April 2012 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

8 months

5
5
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 6 months

8
12
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

8 years

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 3 months

3
3
0 0

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 3 months

5
21
0 0

AW: The call has been rejected

by Andreas.Eversberg

hi josephli, > Read stored BA list mnc=01 the mobile application stores the last cells and neighbour cells (band allocation) of each network. this way the scanning is much faster when restarting. because you use the SIM card with MNC == 02 the first time, there is no band allocation stored for that. the mobile will do a full scan in this case. > while the sim card service I am tesing is actually with mnc 00 and 02. i know that MNC == 0 will not work until i commited improvements of cell selection process last sunday. you should retry that, but first try with an MNC > 0. can you provide debug output when trying a call? also can you provide VTY output of "show ms" before you make the call? regards, andreas

11 years, 2 months

3
2
0 0

status report layer1 and layer23

by Andreas.Eversberg

hi, i just fixed some locking issues the last days. fix will follow. it took a bit longer, because there were some race conditions. it took up to about one hour until it crashed. my way to detect the area where the crash happened, was to turn on buzzer before that area, and turn it off after that area. after many hours of approximation, i finally found out that the major crash happend during _talloc_zero. (first it looks for a free memory chunk, then it allocates it.) since it can be called from all contexts (main, irq, fiq), it need to be locked against any interrupt, otherwise the memory chunk can be assigned multiple times. (the process of _talloc_free is "atomic" and requires no locking.) because it seems pretty stable, i think it is time to merge some branches into the master. (i made a 6 hours call yesterday. and no crash after bugfix ever since.) i will do that together with sylvain, if we find the time this weekend. currently i use the jolly/voice together with the sylvain/traffic branch. i am able to use an isdn phone togehter with linux-call-router and make/receive calls. audio is passed both ways. i think this is a stage where it actually become "usable". (if not moving arround.) one of my major work for the next weeks/months will be the neighbour cell measurement, cell re-selection, and handover. this is essential when moving with the phone. regards, andreas

11 years, 2 months

2
1
0 0

Can't compile after last pull

by Dario Lombardo

I've pulled git repo today, but the RSSI firmware gets an error. apps/rssi/main.c: In function `main': apps/rssi/main.c:896: warning: 'a' might be used uninitialized in this function apps/rssi/main.c:896: warning: 'e' might be used uninitialized in this function CC board/compal_e88/rssi.compalram.manifest.o LD board/compal_e88/rssi.compalram.elf OBJ board/compal_e88/rssi.compalram.bin CC board/compal_e88/rssi.highram.manifest.o LD board/compal_e88/rssi.highram.elf OBJ board/compal_e88/rssi.highram.bin CC board/compal_e88/rssi.e88loader.manifest.o LD board/compal_e88/rssi.e88loader.elf OBJ board/compal_e88/rssi.e88loader.bin CC board/compal_e88/rssi.e88flash.manifest.o LD board/compal_e88/rssi.e88flash.elf OBJ board/compal_e88/rssi.e88flash.bin CC board/compal_e86/rssi.compalram.manifest.o LD board/compal_e86/rssi.compalram.elf arm-elf-ld: region LRAM is full (board/compal_e86/rssi.compalram.elf section .data) make[1]: *** [board/compal_e86/rssi.compalram.elf] Error 1 make[1]: Leaving directory src/target/firmware' make: *** [firmware] Error 2 $ git pull Already up-to-date. $ Anyone experiencing the same issue?

11 years, 6 months

9
11
0 0

cp2102 (betemcu, B75937)

by lonelysurfer

...a never ending story: i have a working ftdi-ttl, but the cp2102-adapters (http://www.ebay.de/itm/USB-2-0-to-UART-TTL-6PIN-Module-Serial-Converter-CP2…) with the same cable dont work under ubuntu or windows. if i rub the top of the 2.55mm with my finger random data appears. but the loader doesnt upload the firmware. i used the txd, rxd and gnd pins and checked the connections with a multimeter. i tested -m c123xor, -m c123 and the default firmware. flashing custom baudrates was no problem. rivers are installed correctly (stady ttyusb0 under ubuntu/ com1 under win). is there any hint? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/cp2102-betemcu-B75937-tp3489336p… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 10 months

3
4
0 0

Receiving on TS=1 ?

by Sylvain Munaut

Hi, I've hacked something together to quickly test non-combined CCCH. However, I've hit a problem when trying to receive anything on another timeslot than 0. The TX side seems to work fine as the BTS can see my location update request and answers with a reject, but on the MS side, I never see the reject and wireshark only shows invalid incohrent data on the RX. The frames for SDCCH/8 show really nothing valid (looks like random bytes), things like 09 80 7f 47 49 06 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 47 d5 2d 06 1e 00 00 69 7c a0 91 3d 22 ff ab fe 6c 4f 56 4f 36 ... while the frames for the associated SAACH show at least something gsm-like : 03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b but that's not quite a SI5/6 ... To RX/TX on TS=1, I just delayed the RX/TX window by 625 bits (4 * 156.25) when I'm in dedicated channel mode by chaning the 'start' in l1s_tx_win_ctrl / l1s_rx_win_ctrl Is there something else that should be done ? Cheers, Sylvain

11 years, 11 months

2
5
0 0

burst_ind and TCH

by Mad

Hi Sylvain, hi list! I'm experimenting with burst_ind and TCHs right now and ran into some problem I couldn't solve yet. After receiving an Assignment Command for a hopping TCH/F I call l1ctl_tx_dm_est_req_h1() with all necessary parameters and tch_mode GSM48_CMODE_SPEECH_V1 or _EFR. After that I do get burst indications containing the received bits on up- and downlink for the active arfcn on each consecutive frame number. BUT the rx level measurements are most of the time very low and sporadic higher, surely not from that nearby bts and the very close cellphone. It looks like the layer1 doesn't "hit" the right timeslot on the right arfcn at the right time. There are some possible sources of error leading to that, like hopping parameters, channel number and MA list. But I checked these and I took all of them directly from the ASS CMD, the MA as word list in ascending order, like in layer23 IMM ASS handling. The specific AC doesn't have any specialties like Starting Time or "before time" parameters. So my question is if there is some obvious pitfall I'm missing and are there any suggestions how to debug that? Regards, Mad

11 years, 11 months

4
5
0 0

bursts****.dat

by Victor P

Hi, I am trying to use burst_ind branch of osmocom. I have noticed that layer23 creates bursts****.dat files when it indicates uplink. What data are written to these files and what should I use to see its data? Thank you.

12 years

5
6
0 0

What does FBSB RESP: result=255 mean?

by Joshua Pereyda

Hello, Hopefully this question is appropriate on this list (please let me know otherwise). Running ccch_scan or bcch_scan in the sylvain/burst_ind branch, I keep getting this error: <000c> l1ctl.c:114 FBSB RESP: result=255 I tried checking the code, but I can't quite figure out what's going on. It looks like 255 is an error code, but I don't know where to go from there. This may be related to my SIM card being locked (I think). Running mobile on the sylvain/testing branch, I get: <0005> subscriber.c:625 PIN is required, 3 tries left Will not having the PIN intefere with ccch_scan as well? Thanks, Josh Pereyda

12 years, 1 month

2
2
0 0

key generation on SIM failed (cause 2)

by Alojzij Sinur

Hi, I have a question. When using osmocombb with C118, we are getting error when SIM tries to authenticate itself to the network. Here are the messages: <0005> gsm48_mm.c:3902 (ms 1) Received 'RR_DATA_IND' from RR in state location updating initiated (sapi 0) <0005> gsm48_mm.c:4091 (ms 1) Received 'MT_MM_AUTH_REQ' in MM state location updating initiated <0005> gsm48_mm.c:1637 AUTHENTICATION REQUEST (seq 2) <0005> subscriber.c:955 Generating KEY at SIM <000f> sim.c:209 got new job: SIM_JOB_RUN_GSM_ALGO (handle=00000006) <000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x00 sw2=0x00) <000f> sim.c:952 command failed <000f> sim.c:151 sending result to callback function (type=1) <0005> subscriber.c:990 key generation on SIM failed (cause 2) SIM is new. It works if you start phone without osmocom. And It also works if you start without osmocom and when SIM logs into network you restart the phone with osmocom. We tried several new cards and there was always same result. There is also no PIN set up (SIM is not locked). We tried with USIM. When we try old cards (>2 years old) osmocom works without problem. Have you ever encountered this kind of trouble? Is there any fix for it? Thank you. Regards, Alojzij

12 years, 1 month

4
9
0 0

Sagem OT-290 trace phone / GSMTAP integration

by Harald Welte

Hi all! Thanks to a generous donor, we have received a couple of OT-290 trace phones. These are commercial products intended for taking L2/L3 air interface traces. If you've read any of the fabulous GSM papers by Prof. Dr.-Ing. Joachim Goeller: The OT-phones is what he used to generate all his traces. The majority of what those phones can do is now also possible with OsmocomBB. However, OT-290 support GPRS tracing/testing - for CS-1 throguh CS-4. I would be willing to give away one of the two remaining OT-290 (for free) to anyone who would in return commit to developing a GSMTAP interface for it. The message format on the serial UART between phone and PC is documented (PDF documentation by Sagem included with the phones). So based on this documentation and an OT-290 phone, it should be possible to write a small command-line program that receives the GSM/GPRS messages from the OT-290 and sends them via GSMTAP into wireshark. The result would then be similar to what http://cgit.osmocom.org/cgit/dct3-gsmtap/ is for DCT-3 phones. If you're interested, please respond to this message. Please don't apply for the phone if you are not able to find the required time and interest for actually doing the GSMTAP integration. Thanks! -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

12 years, 1 month

2
2
0 0

should we continue to focus on nuttx?

by Denis 'GNUtoo' Carikli

The other day on IRC I was told that: >Apr 29 00:34:36 <Hoernchen> last thing i heard was that nuttx was superseded in favor of a more lightweight solution And: >Apr 29 00:41:03 <steve|m> http://openbsc.osmocom.org/trac/wiki/OsmoDevCon2012/Minutes#a18:30roundtabl… which was made back in march(we also started working on nuttx near march) and contains the following: >laf: summary we could not gain much from nuttx, rockbox could provide use with UI (inspiration)? steve: framebuffer is mosly compatible I wasn't aware of all that. Also I don't have much details on what was said since I wans't there... Should me and Alan Carvalho de Assis continue the work we are doing? What is the current plan? our status is here: http://bb.osmocom.org/trac/wiki/nuttx-bb/drivers The current work on my side is to: * make serial work without sercomm(done locally,just some configuration change) * unbreak the booting of the calypso(require serial to work without sercomm,the commit that created the problem has been identified, how to fix is a work in progress) * I also tried to change toolchain(I generated a toolchain with openembedded) to see if it fixed the issue but according to Gregory it's not the right fix. * I also identified some dummy functions in the nuttx version of sercomm that we should get rid of. On Alan Carvalho de Assis side : he's trying to make the keypad work but he has some difficulties with it. Denis.

12 years, 1 month

4
5
0 0

Arkmicro Technologies Inc. ARK3116 Serial

by Darran.Lee

Hi I am trying to use an Arkmicro Technologies ARK3116 USB to serial cable to communicate with my C118. I have compiled Osmocom-bb successfully on my Debian Squeeze laptop. When I try to run the osmocon utility I get an error "Cannot open serial device /dev/ttyUSB0" My dmesg etc output is: [ 769.752182] usb 5-2: new full speed USB device using uhci_hcd and address 5 [ 769.908979] usb 5-2: New USB device found, idVendor=6547, idProduct=0232 [ 769.908988] usb 5-2: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 769.908995] usb 5-2: Product: USB-UART Controller [ 769.909000] usb 5-2: Manufacturer: ArkMicroChips [ 769.909192] usb 5-2: configuration #1 chosen from 1 choice [ 770.029492] usbcore: registered new interface driver usbserial [ 770.029740] USB Serial support registered for generic [ 770.030002] usbcore: registered new interface driver usbserial_generic [ 770.030005] usbserial: USB Serial Driver core [ 770.047650] USB Serial support registered for ark3116 [ 770.048263] ark3116 5-2:1.0: ark3116 converter detected [ 770.076254] usb 5-2: ark3116 converter now attached to ttyUSB0 [ 770.076305] usbcore: registered new interface driver ark3116 ls -l /dev/tty* crw-rw---- 1 root dialout 4, 64 Apr 27 21:01 /dev/ttyS0 crw-rw---- 1 root dialout 4, 65 Apr 27 21:01 /dev/ttyS1 crw-rw---- 1 root dialout 4, 66 Apr 27 21:01 /dev/ttyS2 crw-rw---- 1 root dialout 4, 67 Apr 27 21:01 /dev/ttyS3 crw-rw---- 1 root dialout 188, 0 Apr 27 21:14 /dev/ttyUSB0 lsusb Bus 005 Device 005: ID 6547:0232 Arkmicro Technologies Inc. ARK3116 Serial Bus 005 Device 004: ID 09da:0006 A4 Tech Co., Ltd Optical Mouse WOP-35 / Trust 450L Optical Mouse Bus 005 Device 003: ID 1631:5002 Good Way Technology Bus 005 Device 002: ID 1631:5400 Good Way Technology Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub So I am assuming the drivers are installed correctly but if I run osmocon I get: ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin Cannot open serial device /dev/ttyUSB0 My Question is, does anyone here have any experience with the Arkmicro Technologies ARK3116 Serial cable? Is there something I have missed? Thanks Tokala

12 years, 1 month

2
1
0 0

How one can get the address of the functions and Variables in the DSP assemble code

by Chengcheng Gou

hello, I have the problem ,such as how to get the address of the functions and Variables in the DSP assemble code,such as in +; DSP Sniffing task patch +; ---------------------------------------------------------------------------- +; Known symbols +; ---------------------------------------------------------------------------- + + ; Variables +patch_install_fptr .equ 0x3F6B ; Patch install function ptr +dsp_page .equ 0x3FB0 ; Current ndb.d_dsp_page +task_fn_entry .equ 0x4387 + 23 ; Task 23 index in JT_4387 + + ; Functions +a5_setup .equ 0xB12C +dma_queue_setup .equ 0xB74C + +jt4387_exec .equ 0xA9EA + +fq_4320_push .equ 0xAA9F +fq_4330_push .equ 0xAA6C +fq_4340_push .equ 0xAAC3 + Can anyone tell me the way to do that?! thanks!

12 years, 1 month

2
1
0 0

Frequency hopping

by Dario Lombardo

Hello everybody What happens when a mobile station is in a cell that uses hopping, but the mobile locks to that cell (for instance using the function of the engineering menu of a BB)? Is the hopping mandatory or the ms can continue working also without it? Does osmocom support hopping? What are the commands of the mobile interface (if they exist) to show how the hopping is going? Is it possible to lock with osmocom too? Thanks for the answers. Dario.

12 years, 1 month

2
1
0 0

Whats the best recommended Sim Card R/W for the SysmoSim Card

by Martin O'Shield

Hello All, What is the preferred Sim Card Reader/Writer for the SysmoSim Card, A.K.A., the GrCard Sim? And is the following known to work reliably with the SysmoSim Card? SIM Reader kit - v1.0http://www.adafruit.com/products/101I contacted Adafruit.com yesterday and they explained that their device doesn't work on all Sim Cards. Any assistance would be greatly appreciated. Sincerely, Martin

12 years, 1 month

3
2
0 0

PLMN Scan Rate when off network

by Kurtis Heimerl

Hi Baseband, I'm trying to figure out if there's any standard set for how often a handset should scan for signal when out of coverage. I haven't been able to find much, just the following in 3GPP TS 22.011: 3.2.2.2 At switch-on or recovery from lack of coverage If registration cannot be achieved on any PLMN, the UE shall indicate "no service" to the user, wait until a new PLMN is detected, or new location areas of an allowed PLMN are found which are not in the forbidden LA list(s), and then repeat the procedure. When registration cannot be achieved, different (discontinuous) PLMN search schemes may be used in order to minimize the access time while maintaining battery life, e.g. by prioritising the search in favour of BCCH carriers which have a high probability of belonging to an available and allowable PLMN. Sounds like it's up to each manufacturer to just pick a delay? Any other thoughts/intuitions which might help us bound this number? Thanks!

12 years, 1 month

1
0
0 0

Osmocom RRLP

by maxfeldman14＠berkeley.edu

To whom it may concern: Has anyone implemented RRLP request handling in osmocombb's layer 3? We are particularly interested in the transmission of GPS data. Additionally, if anyone has any helpful advice/documentation on the message format which is more detailed or useful than the gsm 04.31 spec we would greatly appreciate it. Thanks you, Max Feldman

12 years, 1 month

1
0
0 0

April 25, 7pm / Regular Osmocom meeting in Berlin?

by Harald Welte

Hi all! This is the announcement for the 2nd incarnation of our bi-weekly Osmocom Berlin meeting. April 25, 7pm @ CCC Berlin, Marienstr. 11, 10113 Berlin The schedule is as follows: 19:00 Introduction into the TETRA base station located @ CCCB For quite some time, there is a full TETRA base station located in the Berlin CCC, consisting of two base radios (BR), a site controller (TSC), an auto-tuning cavity combiner and other equipment. The talk will introduce the architecture of the system and the current status of getting it running. 20:00 Presenting the CC32RS512 / towards an Osmocom Card OS The CC32RS512 is a flash-based smart card controller to which the documentation is available without NDA. This means that we finally are able to implement a Smart Card OS (COS) as free software. 20:30 Informal discussions If you are interested to show up, feel free to do so. There is no registration required. If the initial part is not interesting to you, feel free to join us later at 20:30. The meeting is free as in "free beer", despite no actual free beer being around ;) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

12 years, 1 month

1
0
0 0

Basic Set Up For PCS 1900

by rola

Hi all: I've been on and off trying to set up Osmocom-BB for quite a while now. I've tried using several Cxxx with no luck of being able to lock on to a cell. I shifted to Pirelli_dpl10 hoping to avoid configuration change required of dual-band phones to work with Osmocom-BB but no positive outcome. I'm using Sylvain testing branch with transmit enabled; create mobile config file with PCS1900 and GSM850 as the only bands to be supported. For US Motorola dual band phones c139 and c155, I modified the required section of the rffe file to support PCS1900; and for Pirelli, I made the recommended modification to UART option before being able to communicate with the device. I guess I did all what need to be done for preliminary setting. Layer1 load perfectly but mobile application never work. Sim reader worked perfectly; Sim information was read, mobile app used the previous PLMN information to start power measurement. I was able to get average power of -92dB with Pirelli but while still performing the scanning the result output repeatedly fix prim_pm.c file with value to be overwrite message. I guess the issue has to do with passing the right parameters to layer1 to perform ARFCN scanning in order to obtain power measurement of the available channels. I'm not really sure if there is need to modify any part of layer1 or Rita files before accurate measurement could be done for PCS1900. I'm not that deeply knowledgeable in GSM standard but I can still figure out what to do if any hint is given toward what need to be done before PCS1900 band will work with any osmocom-compatible phone. I know that some people have worked on PCS1900 and GSM850 but there is no information towards what need to be done in terms of specific file to hack to change default GSM900 and DCS1800 bands configurations to GSM850 and PCS1900. I am pretty much sure that If I were in Europe I would by now step up from trying to make Osmocom lock to a serving cell to the point studying the code to work for a specific purpose. I am using the project as part of thesis work to analyze the Um interface and to explain processes that occur between BTS and mobile station. I will so much appreciate it if anyone could be of any help. Thanks. Rasak -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Basic-Set-Up-For-PCS-1900-tp3927… Sent from the baseband-devel mailing list archive at Nabble.com.

12 years, 1 month

1
0
0 0

CKSN clarification

by Max

Hello. CKSN - Ciphering Key Sequence Number is associated with Kc and is a bit trickier than trivial counter. According to GSM 04.08 (p. 278 in v5.3.0 in my case) it's comprised as follows: * 3 bits - actual key sequence (value 111 seems to be reserved) * 1 bit - always 0 * 3 bits - CKSN IEI Could you help me to understand how to properly generate it: - the last bit (8th) is not specified - does it mean it's always 0? - what is CKSN IEI and how do I calculate\use it? - am I right that 3-bit key seq. value is simple counter that I increment with each Kc generation? - what do I do when key seq. reach 6 - start over with 0 again? And of course I'm interested if CKSN-related code is available as part of libosmogsm or some other open source project: the code is always helpful in understanding and I don't have to reinvent the wheel :) best regards, Max.

12 years, 1 month

3
3
0 0

Mobile phone to act as RF frequency sesnor and detector

by Winston Ojenge

Dear all, I lecture at strathmore university, Kenya, East Africa. For my PhD, i need to develop a cell-phone model that senses and recognizes a specific RF frequency from a source. It then submits the value of that frequency by SMS. Is it possible to use the OsmocomBB platform to program such a device using motorola C123? Ojenge

12 years, 2 months

2
7
0 0

How to implement HLR lookup free

by Chengcheng Gou

hello How to implement HLR lookup free ?

12 years, 2 months

4
3
0 0

bug report about mobile

by Chengcheng Gou

I am testing mobile app and when the program exit, it occur the flowing errors: Dropping frame with 85 bit errors LOSS counter for ACCH 31 Dropping frame with 85 bit errors Dropping frame with 86 bit errors Dropping frame with 78 bit errors LOSS counter for ACCH 30 Dropping frame with 79 bit errors Dropping frame with 77 bit errors Dropping frame with 86 bit errors

12 years, 2 months

1
0
0 0

how to establish a dedicated channel using OsmocomBB

by Chengcheng Gou

hello anyone can give a demo in the misc floder?

12 years, 2 months

1
0
0 0

Interest in a driver for MT5921 wifi chip?

by Heiko Stübner

Hi, Synopsis -------- I started on a driver for the MT5921 wlan chip from MediaTek and am now trying to find developers wo would be interested in this, as I don't have the necessary knowledge of the whole wireless part, or to determine if trying this is completely futile. Available is: - a (hopefully) nearly complete register-map of the chip - my initial work of basic communication through its spi interface up to and including reading the chips eeprom - a proprietary driver through which it's possible to log the spi-traffic Also it seems I would be able to provide hardware to interested parties. MT5921 and MediaTek ------------------- The MT5921 [1] can be connected via SPI, SDIO, HPI and compact flash. It seems to be used mostly in phones based on MediaTek SoCs, but also gained a relatively wide spread through the ebook readers from Qisda (Oyo in germany, Fnacbook / Sagem Binder in france, bq Avant in spain, Positivo Alfa in brazil, Mr. Book in russia, ...). MediaTek itself does not provide any information about the chip and also does not seem to answer inquiries [via various channels] at all. From talks to some of the device makers, I gathered that MediaTek also completely refuses to release any material to them. The proprietary driver mentioned above also seems to have been made by MediaTek directly. The device ---------- I'm working on the Qisda ebook readers mentioned above (S3C2416 with 400MHz or S3C2450 with 533MHz depending on the device). The overall support at this point is quite good, including the driver for the epd controller, multitouch- capable capacitive touchscreen, suspending and resuming the device. Impressions of these devices can be found on [2]. I have a spare "Oyo 1" that was donated to me, that I could redonate for this and it seems I could gain the support of one of the device makers, who will also supply a small number of devices, if I can find interested developers for this endavour. State of the driver ------------------- The kernel release by Alcatel of their OT890 [3] did include headers describing most of the chips registers and the eeprom structure of the sdio version. It explicitly did non include sources for the wifi driver itself. For things like chip signature and mac address, the eeprom struct also matches the spi version, so I guess it could match also for most of the non-sdio stuff On the Qisda devices modifying the underlying spi-dev driver makes it possible to log the traffic the module sends to and receives from the chip.There also exists a debug-version of the proprietary module that emits more in-depth information on what it's currently doing [4]. I also build a crude script [5] to convert these dumps to a representation of registers and constants form the header. There are probably better tools around to do such things, but it made the reading of the dumps easier, like: Array ( [mode] => write [register] => MCR_RFCR [reg-desc] => Receive Filter Control Register [valstr] => RFCR_RX_SAMEBSSIDPRORESP_CTRL | RFCR_RX_SAMEBSSIDBCN_CTRL [unmatched] => 0x0 ) As written above, bringup of and basic communication with the device works and I'm lacking the necessary knowledge of the whole wireless part. So, if anybody is interested in this I would be very happy :-) . Thanks Heiko [1] http://www.mediatek.com/en/Products/product_content.php?sn=48 [2] http://www.youtube.com/user/MMind81 [3] http://sourceforge.net/projects/alcatel/files/ [4] examples in https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w… https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w… [5] https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w…

12 years, 2 months

1
0
0 0

The mobile app error

by Chengcheng Gou

hello I run the mobile app, but the error occur: What about the cause of the error,and how to solve it? Thanks！ LOSS counter for ACCH 31 Dropping frame with 86 bit errors Dropping frame with 84 bit errors Dropping frame with 79 bit errors LOSS counter for ACCH 30 Dropping frame with 82 bit errors Dropping frame with 82 bit errors Dropping frame with 89 bit errors LOSS counter for ACCH 29 Dropping frame with 86 bit errors Dropping frame with 76 bit errors Dropping frame with 70 bit errors LOSS counter for ACCH 28 Dropping frame with 88 bit errors Dropping frame with 79 bit errors Dropping frame with 70 bit errors LOSS counter for ACCH 27

12 years, 2 months

1
0
0 0

Looks connected but no cells avaible ?

by nicki240

Hi If I insert show cell 1 , it will show me no cells . show cell 1 : ARFCN |MCC |MNC |LAC |cell ID|forb.LA|prio |min-db |max-pwr|rx-lev -------+-------+-------+-------+-------+-------+-------+-------+-------+------- OsmocomBB# But It found a signal and I have an IMSI For more Information and help with the Call rejected Problem here : http://baseband-devel.722152.n3.nabble.com/Call-has-been-rejected-tt3896636… Thanks and Sorry for bad English -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Looks-connected-but-no-cells-ava… Sent from the baseband-devel mailing list archive at Nabble.com.

12 years, 2 months

1
0
0 0

Encrypted GSM phone

by Marek Stopka

Hi, I have been just wondering... would it be possible to use your project as a base for DIY encrypted cellphone? My idea is that if I could get hold to output data after voice is encoded by GSM EFR codec, I might just easily encrypt this digital stream using AES128 and build trully encrypted cellphone. Where does actual "analog voice from microphone to digital data" conversion happends? In a layer1 that runs in a chip, or layer23 that runs on a PC? If it would be in layer23, encrypting a data stream with AES 128 whould be doable, am I missing something? Thanks Marek -- S pozdravem / Best regards Marek Stopka Kontakty / Contacts Mobil/Cell phone:+420 608 149 955 WEB: www.stopkaconsulting.eu

12 years, 2 months

9
10
0 0

Call has been rejected

by nicki240

hi If I try to call someboady , I'll get in the telnet connection this Error : OsmocomBB# call 1 0176********** OsmocomBB# % (MS 1) % Call has been rejected .mobile : <0009> mnccms.c:570 Make call to 0176********** <0009> mnccms.c:150 support TCH/H also <0009> mnccms.c:174 support full rate v2 <0009> mnccms.c:178 support full rate v1 <0009> mnccms.c:187 support half rate v1 <0006> transaction.c:76 ms 1 allocates transaction (proto 3 trans_id 255 callref 2 mem 0x8cfdd28) <0006> gsm48_cc.c:243 new state NULL -> MM_CONNECTION_PEND <0006> gsm48_cc.c:507 Sending MMCC_EST_REQ <0005> gsm48_mm.c:3774 (ms 1) Received 'MMCC_EST_REQ' event in state MM idle <0005> gsm48_mm.c:3777 -> substate PLMN search <0005> gsm48_mm.c:3779 -> callref 2, transaction_id 255 <0005> gsm48_mm.c:3042 Init MM Connection, not in normal state. <0006> gsm48_cc.c:2161 (ms 1) Received 'MMCC_REL_IND' in CC state MM_CONNECTION_PEND <0006> gsm48_cc.c:196 (ms 1 ti ff) Sending 'MNCC_REL_IND' to MNCC. <0006> gsm48_cc.c:243 new state MM_CONNECTION_PEND -> NULL <0006> transaction.c:104 ms 1 frees transaction (mem 0x8cfdd28) <0009> mnccms.c:372 Call has been released (cause 21) <0009> mnccms.c:71 (call 2) Call removed. osmocon : 8a 00 80 00 00 00 00 00 00 90 00 SIM Request (7): a0 a4 00 00 02 7f 10 SIM Response (2): 9f 1e SIM Request (5): a0 c0 00 00 1e SIM Response (32): 00 00 00 20 7f 10 02 00 f4 4f ff 01 11 bb 01 0f 05 00 83 8a 83 8a 00 80 00 00 00 00 00 00 90 00 SIM Request (7): a0 a4 00 00 02 6f 40 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 7c 6f 40 04 00 11 ff 44 01 02 01 1f 90 00 SIM Request (5): a0 b2 01 04 1f SIM Response (33): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 90 00 SIM Request (7): a0 a4 00 00 02 6f 42 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 e1 6f 42 04 00 11 ff 44 01 02 01 2d 90 00 SIM Request (5): a0 b2 01 04 2d SIM Response (47): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f1 ff ff ff ff ff ff ff ff ff ff ff ff 07 91 94 71 07 16 00 00 ff ff ff ff 00 00 ff 90 00 Can somebody help me ? thx nicki240 -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Call-has-been-rejected-tp3896636… Sent from the baseband-devel mailing list archive at Nabble.com.

12 years, 2 months

1
0
0 0

Layer1 reset type

by Chengcheng Gou

hello can anyone explain the different in the three reset types? L1CTL_RES_T_BOOT L1CTL_RES_T_FULL L1CTL_RES_T_SCHED thanks!

12 years, 2 months

1
0
0 0

900MHz packet radio?

by Kristen Eisenberg

I hear what you are saying, and we are working to support inter-BTS meshing for OpenBTS and OpenBSC. However, there is also value in getting the phones to mesh, if only because there are plenty situations where you might not be able to get a BTS, or be able to use any BTS that is around. Kristen Eisenberg Billige Flüge Marketing GmbH Emanuelstr. 3, 10317 Berlin Deutschland Telefon: +49 (33) 5310967 Email: utebachmeier at gmail.com Site: http://flug.airego.de - Billige Flüge vergleichen

12 years, 2 months

1
0
0 0

unmerged patches

by jolly

hi, i just collected all my patches together that i would have merged: 1. i added two patches to jolly/battery branch of osmocombb. it will add a font with symbols and display them at rssi. since i did not receive a reply about that from christian, i pushed it in this seperate branch so far. christian, if you find the time, just look at it. 2. there are several patches in my "testing" branch at jolly/ui of osmocombb. these patches are tested and work quite well. the are not related to the ui. i think they could me mergend: commit 66c21b3b7d30db205202d46893032ae2a73992a2 layer23: Send SIM APDUs via GSMTAP Usefull to trace SIM messages together with Um messages. commit b9ff5044a5fcbd07e6a295d75e14c7c504259914 layer23: Be sure to close mncc socket on exit of mobile instance commit e30e351d66f07e6effee768412a9d8f31202b4ed layer1: Retry fist power measurement, if it seems to fail In some cases (e.g. after a call with TCH) the first power measurement after a full reset will always return 0 (-110dbm). In this case the measurment is repeated once again. This is just a workarround, and it will not fix the actual cause. 3. there are several additions and fixes at jolly/rtpmux branch of openbsc. commit db3a7dd357bd7cd842a80655e734a1b4afdb6f7c and commit 872c6c002add0a741514aa505df9379a6fcdb955 allow to exchange traffic via rtp with a given rtp endpoint. the destination can be controlled via mncc interface. the result is that the traffic is not routed via mncc interface, but directly exchanged with the given rtp endpoint. lcr supports that, so traffic between sip and openbsc is directly forwarded and not routed through lcr and mncc interface. commit 3d407e7c8e5c4e01dc07a530f910d29fac687809 and commit f47d13e55888576c9201a3a7fee04fc58f98ff66 will handle bad frames from e1 bts. if a frame is bad, the rtp packet is dropped (if forwarded via rtp). if the bad frame is received by lcr via mncc interface, lcr will extrapolate the missing audio by repeating last valid frame with reduced value. instead of having a distrorted sound, the audio stream will now be clear, even if some frames are bad. commit 0193b8a76824cdce9d9da3f7374a928efac6f96c allows dynamic payload types when forwarding rtp traffic to a given rtp endpoint. (used for EFR/AMR/HR) commit ea724c6af9e1a5b6df8d0e5965f357896834d3ce and commit a22e598c0a93f88433c6a00bd2acdde5c2f496d5 will fix the problems with delay and loosing audio at nanobts. it uses system clock as a basis to correct timestamp and sequence number of frames transmitted to the bts. commit bf14b25358f7ceb021e2397e90c2fb9484245b7b fixes problem with interruption of traffic, if packet transmission via rtp fails in the beginning. the result of all these patches is a reliable audio stream. the call waiting works, as well as hold/retrieve of calls without audio interruption or increasing/high delay. (even if database access makes openbsc stop for some time.) in conjuction with lcr, a sip gateway can directly exchange audio traffic with openbsc. the codec to be used is negotiated between SIP gateway and MS. (depending on support and preference) 4. long time ago i extraced the sms protocols "smc" and "smr" (TS 11.11) from openbsc and added a state machines. they are now part of libosmocore and are used for sending/receiving sms via osmocombb. i removed all that code from openbsc and use libosmocore instead. see jolly/sms for the 4 patches. i hope that was not too much at a time :) regards, andreas

12 years, 2 months

1
0
0 0

the ccch number

by Chengcheng Gou

hello 1.if a cell has multiple TRX, and the CCCH number >1,then can the phone request channel on other timeslot but timeslot 0 in the uplink; how does a real phone deal with it? 2.how to mitigate the RACH DOS in the GSM network? anyone can help me?

12 years, 2 months

1
0
0 0

detecting TMSI and Bursts relation?

by Simian Denson

Hi, is it technically possible to sniff the air traffic (for example with ccch_scan from the osmocombb burst_ind branch) and correlate the relationship between a burst and a paging request (which contains the tmsi of the mobile) ? Basically: What are the steps to determine which tmsi (mobile) did which burst ? Thank you for your information! cheers, Simian

12 years, 2 months

1
0
0 0

how to identify the BTS belong to which BSC

by Chengcheng Gou

I want to know if there is a method for that, Thanks!

12 years, 2 months

1
0
0 0

Reliablility problem in current git?

by Tim Ehlers

Hi, I have a git clone from 23.01.2012 and a current git clone. When I compile both and use the mobile appliation, I have a strange problem in the current code. Very often I can't send USSD codes (and maybe also can't communicate in other ways; USSD is the costless way to check whether I am connected or not). Ok, this is what I do: I send "service 1 *#21#", wait the answer and the string "% On Network, normal service: Germany, O2". Then send it again and so on. With the old code, I reliable get the answer e.g. "% Status: deactivated". With the new code, I very often (sometime already when trying first time) get nothing back and after some seconds only "% Service connection terminated.". Can someone confirm this behavior? Thanks Tim

12 years, 2 months

4
20
0 0

Basic build problem.

by Andrew Back

Hello, I'm experiencing problems getting started with building BB and wondered if someone might be able to advise. Seems that whenever I specify a toolchain prefix it is ignored. E.g. $make -e CROSS_TOOL_PREFIX=arm-none-linux-gnueabi- Results in an error: "configure: error: in `/home/andrew/Work/AB Open/Projects/GSM/Osmocom/osmocom-bb/src/shared/libosmocore/build-target': configure: error: C compiler cannot create executables See `config.log' for more details" If I check ./shared/libosmocore/build-target/config.log for instances of "arm" these are all still "arm-none-eabi", which I do not have. The prefix example above was to attempt to use CodeSourcery Lite tools. I've also tried with a prefix of "arm-linux-gnueabi-" to use a toolchain installed from Emdebian via apt-get, and I experience the same problem. Although in searching for a fix I read something which suggested that the Emdebian toolchains may be no use. So, am I doing something wrong in the first step? And is there perhaps another toolchain I should be using? Apologies if this has already been answered — I have done a bit of searching but only found similar errors where a prefix was not being specified. Regards, Andrew -- Andrew Back http://carrierdetect.com

12 years, 2 months

2
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel April 2012