baseband-devel January 2011

baseband-devel@lists.osmocom.org

71 participants
98 discussions

Sniff Code..shown @chao conf.. CCC
by Marten Christophe 23 Jan '11

23 Jan '11

Hello All, Pls help me, any one who can Kindly give me code or even binary file for sniff code which Sylvain demonstrated in chao meeting, it will solve my purpose, i can See, in video he made the same interface to tune to a ARFCN, TS , and hopping sequence as i requested a long time back to mailling list It will be great help for poor students. my project don't required any a5 creaking so it wont be used as unlawful means. so far i have arranged 12 USRP1 to run openBTS. I just wanted to do the same, which Sylvain have done in video @ chao presentation, except cracking the encryption as i will configure openBTS as a5/0 coz it’s education transmission not necessary to encrypt kindly do me a favour in shake of charity. Pls reply to my query pls help me in the shake of poor students. I promise will keep that code secret and will not disclose to any one else. or pls advise me how i can modify existing code up to that level. Kindly reply on my request , can you pls provide me Sniff software? it will help me allot, my NGO can deploy a pilot project at least Kind Regards,

4 3

Non Standard Baud Rates?
by MATTHEW EVANS 22 Jan '11

22 Jan '11

Hi, I'm trying to get the burst_ind branch working at the higher speed baud rates. I have a USB to Serial FTDI Cable (FT232R) plus the T191. This setup works fine with the main trunk of osmocombb. When I fire up osmocon, layer1 appears to download to the phone and runs successfully. Osmocon then logs 'Received DOWNLOAD ACK from phone, your code is running now!'. The phone has layer1.bin displayed as usual. However it goes no further and just hangs. Could anyone please give any advice on what to try next? Thanks, Matt.

2 1

Why my phone can't attach the network?
by xuchenyu 22 Jan '11

22 Jan '11

Thanks to Tomas and ton, I can run osmocombb on the phone. But the phone can't attach the network, can't make a call, can't recognise the SIM card. I found that this was no BCCH received in wireshark. And when I type some command via telnet localhost, it always output "Command incomplete" Anybody can give me some solution? Thanks! -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Why-my-phone-can-t-attach-the-ne… Sent from the baseband-devel mailing list archive at Nabble.com.

2 1

Re:radio is not started
by Bogdan Alecu 21 Jan '11

21 Jan '11

I guess you have the default configuration: "No Mobile Station defined, creating: MS '1'" After you start "mobile" application, select "enable" and then "write". This will write your configuration to /etc/osmocom/osmocom.cfg After that edit this file and set from no sim to sim reader. Restart the mobile application and it should work.

2 3

Motorola usb cable
by Dario Lombardo 21 Jan '11

21 Jan '11

Hello everydoby I have Motorola-branded prolific usb cable. This cable, once inserted in a port, claims to be a 0307 chipset adapter, and Linux kernel doesn't recognize it: not working. Someone told me that Motorola has changed the label in those cables that claim to be 0307, but they are pl2303. Does anyone have one of these cables working? I've tried many ways, including udev, to make it work, but no success. My next step is to recompile the kernel module, but I was wondering if someone has solved it in another way. Bye Dario.

3 4

Pirelli DP-L10 support, steve-m/testing branch
by Steve Markgraf 20 Jan '11

20 Jan '11

Hi all, last weekend I have grinded down a DP-L10 pcb and traced the TSPACT wiring of this board. I've added support for this phone, along with a few other changes in my branch steve-m/testing. Changes include: * Add support for Pirelli DP-L10 * Add TX support for the gta0x devices * separate board images for the Compal E86 (Motorola C139/C140) (display/keypad backlight now works by default) If anyone wants to test those changes (especially the freerunner TX support, since I have no freerunner), please feel free to do so. I tested the other changes and didn't find any regressions, so if no one else does, we can merge it to master soon. One thing I noticed during testing: The C139/C140 seem to have a different SYSTEM_INHERENT_GAIN, I compared the RX levels of several C118/C123/C155 with several C139/C140, and the reported rx level was always at around 18-20dBm worse than with the C123. Regards, Steve

1 1

radio is not started
by Muhammad Rasyid Sahputra 20 Jan '11

20 Jan '11

Hi, I tried to follow instruction on SIM Reader wiki, but seems I got different result. OsmocomBB> enable OsmocomBB# sim reader 1 OsmocomBB# show subscriber Mobile Subscriber of MS '1': IMSI: Status: U2_NOT_UPDATED IMSI detached LAI: invalid Access barred cells: no Access classes: OsmocomBB# show support Supported features of MS '1': Phase 2 mobile station R-GSM : yes E-GSM : yes P-GSM : yes GSM900 Class: 4 DCS 1800 : yes DCS Class : 1 CECS : no VGCS : no VBS : no SMS : yes SS_IND : yes PS_CAP : no CMSP : no SoLSA : no LCSVA : no LOC_SERV : no A5/1 : yes A5/2 : yes A5/3 : no A5/4 : no A5/5 : no A5/6 : no A5/7 : no A5/1 : yes Channels : SDCCH + TCH/F + TCH/H Full-Rate V1: yes Full-Rate V2: yes Full-Rate V3: no Half-Rate V1: yes Half-Rate V3: no Min RXLEV : -106 OsmocomBB# show ms MS '1' is down, radio is not started IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A0 null cell selection state: C0 null radio ressource layer state: idle mobility management layer state: MM idle, PLMN search from the layer23 part, $ ./mobile -i 127.0.0.1 -d Copyright (C) 2008-2010 ... Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. mobile: option requires an argument -- d VTY available on port 4247. No Mobile Station defined, creating: MS '1' <000e> sim.c:1206 init SIM client <0005> gsm48_cc.c:61 init Call Control <0001> gsm48_rr.c:4944 init Radio Ressource process <0004> gsm48_mm.c:1220 init Mobility Management process <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:3471 init PLMN process <0003> gsm322.c:3472 init Cell Selection process <0003> gsm322.c:3526 No stored BA list Mobile '1' initialized, please start phone now! <0004> subscriber.c:556 Requesting SIM file 0x2fe2 <000e> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000e> sim.c:697 go MF <000e> sim.c:241 SELECT (file=0x3f00) <000e> sim.c:187 sending APDU (class 0xa0, ins 0xa4) can't perform location update, and from the error, is that mean the application failed to read the simcard correctly? and what's the meaning of "Mobile '1' initialized, please start phone now!", is it starting the phone by push the power button? if so, since the firmware is loaded I can't make the phone start like using original firmware. If i push the button, it will show message like Found flash of 2097152 bytes at 0x0 with 2 regions Region 0 of 31 pages with 65536 bytes each. Region 1 of 8 pages with 8192 bytes each. key=20 pressed Powering off due to keypress. I am using motorola c118 anw. any clue about this error? Thanks. Best Regards, Rasyid

1 0

USB fetmocell: What's about the sofware?
by Fabio Pietrosanti (naif) 19 Jan '11

19 Jan '11

Hi all, i noticed that article http://www.eetimes.com/electronics-news/4212228/Picochip-shares-femtocell-r… speaking about 3G basestation on USB dongle. That's really cool, i don't know about the hardware, but for sure when those device will be out the hacking perspective would be really interesting for projects like OpenBSC and OsmocomBB . -naif

1 0

sim reader code / master branch / ...
by Harald Welte 19 Jan '11

19 Jan '11

Hi all! In order to avoid the most common problems, I propose exporting something like a feature bitmask on the L1CTL, i.e. * L1CTL user code (layer23) can send a L1CTL_GET_FEAT_REQ request * laye1 in the phone sends a L1CTL_GET_FEAT_RESP with all the bits set to 1 for the features it supports * L1CTL user code (layer23) can then check if all the features it needs are supported by the L1. IF not, it can simply abort or print a warning to the user. We can simply extend the size of the bitmask over time if we need more bits. Obvious bits I would consider are: - is this firmware compiled with TX support? - does this firmware contain a SIM reader driver? - does this firmware support BURST_IND? Maybe we could also include a static header containing a compile timestamp or the git date/revision that the firmware was built, as well as a name of the board. Now I know, nice idea, who will implement it? I currently have othe priorities, but if somebody lurking on this list is looking for a relatively simple way to contribute back to the project (without knowing anything about GSM!) this might be something useful you could do. Thanks in advance, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

4 5

Re: wiki: SIMReader Was: Sim on C115 & C118
by Dobrica Pavlinusic 19 Jan '11

19 Jan '11

On Mon, Jan 17, 2011 at 11:46:50AM -0800, Bogdan Alecu wrote: > Hello, > > Sorry for writing you directly to your email. Thank you very much for the wiki. I was wondering if you have some knowledge about the "sim test" mode. I tried it by filling in the IMSI and MCC MNC. After I start the layer2 in a few seconds layer1 crashes. What I am trying to achieve is to send a IMSI detach to the network for the specified IMSI. Maybe you could give me a hand with this. This is often second question after getting SIM working, so I want to share what I know. However, I'm not an expert, and most of this is gathered from presentations and speaking with people who know more than I do, so I wanted to bounce this against mailing list for additional comments. As far as I understand it, to connect to provider network, you need provider's ki which is shared secret between network and sim card. There are some practical attacks on older sim cards which are used by multi-network sim cards. It seems there is limited number of brute-force interations that cards support before disabling themself and that changed somehow in recent cards. Best SIM explanation I found so far is on 27C3 wiki about GSM network: http://events.ccc.de/congress/2010/wiki/GSM#Why_do_I_need_to_buy_your_SIM_c… > --- On Mon, 1/17/11, Dobrica Pavlinusic <dpavlin(a)rot13.org> wrote: > > > From: Dobrica Pavlinusic <dpavlin(a)rot13.org> > Subject: wiki: SIMReader Was: Sim on C115 & C118 > To: "Bogdan Alecu" <b.alecu(a)yahoo.com> > Cc: dario.lombardo(a)libero.it, baseband-devel(a)lists.osmocom.org > Date: Monday, January 17, 2011, 7:05 PM > > > On Mon, Jan 17, 2011 at 10:24:51AM -0800, Bogdan Alecu wrote: > > I was going to ask the same question because I have same problem with sim reader mode. However I haven't used Sylvain test. I will and come back with an update. > > There seems to be sufficiant interest for using SIM reader, so I created > page on wiki which might serve as good pointer: > > http://bb.osmocom.org/trac/wiki/SIMReader > > -- > Dobrica Pavlinusic 2share!2flame dpavlin(a)rot13.org > Unix addict. Internet consultant. http://www.rot13.org/~dpavlin > > > > -- Dobrica Pavlinusic 2share!2flame dpavlin(a)rot13.org Unix addict. Internet consultant. http://www.rot13.org/~dpavlin

4 6

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel January 2011