June 2012 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months

5
5
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

8
12
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 11 months

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

3
3
0 0

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 1 month

5
21
0 0

AW: The call has been rejected

by Andreas.Eversberg

hi josephli, > Read stored BA list mnc=01 the mobile application stores the last cells and neighbour cells (band allocation) of each network. this way the scanning is much faster when restarting. because you use the SIM card with MNC == 02 the first time, there is no band allocation stored for that. the mobile will do a full scan in this case. > while the sim card service I am tesing is actually with mnc 00 and 02. i know that MNC == 0 will not work until i commited improvements of cell selection process last sunday. you should retry that, but first try with an MNC > 0. can you provide debug output when trying a call? also can you provide VTY output of "show ms" before you make the call? regards, andreas

11 years

3
2
0 0

status report layer1 and layer23

by Andreas.Eversberg

hi, i just fixed some locking issues the last days. fix will follow. it took a bit longer, because there were some race conditions. it took up to about one hour until it crashed. my way to detect the area where the crash happened, was to turn on buzzer before that area, and turn it off after that area. after many hours of approximation, i finally found out that the major crash happend during _talloc_zero. (first it looks for a free memory chunk, then it allocates it.) since it can be called from all contexts (main, irq, fiq), it need to be locked against any interrupt, otherwise the memory chunk can be assigned multiple times. (the process of _talloc_free is "atomic" and requires no locking.) because it seems pretty stable, i think it is time to merge some branches into the master. (i made a 6 hours call yesterday. and no crash after bugfix ever since.) i will do that together with sylvain, if we find the time this weekend. currently i use the jolly/voice together with the sylvain/traffic branch. i am able to use an isdn phone togehter with linux-call-router and make/receive calls. audio is passed both ways. i think this is a stage where it actually become "usable". (if not moving arround.) one of my major work for the next weeks/months will be the neighbour cell measurement, cell re-selection, and handover. this is essential when moving with the phone. regards, andreas

11 years

2
1
0 0

Can't compile after last pull

by Dario Lombardo

I've pulled git repo today, but the RSSI firmware gets an error. apps/rssi/main.c: In function `main': apps/rssi/main.c:896: warning: 'a' might be used uninitialized in this function apps/rssi/main.c:896: warning: 'e' might be used uninitialized in this function CC board/compal_e88/rssi.compalram.manifest.o LD board/compal_e88/rssi.compalram.elf OBJ board/compal_e88/rssi.compalram.bin CC board/compal_e88/rssi.highram.manifest.o LD board/compal_e88/rssi.highram.elf OBJ board/compal_e88/rssi.highram.bin CC board/compal_e88/rssi.e88loader.manifest.o LD board/compal_e88/rssi.e88loader.elf OBJ board/compal_e88/rssi.e88loader.bin CC board/compal_e88/rssi.e88flash.manifest.o LD board/compal_e88/rssi.e88flash.elf OBJ board/compal_e88/rssi.e88flash.bin CC board/compal_e86/rssi.compalram.manifest.o LD board/compal_e86/rssi.compalram.elf arm-elf-ld: region LRAM is full (board/compal_e86/rssi.compalram.elf section .data) make[1]: *** [board/compal_e86/rssi.compalram.elf] Error 1 make[1]: Leaving directory src/target/firmware' make: *** [firmware] Error 2 $ git pull Already up-to-date. $ Anyone experiencing the same issue?

11 years, 4 months

9
11
0 0

cp2102 (betemcu, B75937)

by lonelysurfer

...a never ending story: i have a working ftdi-ttl, but the cp2102-adapters (http://www.ebay.de/itm/USB-2-0-to-UART-TTL-6PIN-Module-Serial-Converter-CP2…) with the same cable dont work under ubuntu or windows. if i rub the top of the 2.55mm with my finger random data appears. but the loader doesnt upload the firmware. i used the txd, rxd and gnd pins and checked the connections with a multimeter. i tested -m c123xor, -m c123 and the default firmware. flashing custom baudrates was no problem. rivers are installed correctly (stady ttyusb0 under ubuntu/ com1 under win). is there any hint? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/cp2102-betemcu-B75937-tp3489336p… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 8 months

3
4
0 0

Receiving on TS=1 ?

by Sylvain Munaut

Hi, I've hacked something together to quickly test non-combined CCCH. However, I've hit a problem when trying to receive anything on another timeslot than 0. The TX side seems to work fine as the BTS can see my location update request and answers with a reject, but on the MS side, I never see the reject and wireshark only shows invalid incohrent data on the RX. The frames for SDCCH/8 show really nothing valid (looks like random bytes), things like 09 80 7f 47 49 06 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 47 d5 2d 06 1e 00 00 69 7c a0 91 3d 22 ff ab fe 6c 4f 56 4f 36 ... while the frames for the associated SAACH show at least something gsm-like : 03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b but that's not quite a SI5/6 ... To RX/TX on TS=1, I just delayed the RX/TX window by 625 bits (4 * 156.25) when I'm in dedicated channel mode by chaning the 'start' in l1s_tx_win_ctrl / l1s_rx_win_ctrl Is there something else that should be done ? Cheers, Sylvain

11 years, 9 months

2
5
0 0

burst_ind and TCH

by Mad

Hi Sylvain, hi list! I'm experimenting with burst_ind and TCHs right now and ran into some problem I couldn't solve yet. After receiving an Assignment Command for a hopping TCH/F I call l1ctl_tx_dm_est_req_h1() with all necessary parameters and tch_mode GSM48_CMODE_SPEECH_V1 or _EFR. After that I do get burst indications containing the received bits on up- and downlink for the active arfcn on each consecutive frame number. BUT the rx level measurements are most of the time very low and sporadic higher, surely not from that nearby bts and the very close cellphone. It looks like the layer1 doesn't "hit" the right timeslot on the right arfcn at the right time. There are some possible sources of error leading to that, like hopping parameters, channel number and MA list. But I checked these and I took all of them directly from the ASS CMD, the MA as word list in ascending order, like in layer23 IMM ASS handling. The specific AC doesn't have any specialties like Starting Time or "before time" parameters. So my question is if there is some obvious pitfall I'm missing and are there any suggestions how to debug that? Regards, Mad

11 years, 9 months

4
5
0 0

the airprobe port to BB

by Chengcheng Gou

Hi, I am studying the GSM voice interception of airprobe,and want to port to BB,using the ccch_scan.c .the problem is that, the airprobe is written by C++,and the BB is C; I find the useful part of airport is airprobe/gsm-receiver/src/lib/decoder/openbtsstuff, and how to modify the makefile of BB to use the source of openbtsstuff? Thanks!

11 years, 9 months

4
4
0 0

Trying to understand talloc.h

by Akib Sayyed

i am trying to understand talloc* functions. in layer23 app. i want to know what exact role they perform in these apps. its ok about allocating memory and freeing them but logically why they are used. -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 9 months

2
1
0 0

TOMORROW: Jun 27, 8pm / Osmocom meeting in Berlin

by Holger Hans Peter Freyther

Hi all! This is the announcement for the next Osmocom Berlin meeting. Jun 27, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin Nico will talk about SAP (SIM Access Profile) in osmocomBB. If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Updates and the blog post can be found here[1]. Regards, Holger [1] http://openbsc.osmocom.org/trac/blog/osmug-20120627

11 years, 9 months

1
0
0 0

the building of /src/shared/libosmocore

by bob wisebob

11 years, 9 months

3
3
0 0

Need guidance for layer1 and layer 2 connection in firmware

by Akib Sayyed

i am trying to port mobile app on phone it self as a firmware but unable to find out how exactly L1 on phone communicate with L2 L3 on pc. please help me with that. -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 9 months

1
0
0 0

LCD is going off after custom RSSI loading

by Akib Sayyed

i have been trying to load RSSI and run it. all went well. but after all of sudden LCD went off tried to debug but didnt understand much. here is log OSMOCOM Loader (revision osmocon_v0.0.0-1347-g4f0acac) ====================================================================== Running on compal_e88 in environment compalram Found flash of 2097152 bytes at 0x0 with 2 regions fb_td014_init: initializing LCD. //after above msg LCD is going off and firmware is giving output correct as it was giving before then i created custom program kept only board_init(); then compiled and uploaded in phone and started but still same issue. then fetched fresh git and tried to compile then also same issue. steps taken to compile test.c created folder test in target/firmware/apps/ added test in make file application list renamed test.c to main.c steps taken to load code in c118 ./host/osmocon/osmoload memload 0x820000 ./target/firmware/board/compal_e86/test.highram.bin ./host/osmocon/osmoload jump 0x820000 please help me with that -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 10 months

2
2
0 0

osmocon idling with C155 when using bus pirate

by Ian Kinsey

A Motorola C155 is hooked up to my computer via a bus pirate as per the official instructions, everything is properly wired and the phone seems to work. However, Osmocon neither indicates the presence of any data being sent or received when attempting to communicate with the phone; it just idles. Is there any extra logic in the cable? Any help would be appreciated.

11 years, 10 months

2
1
0 0

Flashing Layer1 to GTA02

by Arno Onken

Hello everyone! I got osmocom-bb running on a gta02 with a self-built Debian image. osmocon-bb was compiled natively on the gta02. Everything works great using: $ ./osmocon -i 13 -m romload -p /dev/ttySAC0 layer1.highram.bin as described at: http://bb.osmocom.org/trac/wiki/OpenMoko It bugs me, however, that the proprietary openmoko 11 firmware is still lingering in the baseband flash. So I would like to replace it permanently with the osmocom-bb layer 1 firmware. That didn't work so far. First, I attempted to use the FLUID binary to flash layer1.highram.bin. The manual firmware update that is described at: http://wiki.openmoko.org/wiki/Flashing_the_GSM_Firmware suggests to use the FLUID binary from the package: http://people.openmoko.org/joerg/calypso_moko_FW/fluid_0.0+svn20070817-r2_a… I tried to run: $ FLUID_PORT=/dev/ttySAC0 ./fluid.exe -oo -od13,13 -b 115200 -f layer1.highram.bin This gives me: FLUID Revision 2.27, (23 Aug 2004). Copyright Texas Instruments, 2001-2004. Reading image file: '/usr/local/src/osmocom-bb/src/target/firmware/board/gta0x/layer1.highram.bin'WARNING: Illegal hex line: ERROR(55): File format/syntax error I also played with the options but to no avail. So apparently fluid expects the firmware image to be in a particular format. Then I tried the osmoload utility. For that I started osmocon with: $ ./osmocon -i 13 -l /tmp/osmocom_loader -m romload -p /dev/ttySAC0 loader.highram.bin osmocon then says: Sending Calypso romloader beacon... On another console I then turned on the GSM device and tried to request information about flash using: $ ./osmoload -l /tmp/osmocom_loader finfo This gives me: Requesting flash layout info Query timed out. What am I doing wrong? Are there fundamental reasons why this cannot work? Any hints would be much appreciated! Thanks, Arno

11 years, 10 months

4
5
0 0

my patch for decode using burst_id

by bob wisebob

Hi,List I found BB is a great project,and I want to study it. In my test network without encryption, I test the burst_id with dsp patch to capture the SMS, and also ,I patch the ccch_scan to capture the voice,but I met a few difficulty, but the amr voice file seems not good, I found it hard to find the error, anyone can help me? Thanks! the patch is following: static struct { int has_si1; int has_si3; int ccch_mode; int neci; int sys_count; enum dch_state_t dch_state; uint8_t dch_nr; int dch_badcnt; int dch_ciph; FILE * fh; sbit_t bursts_dl[116 * 4]; sbit_t bursts_ul[116 * 4]; sbit_t bursts_ccch[4][116*4]; sbit_t mI[8][114]; struct gsm_sysinfo_freq cell_arfcns[1024]; uint8_t kc[8]; } app_state; static char * void layer3_rx_burst(struct osmocom_ms *ms, struct msgb *msg) { struct l1ctl_burst_ind *bi; int16_t rx_dbm; uint16_t arfcn; int ul,do_rel=0; /* Header handling */ bi = (struct l1ctl_burst_ind *) msg->l1h; arfcn = ntohs(bi->band_arfcn); rx_dbm = rxlev2dbm(bi->rx_level); ul = !!(arfcn & ARFCN_UPLINK); if (app_state.dch_state == DCH_NONE) local_ccch_burst_decode(bi,ms); /* Check for channel start */ if (app_state.dch_state == DCH_WAIT_EST) { if (bi->chan_nr == app_state.dch_nr) { if (bi->snr > 64) { /* Change state */ app_state.dch_state = DCH_ACTIVE; app_state.dch_badcnt = 0; /* Open output */ //app_state.fh = fopen(gen_filename(ms, bi), "wb"); } else { /* Abandon ? */ do_rel = (app_state.dch_badcnt++) >= 4; } } } /* Check for channel end */ if (app_state.dch_state == DCH_ACTIVE) { if (!ul) { /* Bad burst counting */ if (bi->snr < 64) { app_state.dch_badcnt++; printf("sdcch app_state.dch_badcnt++\n"); } else if (app_state.dch_badcnt >= 2) app_state.dch_badcnt -= 2; else app_state.dch_badcnt = 0; /* Release condition */ do_rel = app_state.dch_badcnt >= 6; } } // when in TCH mode, we only measure the SACCH to kown the link quanlity if (app_state.dch_state == DCH_TCH) { //printf("app_state.dch_state == DCH_TCH\n"); if (!ul && (bi->flags & BI_FLG_SACCH)) { //printf("TCH SACCH\n"); /* Bad burst counting */ if (bi->snr < 40) { app_state.dch_badcnt++; printf("sacch app_state.dch_badcnt++\n"); } else if (app_state.dch_badcnt >= 2) app_state.dch_badcnt -= 2; else app_state.dch_badcnt = 0; /* Release condition */ do_rel = app_state.dch_badcnt >= 6; } } /* Release ? */ if (do_rel) { printf("The Delicate Channel is released because of bad SNR!\n"); /* L1 release */ l1ctl_tx_dm_rel_req(ms); l1ctl_tx_fbsb_req(ms, ms->test_arfcn, L1CTL_FBSB_F_FB01SB, 100, 0, app_state.ccch_mode); /* Change state */ app_state.dch_state = DCH_WAIT_REL; app_state.dch_badcnt = 0; app_state.dch_ciph = 0; /* Close output */ if (app_state.fh) { fclose(app_state.fh); app_state.fh = NULL; } } /* Save the burst */ if (app_state.dch_state == DCH_ACTIVE || app_state.dch_state == DCH_TCH) //fwrite(bi, sizeof(*bi), 1, app_state.fh); /* Try local decoding */ if (!ul && (app_state.dch_state == DCH_ACTIVE || app_state.dch_state == DCH_TCH)) local_burst_decode(ms,bi); } static void local_burst_decode(struct osmocom_ms *ms,struct l1ctl_burst_ind *bi) { int16_t rx_dbm; uint16_t arfcn; uint32_t fn; uint8_t cbits, tn, lch_idx; int ul, bid, i, d_tch_mode; sbit_t *bursts; ubit_t bt[116]; /* Get params (Only for SDCCH and SACCH/{4,8,F,H}) */ arfcn = ntohs(bi->band_arfcn); rx_dbm = rxlev2dbm(bi->rx_level); fn = ntohl(bi->frame_nr); ul = !!(arfcn & ARFCN_UPLINK); bursts = ul ? app_state.bursts_ul : app_state.bursts_dl; cbits = bi->chan_nr >> 3; tn = bi->chan_nr & 7; bid = -1; if (cbits == 0x01) { /* TCH/F */ lch_idx = 0; if (bi->flags & BI_FLG_SACCH) { uint32_t fn_report; fn_report = (fn - (tn * 13) + 104) % 104; bid = (fn_report - 12) / 26; printf(" SACCH fn = %d fn_report = %d\n",fn,fn_report); }else{ //printf(" TCH/F \n"); process_tch_f(ms,bi); } } else if ((cbits & 0x1e) == 0x02) { /* TCH/H */ lch_idx = cbits & 1; if (bi->flags & BI_FLG_SACCH) { uint32_t fn_report; uint8_t tn_report = (tn & ~1) | lch_idx; fn_report = (fn - (tn_report * 13) + 104) % 104; bid = (fn_report - 12) / 26; } } else if ((cbits & 0x1c) == 0x04) { /* SDCCH/4 */ lch_idx = cbits & 3; bid = bi->flags & 3; printf(" SDCCH/4\n"); } else if ((cbits & 0x18) == 0x08) { /* SDCCH/8 */ lch_idx = cbits & 7; bid = bi->flags & 3; //printf(" SDCCH/8\n"); } if (bid == -1) return; /* Clear if new set */ if (bid == 0) memset(bursts, 0x00, 116 * 4); /* Unpack (ignore hu/hl) */ osmo_pbit2ubit_ext(bt, 0, bi->bits, 0, 57, 0); osmo_pbit2ubit_ext(bt, 59, bi->bits, 57, 57, 0); bt[57] = bt[58] = 1; /* A5/x */ if (app_state.dch_ciph) { ubit_t ks_dl[114], ks_ul[114], *ks = ul ? ks_ul : ks_dl; osmo_a5(app_state.dch_ciph, app_state.kc, fn, ks_dl, ks_ul); for (i= 0; i< 57; i++) bt[i] ^= ks[i]; for (i=59; i<116; i++) bt[i] ^= ks[i-2]; } /* Convert to softbits */ for (i=0; i<116; i++) bursts[(116*bid)+i] = bt[i] ? - (bi->snr >> 1) : (bi->snr >> 1); /* If last, decode */ if (bid == 3) { uint8_t l2[23]; int rv,i; struct gsm48_ass_cmd *ia; uint8_t ch_type, ch_subch, ch_ts; uint8_t chan_req_val, chan_req_mask, ra; rv = xcch_decode(l2, bursts); if((l2[0] == 0x03) && (l2[4] == 0x2e)) { ia =(struct gsm48_ass_cmd *)&l2[5]; rsl_dec_chan_nr(ia->chan_desc.chan_nr, &ch_type, &ch_subch, &ch_ts); //l1ctl_tx_reset_req(ms, L1CTL_RES_T_SCHED); printf("Jump to TCH Channel\n"); d_tch_mode = GSM48_CMODE_SPEECH_EFR; /* open speech file and configure d_tch_decoders */ switch (d_tch_mode) { case GSM48_CMODE_SPEECH_V1: d_speech_file = fopen( "speech.au.gsm", "wb" ); break; case GSM48_CMODE_SPEECH_EFR: d_speech_file = fopen( gen_filename(ms,bi), "wb" ); fwrite(amr_nb_magic, 1, 6, d_speech_file); /* Write header */ break; default: d_speech_file = NULL; } app_state.dch_state = DCH_TCH; if (!ia->chan_desc.h0.h) { /* Non-hopping */ uint16_t arfcn; arfcn = ia->chan_desc.h0.arfcn_low | (ia->chan_desc.h0.arfcn_high << 8); LOGP(DRR, LOGL_NOTICE, "ASS CMD(chan_nr=0x%02x, " "ARFCN=%u, TS=%u, SS=%u, TSC=%u) ", ia->chan_desc.chan_nr, arfcn, ch_ts, ch_subch, ia->chan_desc.h0.tsc); /* request L1 to go to dedicated mode on assigned channel */ rv = l1ctl_tx_dm_est_req_h0(ms, arfcn, ia->chan_desc.chan_nr, ia->chan_desc.h0.tsc, GSM48_CMODE_SPEECH_EFR, 0); } #ifdef TCH_HOPPING else { /* Hopping is not support now! */ uint8_t maio, hsn, ma_len; uint16_t ma[64], arfcn; int i, j, k; hsn = ia->chan_desc.h1.hsn; maio = ia->chan_desc.h1.maio_low | (ia->chan_desc.h1.maio_high << 2); LOGP(DRR, LOGL_NOTICE, "ASS CMD( chan_nr=0x%02x, " "HSN=%u, MAIO=%u, TS=%u, SS=%u, TSC=%u) ", ia->chan_desc.chan_nr, hsn, maio, ch_ts, ch_subch, ia->chan_desc.h1.tsc); /* decode mobile allocation */ ma_len = 0; for (i=1, j=0; i<=1024; i++) { arfcn = i & 1023; if (app_state.cell_arfcns[arfcn].mask & 0x01) { k = ia->mob_alloc_len - (j>>3) - 1; if (ia->mob_alloc[k] & (1 << (j&7))) { ma[ma_len++] = arfcn; } j++; } } /* request L1 to go to dedicated mode on assigned channel */ rv = l1ctl_tx_dm_est_req_h1(ms, maio, hsn, ma, ma_len, ia->chan_desc.chan_nr, ia->chan_desc.h1.tsc, GSM48_CMODE_SPEECH_EFR, 0); } #endif } if (rv == 0) { uint8_t chan_type, chan_ts, chan_ss; uint8_t gsmtap_chan_type; /* Send to GSMTAP */ rsl_dec_chan_nr(bi->chan_nr, &chan_type, &chan_ss, &chan_ts); gsmtap_chan_type = chantype_rsl2gsmtap( chan_type, bi->flags & BI_FLG_SACCH ? 0x40 : 0x00 ); gsmtap_send(gsmtap_inst, arfcn, chan_ts, gsmtap_chan_type, chan_ss, ntohl(bi->frame_nr), bi->rx_level, bi->snr, l2, sizeof(l2) ); /* Crude CIPH.MOD.COMMAND detect */ if ((l2[3] == 0x06) && (l2[4] == 0x35) && (l2[5] & 1)) app_state.dch_ciph = 1 + ((l2[5] >> 1) & 7); } } } void tch_deinterleave(ubit_t *mC, int blockOffset) { int k; for (k = 0; k < 456; k++) { int B = ( k + blockOffset ) % 8; int j = 2 * ((49 * k) % 57) + ((k % 8) / 4); mC[k] = app_state.mI[B][j]; app_state.mI[B][j] = 0; //OBJDCOUT("deinterleave k="<<k<<" B="<<B<<" j="<<j); } } void tch_unmap(const uint16_t *map, size_t mapSize, ubit_t * dest, ubit_t * soure) { unsigned int i; for(i=0; i<mapSize; i++) { dest[map[i]] = soure[i]; } } void tch_map(const uint16_t *map, size_t mapSize, ubit_t * dest, ubit_t * soure) { unsigned int i; for(i=0; i<mapSize; i++) { dest[i] = soure[map[i]]; } } void fillField(ubit_t *mStart, size_t writeIndex, uint64_t value, unsigned length) { char *dpBase = mStart + writeIndex; char *dp = dpBase + length - 1; while (dp>=dpBase) { *dp-- = value & 0x01; value >>= 1; } } uint64_t count_tch = 0; static void process_tch_f(struct osmocom_ms *ms,struct l1ctl_burst_ind *bi) { int16_t rx_dbm; uint16_t arfcn; uint32_t fn,B; uint8_t cbits, tn, lch_idx; int ul, bid, i, k, length; sbit_t *bursts, mC[456]; ubit_t bt[114],convu[189],convd[189],tch_raw[260],TCHW[260],EFRBits[244],EFRAMR[8 + 244]; pbit_t voice[33]; /* Get params (Only for SDCCH and SACCH/{4,8,F,H}) */ arfcn = ntohs(bi->band_arfcn); rx_dbm = rxlev2dbm(bi->rx_level); fn = ntohl(bi->frame_nr); ul = !!(arfcn & ARFCN_UPLINK); cbits = bi->chan_nr >> 3; tn = bi->chan_nr & 7; B = -1; B = count_tch % 8; if (B == -1) return; /* Clear if new set */ if (B == 0){ for(i=0; i<4; i++){ memset(app_state.mI[i], 0x00, 114); } }else if(B == 4){ for(i=4; i<8; i++){ memset(app_state.mI[i], 0x00, 114); } } /* Unpack (ignore hu/hl) */ osmo_pbit2ubit_ext(bt, 0, bi->bits, 0, 57, 0); osmo_pbit2ubit_ext(bt, 57, bi->bits, 57, 57, 0); /* Convert to softbits */ for (i=0; i<114; i++) app_state.mI[B][i] = bt[i] ? - (bi->snr >> 1) : (bi->snr >> 1); count_tch++; // Deinterleave according to the diagonal "phase" of B. // See GSM 05.03 3.1.3. // Deinterleaves i[] to c[] if((B % 4 ==3)&&(count_tch >= 7)){ if(B == 3) { tch_deinterleave(mC, 4); }else{ tch_deinterleave(mC, 0); } for (k = 0; k < 78; k++) { tch_raw[182 + k] = mC[378 +k]; } osmo_conv_decode(&conv_tch_afs_12_2, mC, convu); // 3.1.2.1 // copy class 1 bits u[] to d[] for (k = 0; k <= 90; k++) { convd[2*k] = convu[k]; convd[2*k+1] = convu[184-k]; } memcpy(tch_raw,convd,182); // the last 78 bit has been stored! //now only process EFR or AMR 12_2, fix me! tch_unmap(gsm660_bitorder, 260, TCHW, tch_raw); // Remove repeating bits and CRC to get raw EFR frame (244 bits) for (k=0; k<71; k++) EFRBits[k] = TCHW[k] & 1; for (k=73; k<123; k++) EFRBits[k-2] = TCHW[k] & 1; for (k=125; k<178; k++) EFRBits[k-4] = TCHW[k] & 1; for (k=180; k<230; k++) EFRBits[k-6] = TCHW[k] & 1; for (k=232; k<252; k++) EFRBits[k-8] = TCHW[k] & 1; // Map bits as AMR 12.2k tch_map(gsm690_12_2_bitorder, 244, EFRAMR + 8,EFRBits); // Put the whole frame (hdr + payload) //mVFrameAMR.pack(mPrevGoodFrame); //mPrevGoodFrameLength = 32; fillField(EFRAMR, 0, 0x3c, 8); voice[32] = 0; length = osmo_ubit2pbit(voice, EFRAMR, 8 + 244); fwrite(voice, 1, 32, d_speech_file); } }

11 years, 10 months

5
9
0 0

Osmocom user group meetings in Berlin

by Harald Welte

Hi all, I have upated the wiki page at http://openbsc.osmocom.org/trac/wiki/OsmoUserGroup/Berlin to indicate the meeting dates for the next couple of months. So now it is clear that even without any explicit separate announcement, we will be meeting at the indicated date: June 13, 2012 June 27, 2012 July 11, 2012 July 25, 2012 August 8, 2012 August 22, 2012 It had been requested to start a bit later (8pm instead of 7pm), and from the next meeting onwards we will follow that request. Looking forward to meeting you! Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

11 years, 10 months

2
1
0 0

Re: AT+CMMS command

by Gabriele.rago

Soory, but I don't know how, anyone can give me some help? --------- Original Message -------- Da: "Gabriele.rago" <gabriele.rago(a)email.it> To: "baseband-devel(a)lists.osmocom.org" <baseband-devel(a)lists.osmocom.org> Oggetto: AT+CMMS command Data: 18/06/12 00:16 Hello, there is an AT command, AT+CMMS, wich description I report below: "This  command controls the continuity of SMS relay protocol link.   When feature is enabled (and supported by network) multiple messages can besent much faster as link is kept open." I tested this command on motorola E770 (UMTS) and really when I enable this feature it is much faster in sending sms. Is it possible to implent such feature  in application "mobile" of osmocom-bb project?

11 years, 10 months

1
0
0 0

AT+CMMS command

by Gabriele.rago

Hello, there is an AT command, AT+CMMS, wich description I report below: "This  command controls the continuity of SMS relay protocol link.   When feature is enabled (and supported by network) multiple messages can besent much faster as link is kept open." I tested this command on motorola E770 (UMTS) and really when I enable this feature it is much faster in sending sms. Is it possible to implent such feature  in application "mobile" of osmocom-bb project?

11 years, 10 months

2
1
0 0

issue with burst_ind

by Akib Sayyed

i am trying to run ccch_scan on OpenBTS network. but problem i am facing if i am running ccch_scan i cant see any IMM ASS. but when i run ccch_scan from non burst_ind (testing branch) then it does show IMM ASS. is it problem with burst_ind . -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 10 months

2
4
0 0

Re: about osmocon on gta02 (Solved)

by Aegean Chou

Hi lists, I spend one day, finally solved it myself. 1) i checked the schematic of gta02 carefully, and found the PCF50633 use GPIO2(gsm_on) to control the power of GSM actually, and it have a test point H-TP1706. 2) i disassembled my gta02, then line out the H-TP1706 to my oscilloscope, i found the gsm_on signal always LOW 1s, and HIGH 4.2s, it's very strange. 3) i checked the service list, i found the fsogsmd (it's ogsmd?), maybe it's the background program. but i can't kill it. 4) finally, i try to set "disable = 0" in /etc/frameworkd.conf, reboot, my god, it solved. but the http://bb.osmocom.org/trac/wiki/OpenMoko only says: “disable ogsmd, ousaged, ophoned via /etc/frameworkd.conf” i always think "disable = 1" should DISABLE it. but actually, "disable = 0" = DISABLE it; and "disable = 1" = ENABLE it? why it misleaded me so long, anybody can change it? thanks. Aegean ======= 2012-06-14 09:40:32 ======= >Dear lists, > > i want porting rssi and osmocon to GTA02, let them run on GTA02 stand-alone. > then i'll try to write a program to decoding the received data. > > i already cross-compiled the latest osmocon to GTA02, > then i disabled "ogsmd，ousaged and ophoned" in /etc/frameworkd.conf (actually, them are disabled default), > and i commented "device_port and modem_access" in fsogsmd.conf to disable everything accessed to the modem, > after rebooting, the "fuser /dev/ttySAC0" shows none. > > but when i use "./osmocon -i 13 -m romload -p /dev/ttySAC0 rssi.highram.bin", and > "echo 0 > /sys/bus/platform/devices/gta02-pm-gsm.0/power_on && echo 1 > ..." > /\ my SHR kernel use this device name for GSM power > the osmocon always stalls about at the block 40, for example: > ... ... > Preparing block 39, block checksum is 0x4c > handle_write_block(): 1024 bytes (1024/1024) > handle_write_block(): Block 39 finished > Received block ack from phone > Preparing block 40, block checksum is 0xd5 > handle_write_block(): 1024 bytes (1024/1024) > handle_write_block(): Block 40 finished > and i found that the osmocon start to download codes before my "GSM power reset", very strange, > > i tried the latest "SHR-core 20120427" and "unstable SHR-lite 20110822", > i searched the list log, found "Dave" encounter the same problem, but he solved it after "re-flashing of the phone" > i re-flashed the GSM firmware to latest Moko11 (before it's Moko10), but it's the same. > > BTW, i found that it always shows '1' when "cat /sys/bus/platform/devices/gta02-pm-gsm.0/power_on" > even after "echo 0 >/sys/bus/platform/devices/gta02-pm-gsm.0/power_on", what's wrong? > > anyone can help help me? > thanks very much. > >Best Regards >Aegean >2012-06-13 > = = = = = = = = = = = = = = = = = = = = Best regards 　　　　　　　　Aegean Chou 　　　　　　　　aegean2000(a)21cn.com 　　　　　　　　　　2012-06-14

11 years, 10 months

2
1
0 0

about osmocon on gta02

by Aegean Chou

Dear lists, i want porting rssi and osmocon to GTA02, let them run on GTA02 stand-alone. then i'll try to write a program to decoding the received data. i already cross-compiled the latest osmocon to GTA02, then i disabled "ogsmd，ousaged and ophoned" in /etc/frameworkd.conf (actually, them are disabled default), and i commented "device_port and modem_access" in fsogsmd.conf to disable everything accessed to the modem, after rebooting, the "fuser /dev/ttySAC0" shows none. but when i use "./osmocon -i 13 -m romload -p /dev/ttySAC0 rssi.highram.bin", and "echo 0 > /sys/bus/platform/devices/gta02-pm-gsm.0/power_on && echo 1 > ..." /\ my SHR kernel use this device name for GSM power the osmocon always stalls about at the block 40, for example: ... ... Preparing block 39, block checksum is 0x4c handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 39 finished Received block ack from phone Preparing block 40, block checksum is 0xd5 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 40 finished and i found that the osmocon start to download codes before my "GSM power reset", very strange, i tried the latest "SHR-core 20120427" and "unstable SHR-lite 20110822", i searched the list log, found "Dave" encounter the same problem, but he solved it after "re-flashing of the phone" i re-flashed the GSM firmware to latest Moko11 (before it's Moko10), but it's the same. BTW, i found that it always shows '1' when "cat /sys/bus/platform/devices/gta02-pm-gsm.0/power_on" even after "echo 0 >/sys/bus/platform/devices/gta02-pm-gsm.0/power_on", what's wrong? anyone can help help me? thanks very much. Best Regards Aegean 2012-06-13

11 years, 10 months

1
0
0 0

bug in local_burst_decode() of burst_ind

by lonelysurfer

I reused the local_burst_decode function to decrypt the bursts offline. If I filter bi->flags & BI_FLG_SACCH, the sms decryption is working: local_burst_decode(struct l1ctl_burst_ind *bi) ... if (bid == -1) return; /* new */ if (bi->flags & BI_FLG_SACCH) return; ... -- View this message in context: http://baseband-devel.722152.n3.nabble.com/bug-in-local-burst-decode-of-bur… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 10 months

1
0
0 0

SuperSIM

by Arturo Rivas

Hi! How can I to know the number phone of my SuperSIM to use it in OpenBSC? I need to know for probe telephone calls in OpenBSC because in this SIMs I can know IMSI to register in HLR. BS, Arturo Rivas.

11 years, 10 months

1
0
0 0

open source 3G baseband process on MTK6575

by Chengcheng Gou

hi, lists the MTK has launched a 3G chip solution MTK6575. I think it `s time to develop a 3G BB. does anyone interest in it?

11 years, 10 months

1
0
0 0

bursts****.dat

by Victor P

Hi, I am trying to use burst_ind branch of osmocom. I have noticed that layer23 creates bursts****.dat files when it indicates uplink. What data are written to these files and what should I use to see its data? Thank you.

11 years, 10 months

5
6
0 0

TCH Viterbi decode Parameter

by Chengcheng Gou

Hi： I am studying the tch code, and want to decode the Convolutional code of TCH using xcch.c; and how to set the parameters; 1. conv_xcch_next_output 2. conv_xcch_next_state 3. N = 2, 4. K = 5, static const uint8_t conv_xcch_next_output[][2] = { { 0, 3 }, { 1, 2 }, { 0, 3 }, { 1, 2 }, { 3, 0 }, { 2, 1 }, { 3, 0 }, { 2, 1 }, { 3, 0 }, { 2, 1 }, { 3, 0 }, { 2, 1 }, { 0, 3 }, { 1, 2 }, { 0, 3 }, { 1, 2 }, }; static const uint8_t conv_xcch_next_state[][2] = { { 0, 1 }, { 2, 3 }, { 4, 5 }, { 6, 7 }, { 8, 9 }, { 10, 11 }, { 12, 13 }, { 14, 15 }, { 0, 1 }, { 2, 3 }, { 4, 5 }, { 6, 7 }, { 8, 9 }, { 10, 11 }, { 12, 13 }, { 14, 15 }, }; const struct osmo_conv_code conv_xcch = { .N = 2, .K = 5, .len = 224, .next_output = conv_xcch_next_output, .next_state = conv_xcch_next_state, }; Thanks!

11 years, 10 months

2
1
0 0

Can bb switch from SACCH to TCH directly?

by Chengcheng Gou

hi, i am studying the TCH ,and can get the channel discription from SACCH, and My question is when I receive the ASS_CMD, I use l1ctl_tx_dm_est_req_h0 and jump to the new channel,but I can`t capture the TCH,why? Thanks!

11 years, 10 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel June 2012