March 2012 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months, 1 week

5
5
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

8
12
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 11 months

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

3
3
0 0

AW: The call has been rejected

by Andreas.Eversberg

hi josephli, > Read stored BA list mnc=01 the mobile application stores the last cells and neighbour cells (band allocation) of each network. this way the scanning is much faster when restarting. because you use the SIM card with MNC == 02 the first time, there is no band allocation stored for that. the mobile will do a full scan in this case. > while the sim card service I am tesing is actually with mnc 00 and 02. i know that MNC == 0 will not work until i commited improvements of cell selection process last sunday. you should retry that, but first try with an MNC > 0. can you provide debug output when trying a call? also can you provide VTY output of "show ms" before you make the call? regards, andreas

11 years

3
2
0 0

status report layer1 and layer23

by Andreas.Eversberg

hi, i just fixed some locking issues the last days. fix will follow. it took a bit longer, because there were some race conditions. it took up to about one hour until it crashed. my way to detect the area where the crash happened, was to turn on buzzer before that area, and turn it off after that area. after many hours of approximation, i finally found out that the major crash happend during _talloc_zero. (first it looks for a free memory chunk, then it allocates it.) since it can be called from all contexts (main, irq, fiq), it need to be locked against any interrupt, otherwise the memory chunk can be assigned multiple times. (the process of _talloc_free is "atomic" and requires no locking.) because it seems pretty stable, i think it is time to merge some branches into the master. (i made a 6 hours call yesterday. and no crash after bugfix ever since.) i will do that together with sylvain, if we find the time this weekend. currently i use the jolly/voice together with the sylvain/traffic branch. i am able to use an isdn phone togehter with linux-call-router and make/receive calls. audio is passed both ways. i think this is a stage where it actually become "usable". (if not moving arround.) one of my major work for the next weeks/months will be the neighbour cell measurement, cell re-selection, and handover. this is essential when moving with the phone. regards, andreas

11 years

2
1
0 0

Can't compile after last pull

by Dario Lombardo

I've pulled git repo today, but the RSSI firmware gets an error. apps/rssi/main.c: In function `main': apps/rssi/main.c:896: warning: 'a' might be used uninitialized in this function apps/rssi/main.c:896: warning: 'e' might be used uninitialized in this function CC board/compal_e88/rssi.compalram.manifest.o LD board/compal_e88/rssi.compalram.elf OBJ board/compal_e88/rssi.compalram.bin CC board/compal_e88/rssi.highram.manifest.o LD board/compal_e88/rssi.highram.elf OBJ board/compal_e88/rssi.highram.bin CC board/compal_e88/rssi.e88loader.manifest.o LD board/compal_e88/rssi.e88loader.elf OBJ board/compal_e88/rssi.e88loader.bin CC board/compal_e88/rssi.e88flash.manifest.o LD board/compal_e88/rssi.e88flash.elf OBJ board/compal_e88/rssi.e88flash.bin CC board/compal_e86/rssi.compalram.manifest.o LD board/compal_e86/rssi.compalram.elf arm-elf-ld: region LRAM is full (board/compal_e86/rssi.compalram.elf section .data) make[1]: *** [board/compal_e86/rssi.compalram.elf] Error 1 make[1]: Leaving directory src/target/firmware' make: *** [firmware] Error 2 $ git pull Already up-to-date. $ Anyone experiencing the same issue?

11 years, 4 months

9
11
0 0

cp2102 (betemcu, B75937)

by lonelysurfer

...a never ending story: i have a working ftdi-ttl, but the cp2102-adapters (http://www.ebay.de/itm/USB-2-0-to-UART-TTL-6PIN-Module-Serial-Converter-CP2…) with the same cable dont work under ubuntu or windows. if i rub the top of the 2.55mm with my finger random data appears. but the loader doesnt upload the firmware. i used the txd, rxd and gnd pins and checked the connections with a multimeter. i tested -m c123xor, -m c123 and the default firmware. flashing custom baudrates was no problem. rivers are installed correctly (stady ttyusb0 under ubuntu/ com1 under win). is there any hint? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/cp2102-betemcu-B75937-tp3489336p… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 8 months

3
4
0 0

Receiving on TS=1 ?

by Sylvain Munaut

Hi, I've hacked something together to quickly test non-combined CCCH. However, I've hit a problem when trying to receive anything on another timeslot than 0. The TX side seems to work fine as the BTS can see my location update request and answers with a reject, but on the MS side, I never see the reject and wireshark only shows invalid incohrent data on the RX. The frames for SDCCH/8 show really nothing valid (looks like random bytes), things like 09 80 7f 47 49 06 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 47 d5 2d 06 1e 00 00 69 7c a0 91 3d 22 ff ab fe 6c 4f 56 4f 36 ... while the frames for the associated SAACH show at least something gsm-like : 03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b but that's not quite a SI5/6 ... To RX/TX on TS=1, I just delayed the RX/TX window by 625 bits (4 * 156.25) when I'm in dedicated channel mode by chaning the 'start' in l1s_tx_win_ctrl / l1s_rx_win_ctrl Is there something else that should be done ? Cheers, Sylvain

11 years, 9 months

2
5
0 0

burst_ind and TCH

by Mad

Hi Sylvain, hi list! I'm experimenting with burst_ind and TCHs right now and ran into some problem I couldn't solve yet. After receiving an Assignment Command for a hopping TCH/F I call l1ctl_tx_dm_est_req_h1() with all necessary parameters and tch_mode GSM48_CMODE_SPEECH_V1 or _EFR. After that I do get burst indications containing the received bits on up- and downlink for the active arfcn on each consecutive frame number. BUT the rx level measurements are most of the time very low and sporadic higher, surely not from that nearby bts and the very close cellphone. It looks like the layer1 doesn't "hit" the right timeslot on the right arfcn at the right time. There are some possible sources of error leading to that, like hopping parameters, channel number and MA list. But I checked these and I took all of them directly from the ASS CMD, the MA as word list in ascending order, like in layer23 IMM ASS handling. The specific AC doesn't have any specialties like Starting Time or "before time" parameters. So my question is if there is some obvious pitfall I'm missing and are there any suggestions how to debug that? Regards, Mad

11 years, 9 months

4
5
0 0

bursts****.dat

by Victor P

Hi, I am trying to use burst_ind branch of osmocom. I have noticed that layer23 creates bursts****.dat files when it indicates uplink. What data are written to these files and what should I use to see its data? Thank you.

11 years, 10 months

5
6
0 0

Reliablility problem in current git?

by Tim Ehlers

Hi, I have a git clone from 23.01.2012 and a current git clone. When I compile both and use the mobile appliation, I have a strange problem in the current code. Very often I can't send USSD codes (and maybe also can't communicate in other ways; USSD is the costless way to check whether I am connected or not). Ok, this is what I do: I send "service 1 *#21#", wait the answer and the string "% On Network, normal service: Germany, O2". Then send it again and so on. With the old code, I reliable get the answer e.g. "% Status: deactivated". With the new code, I very often (sometime already when trying first time) get nothing back and after some seconds only "% Service connection terminated.". Can someone confirm this behavior? Thanks Tim

12 years

4
20
0 0

Re: Recording / Re: Regular Osmocom meeting in Berlin?

by Katrin Verclas

It was my understanding from your suggestion that there would be presentations and discussions after those presentations at the meetings, making this not just having a beer with friends but more formal affairs. That would be useful for people elsewhere to see, given that this is a global community. Not sure what German law has to do with putting online or streaming such presentations. Cameras off when it comes to the informal part and beer time.. Love this list otherwise. And will come to Berlin this summer so may attend one or two, regardless :) Cheers from New York. K ------Original Message------ From: Harald Welte To: Katrin Verclas Cc: Holger Hans Peter Freyther Cc: Akib Sayyed Cc: baseband-devel(a)lists.osmocom.org Cc: openbsc(a)lists.osmocom.org Subject: Recording / Re: Regular Osmocom meeting in Berlin? Sent: Mar 31, 2012 8:01 AM Hi Katrin, On Fri, Mar 30, 2012 at 07:17:17PM +0000, Katrin Verclas wrote: > Could not disagree more. We live-stream local events all the time with > a very unobtrusive webcam/ustream and it bothers no one who is there > but benefits all who are not. And I couldn't disagree more with you. The mere existance of the two words 'camera' and 'unobtrusive' in one sentence are a contradiction in terms. If I want to meet with a small group of people and informally discuss technical topic, than that is _very_ different from being live streamed to an unknonwn number of people, any of which could make recordings and I would have to very carefully think about each and every word that I'm saying. That's not a particularly relaxed environment and would kill all the fun there is in having the meeting in the first place. Legally, In Germany this corresponds to "not publicly spoken word" (nicht oeffentlich gesprochenes Wort). It is punishable under law to record or broadcast that. (Clause 201 of German criminal code). Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6) Sent via mobile. Hence, short.

12 years

2
1
0 0

how to debug the firmware apps

by Chengcheng Gou

Hello I want to write an app in the form of Firmware, and don`t know how to debug it effectively! anyone has good suggestions, please? Thanks!

12 years

2
1
0 0

Re: Regular Osmocom meeting in Berlin?

by Katrin Verclas

Could not disagree more. We live-stream local events all the time with a very unobtrusive webcam/ustream and it bothers no one who is there but benefits all who are not. Best, Katrin ------Original Message------ From: Holger Hans Peter Freyther Sender: baseband-devel-bounces(a)lists.osmocom.org To: Akib Sayyed Cc: baseband-devel(a)lists.osmocom.org Cc: openbsc(a)lists.osmocom.org Subject: Re: Regular Osmocom meeting in Berlin? Sent: Mar 30, 2012 3:13 PM On 03/30/2012 07:27 PM, Akib Sayyed wrote: > even i am in.people who cannot participate please make some > arrangement for them like live streaming and chat support. > <http://www.ustream.tv/ support free live streaming> Hi, I don't think this is a good idea. It kills the local atmosphere without having any real benefit. Every decision/code and most likely slides will be public anyway. z. Sent via mobile. Hence, short.

12 years

3
2
0 0

Older releases OsmocomBB

by ondra2000＠centrum.cz

Hi all, please how can I download some older release of osmocombb source?I have compiled osmocombb source about 3 months ago and everything was ok...now I downloaded using git some new version and compile it and my phone repeatedly register/unregister with network. Sometimes if can call to this phone but I can't send SMS....So I want compile some older version of source code which worked for me. Thanks BR Ondrej

12 years

3
2
0 0

Regular Osmocom meeting in Berlin?

by Harald Welte

Hi all, I was pondering to start a regular Osmocom meeting (monthly or bi-weekly) in Berlin. The idea would be not only to converge the existing developers in Berlin (zecke, roh, prom, tobias, peter, kevin, myself, ...) but to also try to share some knowledge and excitement with other interested hackers in the wider community. A split format for the event might make sense: Have a more or less organized 45min talk about one particular topic + 15min discussion and then switch to an informal meeting style without any particular topic or moderator. For the first half there is a long list of topics intended at informing people about the status and capabilities of the respective projects: OsmocomBB, OsmoTETRA, OsmoGMR, SIMtrace, etc. Regarding the venue, I would suggest to hold it at the Berlin CCC. What do you generally think about this? What day of the week should we be aiming at? Tuesday and Thursday is generally not a good idea, as those are already occupied with other events. If you think it's a good idea, I would request/register the event with the CCC Berlin. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

12 years

11
13
0 0

battery and rx-level symbols

by Andreas Eversberg

hi christian, just added a symbol font to display battery level and rx level to layer1. also i added these symbols to rssi. regards, andreas

12 years

1
0
0 0

[PATCH 2/2] layer1/rssi: Adding battery status and rx-level symbol to RSSI.

by Andreas Eversberg

--- src/target/firmware/apps/rssi/main.c | 17 +++++++++++++++-- 1 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/target/firmware/apps/rssi/main.c b/src/target/firmware/apps/rssi/main.c index a189740..43713db 100644 --- a/src/target/firmware/apps/rssi/main.c +++ b/src/target/firmware/apps/rssi/main.c @@ -50,6 +50,7 @@ #include <osmocom/gsm/rsl.h> #include <osmocom/gsm/protocol/gsm_04_08.h> #include <osmocom/gsm/gsm48_ie.h> +#include <battery/battery.h> enum key_codes key_code = KEY_INV; int key_pressed = 0; @@ -170,6 +171,7 @@ static void print_display(char *text, int *y, int c) static void refresh_display(void) { char text[16]; + int bat = battery_info.battery_percent; fb_clear(); @@ -179,9 +181,20 @@ static void refresh_display(void) fb_setfg(FB_COLOR_BLUE); fb_setfont(FB_FONT_HELVR08); fb_gotoxy(0, 7); - fb_putstr("Osmocom Monitor Tool", -1); - fb_gotoxy(0, 10); + fb_putstr("Osmocom RSSI", -1); + fb_setfg(FB_COLOR_RGB(0xc0, 0xc0, 0x00)); + fb_setfont(FB_FONT_SYMBOLS); + fb_gotoxy(framebuffer->width - 15, 8); + sprintf(text, "@%c%c%cC", (bat >= 30) ? 'B':'A', + (bat >= 60) ? 'B':'A', (bat >= 90) ? 'B':'A'); + fb_putstr(text, framebuffer->width); + fb_gotoxy(0, 8); + sprintf(text, "%c%cE%c%c", (power >= 40) ? 'D':'G', + (power >= 10) ? 'D':'G', (power >= 10) ? 'F':'G', + (power >= 40) ? 'F':'G'); + fb_putstr(text, framebuffer->width); fb_setfg(FB_COLOR_GREEN); + fb_gotoxy(0, 10); fb_boxto(framebuffer->width - 1, 10); } fb_setfg(FB_COLOR_BLACK); -- 1.7.3.4 --------------020300040706040007050809--

12 years

1
0
0 0

[PATCH 1/2] layer1/fb: Adding new font for symbols

by Andreas Eversberg

The first symbols added are special characters to display battery status and receive level. --- src/target/firmware/Makefile | 3 +- src/target/firmware/fb/font.c | 2 + src/target/firmware/fb/symbols.c | 102 +++++++++++++++++++++++++++++++++ src/target/firmware/include/fb/font.h | 1 + 4 files changed, 107 insertions(+), 1 deletions(-) create mode 100644 src/target/firmware/fb/symbols.c diff --git a/src/target/firmware/Makefile b/src/target/firmware/Makefile index 21892a4..a71eef6 100644 --- a/src/target/firmware/Makefile +++ b/src/target/firmware/Makefile @@ -9,7 +9,8 @@ APPLICATIONS?=hello_world compal_dsp_dump layer1 loader chainload rssi # Framebuffer support, board specific drivers # -FB_OBJS=fb/framebuffer.o fb/font.o fb/helvR08.o fb/helvB14.o fb/c64.o +FB_OBJS=fb/framebuffer.o fb/font.o fb/helvR08.o fb/helvB14.o fb/c64.o \ + fb/symbols.o FB_e88_OBJS=$(FB_OBJS) fb/fb_bw8.o fb/fb_st7558.o FB_e99_OBJS=$(FB_OBJS) fb/fb_rgb332.o fb/fb_ssd1783.o diff --git a/src/target/firmware/fb/font.c b/src/target/firmware/fb/font.c index d98096f..18c1bfe 100644 --- a/src/target/firmware/fb/font.c +++ b/src/target/firmware/fb/font.c @@ -32,6 +32,7 @@ extern const struct fb_font font_helvR14; extern const struct fb_font font_helvB14; // extern const struct fb_font font_helvB24; extern const struct fb_font font_c64; +extern const struct fb_font font_symbols; const struct fb_font *fb_fonts[]={ // &font_4x6, @@ -43,6 +44,7 @@ const struct fb_font *fb_fonts[]={ &font_helvB14, // &font_helvB24, &font_c64, + &font_symbols, }; const struct fb_char * diff --git a/src/target/firmware/fb/symbols.c b/src/target/firmware/fb/symbols.c new file mode 100644 index 0000000..5f6c364 --- /dev/null +++ b/src/target/firmware/fb/symbols.c @@ -0,0 +1,102 @@ +#include <fb/font.h> +static const uint8_t font_symbols_data[] = { +/* @ battery - */ + /*0000:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*0005:*/ 0x60, /* .##..... */ + /*0006:*/ 0x40, /* .#...... */ + /*0007:*/ 0x40, /* .#...... */ + /*0008:*/ 0x40, /* .#...... */ + /*0009:*/ 0x40, /* .#...... */ + /*000a:*/ 0x40, /* .#...... */ + /*000b:*/ 0x40, /* .#...... */ + /*000c:*/ 0x60, /* .##..... */ +/* A battery empty */ + /*000d:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*0012:*/ 0xe0, /* ###..... */ + /*0013:*/ 0x00, /* ........ */ + /*0014:*/ 0x00, /* ........ */ + /*0015:*/ 0x00, /* ........ */ + /*0016:*/ 0x00, /* ........ */ + /*0017:*/ 0x00, /* ........ */ + /*0018:*/ 0x00, /* ........ */ + /*0019:*/ 0xe0, /* ###..... */ +/* B battery full */ + /*001a:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*001f:*/ 0xe0, /* ###..... */ + /*0020:*/ 0x00, /* ........ */ + /*0021:*/ 0xc0, /* ##...... */ + /*0022:*/ 0xc0, /* ##...... */ + /*0023:*/ 0xc0, /* ##...... */ + /*0024:*/ 0xc0, /* ##...... */ + /*0025:*/ 0x00, /* ........ */ + /*0026:*/ 0xe0, /* ###..... */ +/* C battery + */ + /*0027:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*002c:*/ 0x80, /* #....... */ + /*002d:*/ 0x80, /* #....... */ + /*002e:*/ 0xc0, /* ##...... */ + /*002f:*/ 0xc0, /* ##...... */ + /*0030:*/ 0xc0, /* ##...... */ + /*0031:*/ 0xc0, /* ##...... */ + /*0032:*/ 0x80, /* #....... */ + /*0033:*/ 0x80, /* #....... */ +/* D radiation left */ + /*0034:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*0039:*/ 0x20, /* ..#..... */ + /*003a:*/ 0x40, /* .#...... */ + /*003b:*/ 0x20, /* ..#..... */ + /*003c:*/ 0x00, /* ........ */ + /*003d:*/ 0x00, /* ........ */ + /*003e:*/ 0x00, /* ........ */ + /*003f:*/ 0x00, /* ........ */ + /*0040:*/ 0x00, /* ........ */ +/* E tower */ + /*0041:*/ 5, 5, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*0046:*/ 0x20, /* ..#..... */ + /*0047:*/ 0x50, /* .#.#.... */ + /*0048:*/ 0x20, /* ..#..... */ + /*0049:*/ 0x20, /* ..#..... */ + /*004a:*/ 0x50, /* .#.#.... */ + /*004b:*/ 0x50, /* .#.#.... */ + /*004c:*/ 0x88, /* #...#... */ + /*004d:*/ 0xf8, /* #####... */ +/* F radiation right */ + /*004e:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*0053:*/ 0x80, /* #....... */ + /*0054:*/ 0x40, /* .#...... */ + /*0055:*/ 0x80, /* #....... */ + /*0056:*/ 0x00, /* ........ */ + /*0057:*/ 0x00, /* ........ */ + /*0058:*/ 0x00, /* ........ */ + /*0059:*/ 0x00, /* ........ */ + /*005a:*/ 0x00, /* ........ */ +/* G no radiation */ + /*005b:*/ 3, 3, 8, 0, 0, /* width and bbox (w,h,x,y) */ + /*005c:*/ 0x00, /* ........ */ + /*005d:*/ 0x00, /* ........ */ + /*005e:*/ 0x00, /* ........ */ + /*005f:*/ 0x00, /* ........ */ + /*0060:*/ 0x00, /* ........ */ + /*0061:*/ 0x00, /* ........ */ + /*0062:*/ 0x00, /* ........ */ + /*0063:*/ 0x00, /* ........ */ +}; +static const uint16_t font_symbols_offsets[] = { + 0x0000 /* '@' */, + 0x000d /* 'A' */, + 0x001a /* 'B' */, + 0x0027 /* 'C' */, + 0x0034 /* 'D' */, + 0x0041 /* 'E' */, + 0x004e /* 'F' */, + 0x005b /* 'G' */, +}; +const struct fb_font font_symbols = { + .height = 8, + .ascent = 8, + .firstchar = 64, /* '@' */ + .lastchar = 71, + .chardata = font_symbols_data, + .charoffs = font_symbols_offsets, +}; + diff --git a/src/target/firmware/include/fb/font.h b/src/target/firmware/include/fb/font.h index 40a6974..9dee8ff 100644 --- a/src/target/firmware/include/fb/font.h +++ b/src/target/firmware/include/fb/font.h @@ -70,6 +70,7 @@ enum fb_font_id { FB_FONT_HELVB14, // FB_FONT_HELVB24, FB_FONT_C64, + FB_FONT_SYMBOLS, }; extern const struct fb_font *fb_fonts[]; // note: has to match fb_font_id enum! -- 1.7.3.4 --------------020300040706040007050809 Content-Type: text/x-patch; name="0002-layer1-rssi-Adding-battery-status-and-rx-level-symbo.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0002-layer1-rssi-Adding-battery-status-and-rx-level-symbo.pa"; filename*1="tch"

12 years

1
0
0 0

Please Stream it LIVE ---> Re: Regular Osmocom meeting in Berlin?

by Martin O'Shield

Hello All, "People who cannot participate please make some arrangement for them like live streaming and chat support. <http://www.ustream.tv/ support free live streaming> " I'd like to vote for this point as I wont be able to attend either but love to be there. Sincerely, Martin On Friday, March 30, 2012, Akib Sayyed <akibsayyed(a)gmail.com> wrote: > even i am in.people who cannot participate please make some > arrangement for them like live streaming and chat support. > <http://www.ustream.tv/ support free live streaming> > > On Fri, Mar 30, 2012 at 5:07 PM, Sergio 'shadown' Alvarez > <shadown(a)gmail.com> wrote: >> The idea sounds great to me too. >> >> On Mar 30, 2012, at 12:06 PM, Tobias Engel wrote: >> >>> On 29.03.2012 21:41, Peter Stuge wrote: >>>> Harald Welte wrote: >>>>> I was pondering to start a regular Osmocom meeting (monthly or >>>>> bi-weekly) in Berlin. >>>> .. >>>>> What do you generally think about this? >>>> >>>> I say go for it. Bi-weekly sounds good. >>> >>> I would say monthly is more realistic. But I'm also fine with bi-weekly. >> >> Bi-weekly would give more chances to people who travel a lot, to at least make it to it once a month. >> >>>>> What day of the week should we be aiming at? >>>> >>>> I like Wednesday. >>> >>> Me too. >>> >>> -Tobias >>> >> >> > > > > -- > Akib Sayyed > Matrix-Shell > akibsayyed(a)gmail.com > akibsayyed(a)matrixshell.com > Mob:- +91-966-514-2243 > >

12 years

1
0
0 0

Re: Regular Osmocom meeting in Berlin?

by Zsombor

Can you record the video about the presentations and upload to some video sharing site ? I'm certain, that there would be some interest watching it :) Thanks, Zsombor On 2012.03.30. 13:33, "Tobias Engel" <t-openbsc(a)tobias.org> wrote: On 29.03.2012 21:41, Peter Stuge wrote: > Harald Welte wrote: >> I was pondering to start a regular ... I would say monthly is more realistic. But I'm also fine with bi-weekly. >> What day of the week should we be aiming at? > > I like Wednesday. Me too. -Tobias

12 years

1
0
0 0

DOS in Cellular network

by Chengcheng Gou

Hello I want to know how to implement a real DOS in the real cellular network using RACH Flood.As you know, using OsmocomBB ,you can only send flood to one ARFCN at one time, so the phone can seaching for another ARFCN. So I think the RACH Flood is less effective in practice, how about it? and if not,a better suggestion on DOS in Cellular network? Thanks!

12 years

5
4
0 0

Syntax error - LIBOSMOCORE

by alfonso caponi

Hi list, sorry for this tedious question. I've already read a previous post about my problem but has not been useful ( http://lists.osmocom.org/pipermail/baseband-devel/2011-October/002351.html). I've this error after the make: checking for ranlib... ranlib ./configure: line 3508: syntax error near unexpected token `LIBOSMOCORE,' ./configure: line 3508: `PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore)' make: *** [host/layer23/Makefile] Error 2 My settings with the last versions of sources: - Linux ubuntu 2.6.38-11-generic-pae #50-Ubuntu SMP Mon Sep 12 22:21:04 UTC 2011 i686 i686 i386 GNU/Linux - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/root/cell_logger/tool-chain/install/bin - arm-elf-gcc -v (installed with http://bb.osmocom.org/trac/wiki/GnuArmToolchain) Using built-in specs. Target: arm-elf Configured with: ./configure elf Thread model: single gcc version 4.2.3 - Makefile: # this is the host tuple of your cross-toolchain CROSS_HOST ?= $(shell which arm-elf-gcc >/dev/null 2>&1 && echo arm-elf || echo arm-none-eabi) # this is the prefix of your cross-toolchain programs CROSS_TOOL_PREFIX=$(CROSS_HOST)- Any tips? :) Thank you very much, AL

12 years

3
3
0 0

Call for participation LSM/RMLL

by Mathias Coinchon

Dear Osmocom community, This email to inform you that the call for participation for the next Libre Software Meeting (LSM or RMLL: Rencontres Mondiales du Logiciel Libre) ends on 31st March: http://2012.rmll.info/en/participate/call-for-papers This edition will take place in Geneva from 7th to 12th July 2012 (7-8 general public days, 9-12 theme focused, professional). It would be of great interest for the communities to learn about the Osmocom projects in presentations or workshop. Real world applications would be interesting too. So please don't hesitate to directly submit. Don't hesitate also to contact me for more information. Mathias Coinchon

12 years

1
0
0 0

RSSI Firmware of OpenMoko GTA02

by saad_aol

Hi; I am trying to run rssi.highram.bin on gta02(openmoko) following this [1] gta02 is running SHR-lite distro So far I have 1. cross-compiled rssi firmware using arm-elf- toolchain 2. cross-compiled osmocon for phone using arm-angstrom-linux-gnueabi- [2] make -e CROSS_TOOL_PREFIX=arm-angstrom-linux-gnueabi- HOST_CONFARGS="--host=armv4t-angstrom-linux-gnueabi" 3. Make sure that nothing else is using /dev/ttySAC0 4. loaded rssi firmware on gta02 by running on gta02 ./osmocon -i 13 -m romload -p /dev/ttySAC0 rssi.highram.bin Firmware loads succesfully when I toggle power of baseband using echo 0 >/sys/bus/platform/devices/neo1973-pm-gsm.0/power_on && echo 1 >/sys/bus/platform/devices/neo1973-pm-gsm.0/power_on but it scans only ARFCN 1 :< SIM is present but since /dev/ttySAC0 is only claimed by osmocon, I dont think it can be used by ogsmd [1] http://bb.osmocom.org/trac/wiki/OpenMoko http://bb.osmocom.org/trac/wiki/OpenMoko [2] http://wiki.openmoko.org/wiki/Toolchain http://wiki.openmoko.org/wiki/Toolchain My QUESTIONS are: ================= 1. How can I Scan all ARFCN? 2. Can we use /dev/ttySAC0 for gsm & other things after the firmware is loaded on baseband? LOG FILE: http://baseband-devel.722152.n3.nabble.com/file/n3863628/log log -- View this message in context: http://baseband-devel.722152.n3.nabble.com/RSSI-Firmware-of-OpenMoko-GTA02-… Sent from the baseband-devel mailing list archive at Nabble.com.

12 years

1
0
0 0

Re: baseband-devel Digest, Vol 26, Issue 15

by Akib Sayyed

i am assuming that you are using one osmocom phone setup and one normal phone. try to do as follows take 3 osmocom phones then try dos with 2 phones and put sim in 3rd and lock to same arfcn and then see what happens. cheeers On Tue, Mar 27, 2012 at 3:30 PM, <baseband-devel-request(a)lists.osmocom.org> wrote: > Send baseband-devel mailing list submissions to > baseband-devel(a)lists.osmocom.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.osmocom.org/mailman/listinfo/baseband-devel > or, via email, send a message with subject or body 'help' to > baseband-devel-request(a)lists.osmocom.org > > You can reach the person managing the list at > baseband-devel-owner(a)lists.osmocom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of baseband-devel digest..." > > Today's Topics: > > 1. about RACH DOS (gcc) > > > ---------- Forwarded message ---------- > From: gcc <gouchengcheng(a)gmail.com> > To: baseband-devel(a)lists.osmocom.org > Cc: > Date: Mon, 26 Mar 2012 23:44:16 -0700 (PDT) > Subject: about RACH DOS > I am a student in a University studying on the security of GSM, recently I > want use osmocomBB to realize the RACH DOS attack mentioned in Dieter > Spaar`s speech. but I meet some difficulty. > > I do as follow: > > continuely sending RACH to a cell,and ignore the GSM48_MT_RR_IMM_ASS > message ,also i lock my phone to the attacked cell,but after some time,the > phone can still call to some phone ,why? > > can anyone help me? > > thanks! > > -- > View this message in context: http://baseband-devel.722152.n3.nabble.com/about-RACH-DOS-tp3860492p3860492… > Sent from the baseband-devel mailing list archive at Nabble.com. > > > > _______________________________________________ > baseband-devel mailing list > baseband-devel(a)lists.osmocom.org > https://lists.osmocom.org/mailman/listinfo/baseband-devel > -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

12 years, 1 month

1
0
0 0

about RACH DOS

by gcc

I am a student in a University studying on the security of GSM, recently I want use osmocomBB to realize the RACH DOS attack mentioned in Dieter Spaar`s speech. but I meet some difficulty. I do as follow: continuely sending RACH to a cell,and ignore the GSM48_MT_RR_IMM_ASS message ,also i lock my phone to the attacked cell,but after some time,the phone can still call to some phone ,why? can anyone help me? thanks! -- View this message in context: http://baseband-devel.722152.n3.nabble.com/about-RACH-DOS-tp3860492p3860492… Sent from the baseband-devel mailing list archive at Nabble.com.

12 years, 1 month

1
0
0 0

Patch: use-before-free in config_write_file

by Christian Vogel

Hi Everyone, while discussing config_file_write, I noticed that there's a use-after-free bug in libosmocore config_write_file. Chris

12 years, 1 month

1
1
0 0

[PATCH] Fix use-after-free in config_write_file

by Christian Vogel

--- src/vty/command.c | 13 ++++++------- 1 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/vty/command.c b/src/vty/command.c index ab1eaca..b3595e5 100644 --- a/src/vty/command.c +++ b/src/vty/command.c @@ -2337,40 +2337,39 @@ DEFUN(config_write_file, vty_out(vty, "Can't unlink backup configuration file %s.%s", config_file_sav, VTY_NEWLINE); + unlink(config_file_tmp); talloc_free(config_file_sav); talloc_free(config_file_tmp); - unlink(config_file_tmp); return CMD_WARNING; } if (link(config_file, config_file_sav) != 0) { vty_out(vty, "Can't backup old configuration file %s.%s", config_file_sav, VTY_NEWLINE); + unlink(config_file_tmp); talloc_free(config_file_sav); talloc_free(config_file_tmp); - unlink(config_file_tmp); return CMD_WARNING; } + talloc_free(config_file_sav); /* we are done with config_file_sav by now */ sync(); + if (unlink(config_file) != 0) { vty_out(vty, "Can't unlink configuration file %s.%s", config_file, VTY_NEWLINE); - talloc_free(config_file_sav); - talloc_free(config_file_tmp); unlink(config_file_tmp); + talloc_free(config_file_tmp); return CMD_WARNING; } if (link(config_file_tmp, config_file) != 0) { vty_out(vty, "Can't save configuration file %s.%s", config_file, VTY_NEWLINE); - talloc_free(config_file_sav); - talloc_free(config_file_tmp); unlink(config_file_tmp); + talloc_free(config_file_tmp); return CMD_WARNING; } unlink(config_file_tmp); sync(); - talloc_free(config_file_sav); talloc_free(config_file_tmp); if (chmod(config_file, 0666 & ~CONFIGFILE_MASK) != 0) { -- 1.7.5.4 --n8g4imXOkfNTN/H1--

12 years, 1 month

1
0
0 0

Frame Number--Paging

by R M

Hi, Lately I have been looking at the GSM traffic through wireshark. In every packet, wireshark tells me about the frame number. But a paging message is spread over four frames. (You need to read four frames to get a single paging message.) So which among these four frames does the frame number displayed in wireshark correspond to for the paging message? Regards, RM

12 years, 1 month

2
2
0 0

Problem building OsmocomBB

by Dennis Weider

Hi! I tried this tutorial to build my osmocomBB enviroment: http://bb.osmocom.org/trac/wiki/GettingStarted I downloaded the gnuarm toolchain from here: http://bb.osmocom.org/trac/wiki/toolchain I set the Path and i tried make, but it stops at > arm-elf-ld: ../../shared/libosmocore/build-target/src/.libs/libosmocore.a(msgb.o): Relocations in generic ELF (EM: 3) > ../../shared/libosmocore/build-target/src/.libs/libosmocore.a: could not read symbols: File in wrong format > make[1]: *** [board/compal_e88/hello_world.compalram.elf] Fehler 1 I found a similar Thread on the mailing list here: http://baseband-devel.722152.n3.nabble.com/unknown-error-td2758006.html#a27… But there is not a solution for the problem I would be happy if anybody would be able to giv a solution. MFG Kandanalor

12 years, 1 month

1
1
0 0

GSM specs describing Random Access Procedure

by R M

Hi, I want to understand the RACH channel acess procedure. I tried to search for it in google. It doesnt lead me to the right GSM spec. Does any one know which GSM spec details out the RACH link access procedure ? Regards, RM

12 years, 1 month

3
2
0 0

Video : Deepsec 2010 Targeted Dos Attack And Various Fun With Gsm Um

by R M

Hi, I am looking for this video. I found it at the official Deepsec video archives. But you require to register to the video host site and I am unable to download it using wget Does any one know of any bit torrent site that has this video so that I can download it? Regards, RM

12 years, 1 month

3
3
0 0

Working with OpenBSC + Osmocon: Paging response fails to activate SDCCH

by David Bahr

Hi, Ive just setup an OpenBSC + nanoBTS environment to experiment around with your Osmocom software and a Motorola C123. I tried wo write a little application similiar to app_ccch scan, which is able of responding to paging requests by sending a rach request and the following paging response procedure. The rach access is working fine, but i cant get the paging response to work properly. The message itself is correct (layer2/layer3 parts) according to the specs. OpenBSC is also working correctly as it is working with my normal cell phone or your mobile application. What i'm doing in my code is the following: 1. After getting the immediate assignment i call l1ctl_tx_dm_est_req_h0 in l1ctl.c (l1ctl_tx_dm_est_req_h0(ms, arfcn, ia->chan_desc.chan_nr, ia->chan_desc.h0.tsc, GSM48_CMODE_SIGN, 0)) in order to tune to the assigned channel (or the h1 procedure for hopping). 2. Afterwards i build the paging response (layer2 + layer3), pad the msg and send it via osmo_send_l1(ms, msg) similiar to l1ctl_tx_data_req in l1ctl.c That it is not working can be seen in the OpenBSC abis debug output: <0004> abis_rsl.c:1318 (bts=0,trx=0,ts=0,ss=0) Activating ARFCN(514) SS(0) lctype SDCCH r=OTHER ra=0x67 ta=0 <0004> abis_rsl.c:1064 (bts=0,trx=0,ts=0,ss=0) CHANNEL ACTIVATE ACK <0004> abis_rsl.c:891 (bts=0,trx=0,ts=0,ss=0) CONNECTION FAIL: RELEASING CAUSE=0x01(Radio Link Failure) <0004> abis_rsl.c:621 (bts=0,trx=0,ts=0,ss=0) RF Channel Release CMD due error 1 <0004> abis_rsl.c:658 (bts=0,trx=0,ts=0,ss=0) RF CHANNEL RELEASE ACK <0004> abis_rsl.c:594 (bts=0,trx=0,ts=0,ss=0) is back in operation. It should be looking like this: <0004> abis_rsl.c:1318 (bts=0,trx=0,ts=0,ss=0) Activating ARFCN(514) SS(0) lctype SDCCH r=OTHER ra=0x10 ta=0 <0004> abis_rsl.c:1064 (bts=0,trx=0,ts=0,ss=0) CHANNEL ACTIVATE ACK <0000> abis_rsl.c:1490 (bts=0,trx=0,ts=0,ss=0) SAPI=0 ESTABLISH INDICATION <0003> gsm_04_08.c:1076 PAGING RESPONSE: mi_type=0x04 MI(...) Has anyone an idea what I'm doing wrong? Thanks in advance for any help! Best regards, David

12 years, 1 month

1
0
0 0

Use OsmocomBB as OpenBTS / airprobe clock generator

by Harald Welte

Hi! Recently we've had the idea of using OsmocomBB with a simple firmware that synchronizes to an existing GSM networks FCCH and use the resulting 13MHz clock to drive the USRP for airprobe or OpenBTS. Ideally, we would even use the Calypso-internal PLL (for ARM or DSP) to multiply it up to the required 52 MHz. However, neither the Openmoko nor the Compal/Motorola phones expose any of the 3 clock output pads :( So the only choice is to use something along the lines of the http://focus.ti.com/docs/prod/folders/print/cdcvf25084.html as a quad clock multiplier and attach it to the CLK13OUT signal of the phone. The chip is available for 9 USD in single quantities at digikey, and possibly cheaper at other sources. Combined with a sub-20EUR phone it might be a very cheap but still accurate frequency source for OpenBTS - at least as long as there are any commercial gsm networks available. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

12 years, 1 month

8
17
0 0

any one have clone of MTK project hosted on google

by Akib Sayyed

guys i recently came across mobile-phone-mtk-project.googlecode.com but it seems to be down.does any one have copy of this one?? also can be create osmocom like project with help of MTK chipsets?? -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

12 years, 1 month

1
0
0 0

osmocom

by Carlos Cecanecchia Neto

Dear Srs, We are working in a project that uses a GSM modem to send a GMSK beacom in 904 MHZ with 2W. This beacom send a random bits, but we only need to measure the RSSI Visiting you site, we found a GSM RSSI software working in a phone. Can we use it in 904 Mhz ? This is the uplink GSM ARFCN channel 70. It is possible ? Best Regards Carlos Cecanecchia Neto www.mobipower.com.br 55-11-3257.7736 <http://www.mobipower.com.br/> New Picture (2)

12 years, 1 month

2
2
0 0

Re: tsm30 source code

by msokolov＠ivan.Harhan.ORG

> Hi.=0AIs there any place where I can download the TSM30 source code?=A0 Fou= > nd few torrents but they all seem to be dead.=0ACheers. It looks like the copy I've sent to Cryptome.org for preservation is still up: http://cryptome.org/tsm30/tsm30.7z HTH, MS

12 years, 1 month

1
0
0 0

Airprobe main Mmailing list

by R M

Hi, I am looking for the airprobe mailing list. The only thing I get is the a5/1 mailing list. Where is the airprobe main mailing list archives kept? Thanks and Regards, RM

12 years, 1 month

2
1
0 0

a plan it is about a small GSM Station , i think use two phone ......

by 麦田守望者

i think use two phone to make GSM RF and use wlan Router of usb Interface Connection two phone .... the small GSM base station maybe connection the internet

12 years, 1 month

1
0
0 0

[nuttx-bb] how to integrate nuttx-bb into upstream nuttx.

by Denis 'GNUtoo' Carikli

Hi, Nuttx is BSD licensed while osmocom-bb's src/target/firmware is GPLv2(or later). Mixing GPlv2 and BSD code is legally possible. As I understand it the whole work becomes GPLv2 when the code is mixed, the BSD part however can be used independently of the GPL part if you strip out the GPL part and the BSD copyright headers have to remain intact. The problem is that upstream(nuttx) will unlikely accept GPL code as-is for inclusion in nuttx. However there is a misc directory for software made under different licenses such as applications or drivers(there is one GPL driver for the rtl8187x wifi chipsets). To use the driver the user is expected to run a script that install the driver in nuttx normal source code directory. The list of files touched by the patches mades on top of nuttx and their licenses is listed here: http://bb.osmocom.org/trac/wiki/nuttx-bb/code-audit Basically the GPL parts are composed by : * the irq * the timer * the clock * the uart some of the related files have the following authors(can be combined together): * Harald Welte * Stefan Richter * Ingo Albrecht I guess Stefan Richter and Ingo Albrecht will be hard to reach. So I wonder what's the best thing to do. Denis.

12 years, 1 month

3
4
0 0

[PATCH] Added option for mobile-app to bind to other interfaces than localhost.

by Tim Ehlers

Signed-off-by: Tim Ehlers <osmocom(a)ehlers.info> --- .../layer23/include/osmocom/bb/common/l23_app.h | 1 + .../layer23/include/osmocom/bb/mobile/app_mobile.h | 2 +- src/host/layer23/src/common/main.c | 11 ++++++++++- src/host/layer23/src/mobile/app_mobile.c | 4 ++-- src/host/layer23/src/mobile/main.c | 13 ++++++++++--- .../include/osmocom/vty/telnet_interface.h | 1 + src/shared/libosmocore/src/vty/telnet_interface.c | 11 ++++++++++- 7 files changed, 35 insertions(+), 8 deletions(-) diff --git a/src/host/layer23/include/osmocom/bb/common/l23_app.h b/src/host/layer23/include/osmocom/bb/common/l23_app.h index e4c5d55..0b9994c 100644 --- a/src/host/layer23/include/osmocom/bb/common/l23_app.h +++ b/src/host/layer23/include/osmocom/bb/common/l23_app.h @@ -10,6 +10,7 @@ enum { L23_OPT_TAP = 4, L23_OPT_VTY = 8, L23_OPT_DBG = 16, + L23_OPT_VTYIP = 32, }; /* initialization, called once when starting the app, before entering diff --git a/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h b/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h index 4010a68..351dec3 100644 --- a/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h +++ b/src/host/layer23/include/osmocom/bb/mobile/app_mobile.h @@ -4,7 +4,7 @@ char *config_dir; int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), - const char *config_file, uint16_t vty_port); + const char *config_file, const char *vty_ip, uint16_t vty_port); int l23_app_exit(void); int l23_app_work(int *quit); int mobile_delete(struct osmocom_ms *ms, int force); diff --git a/src/host/layer23/src/common/main.c b/src/host/layer23/src/common/main.c index eb47b26..59cee03 100644 --- a/src/host/layer23/src/common/main.c +++ b/src/host/layer23/src/common/main.c @@ -56,6 +56,7 @@ static char *sap_socket_path = "/tmp/osmocom_sap"; struct llist_head ms_list; static struct osmocom_ms *ms = NULL; static char *gsmtap_ip = NULL; +static char *vty_ip = "127.0.0.1"; unsigned short vty_port = 4247; int (*l23_app_work) (struct osmocom_ms *ms) = NULL; @@ -106,6 +107,10 @@ static void print_help() if (options & L23_OPT_DBG) printf(" -d --debug Change debug flags.\n"); + if (options & L23_OPT_VTYIP) + printf(" -u --vty-ip The VTY IP to bind telnet to. " + "(default %s)\n", vty_ip); + if (app && app->cfg_print_help) app->cfg_print_help(); } @@ -122,13 +127,14 @@ static void build_config(char **opt, struct option **option) {"sap", 1, 0, 'S'}, {"arfcn", 1, 0, 'a'}, {"gsmtap-ip", 1, 0, 'i'}, + {"vty-ip", 1, 0, 'u'}, {"vty-port", 1, 0, 'v'}, {"debug", 1, 0, 'd'}, }; app = l23_app_info(); - *opt = talloc_asprintf(l23_ctx, "hs:S:a:i:v:d:%s", + *opt = talloc_asprintf(l23_ctx, "hs:S:a:i:v:d:u:%s", app && app->getopt_string ? app->getopt_string : ""); len = ARRAY_SIZE(long_options); @@ -174,6 +180,9 @@ static void handle_options(int argc, char **argv) case 'i': gsmtap_ip = optarg; break; + case 'u': + vty_ip = optarg; + break; case 'v': vty_port = atoi(optarg); break; diff --git a/src/host/layer23/src/mobile/app_mobile.c b/src/host/layer23/src/mobile/app_mobile.c index da388b2..d911ab3 100644 --- a/src/host/layer23/src/mobile/app_mobile.c +++ b/src/host/layer23/src/mobile/app_mobile.c @@ -352,7 +352,7 @@ static struct vty_app_info vty_info = { /* global init */ int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), - const char *config_file, uint16_t vty_port) + const char *config_file, const char *vty_ip, uint16_t vty_port) { struct telnet_connection dummy_conn; int rc = 0; @@ -376,7 +376,7 @@ int l23_app_init(int (*mncc_recv)(struct osmocom_ms *ms, int, void *), } } vty_reading = 0; - telnet_init(l23_ctx, NULL, vty_port); + telnet_init_dynif(l23_ctx, NULL, vty_ip, vty_port); if (rc < 0) return rc; printf("VTY available on port %u.\n", vty_port); diff --git a/src/host/layer23/src/mobile/main.c b/src/host/layer23/src/mobile/main.c index 89c9b94..312bcd6 100644 --- a/src/host/layer23/src/mobile/main.c +++ b/src/host/layer23/src/mobile/main.c @@ -52,6 +52,7 @@ void *l23_ctx = NULL; struct llist_head ms_list; static char *gsmtap_ip = 0; struct gsmtap_inst *gsmtap_inst = NULL; +static char *vty_ip = "127.0.0.1"; unsigned short vty_port = 4247; int debug_set = 0; char *config_dir = NULL; @@ -88,6 +89,8 @@ static void print_help() printf(" Some help...\n"); printf(" -h --help this text\n"); printf(" -i --gsmtap-ip The destination IP used for GSMTAP.\n"); + printf(" -u --vty-ip The VTY IP to telnet to. " + "(default %s)\n", vty_ip); printf(" -v --vty-port The VTY port number to telnet to. " "(default %u)\n", vty_port); printf(" -d --debug Change debug flags. default: %s\n", @@ -104,6 +107,7 @@ static void handle_options(int argc, char **argv) static struct option long_options[] = { {"help", 0, 0, 'h'}, {"gsmtap-ip", 1, 0, 'i'}, + {"vty-ip", 1, 0, 'u'}, {"vty-port", 1, 0, 'v'}, {"debug", 1, 0, 'd'}, {"daemonize", 0, 0, 'D'}, @@ -111,7 +115,7 @@ static void handle_options(int argc, char **argv) {0, 0, 0, 0}, }; - c = getopt_long(argc, argv, "hi:v:d:Dm", + c = getopt_long(argc, argv, "hi:u:v:d:Dm", long_options, &option_index); if (c == -1) break; @@ -125,6 +129,9 @@ static void handle_options(int argc, char **argv) case 'i': gsmtap_ip = optarg; break; + case 'u': + vty_ip = optarg; + break; case 'v': vty_port = atoi(optarg); break; @@ -226,9 +233,9 @@ int main(int argc, char **argv) config_dir = dirname(config_dir); if (use_mncc_sock) - rc = l23_app_init(mncc_recv_socket, config_file, vty_port); + rc = l23_app_init(mncc_recv_socket, config_file, vty_ip, vty_port); else - rc = l23_app_init(NULL, config_file, vty_port); + rc = l23_app_init(NULL, config_file, vty_ip, vty_port); if (rc) exit(rc); diff --git a/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h b/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h index 2de4f19..65a1dd9 100644 --- a/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h +++ b/src/shared/libosmocore/include/osmocom/vty/telnet_interface.h @@ -47,6 +47,7 @@ struct telnet_connection { }; int telnet_init(void *tall_ctx, void *priv, int port); +int telnet_init_dynif(void *tall_ctx, void *priv, const char *ip, int port); void telnet_exit(void); diff --git a/src/shared/libosmocore/src/vty/telnet_interface.c b/src/shared/libosmocore/src/vty/telnet_interface.c index 167acc1..bbc0791 100644 --- a/src/shared/libosmocore/src/vty/telnet_interface.c +++ b/src/shared/libosmocore/src/vty/telnet_interface.c @@ -18,6 +18,7 @@ * */ +#include <arpa/inet.h> #include <sys/socket.h> #include <netinet/in.h> #include <stdlib.h> @@ -59,6 +60,14 @@ static struct osmo_fd server_socket = { */ int telnet_init(void *tall_ctx, void *priv, int port) { + int rc; + rc = telnet_init_dynif(tall_ctx, priv, "127.0.0.1", port); + + return rc; +} + +int telnet_init_dynif(void *tall_ctx, void *priv, const char *ip, int port) +{ struct sockaddr_in sock_addr; int fd, rc, on = 1; @@ -78,7 +87,7 @@ int telnet_init(void *tall_ctx, void *priv, int port) memset(&sock_addr, 0, sizeof(sock_addr)); sock_addr.sin_family = AF_INET; sock_addr.sin_port = htons(port); - sock_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sock_addr.sin_addr.s_addr = inet_addr(ip); rc = bind(fd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); if (rc < 0) { -- 1.7.1

12 years, 1 month

3
2
0 0

ARFCH

by R M

Hi, I am using Nokia 3310 to look at GSM traffic. The system information messages are displayed in wireshark. Is it possible to get the ARFCN of the becaon channel of the cell to which the phone has locked from the System Information messages( SI ) ? I am getting confused because of the following screen shots which I have attached. Screen shot 1 says that the SI 4 message is in ARFCN 108. Screen shot 2 says that the SI 4 message is in ARFCN 57. So now which is the real ARFCN of the beacon channel in my cell ? Regards, RM

12 years, 1 month

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel March 2012