Hi all
I have compiled osmocombb and everything seems ok. Now i'm having a
strange issue which I can replicate across a number of phones. Using a
C118 I could boot everything and run the mobile app. Using a C139 I
could do the same. However, now the phones dont seem to want to boot?
I start everything up (after running the mobile app a few times,
stopping the phone and PC etc) and then when I press the Power Off key,
nothing happens. It just refuses to download anything.
Am wondering if i'm damaging the phones somehow as its now two phones
that will no longer start via the USB cable. The phones boot the normal
phone firmware fine but wont respond to osmocom.
Guess i'm just curious as to others thoughts as i'm unsure where its
breaking?
Hello,
since I had problems with german umlauts when receiving (and probably also
when sending) SMS, I looked today in the gsm translating part in
libosmocore.
I first noticed a problem, when sending "NETZ Number" to "4636" in O2
network, you get a response SMS saying in which network the number is
located. Using osmocombb, I get:
[SMS from 66399]
Sehr geehrter Kunde, die angefragte Nummer ist im Netz von o2 aktiv
(Angabe ohne Gew§hr).
So the umlaut "ae" is converted to "§".
The problem seems to be in the convert table in
src/shared/libosmocore/src/gsm/gsm_utils.c, which is not bijective. "Ae"
in gsm7 is "0x7b" and must be converted to latin1 "0xe4".
Looking in gsm_7bit_alphabet at place "0xe4", the is "0x7b". But there is
also an "0x7b" at place "0xa7", which comes first and is indeed "§".
So the question is, are there mistakes in the table or is there a reason
for the double entries?
Thanks
Tim
Good evening,
according to EN 300 940 - V7.7.1 - Digital cellular telecommunications system (Phase 2+); Mobile radio interface layer 3 specification (GSM 04.08 version 7.7.1 Release 1998)
9.1.24 Paging request type 3
such requests shall only address MSs by T/MSIs but i notice Type3-Requests with IMSI in o2-germany network.
<0001> app_ccch_scan.c:378 Paging3: Normal paging chan n/a to imsi M(2261022118380XX)
What do i miss?
Stefan
-----Ursprüngliche Nachricht-----
Von: Sylvain Munaut <246tnt(a)gmail.com>
Gesendet: Fr 13.01.2012 18:24
Betreff: Re: 3GPP - paging references
An: baseband-devel(a)lists.osmocom.org;
> >> Are you talking about a hardware modification of the motorola phone
> >
> > http://bb.osmocom.org/trac/wiki/Hardware/FilterReplacement
>
> Note that to receive a phone only a few meters next to you, it's not
> necessary. The filters aren't that good.
Thank to you point this out. I'm not interested in traffic from other phones.
What i miss from the wiki or maybe just havent found yet is a statement whether i need to modify osmocom's default firmware to see uplink-traffic? (i want to see the MS response to a paging call) to understand the process of the imm.ass from BTS.
Have a nice weekend
stefan
Hi Peter,
I just use the motorola to listen to my providers arcfn. Then i watch for traffic from my regular non-osmocom cell phone operating in the same cell.
Are you talking about a hardware modification of the motorola phone to receive also uplink or just some software 'tuning'? I'm the transmitter in my case.
Thank you
Stefan
----- Ursprüngliche Nachricht -----
Von: Peter Stuge <peter(a)stuge.se>
Gesendet: Freitag, 13. Januar 2012 14:47
An: baseband-devel(a)lists.osmocom.org
Betreff: Re: 3GPP - paging references
Stefan Bauer wrote:
> I could match the informations from imm.ass (downlink) against the
> paging response (uplink) on sdcch right? Anyway i still see no way
> to listen to uplink traffic on sdcch without usrp-hardware.
You already know what you send. If you want to listen to what someone
else sends you indeed need a receiver. The Motorola phone can be
modified to receive also uplink, but if the transmitter is far away
it might not work anyway.
//Peter
My information is from 'decoding gsm' master thesis from glendrange, hove, hvideberg (2010) norwegian university of science and technology, page 92, figure 5.4.
I,m getting closer to understand the process of assignment if i understand you correctly now.
I could match the informations from imm.ass (downlink) against the paging response (uplink) on sdcch right? Anyway i still see no way to listen to uplink traffic on sdcch without usrp-hardware.
Greetings
stefan
----- Ursprüngliche Nachricht -----
Von: Sylvain Munaut <246tnt(a)gmail.com>
Gesendet: Freitag, 13. Januar 2012 14:12
An: Stefan Bauer <stefan.bauer(a)cubewerk.de>
Cc: baseband-devel(a)lists.osmocom.org
Betreff: Re: Re: 3GPP - paging references
Hi,
> I just red that if early assignment is used (non-oascu) in a ms terminating call, there is no channel request on RACH by ms.
??? !!! ???
Where would you have read that in the spec ?
> I still dont quite get then howto match imsi/tmsi to an immediate assignment.
You can't ... I just said so in the previous mails ...
There is no indication in the imm.ass that would allow you to know for
which mobile identity a channel is intended. You can only know if it
matches _your_ request (by matching time and random reference)
Cheers,
Sylvain
Sylvain,
I just red that if early assignment is used (non-oascu) in a ms terminating call, there is no channel request on RACH by ms. I still dont quite get then howto match imsi/tmsi to an immediate assignment.
stefan
----- Ursprüngliche Nachricht -----
Von: Sylvain Munaut <246tnt(a)gmail.com>
Gesendet: Donnerstag, 12. Januar 2012 18:30
An: Stefan Bauer <stefan.bauer(a)cubewerk.de>
Cc: baseband-devel(a)lists.osmocom.org
Betreff: Re: 3GPP - paging references
Hi,
> In detail how can i match the paging for my specific imsi/tmsi to the data-channel assignment?
You can't ... There is no relation between paging and the channel assignment.
When the phone sees he's being paged, he will initiate the channel
request procedure.
He sends a RACH at a given time fn with a random reference (8bits).
And then he looks for assignement matching his RACH (i.e. the time fn
and random reference are repeated back by the network in the
assignment so that a phone knows the channel was for it).
Cheers,
Sylvain
-----Ursprüngliche Nachricht-----
Von: Joshua Lackey <jl(a)thre.at>
Gesendet: Fr 13.01.2012 01:09
Betreff: Re: AW: Re: 3GPP - paging references
An: Stefan Bauer <stefan.bauer(a)cubewerk.de>;
> On 01/12/2012 01:05 PM, Stefan Bauer wrote:
> > Hi,
> >
> > Well thank you for your answer. I thought i could simply call my phone, the
> network would page it and i would have the imsi/tmsi. As i'm in a very busy
> cell, there are huge amounts of pagings. I have to rethink my first idea.
>
> Call yourself 10 times. The TMSI that appears 10 times will be yours.
> (With a high probability anyway.)
Hi Jushua,
i don't see a way to really narrow this down by this "technique". For example in my cell, the paging traffic is very high, so there are always several pagings with the same amount.
Also if i do 10 calls, i do not get put through after the first paging-request on all attempts so this is not quite precise.
Am i wrong?
Stefan
-----Ursprüngliche Nachricht-----
Von: Sylvain Munaut <246tnt(a)gmail.com>
> When the phone sees he's being paged, he will initiate the channel
> request procedure.
>
> He sends a RACH at a given time fn with a random reference (8bits).
> And then he looks for assignement matching his RACH (i.e. the time fn
> and random reference are repeated back by the network in the
> assignment so that a phone knows the channel was for it).
Sylvain,
so it goes like this: ?
1. BSC starts paging MS by either TMSI/IMSI
(Paging1: Normal paging chan any to imsi M(262073948077454))
2. MS sends channel request procedure to BSC over RACH
(MS uses special(random) parameters inside this request)
(is there a way to see the RACH-traffic in the "air" with regular tools?)
3. BSC sends Immediate Assignment message to MS and repeates the random
parameters from request
(GSM48 IMM ASS (ra=0x0f, chan_nr=0x49, ARFCN=667, TS=1, SS=1, TSC=5))
Greetings
Stefan
