Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific
chipset.
When i run osmocon i get :- an its just sits there with no further
processing.
./osmocon -p /dev/ttyUSB0 -m c123xor
../../target/firmware/board/compal_e88/loader.compalram.bin
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
got 1 bytes from modem, data looks like: 00 .
got 2 bytes from modem, data looks like: 2f 00 /.
got 1 bytes from modem, data looks like: 1b .
got 3 bytes from modem, data looks like: f6 02 00 ...
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 01 .
got 1 bytes from modem, data looks like: 40 @
Received PROMPT1 from phone, responding with CMD
got 1 bytes from modem, data looks like: 66 f
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6d m
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6c l
Received FTMTOOL from phone, ramloader has aborted
got 1 bytes from modem, data looks like: 65 e
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 00 .
I think the cable is ok as when i run my fingers on the tip i get random
Zeros so it appears to be talking to the cable.
Also when i tried to run Mobile i get the :- even though i created the
Mobile.cfg file in /etc/osmoco
Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg'
Please check or create config file using: 'touch
/home/raz/.osmocom/bb/mobile.cfg'
I have spent some hours researching the lists and trying various things to
no avail but I want to continue until I resolve this issues and use this
great stack to learn about the GSM network.
Please advise.
Great full for any help or pointers but this maybe a timing issue that is
difficult to debug.
Thanks
Raz
hi,
i did a lot of resarch and testing on cell selection and re-selection
process the last two week.
the cell selection process, network selection process (manual and
automatic) and mobility management process were already implemented in
OsmocomBB a long time, but turned out to be buggy and incomplete. i made
test drives to check the process and debugged it.
the re-selection process is new. it is used to track surrounding cells
while listening to the BCCH of the current cell (camping on a cell).
special extension to the layer1 firmare is used to measure neighbour
cells. if an neighbour cell becomes 'better', the mobile switches to
that cell, depening on different criteria. now it is possible to move
with OsmocomBB.
the re-selection process is not handover! handover is a process where a
phone switches between cells while doing a call. handover is one next
step to implement. the process is a little more complex, because it
requires not only neighbour cell measurements, but also syncing to them
without interrupting the traffic channel. most layer 3 stuff of handover
is already implemented.
if you like to play and test your moving OsmocomBB, you can check out
the "jolly/roaming" branch. it contains the extension to layer1, as well
as sim reader and fixes from "sylvain/testing" branch. use both "mobile"
and "layer1" firmware from this branch.
in order to see some process at VTY, you can do:
enable
monitor network 1 (continously display the strongest cell and neighbour
cells)
show ms 1 (to see current states)
show neighbour-cells 1 (to see a more detailed current list of
neighbours)
andreas
Hi,
in the osmocom bb mobile.cfg I don't see any posibility to set a fixed
Kc encryption key and the tmsi.
How could I achieve that osmocom uses my defined Kc and tmsi?
cheers,
Simian
hi josephli,
> Read stored BA list mnc=01
the mobile application stores the last cells and neighbour cells (band
allocation) of each network. this way the scanning is much
faster when restarting. because you use the SIM card with MNC == 02 the
first time, there is no band allocation stored for that. the mobile will
do a full scan in this case.
> while the sim card service I am tesing is actually with mnc 00 and 02.
i know that MNC == 0 will not work until i commited improvements of cell
selection process last sunday. you should retry that, but first try with
an MNC > 0.
can you provide debug output when trying a call?
also can you provide VTY output of "show ms" before you make the call?
regards,
andreas
hi,
i just fixed some locking issues the last days. fix will follow. it took
a bit longer, because there were some race conditions. it took up to
about one hour until it crashed. my way to detect the area where the
crash happened, was to turn on buzzer before that area, and turn it off
after that area. after many hours of approximation, i finally found out
that the major crash happend during _talloc_zero. (first it looks for a
free memory chunk, then it allocates it.) since it can be called from
all contexts (main, irq, fiq), it need to be locked against any
interrupt, otherwise the memory chunk can be assigned multiple times.
(the process of _talloc_free is "atomic" and requires no locking.)
because it seems pretty stable, i think it is time to merge some
branches into the master. (i made a 6 hours call yesterday. and no crash
after bugfix ever since.) i will do that together with sylvain, if we
find the time this weekend.
currently i use the jolly/voice together with the sylvain/traffic
branch. i am able to use an isdn phone togehter with linux-call-router
and make/receive calls. audio is passed both ways. i think this is a
stage where it actually become "usable". (if not moving arround.)
one of my major work for the next weeks/months will be the neighbour
cell measurement, cell re-selection, and handover. this is essential
when moving with the phone.
regards,
andreas
I've pulled git repo today, but the RSSI firmware gets an error.
apps/rssi/main.c: In function `main':
apps/rssi/main.c:896: warning: 'a' might be used uninitialized in this
function
apps/rssi/main.c:896: warning: 'e' might be used uninitialized in this
function
CC board/compal_e88/rssi.compalram.manifest.o
LD board/compal_e88/rssi.compalram.elf
OBJ board/compal_e88/rssi.compalram.bin
CC board/compal_e88/rssi.highram.manifest.o
LD board/compal_e88/rssi.highram.elf
OBJ board/compal_e88/rssi.highram.bin
CC board/compal_e88/rssi.e88loader.manifest.o
LD board/compal_e88/rssi.e88loader.elf
OBJ board/compal_e88/rssi.e88loader.bin
CC board/compal_e88/rssi.e88flash.manifest.o
LD board/compal_e88/rssi.e88flash.elf
OBJ board/compal_e88/rssi.e88flash.bin
CC board/compal_e86/rssi.compalram.manifest.o
LD board/compal_e86/rssi.compalram.elf
arm-elf-ld: region LRAM is full (board/compal_e86/rssi.compalram.elf
section .data)
make[1]: *** [board/compal_e86/rssi.compalram.elf] Error 1
make[1]: Leaving directory src/target/firmware'
make: *** [firmware] Error 2
$ git pull
Already up-to-date.
$
Anyone experiencing the same issue?
...a never ending story:
i have a working ftdi-ttl, but the cp2102-adapters
(http://www.ebay.de/itm/USB-2-0-to-UART-TTL-6PIN-Module-Serial-Converter-CP2…)
with the same cable dont work under ubuntu or windows.
if i rub the top of the 2.55mm with my finger random data appears. but the
loader doesnt upload the firmware.
i used the txd, rxd and gnd pins and checked the connections with a
multimeter.
i tested -m c123xor, -m c123 and the default firmware. flashing custom
baudrates was no problem.
rivers are installed correctly (stady ttyusb0 under ubuntu/ com1 under win).
is there any hint?
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/cp2102-betemcu-B75937-tp3489336p…
Sent from the baseband-devel mailing list archive at Nabble.com.
Hi,
I've hacked something together to quickly test non-combined CCCH.
However, I've hit a problem when trying to receive anything on another
timeslot than 0.
The TX side seems to work fine as the BTS can see my location update
request and answers with a reject, but on the MS side, I never see the
reject and wireshark only shows invalid incohrent data on the RX.
The frames for SDCCH/8 show really nothing valid (looks like random
bytes), things like
09 80 7f 47 49 06 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
09 00 47 d5 2d 06 1e 00 00 69 7c a0 91 3d 22 ff ab fe 6c 4f 56 4f 36
...
while the frames for the associated SAACH show at least something gsm-like :
03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
but that's not quite a SI5/6 ...
To RX/TX on TS=1, I just delayed the RX/TX window by 625 bits (4 *
156.25) when I'm in dedicated channel mode by chaning the 'start' in
l1s_tx_win_ctrl / l1s_rx_win_ctrl
Is there something else that should be done ?
Cheers,
Sylvain
Hi Sylvain, hi list!
I'm experimenting with burst_ind and TCHs right now and ran
into some problem I couldn't solve yet.
After receiving an Assignment Command for a hopping TCH/F I
call l1ctl_tx_dm_est_req_h1() with all necessary parameters
and tch_mode GSM48_CMODE_SPEECH_V1 or _EFR.
After that I do get burst indications containing the received
bits on up- and downlink for the active arfcn on each
consecutive frame number.
BUT the rx level measurements are most of the time very low
and sporadic higher, surely not from that nearby bts and the
very close cellphone.
It looks like the layer1 doesn't "hit" the right timeslot
on the right arfcn at the right time.
There are some possible sources of error leading to that, like
hopping parameters, channel number and MA list.
But I checked these and I took all of them directly from the
ASS CMD, the MA as word list in ascending order, like in layer23
IMM ASS handling.
The specific AC doesn't have any specialties like Starting Time
or "before time" parameters.
So my question is if there is some obvious pitfall I'm missing
and are there any suggestions how to debug that?
Regards,
Mad
Hi,
I am trying to use burst_ind branch of osmocom. I have noticed that layer23 creates bursts****.dat files when it indicates uplink. What data are written to these files and what should I use to see its data? Thank you.
Hello,
Hopefully this question is appropriate on this list (please let me
know otherwise).
Running ccch_scan or bcch_scan in the sylvain/burst_ind branch, I keep
getting this error:
<000c> l1ctl.c:114 FBSB RESP: result=255
I tried checking the code, but I can't quite figure out what's going on. It
looks like 255 is an error code, but I don't know where to go from there.
This may be related to my SIM card being locked (I think). Running mobile on
the sylvain/testing branch, I get:
<0005> subscriber.c:625 PIN is required, 3 tries left
Will not having the PIN intefere with ccch_scan as well?
Thanks,
Josh Pereyda
Hi,
I have a question.
When using osmocombb with C118, we are getting error when SIM tries to authenticate itself to the network.
Here are the messages:
<0005> gsm48_mm.c:3902 (ms 1) Received 'RR_DATA_IND' from RR in state location updating initiated (sapi 0)
<0005> gsm48_mm.c:4091 (ms 1) Received 'MT_MM_AUTH_REQ' in MM state location updating initiated
<0005> gsm48_mm.c:1637 AUTHENTICATION REQUEST (seq 2)
<0005> subscriber.c:955 Generating KEY at SIM
<000f> sim.c:209 got new job: SIM_JOB_RUN_GSM_ALGO (handle=00000006)
<000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00)
<000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4)
<000f> sim.c:876 received APDU (len=0 sw1=0x00 sw2=0x00)
<000f> sim.c:952 command failed
<000f> sim.c:151 sending result to callback function (type=1)
<0005> subscriber.c:990 key generation on SIM failed (cause 2)
SIM is new. It works if you start phone without osmocom. And It also works if you start without osmocom and when SIM logs into network you restart the phone with osmocom.
We tried several new cards and there was always same result. There is also no PIN set up (SIM is not locked). We tried with USIM.
When we try old cards (>2 years old) osmocom works without problem.
Have you ever encountered this kind of trouble? Is there any fix for it?
Thank you.
Regards,
Alojzij
Hi all!
Thanks to a generous donor, we have received a couple of OT-290 trace
phones. These are commercial products intended for taking L2/L3 air
interface traces. If you've read any of the fabulous GSM papers by
Prof. Dr.-Ing. Joachim Goeller: The OT-phones is what he used to
generate all his traces.
The majority of what those phones can do is now also possible with
OsmocomBB.
However, OT-290 support GPRS tracing/testing - for CS-1 throguh CS-4.
I would be willing to give away one of the two remaining OT-290 (for
free) to anyone who would in return commit to developing a GSMTAP
interface for it.
The message format on the serial UART between phone and PC is documented
(PDF documentation by Sagem included with the phones). So based on this
documentation and an OT-290 phone, it should be possible to write a
small command-line program that receives the GSM/GPRS messages from the
OT-290 and sends them via GSMTAP into wireshark.
The result would then be similar to what
http://cgit.osmocom.org/cgit/dct3-gsmtap/ is for DCT-3 phones.
If you're interested, please respond to this message. Please don't
apply for the phone if you are not able to find the required time and
interest for actually doing the GSMTAP integration.
Thanks!
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
The other day on IRC I was told that:
>Apr 29 00:34:36 <Hoernchen> last thing i heard was that nuttx was
superseded in favor of a more lightweight solution
And:
>Apr 29 00:41:03 <steve|m>
http://openbsc.osmocom.org/trac/wiki/OsmoDevCon2012/Minutes#a18:30roundtabl…
which was made back in march(we also started working on nuttx near march) and
contains the following:
>laf: summary we could not gain much from nuttx, rockbox could provide use
with UI (inspiration)? steve: framebuffer is mosly compatible
I wasn't aware of all that.
Also I don't have much details on what was said since I wans't there...
Should me and Alan Carvalho de Assis continue the work we are doing?
What is the current plan?
our status is here: http://bb.osmocom.org/trac/wiki/nuttx-bb/drivers
The current work on my side is to:
* make serial work without sercomm(done locally,just some configuration
change)
* unbreak the booting of the calypso(require serial to work without
sercomm,the commit that created the problem has been identified, how to fix is a
work in progress)
* I also tried to change toolchain(I generated a toolchain with openembedded)
to see if it fixed the issue but according to Gregory it's not the right fix.
* I also identified some dummy functions in the nuttx version of sercomm that
we should get rid of.
On Alan Carvalho de Assis side :
he's trying to make the keypad work but he has some difficulties with it.
Denis.
Hi
I am trying to use an Arkmicro Technologies ARK3116 USB to serial cable to communicate with my C118. I have compiled Osmocom-bb successfully on my Debian Squeeze laptop.
When I try to run the osmocon utility I get an error "Cannot open serial device /dev/ttyUSB0"
My dmesg etc output is:
[ 769.752182] usb 5-2: new full speed USB device using uhci_hcd and address 5
[ 769.908979] usb 5-2: New USB device found, idVendor=6547, idProduct=0232
[ 769.908988] usb 5-2: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 769.908995] usb 5-2: Product: USB-UART Controller
[ 769.909000] usb 5-2: Manufacturer: ArkMicroChips
[ 769.909192] usb 5-2: configuration #1 chosen from 1 choice
[ 770.029492] usbcore: registered new interface driver usbserial
[ 770.029740] USB Serial support registered for generic
[ 770.030002] usbcore: registered new interface driver usbserial_generic
[ 770.030005] usbserial: USB Serial Driver core
[ 770.047650] USB Serial support registered for ark3116
[ 770.048263] ark3116 5-2:1.0: ark3116 converter detected
[ 770.076254] usb 5-2: ark3116 converter now attached to ttyUSB0
[ 770.076305] usbcore: registered new interface driver ark3116
ls -l /dev/tty*
crw-rw---- 1 root dialout 4, 64 Apr 27 21:01 /dev/ttyS0
crw-rw---- 1 root dialout 4, 65 Apr 27 21:01 /dev/ttyS1
crw-rw---- 1 root dialout 4, 66 Apr 27 21:01 /dev/ttyS2
crw-rw---- 1 root dialout 4, 67 Apr 27 21:01 /dev/ttyS3
crw-rw---- 1 root dialout 188, 0 Apr 27 21:14 /dev/ttyUSB0
lsusb
Bus 005 Device 005: ID 6547:0232 Arkmicro Technologies Inc. ARK3116 Serial
Bus 005 Device 004: ID 09da:0006 A4 Tech Co., Ltd Optical Mouse WOP-35 / Trust 450L Optical Mouse
Bus 005 Device 003: ID 1631:5002 Good Way Technology
Bus 005 Device 002: ID 1631:5400 Good Way Technology
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
So I am assuming the drivers are installed correctly but if I run osmocon I get:
./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin
Cannot open serial device /dev/ttyUSB0
My Question is, does anyone here have any experience with the Arkmicro Technologies ARK3116 Serial cable?
Is there something I have missed?
Thanks
Tokala
hello,
I have the problem ,such as how to get the address of the functions
and Variables in the DSP assemble code,such as in
+; DSP Sniffing task patch
+; ----------------------------------------------------------------------------
+; Known symbols
+; ----------------------------------------------------------------------------
+
+ ; Variables
+patch_install_fptr .equ 0x3F6B ; Patch install function ptr
+dsp_page .equ 0x3FB0 ; Current ndb.d_dsp_page
+task_fn_entry .equ 0x4387 + 23 ; Task 23 index in JT_4387
+
+ ; Functions
+a5_setup .equ 0xB12C
+dma_queue_setup .equ 0xB74C
+
+jt4387_exec .equ 0xA9EA
+
+fq_4320_push .equ 0xAA9F
+fq_4330_push .equ 0xAA6C
+fq_4340_push .equ 0xAAC3
+
Can anyone tell me the way to do that?!
thanks!
Hello everybody
What happens when a mobile station is in a cell that uses hopping, but the
mobile locks to that cell (for instance using the function of the
engineering menu of a BB)? Is the hopping mandatory or the ms can continue
working also without it?
Does osmocom support hopping? What are the commands of the mobile interface
(if they exist) to show how the hopping is going? Is it possible to lock
with osmocom too?
Thanks for the answers.
Dario.
Hello All,
What is the preferred Sim Card Reader/Writer for the SysmoSim Card,
A.K.A., the GrCard Sim?
And is the following known to work reliably with the SysmoSim Card?
SIM Reader kit - v1.0http://www.adafruit.com/products/101I contacted
Adafruit.com yesterday and they explained that their device
doesn't work on all Sim Cards.
Any assistance would be greatly appreciated.
Sincerely,
Martin
Hi Baseband,
I'm trying to figure out if there's any standard set for how often a
handset should scan for signal when out of coverage. I haven't been
able to find much, just the following in 3GPP TS 22.011:
3.2.2.2 At switch-on or recovery from lack of coverage
If registration cannot be achieved on any PLMN, the UE shall indicate
"no service" to the user, wait until a new PLMN is detected, or new
location areas of an allowed PLMN are found which are not in the
forbidden LA list(s), and then repeat the procedure. When registration
cannot be achieved, different (discontinuous) PLMN search schemes may
be used in order to minimize the access time while maintaining battery
life, e.g. by prioritising the search in favour of BCCH carriers which
have a high probability of belonging to an available and allowable
PLMN.
Sounds like it's up to each manufacturer to just pick a delay? Any
other thoughts/intuitions which might help us bound this number?
Thanks!
To whom it may concern:
Has anyone implemented RRLP request handling in osmocombb's layer 3? We
are particularly interested in the transmission of GPS data.
Additionally, if anyone has any helpful advice/documentation on the
message format which is more detailed or useful than the gsm 04.31 spec we
would greatly appreciate it.
Thanks you,
Max Feldman
Hi all!
This is the announcement for the 2nd incarnation of our bi-weekly
Osmocom Berlin meeting.
April 25, 7pm @ CCC Berlin, Marienstr. 11, 10113 Berlin
The schedule is as follows:
19:00 Introduction into the TETRA base station located @ CCCB
For quite some time, there is a full TETRA base station located
in the Berlin CCC, consisting of two base radios (BR), a site
controller (TSC), an auto-tuning cavity combiner and other
equipment. The talk will introduce the architecture of the
system and the current status of getting it running.
20:00 Presenting the CC32RS512 / towards an Osmocom Card OS
The CC32RS512 is a flash-based smart card controller to which
the documentation is available without NDA. This means that we
finally are able to implement a Smart Card OS (COS) as free
software.
20:30 Informal discussions
If you are interested to show up, feel free to do so. There is no
registration required. If the initial part is not interesting to you,
feel free to join us later at 20:30. The meeting is free as in "free
beer", despite no actual free beer being around ;)
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi all:
I've been on and off trying to set up Osmocom-BB for quite a while now. I've
tried using several Cxxx with no luck of being able to lock on to a cell. I
shifted to Pirelli_dpl10 hoping to avoid configuration change required of
dual-band phones to work with Osmocom-BB but no positive outcome.
I'm using Sylvain testing branch with transmit enabled; create mobile config
file with PCS1900 and GSM850 as the only bands to be supported. For US
Motorola dual band phones c139 and c155, I modified the required section of
the rffe file to support PCS1900; and for Pirelli, I made the recommended
modification to UART option before being able to communicate with the
device. I guess I did all what need to be done for preliminary setting.
Layer1 load perfectly but mobile application never work.
Sim reader worked perfectly; Sim information was read, mobile app used the
previous PLMN information to start power measurement. I was able to get
average power of -92dB with Pirelli but while still performing the scanning
the result output repeatedly fix prim_pm.c file with value to be overwrite
message.
I guess the issue has to do with passing the right parameters to layer1 to
perform ARFCN scanning in order to obtain power measurement of the available
channels. I'm not really sure if there is need to modify any part of layer1
or Rita files before accurate measurement could be done for PCS1900.
I'm not that deeply knowledgeable in GSM standard but I can still figure out
what to do if any hint
is given toward what need to be done before PCS1900 band will work with any
osmocom-compatible phone.
I know that some people have worked on PCS1900 and GSM850 but there is no
information
towards what need to be done in terms of specific file to hack to change
default GSM900 and DCS1800 bands configurations to GSM850 and PCS1900.
I am pretty much sure that If I were in Europe I would by now step up from
trying to make Osmocom lock to a serving cell to the point studying the code
to work for a specific purpose. I am using the project as part of thesis
work to analyze the Um interface and to explain processes that occur between
BTS and mobile station.
I will so much appreciate it if anyone could be of any help. Thanks.
Rasak
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Basic-Set-Up-For-PCS-1900-tp3927…
Sent from the baseband-devel mailing list archive at Nabble.com.
Hello.
CKSN - Ciphering Key Sequence Number is associated with Kc and is a bit trickier than
trivial counter.
According to GSM 04.08 (p. 278 in v5.3.0 in my case) it's comprised as follows:
* 3 bits - actual key sequence (value 111 seems to be reserved)
* 1 bit - always 0
* 3 bits - CKSN IEI
Could you help me to understand how to properly generate it:
- the last bit (8th) is not specified - does it mean it's always 0?
- what is CKSN IEI and how do I calculate\use it?
- am I right that 3-bit key seq. value is simple counter that I increment with each
Kc generation?
- what do I do when key seq. reach 6 - start over with 0 again?
And of course I'm interested if CKSN-related code is available as part of libosmogsm
or some other open source project: the code is always helpful in understanding and I
don't have to reinvent the wheel :)
best regards,
Max.
Dear all,
I lecture at strathmore university, Kenya, East Africa. For my PhD, i
need to develop a cell-phone model that senses and recognizes a
specific RF frequency from a source. It then submits the value of that
frequency by SMS.
Is it possible to use the OsmocomBB platform to program such a device
using motorola C123?
Ojenge
I am testing mobile app and when the program exit, it occur the flowing errors:
Dropping frame with 85 bit errors
LOSS counter for ACCH 31
Dropping frame with 85 bit errors
Dropping frame with 86 bit errors
Dropping frame with 78 bit errors
LOSS counter for ACCH 30
Dropping frame with 79 bit errors
Dropping frame with 77 bit errors
Dropping frame with 86 bit errors
Hi,
Synopsis
--------
I started on a driver for the MT5921 wlan chip from MediaTek and am now trying
to find developers wo would be interested in this, as I don't have the
necessary knowledge of the whole wireless part, or to determine if trying
this is completely futile.
Available is:
- a (hopefully) nearly complete register-map of the chip
- my initial work of basic communication through its spi interface up to and
including reading the chips eeprom
- a proprietary driver through which it's possible to log the spi-traffic
Also it seems I would be able to provide hardware to interested parties.
MT5921 and MediaTek
-------------------
The MT5921 [1] can be connected via SPI, SDIO, HPI and compact flash. It seems
to be used mostly in phones based on MediaTek SoCs, but also gained a
relatively wide spread through the ebook readers from Qisda (Oyo in germany,
Fnacbook / Sagem Binder in france, bq Avant in spain, Positivo Alfa in brazil,
Mr. Book in russia, ...).
MediaTek itself does not provide any information about the chip and also
does not seem to answer inquiries [via various channels] at all.
From talks to some of the device makers, I gathered that MediaTek also
completely refuses to release any material to them. The proprietary driver
mentioned above also seems to have been made by MediaTek directly.
The device
----------
I'm working on the Qisda ebook readers mentioned above (S3C2416 with 400MHz or
S3C2450 with 533MHz depending on the device). The overall support at this
point is quite good, including the driver for the epd controller, multitouch-
capable capacitive touchscreen, suspending and resuming the device.
Impressions of these devices can be found on [2].
I have a spare "Oyo 1" that was donated to me, that I could redonate for this
and it seems I could gain the support of one of the device makers, who will
also supply a small number of devices, if I can find interested developers
for this endavour.
State of the driver
-------------------
The kernel release by Alcatel of their OT890 [3] did include headers describing
most of the chips registers and the eeprom structure of the sdio version. It
explicitly did non include sources for the wifi driver itself.
For things like chip signature and mac address, the eeprom struct also matches
the spi version, so I guess it could match also for most of the non-sdio stuff
On the Qisda devices modifying the underlying spi-dev driver makes it possible
to log the traffic the module sends to and receives from the chip.There also
exists a debug-version of the proprietary module that emits more in-depth
information on what it's currently doing [4].
I also build a crude script [5] to convert these dumps to a representation of
registers and constants form the header. There are probably better tools around
to do such things, but it made the reading of the dumps easier, like:
Array
(
[mode] => write
[register] => MCR_RFCR
[reg-desc] => Receive Filter Control Register
[valstr] => RFCR_RX_SAMEBSSIDPRORESP_CTRL | RFCR_RX_SAMEBSSIDBCN_CTRL
[unmatched] => 0x0
)
As written above, bringup of and basic communication with the device
works and I'm lacking the necessary knowledge of the whole wireless part.
So, if anybody is interested in this I would be very happy :-) .
Thanks
Heiko
[1] http://www.mediatek.com/en/Products/product_content.php?sn=48
[2] http://www.youtube.com/user/MMind81
[3] http://sourceforge.net/projects/alcatel/files/
[4] examples in
https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w…https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w…
[5] https://gitorious.org/oyo-hack/kernel/blobs/topic/board/sg060/drivers/net/w…
hello
I run the mobile app, but the error occur:
What about the cause of the error,and how to solve it? Thanks!
LOSS counter for ACCH 31
Dropping frame with 86 bit errors
Dropping frame with 84 bit errors
Dropping frame with 79 bit errors
LOSS counter for ACCH 30
Dropping frame with 82 bit errors
Dropping frame with 82 bit errors
Dropping frame with 89 bit errors
LOSS counter for ACCH 29
Dropping frame with 86 bit errors
Dropping frame with 76 bit errors
Dropping frame with 70 bit errors
LOSS counter for ACCH 28
Dropping frame with 88 bit errors
Dropping frame with 79 bit errors
Dropping frame with 70 bit errors
LOSS counter for ACCH 27
Hi,
I have been just wondering... would it be possible to use your project
as a base for DIY encrypted cellphone? My idea is that if I could get
hold to output data after voice is encoded by GSM EFR codec, I might
just easily encrypt this digital stream using AES128 and build trully
encrypted cellphone.
Where does actual "analog voice from microphone to digital data"
conversion happends? In a layer1 that runs in a chip, or layer23 that
runs on a PC? If it would be in layer23, encrypting a data stream with
AES 128 whould be doable, am I missing something?
Thanks Marek
--
S pozdravem / Best regards
Marek Stopka
Kontakty / Contacts
Mobil/Cell phone:+420 608 149 955
WEB: www.stopkaconsulting.eu
I hear what you are saying, and we are working to support inter-BTS
meshing for OpenBTS and OpenBSC.
However, there is also value in getting the phones to mesh, if only
because there are plenty situations where you might not be able to get
a BTS, or be able to use any BTS that is around.
Kristen Eisenberg
Billige Flüge
Marketing GmbH
Emanuelstr. 3,
10317 Berlin
Deutschland
Telefon: +49 (33)
5310967
Email:
utebachmeier at
gmail.com
Site:
http://flug.airego.de
- Billige Flüge vergleichen
hi,
i just collected all my patches together that i would have merged:
1. i added two patches to jolly/battery branch of osmocombb. it will add
a font with symbols and display them at rssi. since i did not receive a
reply about that from christian, i pushed it in this seperate branch so
far. christian, if you find the time, just look at it.
2. there are several patches in my "testing" branch at jolly/ui of
osmocombb. these patches are tested and work quite well. the are not
related to the ui. i think they could me mergend:
commit 66c21b3b7d30db205202d46893032ae2a73992a2
layer23: Send SIM APDUs via GSMTAP
Usefull to trace SIM messages together with Um messages.
commit b9ff5044a5fcbd07e6a295d75e14c7c504259914
layer23: Be sure to close mncc socket on exit of mobile instance
commit e30e351d66f07e6effee768412a9d8f31202b4ed
layer1: Retry fist power measurement, if it seems to fail
In some cases (e.g. after a call with TCH) the first power measurement
after a full reset will always return 0 (-110dbm). In this case the
measurment is repeated once again.
This is just a workarround, and it will not fix the actual cause.
3. there are several additions and fixes at jolly/rtpmux branch of openbsc.
commit db3a7dd357bd7cd842a80655e734a1b4afdb6f7c and commit
872c6c002add0a741514aa505df9379a6fcdb955 allow to exchange traffic via
rtp with a given rtp endpoint. the destination can be controlled via
mncc interface. the result is that the traffic is not routed via mncc
interface, but directly exchanged with the given rtp endpoint. lcr
supports that, so traffic between sip and openbsc is directly forwarded
and not routed through lcr and mncc interface.
commit 3d407e7c8e5c4e01dc07a530f910d29fac687809 and commit
f47d13e55888576c9201a3a7fee04fc58f98ff66 will handle bad frames from e1
bts. if a frame is bad, the rtp packet is dropped (if forwarded via
rtp). if the bad frame is received by lcr via mncc interface, lcr will
extrapolate the missing audio by repeating last valid frame with reduced
value. instead of having a distrorted sound, the audio stream will now
be clear, even if some frames are bad.
commit 0193b8a76824cdce9d9da3f7374a928efac6f96c allows dynamic payload
types when forwarding rtp traffic to a given rtp endpoint. (used for
EFR/AMR/HR)
commit ea724c6af9e1a5b6df8d0e5965f357896834d3ce and commit
a22e598c0a93f88433c6a00bd2acdde5c2f496d5 will fix the problems with
delay and loosing audio at nanobts. it uses system clock as a basis to
correct timestamp and sequence number of frames transmitted to the bts.
commit bf14b25358f7ceb021e2397e90c2fb9484245b7b fixes problem with
interruption of traffic, if packet transmission via rtp fails in the
beginning.
the result of all these patches is a reliable audio stream. the call
waiting works, as well as hold/retrieve of calls without audio
interruption or increasing/high delay. (even if database access makes
openbsc stop for some time.) in conjuction with lcr, a sip gateway can
directly exchange audio traffic with openbsc. the codec to be used is
negotiated between SIP gateway and MS. (depending on support and preference)
4. long time ago i extraced the sms protocols "smc" and "smr" (TS 11.11)
from openbsc and added a state machines. they are now part of
libosmocore and are used for sending/receiving sms via osmocombb. i
removed all that code from openbsc and use libosmocore instead. see
jolly/sms for the 4 patches.
i hope that was not too much at a time :)
regards,
andreas
hello
1.if a cell has multiple TRX, and the CCCH number >1,then can the
phone request channel on other timeslot but timeslot 0 in the uplink;
how does a real phone deal with it?
2.how to mitigate the RACH DOS in the GSM network?
anyone can help me?
Hi,
is it technically possible to sniff the air traffic (for example with
ccch_scan from the osmocombb burst_ind branch) and correlate the
relationship between a burst and a paging request (which contains the
tmsi of the mobile) ?
Basically: What are the steps to determine which tmsi (mobile) did which
burst ?
Thank you for your information!
cheers,
Simian
Hi,
I have a git clone from 23.01.2012 and a current git clone.
When I compile both and use the mobile appliation, I have a strange
problem in the current code. Very often I can't send USSD codes (and maybe
also can't communicate in other ways; USSD is the costless way to check
whether I am connected or not).
Ok, this is what I do: I send "service 1 *#21#", wait the answer and the
string "% On Network, normal service: Germany, O2". Then send it again and
so on.
With the old code, I reliable get the answer e.g. "% Status: deactivated".
With the new code, I very often (sometime already when trying first time)
get nothing back and after some seconds only "% Service connection
terminated.".
Can someone confirm this behavior?
Thanks
Tim
Hello,
I'm experiencing problems getting started with building BB and
wondered if someone might be able to advise. Seems that whenever I
specify a toolchain prefix it is ignored. E.g.
$make -e CROSS_TOOL_PREFIX=arm-none-linux-gnueabi-
Results in an error:
"configure: error: in `/home/andrew/Work/AB
Open/Projects/GSM/Osmocom/osmocom-bb/src/shared/libosmocore/build-target':
configure: error: C compiler cannot create executables
See `config.log' for more details"
If I check ./shared/libosmocore/build-target/config.log for instances
of "arm" these are all still "arm-none-eabi", which I do not have.
The prefix example above was to attempt to use CodeSourcery Lite
tools. I've also tried with a prefix of "arm-linux-gnueabi-" to use a
toolchain installed from Emdebian via apt-get, and I experience the
same problem. Although in searching for a fix I read something which
suggested that the Emdebian toolchains may be no use.
So, am I doing something wrong in the first step? And is there perhaps
another toolchain I should be using? Apologies if this has already
been answered — I have done a bit of searching but only found similar
errors where a prefix was not being specified.
Regards,
Andrew
--
Andrew Back
http://carrierdetect.com