baseband-devel April 2011

baseband-devel@lists.osmocom.org

48 participants
69 discussions

Start a nNew thread

None
by Sim IJskes 28 Apr '11

28 Apr '11

1 0

AW: [PATCH] [layer23] fix sim path handling and msisdn path location
by Andreas.Eversberg 28 Apr '11

28 Apr '11

hi nico, thanx for this patch. i would like to review it this weekend before i commit it. best regards, andreas -----Ursprüngliche Nachricht----- Von: baseband-devel-bounces(a)lists.osmocom.org [mailto:baseband-devel-bounces@lists.osmocom.org] Im Auftrag von Nico Golde Gesendet: Dienstag, 26. April 2011 16:54 An: baseband-devel(a)lists.osmocom.org Cc: nico(a)ngolde.de Betreff: [PATCH] [layer23] fix sim path handling and msisdn path location From: Nico Golde <nico(a)ngolde.de> --- src/host/layer23/src/common/sim.c | 2 +- src/host/layer23/src/mobile/subscriber.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/host/layer23/src/common/sim.c b/src/host/layer23/src/common/sim.c index 3ef3cf8..5e94c3e 100644 --- a/src/host/layer23/src/common/sim.c +++ b/src/host/layer23/src/common/sim.c @@ -688,7 +688,7 @@ static int sim_process_job(struct osmocom_ms *ms) /* check MF / DF */ i = 0; while (sh->path[i] && sim->path[i]) { - if (sh->path[i] != sh->path[i]) + if (sh->path[i] != sim->path[i]) break; i++; } diff --git a/src/host/layer23/src/mobile/subscriber.c b/src/host/layer23/src/mobile/subscriber.c index 3ba78f3..a16539a 100644 --- a/src/host/layer23/src/mobile/subscriber.c +++ b/src/host/layer23/src/mobile/subscriber.c @@ -492,7 +492,7 @@ static struct subscr_sim_file { { 1, { 0 }, 0x2fe2, subscr_sim_iccid }, { 1, { 0x7f20, 0 }, 0x6f07, subscr_sim_imsi }, { 1, { 0x7f20, 0 }, 0x6f7e, subscr_sim_loci }, - { 0, { 0x7f20, 0 }, 0x6f40, subscr_sim_msisdn }, + { 0, { 0x7f10, 0 }, 0x6f40, subscr_sim_msisdn }, { 0, { 0x7f20, 0 }, 0x6f20, subscr_sim_kc }, { 0, { 0x7f20, 0 }, 0x6f30, subscr_sim_plmnsel }, { 0, { 0x7f20, 0 }, 0x6f31, subscr_sim_hpplmn }, -- 1.7.4.4

1 0

Transmitting voice with Osmocom
by Michael Dvoishes 28 Apr '11

28 Apr '11

Hi All, I am trying to transmit voice with my GTA02 and Osmocom. Upon looking into code I did not find any code transmitting voice. I have tried to do it myself but without much success. What have I done: 1. Merge branch "jolly/voice" into main. 2. Add handling of L1CTL_VOICE_REQ at l23_api.c 3. Create additional queue for voice requests to be handled within the scheduler 4. Create "loopback" code, issuing L1CTL_VOICE_REQ each time voice is received at layer23 5. At l1s_tch_cmd, add code, sending the frame from voice request queue, similar to code, sending FACCH frame. 6. During tests against OpenBTS, it appears, that the voice frames are being sent, but all of them have "Stolen" bit turned on, e.g. BTS considers them FACCH frames. My question is how do I transmit TCH frame with "Stolen" indicator turned off. Or even better, is there any other implementation of transmitting voice via TCH? Code fragment from l1s_tch_cmd, ------------------------------------------------------------------------------------------------ if (facch_tx_now) { uint16_t *info_ptr = dsp_api.ndb->a_fu; struct msgb *msg; const uint8_t *data; /* Pull FACCH data (if ready) */ if (icnt > 26) { msg = msgb_dequeue(&l1s.tx_queue[L1S_CHAN_MAIN]); if(!msg && (tch_mode == TCH_FS_MODE)) { msg = msgb_dequeue(&l1s.tx_queue[L1S_CHAN_VOICE]); if(msg && msg->l3h) { tx_sent++; printf("rx_frames: %d tx_recv: %d tx_sent: %d\n", rx_frames, tx_recv, tx_sent); printf("l1s_tch_cmd: voice data = %s\n", hexdump(msg->l3h, 33)); } } } else { msg = NULL; } ------------------------------------------------------------------------------------------------ Many thanks Michael

5 7

Sniff Tool Development offer for c118
by Marten Christophe 28 Apr '11

28 Apr '11

Hello List, If any one on the list have time to take my assignment to develop tool to tune C118 to sniff it must be able to enter/input parameter with full signalling and voice support also tell me you development Fees and remuneration for this work. 1 ARFCN 2 TS ( time slot) 3 Hoping sequence I would like students or free time programmers to develop custom application for sniffing on c118 it should be cable for manually entries for (as option of command line) means the tool must be able to tune C118 in Mobile application mode( under full voice function) the desired parameter of user's choice 1 ARFCN 2 TS ( time slot) 3 Hoping sequence it is something we can tune C118 in full voice support to our own choice of AFRCN TS and hopping sequence we must be able to manually enter these parameter while MS is in mobile application mode( DSP in full voice support) I would like you to decide your remunerations /expanses/ development fees. http://bb.osmocom.org/trac/wiki/Sniffing Kind Regards, Maten On Mon, Apr 25, 2011 at 5:04 AM, Marten Christophe <technosabby(a)gmail.com> wrote: > Hello List, > > I would like students or free time programmers to develop custom > application for sniffing > > it should be cable for manually entries for (as option of command line) > means the tool must be able to tune C118 in Mobile application mode( > under full voice function) > the desired parameter of user's choice > > 1 ARFCN > 2 TS ( time slot) > 3 Hoping sequence > > it is something we can tune C131 in full voice support to our own > choice of AFRCN TS and hopping sequence we must be able to manually > enter these parameter while MS is in mobile application mode( DSP in > full voice support) > > I would like you to decide your remunerations /expanses/ development fees. > > http://bb.osmocom.org/trac/wiki/Sniffing > > Kind Regards, > Maten > > > ========== > ======== > Hi, > > > Since a lot of people are asking the same questions and there seems to > be a rush on the C123 on ebay I tought some clarification is needed. > > > Short version: > - The exact tools I used on stage are _not_ and will _not_ be > released (or sold ... several people asked ...) > - Any one willing to re-code them without any apriori knowledge of > GSM would most likely need months to read/understand both the > specifications and the way the code works. (That's thousands of page > of GSM spec and thousands of line of code) > - Osmocom-BB project is not designed to be a sniffer, it's a baseband > implementation, I just used part of it as a base. > > So basically, unless you are really interested in GSM and are willing > to dedicate time to understand it deeply and to contribute the various > projects, there is not much point in you buying phones, or hanging out > in the ml/irc or whatever ... > > > For those who are still reading and interested here's a little more detail: > > * The HLR query step: > -> Go watch the awesome 25C3 talk about it > > * The TMSI recovering step > - Won't be published > - If you know how paging works, you know what to do anyway and it's > trivial. Method is in the talk, > there is nothing to it. > > * The targeted sniffing application > - Won't be published either > - Some improvements to the layer23 app frame work will be done but > these are generic framework stuff, not app-specific > - Again, if you know how L2 works and have looked at several traces, > it's obvious what to do. > - The 'DSP' part of the sniffer is public for a while with a small > demo app (single phone and doesn't exploit the full potential of the > DSP patch) and it's perfectly sufficient to debug things on your o > wn controlled network. (This is basically what I showed at Deepsec 2010). > > * The tool to generate the input to Kraken > - Won't be published either > - Making the guesses is easy for anyone that knows what he's doing. > > * The improved Kraken > - No idea about it, see with Karsten / Sacha / Frank, I only got > access to it 1 hour or so before the talk :) > > * Conversion from burst to audio > - This was a hacked software mostly with airprobe code. > - The exact app will not be released but I'd like to see the > capability put in some clean library we > can re-use from airprobe and other application without having to > multiply the code each time. > - ... But since I'd like it to support AMR and viterbi softoutput > before that happens, it could take > some time. > - Anyone familiar with GSM, airprobe and C could re-hack the same > thing in an hour ... > > As you can see, everything you need to analyze your own network / your > own traffic, even at the burst level is already published and has been > for more than a month. > The other tools have been written only so that we could demonstrate > that what we _say_ is possible for about year, we can now do it > _practically_. It's apparently needed to get people attentions, > "theoretical" attacks are not enough to get the operators / gsma to > react. We'll see if that did it ... > > > A few advices that are always good: > > - Make sure to checkout the a5/1 project ML and airprobe project ML and try > to ask your questions in the proper mailing list as much as possible. > - Check the wiki and mailing list archives toroughly before asking questions. > > > Cheers, > > Sylvain Munaut > > > PS: I only posted on this list because it seems a lot of people were > pointed here while in fact airprobe would probably be more appropriate > to discuss attack scenarios and such, so make sure to answer / start > new discussion on the right list. >

7 13

[PATCH] get osmocom-bb in sync with libosmocore 0.2.0
by pablo＠gnumonks.org 27 Apr '11

27 Apr '11

From: Pablo Neira Ayuso <pablo(a)gnumonks.org> This patch gets osmocom-bb in sync with libosmocore 0.2.0. Basically, I invoked git-subtree to get a fresh libosmocore tree (currently 0.2.0) and change all the include paths to point to the new osmocom/[core|gsm] directories. You can get these changes from the pablo/libosmocore-updates branch. Please, merge it! Pablo Neira Ayuso (1): src: use new libosmogsm and include/osmocom/[gsm|core] path to headers

4 5

[PATCH] [layer23] fix sim path handling and msisdn path location
by Nico Golde 26 Apr '11

26 Apr '11

From: Nico Golde <nico(a)ngolde.de> --- src/host/layer23/src/common/sim.c | 2 +- src/host/layer23/src/mobile/subscriber.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/host/layer23/src/common/sim.c b/src/host/layer23/src/common/sim.c index 3ef3cf8..5e94c3e 100644 --- a/src/host/layer23/src/common/sim.c +++ b/src/host/layer23/src/common/sim.c @@ -688,7 +688,7 @@ static int sim_process_job(struct osmocom_ms *ms) /* check MF / DF */ i = 0; while (sh->path[i] && sim->path[i]) { - if (sh->path[i] != sh->path[i]) + if (sh->path[i] != sim->path[i]) break; i++; } diff --git a/src/host/layer23/src/mobile/subscriber.c b/src/host/layer23/src/mobile/subscriber.c index 3ba78f3..a16539a 100644 --- a/src/host/layer23/src/mobile/subscriber.c +++ b/src/host/layer23/src/mobile/subscriber.c @@ -492,7 +492,7 @@ static struct subscr_sim_file { { 1, { 0 }, 0x2fe2, subscr_sim_iccid }, { 1, { 0x7f20, 0 }, 0x6f07, subscr_sim_imsi }, { 1, { 0x7f20, 0 }, 0x6f7e, subscr_sim_loci }, - { 0, { 0x7f20, 0 }, 0x6f40, subscr_sim_msisdn }, + { 0, { 0x7f10, 0 }, 0x6f40, subscr_sim_msisdn }, { 0, { 0x7f20, 0 }, 0x6f20, subscr_sim_kc }, { 0, { 0x7f20, 0 }, 0x6f30, subscr_sim_plmnsel }, { 0, { 0x7f20, 0 }, 0x6f31, subscr_sim_hpplmn }, -- 1.7.4.4

1 0

R: running error with branch burst_ind
by screaming-pain＠libero.it 26 Apr '11

26 Apr '11

Hi, I'm having the same problem and as far as I've understood, you need a different serial or usb cableThe program is trying to set a high baud rate which is not supported by your cable.To the best of my understanding a FTDI usb to serial cable it's needed, because this supports higher baud rates. Loretta ----Messaggio originale---- Da: cnwutong(a)gmail.com Data: 25-apr-2011 6.01 A: <baseband-devel(a)lists.osmocom.org> Ogg: running error with branch burst_ind Hi all, Working with a C118 and everything was fine with the master branch, then switched to the burst_ind branch and complied successfully, when running: $ ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bingot 1 bytes from modem, data looks like: 2f /got 1 bytes from modem, data looks like: 00 . got 5 bytes from modem, data looks like: 1b f6 02 00 41 ....Agot 1 bytes from modem, data looks like: 01 .got 1 bytes from modem, data looks like: 40 @Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/layer1.compalram.bin): file_size=48564, hdr_len=4, dnload_len=48571got 1 bytes from modem, data looks like: 1b .got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 .got 1 bytes from modem, data looks like: 00 .got 1 bytes from modem, data looks like: 41 Agot 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 CReceived PROMPT2 from phone, starting downloadhandle_write(): 4096 bytes (4096/48571)handle_write(): 4096 bytes (8192/48571)handle_write(): 4096 bytes (12288/48571) handle_write(): 4096 bytes (16384/48571)handle_write(): 4096 bytes (20480/48571)handle_write(): 4096 bytes (24576/48571)handle_write(): 4096 bytes (28672/48571)handle_write(): 4096 bytes (32768/48571) handle_write(): 4096 bytes (36864/48571)handle_write(): 4096 bytes (40960/48571)handle_write(): 4096 bytes (45056/48571)handle_write(): 3515 bytes (48571/48571)handle_write(): finished got 1 bytes from modem, data looks like: 1b .got 1 bytes from modem, data looks like: f6 .got 1 bytes from modem, data looks like: 02 .got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 Agot 1 bytes from modem, data looks like: 03 .got 1 bytes from modem, data looks like: 42 BReceived DOWNLOAD ACK from phone, your code is running now! ioctl(TIOCSSERIAL): Invalid argument $ ./mobileCopyright (C) 2008-2010 ...Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law. VTY available on port 4247.No Mobile Station defined, creating: MS '1' <000e> sim.c:1206 init SIM client<0005> gsm48_cc.c:61 init Call Control<0001> gsm48_rr.c:4944 init Radio Ressource process<0004> gsm48_mm.c:1220 init Mobility Management process <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM.<0002> gsm322.c:3471 init PLMN process<0003> gsm322.c:3472 init Cell Selection process<0003> gsm322.c:3526 No stored BA list Mobile '1' initialized, please start phone now! then no reaction with the mobile application either rebooting the phone (press power bottom) or not, for layer23 application acts the same. tried to search for the message "ioctl(TIOCSSERIAL): Invalid argument" but failed to get any useful information. could anyone help and many thanks for your time and considerations! best regards, flaw

3 2

running error with branch burst_ind
by 吴彤 25 Apr '11

25 Apr '11

Hi all, Working with a C118 and everything was fine with the master branch, then switched to the burst_ind branch and complied successfully, when running: $ ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bin got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 00 . got 5 bytes from modem, data looks like: 1b f6 02 00 41 ....A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/layer1.compalram.bin): file_size=48564, hdr_len=4, dnload_len=48571 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/48571) handle_write(): 4096 bytes (8192/48571) handle_write(): 4096 bytes (12288/48571) handle_write(): 4096 bytes (16384/48571) handle_write(): 4096 bytes (20480/48571) handle_write(): 4096 bytes (24576/48571) handle_write(): 4096 bytes (28672/48571) handle_write(): 4096 bytes (32768/48571) handle_write(): 4096 bytes (36864/48571) handle_write(): 4096 bytes (40960/48571) handle_write(): 4096 bytes (45056/48571) handle_write(): 3515 bytes (48571/48571) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! ioctl(TIOCSSERIAL): Invalid argument $ ./mobile Copyright (C) 2008-2010 ... Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html > This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. VTY available on port 4247. No Mobile Station defined, creating: MS '1' <000e> sim.c:1206 init SIM client <0005> gsm48_cc.c:61 init Call Control <0001> gsm48_rr.c:4944 init Radio Ressource process <0004> gsm48_mm.c:1220 init Mobility Management process <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:3471 init PLMN process <0003> gsm322.c:3472 init Cell Selection process <0003> gsm322.c:3526 No stored BA list Mobile '1' initialized, please start phone now! then no reaction with the mobile application either rebooting the phone (press power bottom) or not, for layer23 application acts the same. tried to search for the message "ioctl(TIOCSSERIAL): Invalid argument" but failed to get any useful information. could anyone help and many thanks for your time and considerations! best regards, flaw

3 2

Osmocom + Freerunner compilation issue
by zredlined 25 Apr '11

25 Apr '11

I have been trying to compile the latest osmocom-bb build target binaries directly on my Freerunner, which is running Om2008.8. uname -a // Linux om-gta02 2.6.28-rc4 #1 PREEMPT Mon Mar 2 19:43:22 CET 2009 armv4tl unknown Unfortunately, I am getting an error during compilation in: directory // `/src/shared/libosmocore/build-target/src' GCC output: make[3]: Entering directory `/home/root/osmocom/src/shared/libosmocore/build-target/src' make: *** [shared/libosmocore/build-target/src/.libs/libosmocore.a] Error 2 > Making all in . > make[4]: Entering directory > `/home/root/osmocom/src/shared/libosmocore/build-target/src' > CC gsmtap_util.lo > In file included from ../../src/gsmtap_util.c:37: > /usr/include/netinet/in.h:365: error: expected declaration specifiers or > '...' before '(' token -sh: syntax error: "(" unexpected root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:365: error: expected ')' before '?' token -sh: /usr/include/netinet/in.h:365:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:366: error: expected declaration specifiers or '...' before '(' token -sh: /usr/include/netinet/in.h:366:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:366: error: expected ')' before '?' token -sh: /usr/include/netinet/in.h:366:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:368: error: expected declaration specifiers or '...' before '(' token -sh: /usr/include/netinet/in.h:368:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:368: error: expected ')' before '?' token -sh: /usr/include/netinet/in.h:368:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:370: error: expected declaration specifiers or '...' before '(' token -sh: /usr/include/netinet/in.h:370:: not found root@om-gta02 ~/osmocom/src $ /usr/include/netinet/in.h:370: error: expected ')' before '?' token -sh: /usr/include/netinet/in.h:370:: not found root@om-gta02 ~/osmocom/src $ ../../src/gsmtap_util.c: In function 'gsmtap_fd_cb': -sh: ../../src/gsmtap_util.c:: not found root@om-gta02 ~/osmocom/src $ ../../src/gsmtap_util.c:155: warning: implicit declaration of function 'perror' -sh: ../../src/gsmtap_util.c:155:: not found root@om-gta02 ~/osmocom/src $ make[4]: *** [gsmtap_util.lo] Error 1 A google search for "implicit declaration of function 'perror'" made it look like I am missing header declarations included in the "build-essential" packages, but this package does not exist for Om2008.8. I have included my config.log. Any ideas what I am missing? -Alex http://baseband-devel.722152.n3.nabble.com/file/n2851445/config.log config.log -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Osmocom-Freerunner-compilation-i… Sent from the baseband-devel mailing list archive at Nabble.com.

4 5

Wavetek 4201s - GSM Test Set
by Luca Bongiorni 25 Apr '11

25 Apr '11

Hi all, i'm selling my Wavetek 4201s. Unfortunately some days ago i was upgrading the firmware and the power went down. Now it stucks at initializing process. http://tinyurl.com/3dnetqu As you can see was fully working and i used it to make tests with osmocomBB and airprobe. http://tinyurl.com/43exn2s http://tinyurl.com/3qlvz52 As i guess, is possible to repair the corrupted firmware through serial or an internal jtag, unfortunately i have no time to do it and i'm buying another one. I bought it, 3 months ago, fully calibrated and working. (payed 750 €). About the price i thought around 250 euro (because is only a software problem and on ebay is still around 1500 €). About the shipping… will be signed-for (from 4 to 7 days Worldwide), around 30 €. About the payment: Paypal (i'll value other ways, if suggested). What is included: - Wavetek 4201s - Power cable (EU) - Serial Cable - Coupler Antenna R&S CMD-z10 (see here: http://tinyurl.com/3fxf4t8 ) - Manual (IT) - Firmware upgrades by email If someone is interested, please contact me. Thank you for attention Cheers Luca Bongiorni P.S: I apologize for the spam, but i thought that here is the right place to find people with enough skills, time and few money to repair and use it, instead to leave him on the desk and accumulating dust.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel April 2011