Hi,
I've hacked something together to quickly test non-combined CCCH.
However, I've hit a problem when trying to receive anything on another
timeslot than 0.
The TX side seems to work fine as the BTS can see my location update
request and answers with a reject, but on the MS side, I never see the
reject and wireshark only shows invalid incohrent data on the RX.
The frames for SDCCH/8 show really nothing valid (looks like random
bytes), things like
09 80 7f 47 49 06 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
09 00 47 d5 2d 06 1e 00 00 69 7c a0 91 3d 22 ff ab fe 6c 4f 56 4f 36
...
while the frames for the associated SAACH show at least something gsm-like :
03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
but that's not quite a SI5/6 ...
To RX/TX on TS=1, I just delayed the RX/TX window by 625 bits (4 *
156.25) when I'm in dedicated channel mode by chaning the 'start' in
l1s_tx_win_ctrl / l1s_rx_win_ctrl
Is there something else that should be done ?
Cheers,
Sylvain
Hi!
Recently we've had the idea of using OsmocomBB with a simple firmware
that synchronizes to an existing GSM networks FCCH and use the resulting
13MHz clock to drive the USRP for airprobe or OpenBTS.
Ideally, we would even use the Calypso-internal PLL (for ARM or DSP) to
multiply it up to the required 52 MHz. However, neither the Openmoko
nor the Compal/Motorola phones expose any of the 3 clock output pads :(
So the only choice is to use something along the lines of the
http://focus.ti.com/docs/prod/folders/print/cdcvf25084.html
as a quad clock multiplier and attach it to the CLK13OUT signal of the
phone.
The chip is available for 9 USD in single quantities at digikey, and
possibly cheaper at other sources. Combined with a sub-20EUR phone it
might be a very cheap but still accurate frequency source for OpenBTS -
at least as long as there are any commercial gsm networks available.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi guys,
I dunno if that is the right place for my concern about building the
osmocomBB source. Here is what I already have done:
- downloading the sources for osmocomBB and GNU toolchain for ARM,
- setting the PATH for the arm-elf-* executables,
- calling make in the src directory.
Now, this appears as response of the make command in the terminal:
cd shared/libosmocore/build-host && ../configure
configure: error: cannot find install-sh, install.sh, or shtool in ".."
"../.." "../../.."
make: *** [shared/libosmocore/build-host/Makefile] Error 1.
If you need details about my system, you can look at the following
snippet from the config.log file:
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by libosmocore configure UNKNOWN, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ ../configure
## --------- ##
## Platform. ##
## --------- ##
hostname = ubuntu-stefan
uname -m = x86_64
uname -r = 2.6.32-24-generic
uname -s = Linux
uname -v = #41-Ubuntu SMP Thu Aug 19 01:38:40 UTC 2010
/usr/bin/uname -p = unknown
/bin/uname -X = unknown
/bin/arch = unknown
/usr/bin/arch -k = unknown
/usr/convex/getsysinfo = unknown
/usr/bin/hostinfo = unknown
/bin/machine = unknown
/usr/bin/oslevel = unknown
/bin/universe = unknown
PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /sbin
PATH: /bin
PATH: /usr/games
PATH: /home/stefan/osmocomBB/gnuarm-4.0.2/bin
## ----------- ##
## Core tests. ##
## ----------- ##
configure:2032: error: cannot find install-sh, install.sh, or shtool in
".." "../.." "../../..".
So, I would be very glad, if someone could give me a hint to solve the
problem. Thank you in advance.
Regards,
begy
On 06/08/2010 09:41 PM, Huseyin Turan wrote:
> root@name1-desktop:/home/name1/osmocom/gnuarm-4.0.2/bin# ls -l arm-elf-gcc
> -rwxrwxrwx 1 name1 name1 112344 2006-02-17 23:59 arm-elf-gcc
> root@name1-desktop:/home/name1/osmocom/gnuarm-4.0.2/bin# ./arm-elf-gcc
> bash: ./arm-elf-gcc: cannot execute binary file
> root@name1-desktop:/home/name1/osmocom/gnuarm-4.0.2/bin# uname -a
> Linux name1-desktop 2.6.28-19-generic #61-Ubuntu SMP Wed May 26 23:35:15
> UTC 2010 i686 GNU/Linux
>
please try b.) again (you miss the file part) and also please reply to
the mailinglist.
Hi All,
I now have a V171 phone and cable so I thought I might get started with
this.
I checked out the code and started make. Osmocon built with no problem, but
I got this error next:
cd shared/libosmocore/build-target && ../configure \
--host=arm-elf-linux --disable-vty
--enable-panic-infloop \
--disable-shared --disable-talloc --disable-tests \
CC="arm-elf-gcc" CFLAGS="-Os -ffunction-sections
-I../../../../target/firmware/include"
configure: WARNING: if you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used
checking for a BSD-compatible install... /bin/install -c
checking whether build environment is sane... yes
checking for arm-elf-linux-strip... no
checking for strip... strip
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make sets $(MAKE)... (cached) yes
checking for arm-elf-linux-gcc... arm-elf-gcc
checking whether the C compiler works... no
configure: error: in
`/mnt/site/osmocom-bb/src/shared/libosmocore/build-target':
configure: error: C compiler cannot create executables
See `config.log' for more details
make: *** [shared/libosmocore/build-target/Makefile] Error 77
Checking config.log I can see it chokes here:
/usr/bin/arm-elf-ld: this linker was not configured to use sysroots
collect2: ld returned 1 exit status
I am running Arch Linux and have the packages cross-arm-elf-binutils
and cross-arm-elf-gcc-base installed. Does anyone have any suggestions to
fix this?
Thanks!
hi,
as you can see in the git log, i checked in the "ASSIGNMENT COMMAND"
processing. it modifies timeslot, subslot, and hopping sequence. this is
required when the network assigns an SDCCH before the actual TCH is
allocated: after receiving the "ASSIGNMENT COMMAND", the layer2 is
release locally (without sending anything), the dedicated mode is
released and established with a new parameters (e.g. TCH/F), and the
layer2 is established again, finally the "ASSIGNMENT COMPLETE" is sent
to the network. this process is incomplete, but it should work in most
cases. (no "starting time" processing).
in my local copy of the git, i already completed the assignment process.
additionally "FREQUENCY REDEFINITION" is completed, "IMMEDIATE
ASSIGNMENT" supports "starting time", MDL-error processing is added, and
"HANDOVER COMMAND" parsing is done. the handover process is not
completed, because it depends on unimplemented layer1 features, like
RX-only channels or "4 successive HANDOVER ACCESS bursts on DCCH".
except the handover process, the RR protocol for basic phone calls is
complete now.
before i can check it in, it depends on two things. first, there are
additional messages to be defined in osmocore:
"[osmocore] Adding handover and frequency redefiniton message headers"
http://home.eversberg.eu/osmocore.patch
second, it depends on "starting time" support for layer1:
http://home.eversberg.eu/modify.patch
it adds a L1CTL message to store modified frequency allocations (ma,
ma_len, HSN, MAIO, TSC) for hopping and a "starting time". this starting
time is the frame number at which the modified frequencies are used. if
the frame number lies in the past, the new modified frequencies are used
after the L1CTL message is received.
sylvain already noted, that the event of "starting time" should be
triggered by the scheduler. since i don't know how the scheduler exactly
works, i would ask someone to change my patch. note that the dedicated
mode can be released before the "starting time" elapses.
as soon as both things above are in the master branch, i will commit my
latest work on RR.
regards,
andreas
Hello Sebastien,
On Mon, 30 Aug 2010 07:27:19 +0200, "=?UTF-8?Q?S=C3=A9bastien_Lorquet?=" <squalyl(a)gmail.com> wrote:
>
> For example, i don't remember what does a SIM says when it has to reply
> data, but javacards reply 61XX and not something that starts with 9YXX.
For GSM its 9Fxx (GSM11.11, 9.4. contains a list of all status codes).
Not sure if this trace here is usefull (at the same site there is also
one for an USIM):
http://www.wrankl.de/UThings/SIM-ME-Communication.pdf
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
Hello Andreas,
On Sun, 29 Aug 2010 13:29:06 +0200, "Andreas.Eversberg" <Andreas.Eversberg(a)versatel.de> wrote:
>
> - add crpyto-key request to layer 1 and l1-l2 interface (dieter ?)
I can take care of Encryption support in Layer-1. However I will
probably not find time for it before next weekend.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
hi,
i committed the SIM client process for layer23. it turns reading and
writing jobs (from and to SIM files) into APDUs. because the SIM reader
is not yet finished, it cannot be tested yet.
after attaching the SIM card, a process in mobile/subscriber.c will
request all required files form that card before starting the network
selection process. (untested, as noted above)
the mobility management is now cleaned up: TODO comments in the source
code are replaced by SIM update commands to the SIM client.
in order to make mobile application work with public networks, we need
to perform the following steps:
- finish the SIM reader and interface in layer 1
- add BTSAP interface to layer23
- add measurement reports to both TCH and SDCCH4/8 (*)
- send updates for measurement report from layer23 via l23 api of layer
1
- add crpyto-key request to layer 1 and l1-l2 interface (dieter ?)
* tests showed that the measurement report on SDCCH4/8 is requred. if
not sent, the network releases a call (cleanly) after the mobile stays
for a some seconds on an SDCCH4/8 (probably waiting for measurements,
before completing the call). sending some dummy measurements completed
the call successfully.
beside that, the following issues need to be solved soon, in order to
make the layer 1 firmware usable and stable:
- additional structures for the libosmocore, see
http://home.eversberg.eu/osmocore.patch
<http://home.eversberg.eu/osmocore.patch>
- freeze of layer 1 after about 40-60 data messages, see
http://home.eversberg.eu/data.patch
<http://home.eversberg.eu/data.patch> for testing. after a few location
updates firmware freezes. (the location update will fail, because the
patch disturbs location updating process, but the bug show up.)
- syncing problem
- clock drifts away after sync
- subchannels 4..8 of SDCCH/8
and maybe
- tch mode l1ctl message to select signalling only / speech codec of
TCH/F / TCH/H. (including bearer capability processing in layer23)
regards,
andreas
Hi!
It's about time that we find some kind of graphical project logo for the
Osmocom project.
Osmocom is intended as an umbrella project for software like OpenBSC, OsmoSGSN,
OsmocomBB and others.
So it might even be interesting to have some kind of 'family' of logos that
all have the same general theme.... At least the bigger projects like OpenBSC
and OsmocomBB definitely deserve their own incarnation within that family.
If you want to contribute to our project but are not a die-hard C developer,
this is your option to contribute!
The logo must be under a license that permits use+modification for the
Osmocom project itself. Editability for the general public is not important.
With regard to formats, I would prefer something as SVG that we can then
render into pngs of various sizes whenever there is demand for it.
If you have a proposal, simply send it (or a link to a URL) to the
openbsc(a)lists.gnumonks.org mailing list.
Thanks in advance for any submissions!
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
hi,
i am current writing the sim client for layer23. this client transforms
the read and update requests from layer 3 (imsi read, location update)
into several APDUs to be transferred via BTSAP interface. (interface to
layer 1) here are two questions:
how do i interface to this BTSAP? i see that there is another unix
socket for that. do i need to expand main.c of layer23?
i think that i cannot just start sending APDUs after starting layer23.
there might be something like an initialization sequence before:
- power on
- reset
- get atr
- ...
- send APDU
- receive APDU
- ...
is there a defined sequence or flow chart for that?
regards,
andreas
hi sebastien,
thanx for you advice. i will have job names like SIM_JOB_READ, SIM_JOB_UPDATE, SIM_JOB_GSMALGO,... i am a bit unsure about the path array. i always thought that each EF has a unique ID. the DF where it is located, can be determined by the first byte of the EF ID. but if it is possible to have a sim with multiple DFgsm, then a path is required of course.
for PIN handling, i will use result codes that gives cause of an error. if a PIN is required (to read the IMSI for example), the error code would show that. then the sim reading process prompts for PIN. the SIM can be unlocked ("enabled") by a message like SIM_JOB_ENABLE_CHV1.
outgoing data (UPDATE) is located behind the header. incomming data is also located behind the header when the job returns (callback fn is called). but the READ job must be triggered.
when my code must deal with record types, i will expand the header. i will create the API step by step.
regards
andreas
hi,
i like to write the sim client protocol. i do not mean the code of the
"sim reader" which is part of layer1 inside the phone. before i start, i
would like to know what you think about my api idea. the api is not the
low-level api between layer1 and the mobile application (APDU layer). it
describes a higher layer for application or protocol processes which
need to request IMSI, do key generation, or store location area
information.
one important thing is that different processes must be able request
"read", "write", or other operations like key generation simultaniously.
in order to handle multiple requests after each other, a queue inside
sim client must exist. afterwar processing each request, the result must
be sent only to the requesting process (if it still exists). a state
machine watches over the current DF (current selected file area of the
sim) and changes current "DF" if required, before processing read or
write job. also it triggers the next job in the queue, if finished with
the current one.
int handle = sim_open(void (*cb)(...))
will add a new user instance. cb is the function to be called for
response, handle is a unique id of the process (not a memory pointer,
unique at all times after starting phone).
void sim_job(struct msgb *msg)
struct sim_job_hdr {
int handle;
uint8_t job_type;
uint16_t file;
};
will add a new job. the type defines the job type. examples are "READ"
"WRITE" or "GSMKEY" requests. the handle is used to assign the
read/write job to an instance. the file is used to select the correct
data file of the sim. the data and len represent the data to be written.
void cb(struct msgb *msg)
is called back by the sim client when job is done. the handle is given,
so multiple user instances may use the same callback.
void sim_close(int handle)
will remove user instance. outstanding jobs will finish, but no result
is given, because cb is now unregistered.
the coding and decoding of SIM files must be done by the application or
protocol layer that use the sim client.
andreas
hi,
me and maybe some of you experiences sudden freeze of the layer1 firmware. it happens sometimes when sending L1CTL_DATA_REQ from layer2 to layer1. i found a way to reproduce it. see http://home.eversberg.eu/data.patch for testing it. just apply this patch and uncomment the "´#define" line.
this patch will transmit idle frames, if there is no frame in the tx-queue of lapdm. (DCCH) even if there is a frame to be sent, the lapdm process will wait until the data is confirmed by layer1 until sendig the next frame. this confirm is sent when the data has been transmitted by layer1 (i think). this is why the queue inside layer1 cannot overflow.
this patch does not work correctly somehow. when sending the idle frame, the location update seems not to work. the lapdm fails. but this doesn't matter for the crash-test. until then, more than 20 frames are transmitted. if the mobile application is restarted, more frames will be transmitted. between 45 and 60 frames later the layer1 freezes. the display gets a little darker also.
andreas
Hello,
here is some information about the current status of traffic
channel support in Layer-1:
- first of all its not yet complete and considered "alpha"
because there are some stability problems which have to
be solved and some further enhancments for a more general
approach are needed.
- What works: Signalling (FACCH/SACCH) for a Full Rate Traffic
channel and voice (Full Rate or Enhanced Full Rate Codec).
- TODO: The Layer-1 API has to be extended to allow switching
the channel mode (e.g. Signalling only) or the Voice Codec.
Also turning the audio path on and off is needed.
- TODO: The Rx/Tx TPU Window has been modified to support Rx and Tx
operation in the same frame. This always happens for a Traffic
Channel but can sometimes also happen for other channels. For
those cases its necessary that the Tx TPU Window is set
differently. Some sort of state information that Rx is happening
in the same frame has to be implemented, this currently only
works for traffic channels.
If you want to try it out you have to use the "dieter/tch_f" branch
for Layer-1 and the Master branch for Layer-23 from Andreas (really
great work, Andreas).
With this combination you can use it with OpenBSC. Some minor
adjustment is needed: The Layer-1 code currently sets the voice
Codec to "Full Rate", however OpenBSC expects "Enhanced Full Rate"
You either have to modify OpenBSC to set "Full Rate" or change
"TCH_FS_MODE" to "TCH_EFR_MODE" in "layer1/prim_rx_nb.c", there
is only one line which has to be changed.
What you can do now is a MOC/MTC between OsmocomBB and another
phone. Sometimes it can happen that the firmware hangs, you have
to restart the phone in this case. However if you have a connected
call, its working pretty good (one of the test calls was over 20
minutes).
Maybe Andreas can give a short introduction how to use Layer-23
for this, I am not sure if there is some information in the Wiki
yet.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
Hi!
I've been offered a 'developer room' at FrOSCon 2010 (http://www.froscon.de/)
which will be at FH Bonn-Rhein-Sieg (http://www.fh-brs.de/) in Sankt Augustin
from August 21/22 this year.
Before sending a response, I would like to inquire whom of you would actually
have any intention of visiting this conference and spending time in the
developer room to work on OpenBSC or OsmocomBB ?
I think the idea is great to meet some of you guys [again], not only at the
annual CCC congress in winter. But there is little point for me to go there if
there is no interest from the wider project community.
Please provide your feedback ASAP.
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
On 02.08.2010 14:36, Sylvain Munaut wrote:
> A nice typo with just 'osmocom' and a free space to put the suffix
> ('bb' 'sgsn' ...) either in another typo or just using the bold face
> and then just some _discrete_ graphical element added to the typo ...
>
> But IMHO certainly not some complex graphical only element.
Ack, that's what I'd suggest as well, something clean and simple.
So here's my RFC:
I've taken the wireless symbol Kevin posted, and added a lettering.
The font used is "Yanone Kaffeesatz" [1], which is licensed under the
Open Font License.
I attached osmocom_inkscape.svg, for which you need to have the font
installed, and can then play around and edit the text, and a
"object-to-path" converted osmocom_paths.svg, which is just a plain
vector graphic.
If anyone has an idea how to decently make the difference between
osmocomBB and BSC more clear, or even has a completely different idea,
let us hear/see them :)
Regards,
Steve
[1] http://www.yanone.de/typedesign/kaffeesatz/
Hello Peter,
>Please reconsider this position. "once finished" is way too late to
be useful, unless you plan on creating a product that you will sell.
If you want cooperation and feedback from the community then I rather
strongly suggest sharing source code immediately when you start the
>work.
Thanks you for your concerns,
But as i have clearly mentioned that i have implemented Frequency Hoping,
on DATA communication device ( telemetry on ISM Band) and Hardware Platform ,communication schemes , protocols and modulation technique were very different, so source can't be integrated with OsmocomBB at this stage , even patching also not that easy i estimated, and most difficult thing is i have very limited knowledge of G.S.M , my mostly time is consuming to study specifications .. Ohh, very lengthy subject.. anyways , I'm trying to deploy for cyclic FH first , choosing right algorithm. i have no problem or commercial value for sharing my work with great people , but it at least relevant and use full to this project.
I'm neither developing any equipment not planning to sell it.. MatLab is simulation platform and codes cant be implemented in real-time or live environment, also it support TI DSP's long range. so we can debug change to C header after wards.
Kind regards,
Dev
--- On Sun, 8/1/10, baseband-devel-request(a)lists.osmocom.org <baseband-devel-request(a)lists.osmocom.org> wrote:
From: baseband-devel-request(a)lists.osmocom.org <baseband-devel-request(a)lists.osmocom.org>
Subject: baseband-devel Digest, Vol 7, Issue 1
To: baseband-devel(a)lists.osmocom.org
Date: Sunday, August 1, 2010, 10:00 AM
Send baseband-devel mailing list submissions to
baseband-devel(a)lists.osmocom.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.osmocom.org/mailman/listinfo/baseband-devel
or, via email, send a message with subject or body 'help' to
baseband-devel-request(a)lists.osmocom.org
You can reach the person managing the list at
baseband-devel-owner(a)lists.osmocom.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of baseband-devel digest..."
Today's Topics:
1. OsmocomBB, Problem , prospects discussed.. with Mr. Spaar..
(Dev Purohit)
2. Re: OsmocomBB, Problem , prospects discussed.. with Mr.
Spaar.. (Dieter Spaar)
3. Re: OsmocomBB, Problem , prospects discussed.. with Mr.
Spaar.. (Peter Stuge)
_______________________________________________
baseband-devel mailing list
baseband-devel(a)lists.osmocom.org
https://lists.osmocom.org/mailman/listinfo/baseband-devel
Hi!
We now have a planet (RSS feed aggregator) for the Osmcoom project,
it's running at http://planet.osmocom.org/
Please let me know if you think I should add any feeds to it. There is
no strict requirement for contributions to the Osmocom project, but
it should be technical and related to protocols / hacking / development
of mobile telephony systems.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
>Do you already have experience with Osmocom and tried it
>with a phone ?
No i haven't , tried Osmocom with a phone yet, i have C139 and C117 available, once i tried but it reach up to downloading finish (of binary in firmware folder). after that it keeps in that state for quite some time and shows download NACK after wards, something went wrong , then operation aborted. i tried many times with it. As i don't have much experience with HDLC or serial communication to UART, some binary files even do not download completely and receive FMTOOL abort.. while downloading
I'm using prolific USB serial DATA cable ( seems very noisy) but no choice as my notebook doesn't have a serial port :-( I'm thinking to assemble new PC though.
I need you kind suggestions in this regard.
>What exactly do you want to do ? Only receive voice traffic ?
>You want to switch to an ARFCN and timelslot and listen to
>the voice traffic ? Of course this only works if the channel
>is not encrypted or you have Kc for decryption.
Yet again if i'm able to run the code and even able to interact using L2/3 or osmoload with phone i don't know how to use phones analogue BaseBand ( ADC) and download the fetched raw data after ( (of desired ARFCN n TS) to host PC and save it in *.cfile format or MatLab( simulink) supported format , if i'm able to do up to this extent i'm pretty sure i can convert it into Voice as i'm reasonably sound with MatLab...
Of course , the TCH/F should be without encryption, but i will create a interface in MatLab codes to supply Kc , if available, for future use. ( for digital BB processing )
>What about frequency hopping ? Without knowing the hopping
> sequence its not possible to follow a hopping channel.
Though i'm not die -hard with C or C++ , but rather fine.
have previous understanding for implementing frequency hopping in ISM band,
have seen protocol analysis using wireshark we can can easily extract hopping
sequence and and chase it , big problem is not to tune PLL synthesizer, but Time slot. and collecting the buffered data for processing , for this i have clear vision, i will share my source codes with you once finish my work.