Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific
chipset.
When i run osmocon i get :- an its just sits there with no further
processing.
./osmocon -p /dev/ttyUSB0 -m c123xor
../../target/firmware/board/compal_e88/loader.compalram.bin
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
got 1 bytes from modem, data looks like: 00 .
got 2 bytes from modem, data looks like: 2f 00 /.
got 1 bytes from modem, data looks like: 1b .
got 3 bytes from modem, data looks like: f6 02 00 ...
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 01 .
got 1 bytes from modem, data looks like: 40 @
Received PROMPT1 from phone, responding with CMD
got 1 bytes from modem, data looks like: 66 f
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6d m
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6c l
Received FTMTOOL from phone, ramloader has aborted
got 1 bytes from modem, data looks like: 65 e
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 00 .
I think the cable is ok as when i run my fingers on the tip i get random
Zeros so it appears to be talking to the cable.
Also when i tried to run Mobile i get the :- even though i created the
Mobile.cfg file in /etc/osmoco
Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg'
Please check or create config file using: 'touch
/home/raz/.osmocom/bb/mobile.cfg'
I have spent some hours researching the lists and trying various things to
no avail but I want to continue until I resolve this issues and use this
great stack to learn about the GSM network.
Please advise.
Great full for any help or pointers but this maybe a timing issue that is
difficult to debug.
Thanks
Raz
hi,
i did a lot of resarch and testing on cell selection and re-selection
process the last two week.
the cell selection process, network selection process (manual and
automatic) and mobility management process were already implemented in
OsmocomBB a long time, but turned out to be buggy and incomplete. i made
test drives to check the process and debugged it.
the re-selection process is new. it is used to track surrounding cells
while listening to the BCCH of the current cell (camping on a cell).
special extension to the layer1 firmare is used to measure neighbour
cells. if an neighbour cell becomes 'better', the mobile switches to
that cell, depening on different criteria. now it is possible to move
with OsmocomBB.
the re-selection process is not handover! handover is a process where a
phone switches between cells while doing a call. handover is one next
step to implement. the process is a little more complex, because it
requires not only neighbour cell measurements, but also syncing to them
without interrupting the traffic channel. most layer 3 stuff of handover
is already implemented.
if you like to play and test your moving OsmocomBB, you can check out
the "jolly/roaming" branch. it contains the extension to layer1, as well
as sim reader and fixes from "sylvain/testing" branch. use both "mobile"
and "layer1" firmware from this branch.
in order to see some process at VTY, you can do:
enable
monitor network 1 (continously display the strongest cell and neighbour
cells)
show ms 1 (to see current states)
show neighbour-cells 1 (to see a more detailed current list of
neighbours)
andreas
Hi,
in the osmocom bb mobile.cfg I don't see any posibility to set a fixed
Kc encryption key and the tmsi.
How could I achieve that osmocom uses my defined Kc and tmsi?
cheers,
Simian
Hi,
I'm trying to run the latest osmocom-bb git on a Motorola C118 phone.
After a minor problem with the build (as you may've noticed in the
patch I've sent). I got to the point of successfuly running layer1 on
the phone and the mobile app on the PC (I have also enabled TX). The
process seems to be stuck on trying to perform a location update. The
status of the ms is always either:
show ms
MS '1' is up, MM connection active
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: connected mode 1
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: connection pending
mobility management layer state: wait for RR connection (location updating)
OsmocomBB>
or
show ms
MS '1' is up, service is limited (pending)
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: C3 camped normally
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: idle
mobility management layer state: MM idle, attempting to update
OsmocomBB>
I think, that because of this I can't make any calls or send sms (all
the requests are being rejected):
OsmocomBB# call 1 <X>
call 1 <X>
OsmocomBB#
% (MS 1)
% Call has been rejected
The log information from mobile when it's trying to do a location
update is show below:
<000b> gsm48_rr.c:2174 PAGING REQUEST 1
<000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us)
<000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us)
<000e> gsm48_mm.c:344 Location update retry
<0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event
in state MM IDLE, attempting to update
<000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f)
<0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST
<0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f)
<0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e
<0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait
for RR connection (location updating)
<0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state
idle (sapi 0)
<000e> gsm48_rr.c:1318 Establish radio link due to mobility management request
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell
selection in state 'C3 camped normally'
<0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1'
<0003> gsm322.c:3653 Going to camping (normal) ARFCN 19.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0001> gsm48_rr.c:366 new state idle -> connection pending
<0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI)
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
<0003> gsm48_rr.c:4816 Channel provides data.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 0 ra 0x0e)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x07)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0f)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x01)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0a)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0)
<0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts
<0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1
SS 0 TSC 1)
<0001> gsm48_rr.c:2393 request 0a matches but not frame number
(IMM.ASS fn=22,6,30 != RACH fn=22,5,25)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:765 timer T3126 has fired
<000e> gsm48_rr.c:770 Requesting channel failed
<0001> gsm48_rr.c:366 new state connection pending -> idle
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection
in state 'connected mode 1'
<0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally'
<0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state
wait for RR connection (location updating) (sapi 0)
<0005> gsm48_mm.c:2732 RR link released after loc. upd.
<000e> gsm48_mm.c:2676 Location update failed
<000e> gsm48_mm.c:2686 Try location update later
<0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0
<0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds
<0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE
<0005> gsm48_mm.c:1159 Loc. upd. allowed.
<0005> gsm48_mm.c:919 new state wait for RR connection (location
updating) -> MM IDLE, location updating needed
<0005> gsm48_mm.c:909 new MM IDLE state location updating needed ->
attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event
in state MM IDLE, attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
Can you provide me any hints on how to debug this ? Why is the
location update failing constantly ?
Thanks in advance for your help.
Best regards,
Maciej Grela
So far three persons have indicated their interest to join
a meeting at my place.
Considering the time it takes to drive to my place, it
probably makes sense to have the meeting at the weekend
(either Saturday or Sunday) so that there is more time
for the meeting itself. I can suggest one of the following
dates for the first meeting, somewhere between 10:00 to
18:00 on each day:
25.8. (Sa) or 26.8. (Su)
1.9. (Sa) or 2.9. (Su)
8.9. (Sa) or 9.9. (Su)
So please let me know when you have time and also make
suggestions in which Osmocom topic you are interested
in so that we can have some sort of agenda for the
meeting to make best use of the time.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
Hello.
I'm having troubles compiling asn.1 files from
http://www.3gpp.org/ftp/Specs/archive/24_series/24.080/ASN.1/
I'm getting syntax error (syntax error at line 264 in module SS-Operations.asn: got
'SEQUENCE' expected ':') while running
erlc SS-Operations.asn
using Erlang version 15.b.1
As far as I recall Harald has done this for MAP asn.1
Are there any hints on what might be wrong?
Tried online compiler but it gives different errors in different places.
Should I use different version? Compile smth else before attempting to compile this
file? Fix syntax using some clever trick? Do some rtfm?
Any advices would be greatly appreciated.
--
best regards,
Max, http://fairwaves.ru
hi josephli,
> Read stored BA list mnc=01
the mobile application stores the last cells and neighbour cells (band
allocation) of each network. this way the scanning is much
faster when restarting. because you use the SIM card with MNC == 02 the
first time, there is no band allocation stored for that. the mobile will
do a full scan in this case.
> while the sim card service I am tesing is actually with mnc 00 and 02.
i know that MNC == 0 will not work until i commited improvements of cell
selection process last sunday. you should retry that, but first try with
an MNC > 0.
can you provide debug output when trying a call?
also can you provide VTY output of "show ms" before you make the call?
regards,
andreas
hi,
i just fixed some locking issues the last days. fix will follow. it took
a bit longer, because there were some race conditions. it took up to
about one hour until it crashed. my way to detect the area where the
crash happened, was to turn on buzzer before that area, and turn it off
after that area. after many hours of approximation, i finally found out
that the major crash happend during _talloc_zero. (first it looks for a
free memory chunk, then it allocates it.) since it can be called from
all contexts (main, irq, fiq), it need to be locked against any
interrupt, otherwise the memory chunk can be assigned multiple times.
(the process of _talloc_free is "atomic" and requires no locking.)
because it seems pretty stable, i think it is time to merge some
branches into the master. (i made a 6 hours call yesterday. and no crash
after bugfix ever since.) i will do that together with sylvain, if we
find the time this weekend.
currently i use the jolly/voice together with the sylvain/traffic
branch. i am able to use an isdn phone togehter with linux-call-router
and make/receive calls. audio is passed both ways. i think this is a
stage where it actually become "usable". (if not moving arround.)
one of my major work for the next weeks/months will be the neighbour
cell measurement, cell re-selection, and handover. this is essential
when moving with the phone.
regards,
andreas
Hi ,List:
search some materials, find that the decode method of AFS convolutional
code is different from the EFS`, it use RSC, and need SOVA(soft output
viterbi algorithm). am i right?
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/is-the-Viterbi-decode-for-the-AF…
Sent from the baseband-devel mailing list archive at Nabble.com.
Speaker: Sylvain Munaut
or how to turn a phone into a BTS
The calypso baseband and its companion chips are used on the Motorola C123
among other and are now well known for being supported by the Osmocom-BB
open source GSM baseband implementation. A couple years ago, it was hacked
a little further by using it as a raw bits capture device allowing the
interception of GSM traffic very cheaply.
This talk will present some further work on that platform, showing that
just because a device wasn't design for a given task doesn't mean it can't
do it. More specifically how you can hack this phone to act as a GSM
basestation and broadcast your own network.
http://youtu.be/xFjVcxMpA6c
Hi all,
as the year 2012 has already ended or will soon end depending on your
timezone, it might be a good occasion to start thinking of an OsmoDevCon
2013.
I personally percevied OsmoDevCon 2012 as a big success, and it was fun
to bring everyone together.
Generally, I prefer to keep the spirit of an invitation-only
developer+contributor-only event of those involved in Osmocom. At the
same time, I would consider it a good idea to add a one day
user-conference to the schedule, where we try to get interested users up
to speed with the various projects, possibly including some workshops
and the like.
So schedule-wise, I would suggest something like:
* one day user conference
* two day developer/contributor event
* optionally: 1-2 "hacking days".
The concept of "hacking days" has proven to be quite useful for the
netfilter project in the past (Pablo and I can acknowledge to that
fact). I'm not sure how many people would be able to spend even more
days of their schedule, but even if it's a much smaller group it would
still be useful, IMHO.
I'd like you to
1) provide feedback on the ideas about the one-day user event and the
hacking days
2) consider whether late march (like 2012) would be a good schedule
again
3) what we can improve from the last event
In terms of improvements, I so far have noted down:
* larger venue needs to be found
* complaints about the venue not having sufficient heating
Venue-wise, I would again suggest to hold it in Berlin, as it's
reasonbly well connected, has lots of low-cost flights to it,
accomodation is not too expensive and holger/me/sysmocom can take care
of local organization related activities. Hoewver, if somebody has a
strong opinion against berlin _and_ is willing to organize it, I'm not
completely against another venue.
Regards and happy new year,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
yesterday I fucked up the second C123 while trying to replace the filters, so I decided to buy one model from Sysmocom (with the filters already replaced), but due to too many orders they do not offer this service anymore.
Is somebody on this list able and willing to sell me one C123 with the filter kit already built in (and tested)? I'd really appreciate if someone, who is more experienced in SMD soldering than me, could help me out.
If so, please contact me at: clemensgru(a)gmail.com
I live in Austria, so delivery from Europe should not be a problem.
Thanks.
Clemens
Hi,
yesterday I fucked up the second C123 while trying to replace the filters, so I decided to buy one model from Sysmocom (with the filters already replaced), but due to too many orders they do not offer this service anymore.
Is somebody on this list able and willing to sell me one C123 with the filter kit already built in (and tested)? I'd really appreciate if someone, who is more experienced in SMD soldering than me, could help me out.
If so, please contact me at: clemensgru(a)gmail.com
I live in Austria, so delivery from Europe should not be a problem.
Thanks.
Clemens
Dear List
I wanted to buy LNA and PA for my phone
what specification should i use for purpose increasing signalling strength.
please guide me
thanks
--
Akib Sayyed
Matrix-Shell
akibsayyed(a)gmail.com
akibsayyed(a)matrixshell.com
Mob:- +91-966-514-2243
In ccch_scan the burst information is first saved to file,
then local_burst_decode is applied before sending to GSMTAP.
Would it not be more useful to save burst data after local_burst_decode?
Is there some utility in storing it in its raw form? Looks like I am
missing something?
B.
Hi,
Is there a kraken version vailable for uplink?
what do i need to change on the source code in order to find the kc for uplink bursts?
thanks
ps. all downlink frames seem to have random padding here...
Congrats
Sylvain for such great engineering work.its really a good and cheap
solution who want to learn about GSM.
there are certain questions didnt get chance to be asked in conference.
here are some
1.is it possible in future to implement one phone and atleast 4 timeslot
cell?
means 3 voice and 1 BCCH.
2. what about encryption? is it possible to implement encryption ?
3.also how can be solve relying on commercial cell?
4.the code which will be released will contain single slot operation or
multi slot with voice (after work and developement)
Thankx and again congrats :)
cheers
--
Akib Sayyed
Matrix-Shell
akibsayyed(a)gmail.com
akibsayyed(a)matrixshell.com
Mob:- +91-966-514-2243
Sysmocom sells pre-modified CP201x. You can use them as they are.
"mostly" LAPDm and Paging messages is normal. You should also see call
setups and SMSs as they are used, much less frequently depending on local
traffic. :-)
If you have your cellphone on the same ARFCN, you should be able to see
your cell making/receiving calls and sending messages.
B.
On Fri, Dec 28, 2012 at 4:12 PM, Erich Dachleger <edachleger(a)yahoo.com>wrote:
> I am also using CP210x from sysmocom and haven't modified it since I
> thought it didn't require modification.
> Is that wrong?
> When I use burst_ind with unmodified CP210x I receive mostly LAPDM and
> System 4 messages in wireshark.
> Regards
> Erich
>
>
Hi all,
I am starting with this project and i have problems downloading the
firmware to a c139, i built the t191 and i'm using a FTDI usb-serial.
I use the command that is described in "Motorola C140" section:
./osmocon -p /dev/ttyUSB0 -m c140 -c
../../target/firmware/board/compal_e86/layer1.highram.bin
../../target/firmware/board/compal_e86/chainload.compalram.bin
and also i have used it with "-m c140xor" but when i push briefly
power button, shows it in next lines "got 1 byte from modem, data
looks like: ff .", the data are changing in next lines, some times the
bytes received are more than 1, are 2, 5, 6.
I have some questions:
Which is the sequence that have to receive the osmocon to start the
comunication with the phone?
Is posible that the compilation of osmocon has been badly?
Thanks and regards.
Using burst_ind branch, the code switches to a higher speed in function
serial_up_to_eleven like this:
int serial_up_to_eleven(void)
{
int rv;
/* Attempt custom baudrate */
rv = osmo_serial_set_custom_baudrate(dnload.serial_fd.fd, 406250);
if (rv == 0)
return 0;
#ifdef I_HAVE_A_CP210x /* and I know what I'm doing, I swear ! */
/* Try closest standard baudrate (CP210x reprogrammed adapters) */
rv = osmo_serial_set_baudrate(dnload.serial_fd.fd, B460800);
if (rv == 0)
return 0;
#endif
etc....
If the first attempt to switch to 406250 succeeds, the function exits and
never reaches the I_HAVE_A_CP210x code which would switch to a higher speed!
Is this a bug? Or is the lower speed good enough for burst_ind? In which
case why bother with the I_HAVE_A_CP210x option?
Or have I missed something obvious?
B.
Hi all,
I am starting with this project and i have problems downloading the
firmware to a c139, i built the t191 and i'm using a FTDI usb-serial.
I use the command that is described in "Motorola C140" section:
./osmocon -p /dev/ttyUSB0 -m c140 -c
../../target/firmware/board/compal_e86/layer1.highram.bin
../../target/firmware/board/compal_e86/chainload.compalram.bin
and also i have used it with "-m c140xor" but when i push briefly
power button, shows it in next lines "got 1 byte from modem, data
looks like: ff .", the data are changing in next lines, some times the
bytes received are more than 1, are 2, 5, 6.
I have some questions:
Which is the sequence that have to receive the osmocon to start the
comunication with the phone?
Is posible that the compilation of osmocon has been badly?
Thanks and regards.
Hi group,
what is the most succesful: guessing uplink frames or downlink.
i see some very simple uplink frames that make a good candidate.
or is it all the same...
kind regards
Hello, I am working with a project Osmocom-bb. I did compile the project.
But when the firmware command :
./osmocon -p /dev/ttyUSB0-m c123xor
../../target/firmware/board/compal_e88/hello_world.compalram.bin
screen is just hangs (the power button I also click) , or most likely
expects to input a sequence of bytes, i.e., no information no longer
appears.
The phone is switched on. I used this instructions for checking the
operation of the
http://lists.osmocom.org/pipermail/baseband-devel/2011-August/002230.html .
1) I use the FTDI cable, it is OK. Port is OK.
2) Note : I don't see FMTTOOL ERROR (!!!) when i press the power button. I
tried the next model C113,C115,C118.
Why this may happen?
Thank you!
Hi Group,
i'm using the testing/sylvain burst branch.
sometimes i get double frames in the bursts files taken with ccch_scan.
what does this mean?
bad reception?
kind regards
Hello,
I am in the process of setting up OsmocomBB but I was wondering where/which
files in the firmware responsible for receiving/processing the RAND/SRES
values from the network/SIM.
Does anyone know this or can point me in the right direction?
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/How-can-I-see-the-RAND-SRES-tp40…
Sent from the baseband-devel mailing list archive at Nabble.com.
hello first off al these phone's and tools RULE .
i already tested a couple branches . burst_ind work'd and captured packet's
, sylvain/testing also worked a week or 2 ago and i could make a call en
see it in wireshark :) .
but now i saw that there were some updates in the sylvain testing branch
i updated like the sim reader page on the wiki told me .
could it be that the last commits broke the sylvain/testing branch ?
i get error while loading libosmocore.so.4
i followed the tutorial on the wiki for sim reader . 2 weeks ago it worked
fine .
checked the code in the last updates and it seems that lib osmocore is now
changed ?
or am i doing wrong ??
thx in advance
grts vic
Hello.
I'm struggling with a5/3 test - I've got osmocom usim
(http://shop.sysmocom.de/products/sysmousim-gr1)
which I've programmed with pySim-prog.py
Unfortunately when I plug it into samsung galaxy s2 it indicates (via classmark) that
it only supports a5/1
What am I doing wrong?
I've tried operator's sim with the same phone - a5/3 support is indicated just fine.
--
best regards,
Max, http://fairwaves.ru
I've pulled git repo today, but the RSSI firmware gets an error.
apps/rssi/main.c: In function `main':
apps/rssi/main.c:896: warning: 'a' might be used uninitialized in this
function
apps/rssi/main.c:896: warning: 'e' might be used uninitialized in this
function
CC board/compal_e88/rssi.compalram.manifest.o
LD board/compal_e88/rssi.compalram.elf
OBJ board/compal_e88/rssi.compalram.bin
CC board/compal_e88/rssi.highram.manifest.o
LD board/compal_e88/rssi.highram.elf
OBJ board/compal_e88/rssi.highram.bin
CC board/compal_e88/rssi.e88loader.manifest.o
LD board/compal_e88/rssi.e88loader.elf
OBJ board/compal_e88/rssi.e88loader.bin
CC board/compal_e88/rssi.e88flash.manifest.o
LD board/compal_e88/rssi.e88flash.elf
OBJ board/compal_e88/rssi.e88flash.bin
CC board/compal_e86/rssi.compalram.manifest.o
LD board/compal_e86/rssi.compalram.elf
arm-elf-ld: region LRAM is full (board/compal_e86/rssi.compalram.elf
section .data)
make[1]: *** [board/compal_e86/rssi.compalram.elf] Error 1
make[1]: Leaving directory src/target/firmware'
make: *** [firmware] Error 2
$ git pull
Already up-to-date.
$
Anyone experiencing the same issue?
Hello.
It's often handy to have a high-level look at message exchange between ms and gsm
network captured via gsmtap.
There are some tools to do that for ip captures but they completely ignore
uplink-downlink semantics so are next to useless in this case.
Attached is little helper which can be used to make proper descriptions for mscgen to
produce nice message sequence charts. Usage instructions are inside the script.
In short: .pcap in - .png out
It requires mscgen and recent (>=1.9) tshark so you have to use git to get and build
tshark binary yourself until wireshark 1.10 is released:
git clone http://code.wireshark.org/git/wireshark
Apologies if you received this message multiple times but I personally find this
little helper to be very useful so I'd like to reach as wide audience as possible.
--
best regards,
Max, http://fairwaves.ru
Hi,
I have the problem, that after running for quite a while, lets say a week,
the layer1 seems to crash. This crash is random and only happens on single
phones (I have 6 phones connected to one mobile app).
This phone is unusable, even after "shutdown/no shutdown" or complete
restart of mobile, this phone stays like this:
OsmocomBB# show ms 3
MS '3' is up, service is limited
IMEI: XXXXXXXXXXXX
IMEISV: XXXXXXXXXXXXX
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=262 MNC=07 (Germany, O2)
cell selection state: C1 normal cell selection
radio ressource layer state: idle
mobility management layer state: MM idle, PLMN search
By restarting the phone (pressing power on the phone, and reloading
layer1) its working again. But this need physical access to the phone.
Is there a way to somehow "reboot" or restart the layer1 by software? And
if not, could that easily be implemented?
Thanks
Tim
Hi,
i'm capturing my own voice calls in wireshark.
i can see a system information type packet just before ciphering command.
204 frames further there is a system information type 6 packet.
but these 2 packets don't resamble...
how can i subtract a key out of these 2 different packets?
this doesn't make any sens....
if i look for the same type 5 packet... they are never at the same location.... :(
is my reasoning wrong?
kind regards
Hi,
In the L1ctl_burst_ind structure is:
uint8_t bits[15]; /* 114 bits + 2 steal bits. Filled MSB first */
if i do 8 * 15 = 120
that would make 6 bits extra... not 2 bits
should i discard the last 6 bits of the last byte?
thanks
Please correct me if i'm wrong:
i'm writing a small c program to process to burst files.
run ccch_scan and follow the frames in wireshark.
if you see an "inrtresting" frame, note his number
get the correct frame out of the burst file and display its bit stream.
than this bitstream can be further used for processing
add a certain offset to the framecounter
and get that frame out of the burst file and display its bit stream.
the rest.... i still have to figure that out...
can anyone confirm i am doing the write thing?
thanks
Hi list!
I'm playing with ccch_scan from burst_ind branch.
I have some troubles with going SDCCH - FCCH\SCH - TCH
After receiving "assignment command" i call fbsb_req to L1 for waiting
FCCH\SCH sync bursts.
When fbsb_resp is coming, i call dm_est_req_h1 with channel and hopping
params. But SNR of incoming tch bursts is less then 10 most of time.
What did i wrong?
Is it needs to synchronize only timers by SCH without FCCH freq sync?
And why we lose sync when goes from SDCCH to TCH?
And a question about filter replacement.
After filter change on baluns i see -128 dBm on all ARFCNs when mobile app
from master branch is started. After that i tried to connect balanced line
to the former filter pad and unbalanced line to the ground via cap(on the
EGSM channel), as Sylvain wrote. But it didnt help.
Photo after filter rework on C115:
http://s9.postimage.org/r50qtx73z/lastrep.jpg
As i understand, the input tract with 2 caps, 2 inductors and band-pass
filter just needs for image frequency disabling?
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Questions-about-filter-replaceme…
Sent from the baseband-devel mailing list archive at Nabble.com.
sorry, i made a type
in wireshark i see 31 06 3f
in documentation is see 2d 06 3f
now you tell me that only the 3f is responsible for detecting a imm ass packet.
if i wanted to detect (grep) for imm ass., shall i look for 31 06 3f or 2d 06 3f?
----- Oorspronkelijk e-mail -----
Van: "oxccoxcc oxccoxcc" <oxccoxcc(a)yandex.ru>
Aan: "g roelant" <g.roelant(a)telenet.be>, "osmocomBB" <baseband-devel(a)lists.osmocom.org>
Verzonden: Vrijdag 14 december 2012 16:03:34
Onderwerp: Re: imm ass packages
wireshark processing of imm ass packets seems normally. Looks like a bug with partial release complete messages. But wireshark has a signature for it: http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-gsm_a_r…
Try to write in the wireshark forum.
14.12.2012, 14:22, "g.roelant(a)telenet.be" <g.roelant(a)telenet.be>:
> In wireshark i see immediate assignment packages...
> they are like 31 06 0f
> but in the documentation they are like 2d 06 3f
> what am i doing wrong?
> i'm listening to a belgium operator called proximus.
> kind regards
Are the bursts captured with ccch_scan in burst_ind branch the same as the bursts captured with usrp2?
do they result in the same file?
i guess not...
kind regards
In wireshark i see immediate assignment packages...
they are like 31 06 0f
but in the documentation they are like 2d 06 3f
what am i doing wrong?
i'm listening to a belgium operator called proximus.
kind regards
Hi,
I'm using the sylvain/burst_ind branch and ccch_scan.
this produces bursts files.
with which application can i view them? what is the format of these dat files?
i cannot open them with wireshark...
any hints?
kind regards
I want to try to alter the mobile app (in gsm48_rr.c) to listen to all tmsi's.
i changed the code and altered all if statements where in the else part was the log 'Not for us'
i'm hoping the phone will start following the conversation with the immediate assignment packages...
this way i can start logging the beginning of the encryption....
am i doing stupid things? or is there already an app that does this?
thanks
For example. (reply-to doesn't seem to be set correctly in the list, btw?)
Von Samsung Mobile gesendetg.roelant(a)telenet.be hat geschrieben:and than write the file with wireshark?
i'm already using the mobile app with succes.
Van: "Denis Simonet" <denis.simonet(a)bluewin.ch>
Aan: "g roelant" <g.roelant(a)telenet.be>
Verzonden: Zaterdag 8 december 2012 18:26:19
Onderwerp: AW: Re: beginners question
You probably want to use the -i switch with a layer23 app and capture gsmtap with Wireshark.
Best regards
Denis
Von Samsung Mobile gesendet
g.roelant(a)telenet.be hat geschrieben:
I want to write the raw data to a file.
is that possible with a command?
tune the gsm to a channel (for inst. 67)
and capture all raw data into a file.
----- Oorspronkelijk e-mail -----
Van: "Alexander Huemer" <alexander.huemer(a)xx.vu>
Aan: baseband-devel(a)lists.osmocom.org
Verzonden: Vrijdag 7 december 2012 22:54:46
Onderwerp: Re: beginners question
Hi g,
On Fri, Dec 07, 2012 at 10:09:06PM +0100, g.roelant(a)telenet.be wrote:
> How can i write the burst frames?
Your question is very unspecific and therefore unlikely to be answered.
You may want to rethink what exactly you want to know.
Then, rephrase your question.
Kind regards,
-Alexander Huemer
Hello.
Attached patch will bring a5/3 support to osmo_a5. The implementatin is done based on
spec, results are compared to reference implementation from standard and test vectors.
Unfortunately there are several deficiencies:
- it doesn't work with real phonein test network yet
- no tests included
- code is probably suboptimal here and there
Anyway I would love to read your comments. It would be especially great if someone
will manage to test it against real phones in actual network.
--
best regards,
Max, http://fairwaves.ru
While running Cell-Log application, I found that the main branch of OsmocomBB gives wrong value of MCC/MNC in hex (but correct one in decimal), but the Sylvain testing branch gives correct value.
In practice this means compiling Cell-Log in testing branch gives the name of the country, but the compiling it in main branch does not recognise the country. Other side-effects are unknown to me at present.
Tracing through the source leads to the "gsm48_decode_lai" as the culprit. The code seems correct in the testing branch, but has not been updated in the main. Moreover, the code is shifted out from gsm48.c to sysinfo.c in the testing branch.
Testing branch decodes MCC/MNC to hex:
*mcc = ((lai->digits[0] & 0x0f) << 8)
| (lai->digits[0] & 0xf0)
| (lai->digits[1] & 0x0f);
But main branch decodes MCC/MNC to decimal:
*mcc = (lai->digits[0] & 0x0f) * 100
+ (lai->digits[0] >> 4) * 10
+ (lai->digits[1] & 0x0f);
The comment in main branch states that "/* Attention: this function retunrs true integers, not hex! */". There is no such comment in the testing branch.
So is this a problem because Cell_Log wrongly uses gsm48_decode_lai? Or does gsm48_decode_lai need to be updated in the main branch?
B.
The last changes in the airprobe svn seem to be 17 months ago. I was
wondering whether airprobe is assumed to be stable, without need for
further development, has been superseded by a different toolkit or if it
has been abandonded.