This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Alex allexander.alex at gmail.comHi little update(s): I think I've found something on a Russian site about the signaling protocols. I've also found a memory dump of the femto, but there is a major problem: the dump is partial (ALU put 2 memories on the board) and i can only access to the main fs of the system ALU datas and configs are on anoter path (/opt/alu/fbsr and /mnt/mainfs) which mounts the secondary memory, so nothing can be done. Also the SVN at *https://forge.betavine.net/svn/voda-femtocell <https://web.archive.org/web/20170606203549/https://forge.betavine.net/svn/voda-femtocell>* is currently offine without any mirror. Does anyone have a backup or a mirror somewhere? Thank you and best regards Il giorno mer 28 nov 2018 alle ore 00:32 Alex <allexander.alex at gmail.com> ha scritto: > Hi Domi, > it will be fantastic if you can share the results of your research, > especially the IPSEC part! > Now I'm trying to emulate the secgw on my machine, but it's a black box > problem without the serial console. > > Thank you!!! > > > Il giorno mar 27 nov 2018 alle ore 23:43 Tomcsányi, Domonkos < > domi at tomcsanyi.net> ha scritto: > >> Hi Alex, >> >> I have a couple of those femtocells (Vodafone UK SureSignal versions 1.5 >> and 2.0). I did some research on them abour 4-5 years ago I think. >> The SureSignal uses an embedded crypto chip to generate keys IIRC. I also >> had the chance to have a look at a rooted board for some time (it was lent >> to me). The THC wiki has pretty much all the info about the board. >> I also was not able to find any UART or serial port on it when I looked. >> I wanted to dump the flash but then got busy with other stuff. Maybe the >> debug fuses are blown in the factory as well. >> Anyways if you wish to do tests or try out something with the device(s) I >> can dig them up, they must be somewhere in my cabinet. >> As far as I remember though the actual femtocell implementation is a >> closed source binary blob, but strongswan (or maybe openswan? I cannot >> recall exactly) is used for the IPsec part, terefore I have a source code >> tree downloaded somewhere as well. Alcatel or Vodafone stayed compliant to >> GPL so the code was released. If only we were able to reconfigure the >> strongswan daemon on the device then we could connect it to your network. >> Provisioning of some parametere (e.g. frequency, Routing Area Code, allowed >> IMSIs) is done via XML files I think inside the ipsec tunnel. >> Now back to changing the ipsec configuration: dumping the flash and then >> changing the config would be a good way to do it, although that would not >> be a generic solution, but as a pilot it could just work. >> I am also not sure if there are any cryptographic signatures protecting >> the firmware, but I would guess probably not. >> >> Sorry for the inconsistent rambling this email turned into, I wrote >> things as they surfaced from the back of my brain, hidden parts of my >> memory :) >> >> Cheers, >> Domi >> >> 2018. nov. 27. dátummal, 19:57 időpontban Alex <allexander.alex at gmail.com> >> írta: >> >> Hi, >> little UP: >> >> Vodafone UK and other OpCo like it (VF DE and VF GR I think) made a local >> femtocell network based on similar platform from ALU. >> >> Does anyone know something/ever tried to make something like connecting >> one of these devs to osmoHNBGW or similar? >> Thank you and best regards >> >> Il giorno mar 27 nov 2018 alle ore 19:56 Alex <allexander.alex at gmail.com> >> ha scritto: >> >>> Hi, >>> thanks for the answer! >>> >>> This femto seems to have a discrete simcard (it has empty slot >>> accessible from the external). >>> >>> I don't know the setup used by the original operator (TelecomItalia), >>> because I bought it from ebay. >>> >>> I found a possible reset procedure (still to be tested), but I don't >>> think it will "unlock" the board. >>> Now I'm trying to find the UART on the board, but on the testpoints i >>> only see "control" signals and clocks. Nothing seems to be a serial port >>> pattern on my oscilloscope. >>> >>> On this site >>> https://web.archive.org/web/20170707063235/https://wiki.thc.org/vodafone >>> there are some information on a really similar cell (9361 I think) from >>> Vodafone, which has a relly similar IPSEC config, but there ins't any spec. >>> >>> No one tried to disassemble it or do have just the serial pinout on the >>> board? >>> >>> On the other side I've already deployed the CN part (HLR + MSC + SSGN + >>> GSGN + STP + MGW + HNBGW), which seems to be fully operational, but i can't >>> test without a test cell. >>> I also thing the IuH protocol of this femto is little out-of-standard, >>> but from ALU documentation I can't understand the differences with standard >>> IuH. >>> >>> The idea is to implement ALU's IuH variant on HNBGW if i can take traces >>> from a "lab" env, but without the femto it's just impossible. >>> >>> Il giorno mar 27 nov 2018 alle ore 18:17 Tomcsányi, Domonkos < >>> domi at tomcsanyi.net> ha scritto: >>> >>>> Hi Alex, >>>> >>>> Femtocells are provisioned with operator data - certificates/keys to be >>>> able to talk to the gateway. >>>> Some femtocells use EAP-SIM with an embedded SIM card, others just rely >>>> on the configuration. If your femto supports a SIM card you can use a SIM >>>> card with a known Ki to connect it to your gateway (strongswan I assume). >>>> If however there is no SIM card support in the femtocell then you need >>>> to somehow re-provision the device - probably using a proprietary software >>>> and method. >>>> Sorry, this is probably bad news for you. >>>> >>>> Kind regards, >>>> Domi >>>> >>>> >>>> 2018. nov. 27. dátummal, 9:33 időpontban Alex < >>>> allexander.alex at gmail.com> írta: >>>> >>>> Hi to everyone! >>>> >>>> I'm a new member and I really appreciate the work done here! >>>> >>>> >>>> I'm trying to use Alcatel Femtocells (ALU 9361/9362/9363) with >>>> osmo-hnbgw, but I'm still blocked at the IPSEC tunnel step. >>>> >>>> I've created an IPSEC server with EAP support, but I suspect there is a >>>> problem with my self signed certificate. >>>> >>>> Probably the femtocell has an internal trusted CA which validates >>>> server certs. >>>> >>>> >>>> I din't find the console pins on the board also, so I cannot simply >>>> connect to it and have a look at the system level. >>>> >>>> >>>> Has anyone any experience with this kind of HW or just an idea about a >>>> possible work around? >>>> >>>> >>>> Thank you and best regards >>>> Alex >>>> >>>> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20181129/f472cd42/attachment.htm>