Hi all!
After what has become much more time than originally anticipated, I'm happy
to announce the first developer version of Osmocom SIMtrace:
http://bb.osmocom.org/trac/wiki/SIMtrace (project page)
git://git.osmocom.org/simtrace.git (host software + wireshark)
git://git.gnumonks.org/openpcd.git (firmware)
You can use it to passively sniff the smart card interface between SIM and
phone. It consists of some firmware for an AT91SAM7S USB-attached
microcontroller, together with a host PC program that receives the APDUs
from USB.
As none of my projects is complete without wireshark integration,
SIMtrace abuses the GSMTAP format to feed messages into wireshark. A
simplistic wireshark dissector for the GSM TS 11.11 APDUs is included,
and it is expected to become much more complete in the fuutre (USIM support,
parsing of file contents, etc.)
What can you use it for?
* Determine what is really going on between phone and sim
* Debugging of SIM Application Toolkit (SAT) programs
Why is it better than existing hardware like Season or the RebelSIM Scanner?
* We do proper auto-bauding and support PPS, i.e. you can automatically
see all communication on any SIM card interface
* We support all clock rates / dividers as per the ISO 7816-3 spec
Future plans:
* In addition to passive tracing, implement SIM-card side interface
in the hardware and have SIM/USIM simulator as host PC software.
* Build custom board for it, with 1.8V SIM support
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
Finally I have running Linux on Sciphone G2.
Code for U-Boot and Linux kernel can be found here:
http://git.osmocom.org/gitweb?p=uboot-mt623x.git;a=summaryhttp://git.osmocom.org/gitweb?p=linux-mt623x.git;a=summary
To run U-Boot in RAM you can use osmocon loader for MTK.
When U-Boot will start than you can load Linux kernel using serial
port (U-Boot commands: loadb or loady).
Default load address is set to 0x800000, so Linux kernel will be loaded there.
To start executing Linux kernel type in following command: bootm 0x800000
After this command Linux kernel will be relocated, uncompressed and executed.
After short time you should have working console in Linux.
For testing purposes I prepared binaries which you can load and check
that Linux works on your phone:
http://downloads.qi-hardware.com/people/marcin/g2_uboot.binhttp://downloads.qi-hardware.com/people/marcin/g2_uImage.bin
uImage binary has already ramfs image built in, so you don't need any
additional filesystem.
These binaries were also tested by Steve Markgraf and keytwo, so it
should work on most G2s.
Today I was also able to load files from MMC card in U-Boot, so
hopefully this functionality will be available very soon.
Next step will be running UBoot and Linux from NAND, to make
development more convenient.
Recently we discovered that Sciphone G2 phones are sold with different
memory configurations.
So far we identified 3 types of memories:
HY27XS08121M - 512Mb (64MB) NAND + 32MB RAM
(http://hynix.com/datasheet/pdf/flash/HY27US(08_16)12(1_2)B%20Series(Rev0.5)…)
HY27XA081G1M - 1Gb (128MB) NAND + 32MB RAM
(http://hynix.com/datasheet/eng/nand/details/small_11_HY27US081G1M.jsp?menu1…)
TC58NVG0S3AFT - 1Gb (128MB) NAND + 64MB RAM
(http://www.datasheetcatalog.com/datasheets_pdf/T/C/5/8/TC58NVG0S3AFT.shtml)
This has to be detected in osmocon loader and U-Boot. I write about it
so, you'll be aware of it.
When U-Boot starts it detects your memory configuration and shows you
how much NAND and RAM you have.
If it comes to status of work in progress, following drivers are under
development:
- NAND controller (U-Boot/Linux)
- SD/MMC controller (U-Boot/Linux)
- GPIO (Linux)
- LCD (U-Boot/Linux)
I saw that MT6140 (RF) is connected over I2C bus, so probably this
driver will be next on the list.
BR,
Marcin
Ok, first of all congratulation for this project...
Ok, I understood that it wouldn´t work as USRP.
But would it allow you to tune (or listen - sory don´t know the
tecnical term in english) an especific ARFCN and time slot ?
Hernani
> Hi Harald
>
> Thanks for clarifying this confusion. I bought a motorola C123 on ebay
> with RS232 data cable. When I arrive I'll try this fantastic software.
> Thank you very much for your work, this world needs more people like
> you
>
> On Sat, 6 Nov 2010 08:32:31 +0100, Harald Welte <laforge at gnumonks.org <https://lists.osmocom.org/mailman/listinfo/baseband-devel>>
> wrote:
>>* Hi Oscar,
*>>*
*>*> On Sat, Nov 06, 2010 at 03:02:37AM +0100, Oscar Soriano Riera wrote:
*>>*
*>>*> Its posible use
*>>*> OsmocomBB on C123 for do task as a USRP ? or similar scanner ?
*>>*
*>*> No, I think you have some conceptual misunderstanding about radio
*>*> technology in general.
*>>*
*>*> In your subject you ask if OsmocomBB can work as USRP:
*>*> This is wrong, as OsmocomBB is a protocol stack and radio driver, and
*>*> the USRP
*>*> is hardware. How can some software work as hardware?
*>>*
*>*> In the body of your mail you ask if the C123 can act as USRP:
*>*> No. The USRP is a wide-band software defined radio, and the
*>*> Calypso/Iota/Rita
*>*> design implements a more traditional narrow-band zero-if transceiver
*>*> with a DSP
*>*> in the baseband.
*>>*
*>*> Nevertheless, you can use both hardware design to receive and
*>*> transmit GSM
*>*> signals. But this is very far from what you ask by "one device
*>*> working like
*>*> the other"
*
Hi all,
I've been trying to join the party with my OpenMoko GTA02,
and I found that a few tweaks were required.
Patch 1/4 was required to get the romloader to start, otherwise
osmocon would only receive an occasional '\x00' character instead
of the ident_cmd. It works perfectly with the beacon interval
reduced to 13 mS, but I've made it configurable just in case other
targets don't like it.
Patches 2/4 and 3/4 are bugfixes for the calypso uart code. The LCR
register ended up being clobbered, and this rendered the uart on my
board silent.
Finally, I'm using the GTA02 AP as the "host", communicating via
the internal ttySAC0 UART. Patch 4/4 allowed me to cross-compile
osmocon & friends on my x86 box with the AP ARM as the target.
Now I can run,
./osmocon -m romload -p /dev/ttySAC0 -i 13 -d tr firmware/layer1.highram.bin
while toggling power via,
echo 0 >/sys/bus/platform/devices/neo1973-pm-gsm.0/power_on
echo 1 >/sys/bus/platform/devices/neo1973-pm-gsm.0/power_on
and get:
OSMOCOM Layer 1 (revision osmocon_v0.0.0-696-ge801cee-modified)
======================================================================
Device ID code: 0xb496
Device Version code: 0x0000
ARM ID code: 0xfff3
cDSP ID code: 0x0128
Die ID code: e4942219e4949b52
======================================================================
REG_DPLL=0x2413
CNTL_ARM_CLK=0xf0a1
CNTL_CLK=0xff91
CNTL_RST=0xfff3
CNTL_ARM_DIV=0xfff9
======================================================================
Cheers,
Alex
Alex Badea (4):
osmocon: make beacon interval configurable via cmdline
target uart: fix preservation of LCR
target uart: remove REG_OFFS() macro side-effect
toplevel Makefile: accept arguments for host ./configure calls
src/Makefile | 8 ++++----
src/host/osmocon/osmocon.c | 26 ++++++++++++++++----------
src/target/firmware/calypso/uart.c | 10 +++++-----
3 files changed, 25 insertions(+), 19 deletions(-)
Hi,
Harald Welte wrote:
> bluetooth or FM radio. The GSM RF transceiver is probably possible to
> reverse engineer from the test mode + 3wire protocol sniffing, but wifi e.g. is
> defnitely too complex to do a 100% reverse engineered driver for...
while looking through the component listing on Wolgang's wiki page I
recognized the MediaTek MT5921 WLan-chipset.
This should be the same (or at least similar) chip built into the german
Thalia/Bol/Buch.de Oyo ebook-reader (also released in France). The module is
called mt5921sta_spi.ko and claims to be released under the GPL but until now
no source release happened for any GPL component.
The module is also contained in the firmware of the Booq Avant released in
Spain (http://www.booqreaders.com/en/product_Avant) and possibly many more
ebook-readers as these models seem to share their basic design.
Heiko
Hello All,
I have a question regarding GSMTAP , If it is used for sending messages to
wireshark only or it has some other significant,
like communication between
L2 and L3 or communication with layer1, as the
uint8_t and uint16_t were widely used in source code
Kind regards,
Hello List,
Ii'm facing problem when i'l trying to run ./mobil application i'm getting below error.
if i need some USB or serial SIM reader, or should insert the sim in my MS itself thanks in advance for help.
=========
Failed to connect to '/tmp/osmocom_sap'. <<<<<<<<<
Failed during sap_open(), no SIM reader
<000e> sim.c:1206 init SIM client
<0005> gsm48_cc.c:61 init Call Control
<0001> gsm48_rr.c:4944 init Radio Ressource process
<0004> gsm48_mm.c:1220 init Mobility Management process
<0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM.
<0002> gsm322.c:3471 init PLMN process
<0003> gsm322.c:3472 init Cell Selection process
<0003> gsm322.c:3526 No stored BA list
Failed to parse the config file: '/etc/osmocom/osmocom.cfg'
Please check or create config file using: 'touch /etc/osmocom/osmocom.cfg' <<<<<<<<
What Is the solution for this how i can do this
==========
Regards,
Dev
Hi everyone from Spain
I have one question:
Its posible use
OsmocomBB on C123 for do task as a USRP ? or similar scanner ?
Thanks
for your BIG work ¡¡¡¡ congratulations
Hi All,
I now have a V171 phone and cable so I thought I might get started with
this.
I checked out the code and started make. Osmocon built with no problem, but
I got this error next:
cd shared/libosmocore/build-target && ../configure \
--host=arm-elf-linux --disable-vty
--enable-panic-infloop \
--disable-shared --disable-talloc --disable-tests \
CC="arm-elf-gcc" CFLAGS="-Os -ffunction-sections
-I../../../../target/firmware/include"
configure: WARNING: if you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used
checking for a BSD-compatible install... /bin/install -c
checking whether build environment is sane... yes
checking for arm-elf-linux-strip... no
checking for strip... strip
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make sets $(MAKE)... (cached) yes
checking for arm-elf-linux-gcc... arm-elf-gcc
checking whether the C compiler works... no
configure: error: in
`/mnt/site/osmocom-bb/src/shared/libosmocore/build-target':
configure: error: C compiler cannot create executables
See `config.log' for more details
make: *** [shared/libosmocore/build-target/Makefile] Error 77
Checking config.log I can see it chokes here:
/usr/bin/arm-elf-ld: this linker was not configured to use sysroots
collect2: ld returned 1 exit status
I am running Arch Linux and have the packages cross-arm-elf-binutils
and cross-arm-elf-gcc-base installed. Does anyone have any suggestions to
fix this?
Thanks!
:D Yup the timers too. That's why I would like to keep that piece of code as it is and move only the serial port handling elsewhere (a different thread I)
--- On Thu, 10/21/10, Holger Hans Peter Freyther <holger(a)freyther.de> wrote:
From: Holger Hans Peter Freyther <holger(a)freyther.de>
Subject: Re: osmocom on windows
To: baseband-devel(a)lists.osmocom.org
Date: Thursday, October 21, 2010, 8:09 PM
On 10/21/2010 07:00 PM, eisencah eisenach wrote:
> Here's another one. Regarding the select mechanism (the one in select.c).
> Other then the serial port and sockets is anything else registered there?
> Cause I
would like to keep sockets for communication after all (but the select
> function will not work on windows for serial ports handles). So I would use a
> different mechanism only for serial port scheduling.
> Cheers,
> Mihai.
well.. we handle the timers with it too.
