Hello Sylvain,
On Wed, 24 Feb 2010 00:06:54 +0100, "Sylvain Munaut" <246tnt(a)gmail.com> wrote:
>
> Since the beginning, I'm wondering if it would be possible to turn one
> of those cheap phone into a BTS. I'm n ot talking a full featured BTS
> and the mod will involve hardwares changes obviously.
> The more I look at it and the more I think it might work. No, I'm not
> crazy, please bear with me until the end of this post :)
No, you are not crazy, to be true I thought about it for a while too ;-)
It all depends on what you want to do. Just transmitting a C0 so that
other phones nearby would recognize the new BTS should be rather easy.
You can synhronize on an offical network to adjust the clock, the clock
should be stable enough for a while so that other phones can detect the
new BTS. There should also be no severe limitations from any filter
when transmitting. You are probably out of the specification for the
transceiver and maybe the power amplifier but the power should still be
good enough to cover an area large enough for experiments. Transmitting
the required SBs and FBs should not be too difficult, the DSP cannot
generate them, however its rather easy to programm the ABB with the
raw bits of a burst.
Receiving is more difficult. The filters will influence the signal
quite a lot, however it should be still possible to receive strong
signals without the requirement for a hardware modification. I
already did a few experiments to find out how far the transceiver
could be tuned out of range, for GSM-900 I was able to detect the
frequency bursts of a 840 Mhz signal with about 40 dBm less strength
than receiving a similar signal inside the GSM-900 band. 840 Mhz
would be more than enough for receiving uplink signals in GSM-900.
I did not yet tried it for the transmitter, however I expect that
it can be used to transmit downlink frequencies too.
Just as an example for the influence of the filter: The Openmoko
Freerunner uses a Calypso based Tri-Band GSM modem, its available
for GSM-900 or GSM-850, the difference is mainly a different filter
in the RX path. However you can still use the GSM-850 variant with
GSM-900 if you are close enough to the BTS.
One real problem for the "phone as a BTS" idea is the detection
of the RACH bursts. You most certainly cannot use the DSP "as is"
for this task because it does not know about the special RACH burst.
It would probably require some modification (patches) to the DSP if
you want to detect and handle them.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
Hi,
Since the beginning, I'm wondering if it would be possible to turn one
of those cheap phone into a BTS. I'm n ot talking a full featured BTS
and the mod will involve hardwares changes obviously.
The more I look at it and the more I think it might work. No, I'm not
crazy, please bear with me until the end of this post :)
So, what are the obstacles (taking the C118 as an example):
* RX filters :
Obviously you would need to remove one and replace it with one for the
good band. I would only replace one of them so that you can use the
900 band for BTS and the 1800 band for MS for example (so that you can
still listen to a official bts and calibrate the clock).
* RX/TX switch
Those have ports that have frequency bands ... but .. do they really
filter that much ?
* MS can't TX/RX simultaneously.
I think you can take advantage of the fact. Imagine that you only ever
allocate channels on TS0,1 & 2. ( BCCH+SDCCH/4 + 2*TCH/F ), you could
divide your time like this :
TS0 - Capture FCCH of a nearby station to calibrate local vcxo
TS1 - Our BTS TS0 TX
TS2 - Our BTS TS1 TX
TS3 - Our BTS TS2 TX
TS4 - Our BTS TS0 RX
TS5 - Our BTS TS1 RX
TS6 - Our BTS TS2 RX
TS7 - nothing ...
But this can still be a battery powered handheld BTS :)
Sylvain
Hi!
I've done a day of bugfixing today, mostly regarding the timing and
sequencing of the TPU window during receive (and transmit).
The biggest new feature is the #define TPU_DEBUG which will transfer the
content of the TPU RAM to the host PC every time tpu_enable(1) is called.
There's a TPU debugger (tpu_debug.c) as part of osmocon which receives,
decodes and prints the TPU instructions. This way you can clearly see
the exact sequence (and timing) of the commands that are executed by
the TPU.
What turned out to be the major problem that I was hunting most of the
day: Whe first did the downlink calibration (BLDCAL), then waited for
a specific time, and then enabled the downlink path (BDLENA).
This worked fine so far. I then added code to disable the TRF6151 after
the downlink path is closed (twl3025_downlink(0)). Suddenly not a single
burst was received anymore.
Now the sequence of events seems correct, at least in the little testing
I did.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
hi there,
my name is andreas eversberg. i worked for the mISDN and openbsc project
before. after joining the openbsc project, i mainly worked on the call
control protocol and the application interface, as well as E1 kernel
driver improvements for openbsc. i expanded my linux-call-router
application to be able to link with openbsc, so both become a mobile
network, as used on the 26c3.
i like to put my experience into the osmocomBB project. therfore i
started working on the layer 3 "call control" (network layer, mobile
side) already. (TS 04.08) the application interface is almost identical,
so osmocomBB can be used with linux-call-router also. the next goal is
to implement "radio ressource" protocol and "mobility management"
protocol (real state machine), and i hope to get help with that. all
three protocols are required to do voice calls.
my motivations for joining the project are at the moment:
- having a cool (graphical) network monitor
- backup line for PBX, PBX in a car.
- attaching (virtual) test SIM via phone's menu
- changing IMEI via phone's menu
i hope this project make as much phun as openbsc.
andreas
On Sun, Feb 21, 2010 at 06:03:08PM +0100, Sylvain Munaut wrote:
> > I will think about how to solve this. Either we introduce some busy-waiting
> > until more space is available, or I will try to fill existing buffers even
> > beyond the end-of-line.
>
> I've seen the commit to fill up the msgb more. But this exposed
> another bug in msgb I think.
> The headroom allocation doesn't work AFAICT. In msgb.h there is :
>
> static inline int msgb_tailroom(const struct msgb *msgb)
> {
> return (msgb->data + msgb->data_len) - msgb->tail;
> }
you are right, it should be msgb->head + msgb->data_len, I've fixed
that now.
I've also changed to busy-wait until we have msgb's available again.
dsp_dump and hello_world as well as l1test seem to work again now.
It's all still a big hack and later we need to determine if we're called
from a context that supports busy-waiting at all.
Imagine this code being executed from the FIQ context, while new memory
will always only be available from IRQ context (UART Tx FIFO interrupt):
We will deadlock.
Cheers,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
I'm new at this project and I've no experience to program a complete SIM
card. But I've experience to implement the ISO-7816 standard on a
ARM-Cortex-M3, so that you have a SIM-interface (SIM emulation) between
the PC an the Mobile equipment.
However, if I can help I'll be pleased to hear from you.
cheers,
Carsten
Hi!
I read few pages at http://bb.osmocom.org but didnt find
answer for some little questions.
What this code is based on? Is this a port of some rtos to calypso?
--
wbr, Ilya
ICQ: none, Jabber: ilya.muromec(a)jabber.ru
Hi,
I've noticed that hello_world and compal_dsp_dump now crash pretty
early. I've traced it down to talloc_zero panicing by running out of
free msgb. Augmenting the number to 64 makes the software go a little
further but they still crash in the end.
I'm hoping that the person who wrote this part will see an obvious
place where the problem lies :)
Sylvain
Hi all,
congrats for your awesome research and work, this is truly impressive.
The little ant that I am (compared to you) was interested in helping you
with the SIM aspects of the project. I think I know javacard sufficiently to
implement a basic sim card that can be totally controlled. I already started
to think on how to do that. This will include making host side tools, too.
If javacard is not open enough, we can also look at native cards using PIC,
for example. In our previous discussions, the main problem was the
availability of SIM sized cards, be them javacards or not.
pros and cons
- javacard is an industry standard, coupled with GlobalPlatform specs this
is a portable way to put an application on a card without being locked with
a card manufacturer.
- native PIC cards benefit from a lot of open tools such as the gp* PIC
tools, asm, sdcc for compiler and gpsim for simulation.
- some projects exists already, I don't know them well, maybe they can be
used, forked, improved.
- availability must be checked.
I'd like to request precisions on how the things should be done, what are
the minimal requirements (files, etc) and when the openSim project will be
needed regarding to your progress.
Regards
Sebastien
Hi,
I'm wondering if it's ok or not to put links (and only links
obviously) to schematics of GSM in the Wiki ?
IANAL so I'm not sure exactly what the situation is ... and I'd rather
ask before I start adding too much of them :)
Cheers,
Sylvain
