baseband-devel February 2012

baseband-devel@lists.osmocom.org

30 participants
37 discussions

[PATCH] Added option for mobile-app to bind to other interfaces than localhost. Signed-off-by: Tim Ehlers <osmocom@ehlers.info>

by Tim Ehlers

--- .../layer23/include/osmocom/bb/common/l23_app.h | 1 + .../layer23/include/osmocom/bb/mobile/app_mobile.h | 2 +- src/host/layer23/src/common/main.c | 11 ++++- src/host/layer23/src/mobile/app_mobile.c | 4 +- src/host/layer23/src/mobile/main.c | 13 ++++- .../include/osmocom/vty/telnet_interface.h | 1 + src/shared/libosmocore/src/vty/telnet_interface.c | 45 ++++++++++++++++++++ 7 files changed, 70 insertions(+), 7 deletions(-) diff --git a/src/host/layer23/include/osmocom/bb/common/l23_app.h b/src/host/layer23/include/osmocom/bb/common/l23_app.h index e4c5d55..0b9994c 100644 --- a/src/host/layer23/include/osmocom/bb/common/l23_app.h +++ b/src/host/layer23/include/osmocom/bb/common/l23_app.h @@ -10,6 +10,7 @@ enum { L23_OPT_TAP = 4, L23_OPT_VTY = 8, L23_OPT_DBG = 16, + L23_OPT_VTYIP = 32, }; /* initialization, called once when starting the app, before entering diff --git a/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h b/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h index 4010a68..351dec3 100644 --- a/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h +++ b/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h @@ -4,7 +4,7 @@ char *config_dir; int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), - const char *config_file, uint16_t vty_port); + const char *config_file, const char *vty_ip, uint16_t vty_port); int l23_app_exit(void); int l23_app_work(int *quit); int mobile_delete(struct osmocom_ms *ms, int force); diff --git a/src/host/layer23/src/common/main.c b/src/host/layer23/src/common/main.c index eb47b26..59cee03 100644 --- a/src/host/layer23/src/common/main.c +++ b/src/host/layer23/src/common/main.c @@ -56,6 +56,7 @@ static char *sap_socket_path = "/tmp/osmocom_sap"; struct llist_head ms_list; static struct osmocom_ms *ms = NULL; static char *gsmtap_ip = NULL; +static char *vty_ip = "127.0.0.1"; unsigned short vty_port = 4247; int (*l23_app_work) (struct osmocom_ms *ms) = NULL; @@ -106,6 +107,10 @@ static void print_help() if (options & L23_OPT_DBG) printf(" -d --debug Change debug flags.\n"); + if (options & L23_OPT_VTYIP) + printf(" -u --vty-ip The VTY IP to bind telnet to. " + "(default %s)\n", vty_ip); + if (app && app->cfg_print_help) app->cfg_print_help(); } @@ -122,13 +127,14 @@ static void build_config(char **opt, struct option **option) {"sap", 1, 0, 'S'}, {"arfcn", 1, 0, 'a'}, {"gsmtap-ip", 1, 0, 'i'}, + {"vty-ip", 1, 0, 'u'}, {"vty-port", 1, 0, 'v'}, {"debug", 1, 0, 'd'}, }; app = l23_app_info(); - *opt = talloc_asprintf(l23_ctx, "hs:S:a:i:v:d:%s", + *opt = talloc_asprintf(l23_ctx, "hs:S:a:i:v:d:u:%s", app && app->getopt_string ? app->getopt_string : ""); len = ARRAY_SIZE(long_options); @@ -174,6 +180,9 @@ static void handle_options(int argc, char **argv) case 'i': gsmtap_ip = optarg; break; + case 'u': + vty_ip = optarg; + break; case 'v': vty_port = atoi(optarg); break; diff --git a/src/host/layer23/src/mobile/app_mobile.c b/src/host/layer23/src/mobile/app_mobile.c index da388b2..d911ab3 100644 --- a/src/host/layer23/src/mobile/app_mobile.c +++ b/src/host/layer23/src/mobile/app_mobile.c @@ -352,7 +352,7 @@ static struct vty_app_info vty_info = { /* global init */ int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), - const char *config_file, uint16_t vty_port) + const char *config_file, const char *vty_ip, uint16_t vty_port) { struct telnet_connection dummy_conn; int rc = 0; @@ -376,7 +376,7 @@ int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), } } vty_reading = 0; - telnet_init(l23_ctx, NULL, vty_port); + telnet_init_dynif(l23_ctx, NULL, vty_ip, vty_port); if (rc < 0) return rc; printf("VTY available on port %u.\n", vty_port); diff --git a/src/host/layer23/src/mobile/main.c b/src/host/layer23/src/mobile/main.c index 89c9b94..312bcd6 100644 --- a/src/host/layer23/src/mobile/main.c +++ b/src/host/layer23/src/mobile/main.c @@ -52,6 +52,7 @@ void *l23_ctx = NULL; struct llist_head ms_list; static char *gsmtap_ip = 0; struct gsmtap_inst *gsmtap_inst = NULL; +static char *vty_ip = "127.0.0.1"; unsigned short vty_port = 4247; int debug_set = 0; char *config_dir = NULL; @@ -88,6 +89,8 @@ static void print_help() printf(" Some help...\n"); printf(" -h --help this text\n"); printf(" -i --gsmtap-ip The destination IP used for GSMTAP.\n"); + printf(" -u --vty-ip The VTY IP to telnet to. " + "(default %s)\n", vty_ip); printf(" -v --vty-port The VTY port number to telnet to. " "(default %u)\n", vty_port); printf(" -d --debug Change debug flags. default: %s\n", @@ -104,6 +107,7 @@ static void handle_options(int argc, char **argv) static struct option long_options[] = { {"help", 0, 0, 'h'}, {"gsmtap-ip", 1, 0, 'i'}, + {"vty-ip", 1, 0, 'u'}, {"vty-port", 1, 0, 'v'}, {"debug", 1, 0, 'd'}, {"daemonize", 0, 0, 'D'}, @@ -111,7 +115,7 @@ static void handle_options(int argc, char **argv) {0, 0, 0, 0}, }; - c = getopt_long(argc, argv, "hi:v:d:Dm", + c = getopt_long(argc, argv, "hi:u:v:d:Dm", long_options, &option_index); if (c == -1) break; @@ -125,6 +129,9 @@ static void handle_options(int argc, char **argv) case 'i': gsmtap_ip = optarg; break; + case 'u': + vty_ip = optarg; + break; case 'v': vty_port = atoi(optarg); break; @@ -226,9 +233,9 @@ int main(int argc, char **argv) config_dir = dirname(config_dir); if (use_mncc_sock) - rc = l23_app_init(mncc_recv_socket, config_file, vty_port); + rc = l23_app_init(mncc_recv_socket, config_file, vty_ip, vty_port); else - rc = l23_app_init(NULL, config_file, vty_port); + rc = l23_app_init(NULL, config_file, vty_ip, vty_port); if (rc) exit(rc); diff --git a/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h b/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h index 2de4f19..65a1dd9 100644 --- a/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h +++ b/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h @@ -47,6 +47,7 @@ struct telnet_connection { }; int telnet_init(void *tall_ctx, void *priv, int port); +int telnet_init_dynif(void *tall_ctx, void *priv, const char *ip, int port); void telnet_exit(void); diff --git a/src/shared/libosmocore/src/vty/telnet_interface.c b/src/shared/libosmocore/src/vty/telnet_interface.c index 167acc1..d74ec09 100644 --- a/src/shared/libosmocore/src/vty/telnet_interface.c +++ b/src/shared/libosmocore/src/vty/telnet_interface.c @@ -18,6 +18,7 @@ * */ +#include <arpa/inet.h> #include <sys/socket.h> #include <netinet/in.h> #include <stdlib.h> @@ -101,6 +102,50 @@ int telnet_init(void *tall_ctx, void *priv, int port) return 0; } +int telnet_init_dynif(void *tall_ctx, void *priv, const char *ip, int port) +{ + struct sockaddr_in sock_addr; + int fd, rc, on = 1; + + tall_telnet_ctx = talloc_named_const(tall_ctx, 1, + "telnet_connection"); + + /* FIXME: use new socket.c code of libosmocore */ + fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + + if (fd < 0) { + LOGP(0, LOGL_ERROR, "Telnet interface socket creation failed\n"); + return fd; + } + + setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_port = htons(port); + sock_addr.sin_addr.s_addr = inet_addr(ip); + + rc = bind(fd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (rc < 0) { + LOGP(0, LOGL_ERROR, "Telnet interface failed to bind\n"); + close(fd); + return rc; + } + + rc = listen(fd, 0); + if (rc < 0) { + LOGP(0, LOGL_ERROR, "Telnet interface failed to listen\n"); + close(fd); + return rc; + } + + server_socket.data = priv; + server_socket.fd = fd; + osmo_fd_register(&server_socket); + + return 0; +} + extern struct host host; static void print_welcome(int fd) -- 1.7.1

13 years, 4 months

[PATCH] bind VTY to other interfaces than localhost

by Tim Ehlers

Hi, in some usecases, for people knowing what they are doing, it maybe an advantage to control osmocombb over the network. Since the VTY is already network capable, it just needs to bind to an alternative network interface than localhost. Here is a patch for layer23 (mobile), having an option "-u" (because -v is the port). Passing "-u 0.0.0.0" would bind to any interface. If you think it is useful, please commit it in the git. Cheers Tim

13 years, 4 months

Network registration fails

by To Beat

Hi I've a problem with the mobile application since ~1 month. Registering in the network always fails and I don't have any idea why. It used to work in the past, but currently it is not working. Independently from the osmocom version i use (even the version from december 2011 which had worked once now always fail). I am using a C123 with an ftdi cable and the testing branch from sylvain. I tried sim cards for Vodafone/O2/Eplus. The related outputs/logs are the following: Output on telnet interface: OsmocomBB# % (MS 1) % Searching network... % (MS 1) % Trying to registering with network... layer 1 output: http://pastebin.com/c0AhJ3gt mobile app output: http://pastebin.com/vP0YPfpT Any suggestions are appreciated! greetings Philip

13 years, 4 months

USSD Commands

by Abdul Hakeem

Hello, Does anyone have a comprehensive list of USSD commands (either at the MS and server sides ), or a link to such a resource ? Regards, Abdul Hakeem

13 years, 4 months

Problem with decoding.

by Jaka Hudoklin

Hello. I'm trying to figure out what am i doing wrong for days, and i can't. I'm doing GSM security research for my university. I sniffed A5/1 encrypted bursts of my mobile phone with known KC. The example of burst output is below(C-cyphertext, P-plaintext, F- decoded data): > C 2310735 > 111000010011011101110001010111110100001010101111110001110100011010011011101100101100010010011011010100101111100111 > P 2310735 > 100000000001110111010100000000000001000011011101000000001000000000010101110100000100000010000101010111010101000010 > C 2310736 > 101110101001101010010111111111101010111001111001001110011000011111011001010010010111110010010000111000111011100011 > P 2310736 > 101011111111010101010001100000101010111111010101000100001010111110111101110100010010100010111011111101010001001010 > C 2310737 > 100011010101111101001111011110111010100001010010100010010110000010111110001011010010100111101000011110010100100101 > P 2310737 > 000100010111010100010000101000010100011101010000000010100001000101110101010000000000100001000111010101000000001010 > C 2310738 > 100011100100110101110100001001001111110110110000001101100110001101100011011000011011111111011100101110100000101111 > P 2310738 > 010100001000101011101101010101010100001010111111110101110100000010101010101011010101010100001000101010101101110101 > F 1 22 9 6 32 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b > C 2310752 > 110011010101101010011000000101011010111000001111110111011101011010111101110101000101101001110001000000100000101011 > P 2310752 > 111000101001100101011000011010100001110010100101111101010011000111000111011100110001111110111100000111110100000101 > C 2310753 > 011010111101000101101001001111001001100001101010001011110111011000010101100001000100101010100110110100001000110111 > P 2310753 > 000011111011011101100101100000101011111000100110110001010110010011101111111011000000110010011110001011011000010010 > C 2310754 > 011011000011001100000110001110000011010100000101100000011111101100101000011001001010100001011100001011111011001011 > P 2310754 > 100000010010110101010001101110110100000110011101010111100010100000001001010101011001001001100010101101110100101010 > C 2310755 > 001001010111101010011010100110100011101001010101010010001011111101001000000111101101001011001111001001010001010011 > P 2310755 > 111001001001100011101001100100110100100000110010100110011101010000101010010010101011010001011000000001001100101111 > F 5 3 3 3 2d 6 1e 7 1e 92 f3 14 0 3b 97 88 2b 2b 2b 2b 2b 2b 2b As you can see frames are decoded correctly and they are correctly displayed in wireshark. If i put XOR-ed value betwene cyprtext and plaintext-> keystream to kraken, i don't get any usefull results only the ones that do not produce correct KC. i calculate frame count correctly, because i test it with data from http://lists.lists.reflextor.com/pipermail/a51/2010-July/000803.html. Kraken works correctly for me since i can get correct kc with keystream from http://lists.lists.reflextor.com/pipermail/a51/2010-July/000688.html. The ouput bursts in example above are written using following lines of code: for (i=0; i<57; i++) fprintf( app_state.fh, "%d", bt[i] ); for (i=59; i<116; i++) fprintf( app_state.fh, "%d", bt[i] ); where bt is generated using: osmo_pbit2ubit_ext(bt, 0, bi->bits, 0, 57, 0); osmo_pbit2ubit_ext(bt, 59, bi->bits, 57, 57, 0); Can you help me identify why can't i correctly crack bursts? Thanks!

13 years, 4 months

osmocombb and usrp

by Paul Lambert

Hello, I have a ursp1 working fine and I want to use my c123 to conenct to it with osmocombb. Now I face some problems. First of all I have no sim, so I do: sim testcard 1 001 01 The usrp runs a testnetwork (001 01) I don't know how I can associate with the usrp. I tried: network search (lot of output and also my testnet) network show (nothing happens) network select 1 001 01: Network not in list! Any idea what I'm doing wrong? Would be really Cool if i could use opensource only. With best regards, Paul

13 years, 4 months

changing key as security feature in osmocom?

by Tim Ehlers

Hi, I just saw the talk of Karsten Nohl at 28C3 and ask myself if it would be possible to trigger a new session key (KC) after every e.g. Call,SMS,USSD and silent SMS :) for next event. I mean it seems that e.g. in O2 Network in germany the key never changes, only when turning off and on the phone and after many events. For O2 it maybe enough to reconnect to the network? I really would like to get a somewhat secure GSM connection for my anchor mobile at home (remotely controlled from the PC) for my nationwide homezone (BWHZ), using osmocombb. :) Has anyone a suggestion, idea? Thanks Tim

13 years, 4 months

libosmocore re-sync

by Harald Welte

FYI, I have committed a 'git-subtree' update of libosmocore to osmocom-bb earlier today. It seemed non-intrusive to me, as most of the changes were in testing and gsm 08.08 code, both of which are not used in the ARM-target builds. Nonetheless, if you experience strange new problems, the libosmocore update might be a possible cause. The update was required due to a __attribute((packed)) fix by Andreas to some GSM 04.08 structures... -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

13 years, 4 months

USSD Traffic analysis

by ty

Hallo all. I have been playing around with OsmoscomBB for GSM voice traffic and capture. My interested has now stemmed into USSD traffic. Whenever I initiate a ussd session, I get the error "Session Terminated". Has anyone attempted to capture ussd sessions using the Motorola C123 or do I need specialized equipment for this? Also, am looking into researching more into ussd because here in Africa, specifically Kenya, there is a proliferation of financial services over USSD and this begs the question just how secure is it? If anyone on the list might have done a bit of digging around I'd really love to share learnings and insights. -ty

13 years, 4 months

Patch: Automatically run osmoload from osmocon

by Christian Vogel

Hi, I'm getting kind of annoyed by the new >64k firmwares that need to be loaded via osmoload. Included patch #2 adds a "-a" option to osmocon that runs an arbitrary script after the main firmware has been successfully uploaded to the phone. This script could, for example, then handle upload of a second stage firmware via osmoload. Also layer23 could be started here just before uploading layer1. The script will be given the socket, serial port, loader method (c123xor...) and main firmware as arguments, those can be used to distinguish several phones that are connected to the same PC. Example usage (using attached osmoload.sh script): osmocon -p /dev/ttyUSB0 -m c155 -a .../osmoload.sh \ .../board/compal_e99/loader.compalram.bin Received DOWNLOAD ACK from phone, your code is running now! OSMOCOM Loader (revision osmocon_v0.0.0-1299-g7c08201) (---- 2 second delay ----) [osmoload.sh] Socket is /tmp/osmocom_loader, port is /dev/ttyUSB0. [osmoload.sh] Loader method was c155. [osmoload.sh] New firmware will be osmocom-bb/src/target/firmware/board/compal_e99/rssi.highram.bin. Received pong. Loading 75472 bytes of memory to address 0x820000 from file osmocom-bb/src/target/firmware/board/compal_e99/rssi.highram.bin .................................................................. Chris

13 years, 4 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel February 2012