emulated COM port to a Unix pseudo-tty instead of a real serial port, and listening and talking back on the master side of the Unix pty), and here is the secret: Compal's firmware features some non-standard commands of their own invention in their version of TI's ETM, these non-standard commands have *not* been disabled in the TF-branded fw, and one of them is a raw memory write command. (The following description assumes that the reader is familiar with TI's standard versions of RVTMUX and ETM; if you aren't familiar with these things, read my write-up thereof in the FreeCalypso documentation.) Compal's non-standard ETM memory write command has the following format: 0x14 octet: tells the RiViera Trace MUX that the packet is for ETM 0x40 octet: non-std opcode in the place where ETM component ID would normally go 4 octets: absolute address at which the bytes are to be written, in LE bytes order remaining octets before ETM checksum: raw bytes to be written 1 octet: standard ETM command packet checksum at the end (Wrapped in the RVTMUX STX/DLE byte stuffing as usual.) The mot931c tool uses the above ETM memory write command to write 204 (0xCC) bytes at address 0x800000, at the low end of IRAM - this happens with the regular fw still running! So far, so good. How is control then transferred to this downloaded payload? Answer: by smashing the stack! After downloading its payload (in two chunks: first 120 bytes, then the remaining 84), the mot931c tool sends more ETM memory write command packets in exactly the same format, but this time each write is just 4 bytes long. The address being written into starts at 0x837C54, and increments by 4 from there. The data written with each of these commands is 00 00 80 00, i.e., 32-bit word 0x800000 in LE. It is obviously seeking to hit a return address location on the stack, in order to transfer control to the payload it just downloaded. If it keeps getting "ETM command successful" responses from the target, it keeps retrying with incrementing write addresses until it reaches 0x838BF0, at which point it gives up. If this procedure succeeds in hitting the function return address on the stack and thus transferring control to 0x800000, which will indeed succeed when run against the TF firmware in question, the code that's been downloaded into that IRAM location then provides its own very simple serial download protocol whereby the next code stage is downloaded and run. I haven't pursued the process further, as the initial break-in was/is all I'm interested in. I strongly dislike this mot931c.exe tool's Heisenbergian approach of altering the flash content without saving the original first, and my plan is to use this break-in procedure to make FreeCalypso's fc-loadtool work with these TF C139s. Once we are running fc-loadtool, all of this tool's functions will be available just like it currently offers on Openmoko and Pirelli targets: flash dump2bin, flash erase, flash program-bin etc. Put the user back in control, instead of a closed source Weendoze binary that does all of the reflashing without asking the user if she wants it or not. Viva la Revolucion, SF From msokolov at ivan.Harhan.ORG Thu May 15 21:52:55 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Thu, 15 May 2014 21:52:55 GMT Subject: Locked C139 bootloader reverse-engineered Message-ID: <1405152152.AA20024@ivan.Harhan.ORG> Hello fellow hackers, Following my successful reverse eng of Tracfone "unlocking" utility mot931c.exe, I wrote a native Unix/Linux program (tfc139, based on FreeCalypso rvinterf tools) that breaks into locked-down TF C139 phones in the same fashion, with an IRAM payload that enables and jumps to the Calypso boot ROM. Doing so allowed me to run fc-loadtool against one of these Tracfones that still has its original locked-down bootloader intact (*not* overwritten with mot931c), and make a dump of the latter for examination. So here is how the bootloader lock works: the bootloader which sits in the first 0x2000 bytes of flash sector 0 is clearly built together with the main fw image as a single whole (TI's reference firmware is built the same way, so no surprise), and thus the bootloader version changes in sync with the main fw version. Most of the versions seen in the wild are almost byte-identical, the only diffs being some unused signature (?) words at 0x20 and the word at 0x964 giving the initial value to be loaded into the stack pointer - variations in the latter are a linker artifact resulting from how this bootloader is built together with the main fw. Despite the way in which they must have been compiled, the older versions of the bootloader have one good quality: if you are going to break into the bootloader serially (in our familiar way), then only the first 0x2000 bytes of the flash (in fact, even less than that) need to be good; the flash from 0x2000 onward can be blank or filled with garbage or malware or whatever - as long as the boot process is interrupted with a serial download, the jump to 0x20f8 doesn't happen and nothing from 0x2000 onward affects anything. So far, so good. But the newer versions of the bootloader that are part of the newer firmwares for both C11x/123 and C139/140 have an added malicious feature. Before sending what we call PROMPT1 out the serial port and waiting for a possible serial download, the boot code now checks the word in flash at 0x2060. This word needs to equal 0xDDDDDDDD (was it some developer's fascination with bras? - scnr); if this word contains any other value, no serial download opportunity is offered, and the code proceeds directly to the silly routine that emits that "ftmtool error" nonsense, followed by the jump to 0x20f8. All TF-branded C139 phones I've seen have fw version 8.8.17, which features the new malware bootloader. And the word at 0x2060 is zeroed out, resulting in the observed behavior of no serial download opportunity being given on boot. I speculate that perhaps the newer fw versions containing boot code with this malicious feature start out with 0xDDDDDDDD in the word at 0x2060, so that their own developers could do their job, but when shipping phones to end users, the bastards issued some ETM or whatever command to zero that word out, disabling the serial download access - remember that any NOR flash bit can be changed from 1 to 0 at any time, but going the other way around requires erasing and rewriting the whole sector. So what do we do about it? Well, at least the TF-branded C139s still have that ETM memory write command that allows us to break in by writing a little payload into IRAM and smashing the stack while the main fw is running, and we now have a free, source-enabled, Unix/Linux- based tool for performing this break-in. Not too long ago there was someone else on this list who had a newer C139 with Cingular branding (not TF) that also featured the maliciously locked bootloader. Not surprisingly, mot931c wouldn't work on that phone, as this closed source Weendoze binary does a fw version query and refuses to work with any versions other than TF's 8.8.x. But now that we have our own free tool for the hack in question, it may be worth testing if one can break into non-TF phones by the same method. The addresses for the IRAM payload download and the stack smashing may need to be tweaked experimentally, but hey... When the time comes to flash our own FreeCalypso firmware into these phones, I'm thinking of adopting one of the old bootloader versions as our "standard". In fact, the only diff between C11x/123 and C139/140 versions of this boot code is that the latter adds the check for "1003" at 0x803ce0, whereas the former has no such check. Thus we can use the more basic C11x/123 version of the boot code on all hw versions, and make our chainloading more efficient by loading 32 bytes instead of 15332. :) All of the work described above has already been pushed into the freecalypso-sw and freecalypso-reveng Hg repositories on Bitbucket. VLR, SF From rm.engineer84 at gmail.com Sat May 17 18:41:43 2014 From: rm.engineer84 at gmail.com (R M) Date: Sat, 17 May 2014 14:41:43 -0400 Subject: Sylvain testing branch Message-ID: Hi, I am trying to build the Sylvain testing branch. I am facing an issue there. What I did is as follows: 1. I got the Sylvain testing branch to my computer. 2. I tried to build it and it failed saying that it cannot find the libosmocore library. 3. I changed the top most Makefile to install libosmocore after building. 4. Again I tried to build and it built and installed libosmocore but now Its complaining about osmocom/core/talloc.h not found in sim.c in layer23 folder 6. As per the top Makefile, talloc is disabled in libosmocore but sim.c file does not have conditional include for this header file. Is this a problem or I am doing something wrong ? Regards, RM From 246tnt at gmail.com Sun May 18 20:49:43 2014 From: 246tnt at gmail.com (Sylvain Munaut) Date: Sun, 18 May 2014 22:49:43 +0200 Subject: Sylvain testing branch In-Reply-To: References: Message-ID: > Is this a problem or I am doing something wrong ? The doc on the wiki and the README.building in the tree specifically says you need to install libosmocore from the GIT and _NOT_ the one embedded in the tree. The one in the tree is a special version for the ARM code and must NOT be used on the host. You must not go and muck around with the build system. Just doing make in the src/ dir should be all you need to Cheers, Sylvain From rm.engineer84 at gmail.com Fri May 23 12:07:29 2014 From: rm.engineer84 at gmail.com (R M) Date: Fri, 23 May 2014 08:07:29 -0400 Subject: Sylvain testing branch In-Reply-To: References: Message-ID: Hi, Thanks Sylvain. > The doc on the wiki and the README.building in the tree specifically > says you need to install libosmocore from the GIT and _NOT_ the one > embedded in the tree. The one in the tree is a special version for the > ARM code and must NOT be used on the host. > > You must not go and muck around with the build system. Just doing make > in the src/ dir should be all you need to Initially I did not realize that. But then I got it. The problem being that around 2011, I had downloaded the code and at that time we did not have to download the libosmocore separately. Now things are different. I built it as per instructions but still the phone was not able to sync to any channel. First I thought that the problem could be because that the battery loop was causing the issue. So I changed the battery loop to report status every 5 min. But still no luck. Then I thought may be the tool chain is the problem. So, to test this, I compiled the 2011 code with my tool chain and it also did not sync to any channel while previously it had worked. So I have left the new code for the time being. I am working on an older code that works. I will raise certain concerns that I have here: If there is a problem in the code in layer 1 that is downloaded to the phone, I am not able to figure out what went wrong. The phone doesn't seem to output any error like buffer overflow, packet dropped. It just goes blank. I really don't know how you guys figure problems out that have happened in layer 1 code. To give an example: When the phone wants to sync to a beacon channel which is supplied in the command line, The upper layer tells the tuner to tune to that particular frequency, the dsp tries to detect the Frequency correction burst and then tries to correct the frequency error between the bts and phone. Once the frequency sync, we need to sync in time (we need to know the frame number)so it tries to detect the SYNC burst which tells the frame number and other details. If the above operation fails all we get is FSB 255 result and nothing else. From this I don't know where I need to look. Do I need to look at layer 1, upper layers, computer not fast enough to issue appropriate commands in time, serial line congested, tool chain not proper and code not aligned properly in phone etc. Since there are so many reasons for the above failure, I don't know how to eliminate each of these cases and proceed further. Lets say the above problem is caused by tool chain is not proper, how can I be very sure that its the tool chain. Should I dump the layer 1 using obj dump and check what is there. in what location and compare it with the memory map as given in the calypso programmer manual or some other method needs to be followed. I don't think you magically got the right tool chain the first time through. You must have tried different tool chains, figured out the error and then finally got the right tool-chain Can you please share how you would trouble shoot issues of this kind ? This would help me a lot as all I am doing here is trial and error and this is not helping me in learning. Regards, RM From 246tnt at gmail.com Fri May 23 14:32:00 2014 From: 246tnt at gmail.com (Sylvain Munaut) Date: Fri, 23 May 2014 16:32:00 +0200 Subject: Sylvain testing branch In-Reply-To: References: Message-ID: Hi, > I built it as per instructions but still the phone was not able to > sync to any channel. First I thought that the problem could be because > that the battery loop was causing the issue. So I changed the battery > loop to report status every 5 min. But still no luck. Try master or jolly/testing The sylvain/testing branch has some patches for the BTS mode that seem to break 'normal phone' mode. Cheers, Sylvain From luca.bongiorni1 at studenti.unimi.it Mon May 26 13:28:13 2014 From: luca.bongiorni1 at studenti.unimi.it (Luca Bongiorni) Date: Mon, 26 May 2014 16:28:13 +0300 Subject: R: Re: Sylvain testing branch In-Reply-To: <7630f6461f93ee.53834078@studenti.unimi.it> References: <7630ee3b1feba5.5383403b@studenti.unimi.it> <7630f6461f93ee.53834078@studenti.unimi.it> Message-ID: <7500c9f11feb44.53836b9d@studenti.unimi.it> Hi there, > Try master or jolly/testing > The sylvain/testing branch has some patches for the BTS mode that seem > to break 'normal phone' mode. It means that, at the state of art, the best branch to work with CalypsoBTS is the jolly/testing or the sylvain/testing? Cheers, Luca **************** Il 5 x mille alla nostra Universit? ? un investimento sui giovani, sui loro migliori progetti. Sostiene la libera ricerca. Alimenta le loro speranze nel futuro. Investi il tuo 5 x mille sui giovani. Universit? degli Studi di Milano codice fiscale 80012650158 http://www.unimi.it/13084.htm?utm_source=firmaMail&utm_medium=email&utm_content=linkFirmaEmail&utm_campaign=5xmille From ravisharan at iith.ac.in Sun May 18 16:01:37 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Sun, 18 May 2014 21:31:37 +0530 Subject: Sylvain testing branch Message-ID: Hi, Have you complied the libosmocore separately ? If you are using fedora based distro make sure you have set the path correctly. Regards, Ravi Sharan -------------- next part -------------- An HTML attachment was scrubbed... URL: From admin at lishixin.net Fri May 23 02:56:44 2014 From: admin at lishixin.net (warriornew) Date: Thu, 22 May 2014 19:56:44 -0700 (PDT) Subject: How to fix for problem -- "l1ctl.c:114 FBSB RESP: result=255"? In-Reply-To: <1389149439869-4026296.post@n3.nabble.com> References: <1389149439869-4026296.post@n3.nabble.com> Message-ID: <1400813804549-4026470.post@n3.nabble.com> ????? patch blog.lishixin.net ??????? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/How-to-fix-for-problem-l1ctl-c-114-FBSB-RESP-result-255-tp4026296p4026470.html Sent from the baseband-devel mailing list archive at Nabble.com. From admin at lishixin.net Tue May 27 01:30:46 2014 From: admin at lishixin.net (warriornew) Date: Mon, 26 May 2014 18:30:46 -0700 (PDT) Subject: http://bb.osmocom.org/trac/ Why no visit? Message-ID: <1401154246298-4026475.post@n3.nabble.com> Why recently osmocombb website can't visit? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/http-bb-osmocom-org-trac-Why-no-visit-tp4026475.html Sent from the baseband-devel mailing list archive at Nabble.com. From pabs3 at bonedaddy.net Tue May 27 01:58:51 2014 From: pabs3 at bonedaddy.net (Paul Wise) Date: Tue, 27 May 2014 09:58:51 +0800 Subject: http://bb.osmocom.org/trac/ Why no visit? In-Reply-To: <1401154246298-4026475.post@n3.nabble.com> References: <1401154246298-4026475.post@n3.nabble.com> Message-ID: On Tue, May 27, 2014 at 9:30 AM, warriornew wrote: > > > Why recently osmocombb website can't visit? This only happens if your browser asks the site for Chinese instead of or before English. Hmm, other trac sites I know about don't have this issue. -- bye, pabs http://bonedaddy.net/pabs3/ From holger at freyther.de Wed May 28 07:00:39 2014 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Wed, 28 May 2014 09:00:39 +0200 Subject: http://bb.osmocom.org/trac/ Why no visit? In-Reply-To: References: <1401154246298-4026475.post@n3.nabble.com> Message-ID: <20140528070039.GQ30737@xiaoyu.lan> On Tue, May 27, 2014 at 09:58:51AM +0800, Paul Wise wrote: Hi, > > Why recently osmocombb website can't visit? > > This only happens if your browser asks the site for Chinese instead of > or before English. > > Hmm, other trac sites I know about don't have this issue. which language (simplified chinese?) do you offer to trac. There were no pending updates for babel/trac. Could you give me the HTTP request you make? holger From pabs3 at bonedaddy.net Wed May 28 07:12:53 2014 From: pabs3 at bonedaddy.net (Paul Wise) Date: Wed, 28 May 2014 15:12:53 +0800 Subject: http://bb.osmocom.org/trac/ Why no visit? Message-ID: On Wed, May 28, 2014 at 3:00 PM, Holger Hans Peter Freyther wrote: > which language (simplified chinese?) do you offer to trac. There > were no pending updates for babel/trac. Could you give me the HTTP > request you make? wget --header='Accept-Language: zh-cn,en;q=0.5' http://bb.osmocom.org/trac/ -- bye, pabs http://bonedaddy.net/pabs3/ From holger at freyther.de Wed May 28 08:59:19 2014 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Wed, 28 May 2014 10:59:19 +0200 Subject: http://bb.osmocom.org/trac/ Why no visit? In-Reply-To: References: Message-ID: <20140528085919.GS30737@xiaoyu.lan> On Wed, May 28, 2014 at 03:12:53PM +0800, Paul Wise wrote: > On Wed, May 28, 2014 at 3:00 PM, Holger Hans Peter Freyther wrote: > > > which language (simplified chinese?) do you offer to trac. There > > were no pending updates for babel/trac. Could you give me the HTTP > > request you make? > > wget --header='Accept-Language: zh-cn,en;q=0.5' http://bb.osmocom.org/trac/ hehe, that is a funny issue. I googled for the issue yesterday and I don't feel like patching the python code by hand. Interestingly using the more beautiful traditional chinese does not expose the issue. Anyway as all the content is in English I added the following to all trac.ini's [trac] default_language = en_US Thank you for giving me an easy re-producer. holger From mailman at lists.osmocom.org Tue May 27 01:47:54 2014 From: mailman at lists.osmocom.org (mailman at lists.osmocom.org) Date: Tue, 27 May 2014 03:47:54 +0200 Subject: Bounce action notification Message-ID: This is a Mailman mailing list bounce action notice: List: baseband-devel Member: bjoern.riemer at fokus.fraunhofer.de Action: Subscription disabled. Reason: Excessive or fatal bounces. The triggering bounce notice is attached below. Questions? Contact the Mailman site administrator at mailman at lists.osmocom.org. -------------- next part -------------- An embedded message was scrubbed... From: Mail Delivery System Subject: Mail delivery failed: returning message to sender Date: Tue, 27 May 2014 03:35:56 +0200 Size: 3817 URL: From rm.engineer84 at gmail.com Wed May 28 17:52:54 2014 From: rm.engineer84 at gmail.com (R M) Date: Wed, 28 May 2014 13:52:54 -0400 Subject: Manual For VTY interface Message-ID: Hi, While browsing through the wiki, I did not find a page for the VTY interface. Does it really not exist or did I miss it ? If it does not exist, I am planning to write one and send it to the mailing list. I have gone through some of the commands while reading the code and I want to share what I have learnt. Regards, RM From holger at freyther.de Wed May 28 18:44:57 2014 From: holger at freyther.de (Holger Hans Peter Freyther) Date: Wed, 28 May 2014 20:44:57 +0200 Subject: Manual For VTY interface In-Reply-To: References: Message-ID: <20140528184457.GV30737@xiaoyu.lan> On Wed, May 28, 2014 at 01:52:54PM -0400, R M wrote: > Hi, Hi, > If it does not exist, I am planning to write one and send it to the > mailing list. sure go ahead and create it. Some years ago I created a VTY command to dump an XML representation of all commands and inside libosmocore. Inside the osmocom-python script there is a doc dumping utility that can launch an application and generate a .xml file. One can create an additional xml file with information not available in the VTY and use the merge_doc.xsl to merge the generated and hand written documents. > I have gone through some of the commands while reading the code and I > want to share what I have learnt. sure, sharing knowledge is always great! From changchuan618 at gmail.com Thu May 29 04:44:52 2014 From: changchuan618 at gmail.com (changchuan618 at gmail.com) Date: Thu, 29 May 2014 12:44:52 +0800 Subject: lost sms Message-ID: <2014052912444616144413@gmail.com> Hi I built the luca/gsmmap branch, and saw many messages in the wireshark with protocol GSM_SMS; but when I tried to capture my sms (sending by my own phone), it does not work, I can not see my sms in wireshark; then I used another phone to send a message to my phone, I saw nothing in wireshark too; Could anyone tell me why? Is it a problem about time slot ? Regards, Swift changchuan618 at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From luca at srlabs.de Thu May 29 07:49:03 2014 From: luca at srlabs.de (Luca Melette) Date: Thu, 29 May 2014 09:49:03 +0200 Subject: lost sms In-Reply-To: <2014052912444616144413@gmail.com> References: <2014052912444616144413@gmail.com> Message-ID: <20140529094903.3caa0069@proton.srlabs.de> Dear Swift, The gsmmap branch that you are using was created to allow users to submit their own traffic to gsmmap.org and it's not meant to be used as a mass interception tool. If you use ccch_scan _and_ specify your ARFCN _and_ specify your TMSI _and_ your network does not use encryption, then you will probably be able to see your SMS in wireshark. Please note that the TMSI may be re-allocated by the network at any time. To make testing easier I suggest you to use a second Osmocom phone running the official mobile application/firmware and set the "stick" option in the configuration, so the ARFCN will not change. Cheers, LM From changchuan618 at gmail.com Thu May 29 08:15:50 2014 From: changchuan618 at gmail.com (changchuan618 at gmail.com) Date: Thu, 29 May 2014 16:15:50 +0800 Subject: lost sms References: <2014052912444616144413@gmail.com>, <20140529094903.3caa0069@proton.srlabs.de> Message-ID: <2014052916154418016941@gmail.com> Thanks Luca! > If you use ccch_scan _and_ specify your ARFCN _and_ specify your TMSI > _and_ your network does not use encryption Yes, my network does not use encryption, but I did not specify TMSI when using ccch_scan. How could I specify TMSI ? With a new parameter when using ccch_scan? And, what if I use lots of phones(e.g. 8 or more) to sniff per ARFCN? Will I capture all the message sent by myself? Regards, Swift changchuan618 at gmail.com From: Luca Melette Date: 2014-05-29 15:49 To: baseband-devel at lists.osmocom.org Subject: Re: lost sms Dear Swift, The gsmmap branch that you are using was created to allow users to submit their own traffic to gsmmap.org and it's not meant to be used as a mass interception tool. If you use ccch_scan _and_ specify your ARFCN _and_ specify your TMSI _and_ your network does not use encryption, then you will probably be able to see your SMS in wireshark. Please note that the TMSI may be re-allocated by the network at any time. To make testing easier I suggest you to use a second Osmocom phone running the official mobile application/firmware and set the "stick" option in the configuration, so the ARFCN will not change. Cheers, LM -------------- next part -------------- An HTML attachment was scrubbed... URL: From changchuan618 at gmail.com Thu May 29 04:46:29 2014 From: changchuan618 at gmail.com (Swift) Date: Wed, 28 May 2014 21:46:29 -0700 (PDT) Subject: lost sms Message-ID: <1401338789035-4026483.post@n3.nabble.com> Hi I built the luca/gsmmap branch, and saw many messages in the wireshark with protocol GSM_SMS; but when I tried to capture my sms (sending by my own phone), it does not work, I can not see my sms in wireshark; then I used another phone to send a message to my phone, I saw nothing in wireshark too; Could anyone tell me why? Is it a problem about time slot ? Regards, Swift -------------------------------------------------------------------------------- -- View this message in context: http://baseband-devel.722152.n3.nabble.com/lost-sms-tp4026483.html Sent from the baseband-devel mailing list archive at Nabble.com. From changchuan618 at gmail.com Thu May 29 04:54:15 2014 From: changchuan618 at gmail.com (changchuan618 at gmail.com) Date: Thu, 29 May 2014 12:54:15 +0800 Subject: lost sms References: <1401338789035-4026483.post@n3.nabble.com> Message-ID: <2014052912540864113018@gmail.com> if the problem is time slot, how could I capture the sms in different TS using the luca/gsmmap branch? or use other branches? or something else? Regards, Swift changchuan618 at gmail.com From: Swift Date: 2014-05-29 12:46 To: baseband-devel Subject: lost sms Hi I built the luca/gsmmap branch, and saw many messages in the wireshark with protocol GSM_SMS; but when I tried to capture my sms (sending by my own phone), it does not work, I can not see my sms in wireshark; then I used another phone to send a message to my phone, I saw nothing in wireshark too; Could anyone tell me why? Is it a problem about time slot ? Regards, Swift -------------------------------------------------------------------------------- -- View this message in context: http://baseband-devel.722152.n3.nabble.com/lost-sms-tp4026483.html Sent from the baseband-devel mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From changchuan618 at gmail.com Thu May 29 06:49:53 2014 From: changchuan618 at gmail.com (Swift) Date: Wed, 28 May 2014 23:49:53 -0700 (PDT) Subject: about sms lost Message-ID: <1401346193758-4026485.post@n3.nabble.com> Hi I lost many sms(sent by myself) using the luca/gsmmap branch with my c118 and cp2102; Could the sylvain/burst_ind branch or other branches fix the problem? Regards, Swift. -- View this message in context: http://baseband-devel.722152.n3.nabble.com/about-sms-lost-tp4026485.html Sent from the baseband-devel mailing list archive at Nabble.com. From changchuan618 at gmail.com Thu May 29 12:05:40 2014 From: changchuan618 at gmail.com (Swift) Date: Thu, 29 May 2014 05:05:40 -0700 (PDT) Subject: about sms lost In-Reply-To: <1401346193758-4026485.post@n3.nabble.com> References: <1401346193758-4026485.post@n3.nabble.com> Message-ID: <1401365140902-4026488.post@n3.nabble.com> Uh. what I mean is I lost lots of messages when sniff gsm. I already could sniff some messages using the luca/gsmmap branch, but there are a lot of messages I lost. Could anyone help? Regards, Swift -- View this message in context: http://baseband-devel.722152.n3.nabble.com/about-sms-lost-tp4026485p4026488.html Sent from the baseband-devel mailing list archive at Nabble.com.