Hi,
This a respin of my old series of patches[1], to add decoding of SMSCB
messages on the MS side.
The series defines a new smscb_entity, which can be fed L1 messages from
a CBCH, performs reassembly, and constructs equivalent SMS Broadcast
Command (RSL_MT_SMS_BC_CMD) messages for L3.
I also have a follow-up patch for bb/cell_log which makes use of this
functionality.
Please review and consider for merging, thanks.
[1] http://lists.osmocom.org/pipermail/baseband-devel/2010-November/000834.html
Alex Badea (8):
gsm: add skeleton smscb module
smscb: add unit test for smscb_entity
smscb: process Null messages
smscb test: support a list of L1 messages to test
smscb: add test-case for reassembling a normal message
smscb: add test-case for reassembling a Schedule message
smscb: implement reassembly
smscb: hook into LAPDm
include/Makefile.am | 1 +
include/osmocom/gsm/lapdm.h | 3 +
include/osmocom/gsm/smscb.h | 37 ++++++++
src/gsm/Makefile.am | 1 +
src/gsm/lapdm.c | 13 +++
src/gsm/libosmogsm.map | 5 +
src/gsm/smscb.c | 209 +++++++++++++++++++++++++++++++++++++++++++
tests/smscb/smscb_test.c | 118 ++++++++++++++++++++++++
tests/smscb/smscb_test.ok | 9 ++
tests/testsuite.at | 2 +-
10 files changed, 397 insertions(+), 1 deletions(-)
create mode 100644 include/osmocom/gsm/smscb.h
create mode 100644 src/gsm/smscb.c
When building out-of-srcdir, paths such as "src/gsm" will not find any
source files. Since the Doxyfiles are preprocessed, we can prepend
@srcdir@ to fix that.
Signed-off-by: Alex Badea <vamposdecampos(a)gmail.com>
---
Doxyfile.codec.in | 2 +-
Doxyfile.core.in | 2 +-
Doxyfile.gsm.in | 2 +-
Doxyfile.vty.in | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Doxyfile.codec.in b/Doxyfile.codec.in
index fcd5122..1b0df5e 100644
--- a/Doxyfile.codec.in
+++ b/Doxyfile.codec.in
@@ -610,7 +610,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = include/osmocom/codec src/codec
+INPUT = @srcdir@/include/osmocom/codec @srcdir@/src/codec
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
diff --git a/Doxyfile.core.in b/Doxyfile.core.in
index 18eb226..ee58f80 100644
--- a/Doxyfile.core.in
+++ b/Doxyfile.core.in
@@ -610,7 +610,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = include/osmocom/core src
+INPUT = @srcdir@/include/osmocom/core @srcdir/@src
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
diff --git a/Doxyfile.gsm.in b/Doxyfile.gsm.in
index ab25b22..36a6ae2 100644
--- a/Doxyfile.gsm.in
+++ b/Doxyfile.gsm.in
@@ -610,7 +610,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = include/osmocom/gsm include/osmocom/gsm/protocol src/gsm
+INPUT = @srcdir@/include/osmocom/gsm @srcdir@/include/osmocom/gsm/protocol @srcdir@/src/gsm
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
diff --git a/Doxyfile.vty.in b/Doxyfile.vty.in
index 57f19ad..527cdb2 100644
--- a/Doxyfile.vty.in
+++ b/Doxyfile.vty.in
@@ -610,7 +610,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = include/osmocom/vty src/vty
+INPUT = @srcdir@/include/osmocom/vty @srcdir@/src/vty
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
--
1.7.0.4
When building out-of-srcdir, "../../config.h" fails to reach config.h
because the compiler is invoked in $builddir/tests/, not
$builddir/tests/timer/. Use "../config.h" instead; this also works
for in-srcdir builds.
Signed-off-by: Alex Badea <vamposdecampos(a)gmail.com>
---
tests/timer/timer_test.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tests/timer/timer_test.c b/tests/timer/timer_test.c
index ba3127d..bb9a177 100644
--- a/tests/timer/timer_test.c
+++ b/tests/timer/timer_test.c
@@ -33,7 +33,7 @@
#include <osmocom/core/select.h>
#include <osmocom/core/linuxlist.h>
-#include "../../config.h"
+#include "../config.h"
static void main_timer_fired(void *data);
static void secondary_timer_fired(void *data);
--
1.7.0.4
Hi,
I just setup a machine running ArchLinux which has a pretty recent
automake/autoconf. libosmocore fails to build. Attached (trivial) patch
fixes that. Someone with a really old toolchain/automake should check
if it breaks setups we consider supported.
Chris
This fixes the following complaint by autoconf 2.69-1, automake 1.13.1-1.
: configure.ac:80: error: 'AM_CONFIG_HEADER': this macro is obsolete.
: You should use the 'AC_CONFIG_HEADERS' macro instead.
: /usr/share/aclocal-1.13/obsolete-err.m4:12: AM_CONFIG_HEADER is expan
: configure.ac:80: the top level
Automake 1:1.11.3-1ubuntu2, autoconf 2.68-1ubuntu2 don't even emit a warning
without, and work just fine with this patch.
Signed-off-by: Christian Vogel <vogelchr(a)vogel.cx>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 24ddd0c..fbc83f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,7 +77,7 @@ AC_DEFUN([CHECK_TM_INCLUDES_TM_GMTOFF], [
CHECK_TM_INCLUDES_TM_GMTOFF
dnl Generate the output
-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADER(config.h)
AC_ARG_ENABLE(talloc,
[AS_HELP_STRING(
--
1.8.1
--VS++wcV0S1rZb1Fb--
From: Sylvain Munaut <tnt(a)246tNt.com>
Currently msgb_pull returns a pointer to the new start of msgb, which
is pretty counter intuitive and when using msgb_pull is often annoying.
For eg, the msgb_pull_u{8,16,32} were previously "fixed" for this quirk
in a previous commit. The msgb_pull_l2h in lapdm is also wrong because
of this, same for code in osmocom-bb loader.
AFAICT, the current users of msgb_pull either don't care about the
return value, or expect it to be a pointer to the pulled header and not
the new start of msgb (and so are currently buggy).
Without this patch, you have things like:
struct foo *bar = msgb_pull(msg, sizeof(struct foo)) - sizeof(struct foo)
With the patch, you have:
struct foo *bar = msgb_pull(msg, sizeof(struct foo));
which is IMHO a much better style.
Signed-off-by: Sylvain Munaut <tnt(a)246tNt.com>
---
include/osmocom/core/msgb.h | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/include/osmocom/core/msgb.h b/include/osmocom/core/msgb.h
index a1939ab..4a72f2d 100644
--- a/include/osmocom/core/msgb.h
+++ b/include/osmocom/core/msgb.h
@@ -287,16 +287,18 @@ static inline unsigned char *msgb_push(struct msgb *msgb, unsigned int len)
/*! \brief remove (pull) a header from the front of the message buffer
* \param[in] msgb message buffer
* \param[in] len number of octets to be pulled
- * \returns pointer to new start of msgb
+ * \returns pointer to header that's been pulled (i.e. previous start of msgb)
*
* This function moves the \a data pointer of the \ref msgb further back
* in the message, thereby shrinking the size of the message by \a len
* bytes.
*/
static inline unsigned char *msgb_pull(struct msgb *msgb, unsigned int len)
-{
+{
+ unsigned char *tmp = msgb->data;
msgb->len -= len;
- return msgb->data += len;
+ msgb->data += len;
+ return tmp;
}
/*! \brief remove uint8 from front of message
@@ -305,7 +307,7 @@ static inline unsigned char *msgb_pull(struct msgb *msgb, unsigned int len)
*/
static inline uint8_t msgb_pull_u8(struct msgb *msgb)
{
- uint8_t *space = msgb_pull(msgb, 1) - 1;
+ uint8_t *space = msgb_pull(msgb, 1);
return space[0];
}
/*! \brief remove uint16 from front of message
@@ -314,7 +316,7 @@ static inline uint8_t msgb_pull_u8(struct msgb *msgb)
*/
static inline uint16_t msgb_pull_u16(struct msgb *msgb)
{
- uint8_t *space = msgb_pull(msgb, 2) - 2;
+ uint8_t *space = msgb_pull(msgb, 2);
return space[0] << 8 | space[1];
}
/*! \brief remove uint32 from front of message
@@ -323,7 +325,7 @@ static inline uint16_t msgb_pull_u16(struct msgb *msgb)
*/
static inline uint32_t msgb_pull_u32(struct msgb *msgb)
{
- uint8_t *space = msgb_pull(msgb, 4) - 4;
+ uint8_t *space = msgb_pull(msgb, 4);
return space[0] << 24 | space[1] << 16 | space[2] << 8 | space[3];
}
--
1.7.8.6
hi,
just fixed the issue from 29c3, where flashing of phones did not work
anymore. if no one complains, i will apply it.
it is also possible to flash c155 phones. the original compal boot
loader will start firmware at 0x20000 instead of 0x2000 (c123), so i
modified the linker scripts for compal_e99. i am not sure, if all c155
phones behave the same. to check this, i dumped some pages of the flash
memory:
run the loader:
$ host/osmocon/osmocon -p /dev/ttyUSB0 -m c155
target/firmware/board/compal_e99/loader.compalram.bin
start the phone and dump some flash:
$ host/osmocon/osmoload memdump 0x000000 0x30000 dump
a hexdump of that dump showed me where the actual firmware starts:
...
0000800 4f42 544f 392e 2e30 3530 0000 0000 0000
0000810 3031 3330 0101 0000 ffff ffff ffff ffff
0000820 ffff ffff ffff ffff ffff ffff ffff ffff
*
0020000 4f43 4544 392e 2e30 3130 0000 0000 0000
0020010 4c46 5845 392e 2e30 3130 302e 0031 0000
0020020 5352 4b50 392e 2e30 3130 302e 0031 0000
...
i would like to know, if this is true for other c155 phones.
regards,
andreas
Hi,
I'm thinking about why the mobile app don't show me the German GSM-R (MCC: 262, MNC: 10) cells they are around me.
The rssi app shows me the cells (e. g. ARFCN: 957 and 961).
I'm using the sylvain/testing branch and I am searching for more details in the source code and found in settings.c that the r gsm band are enabled and in the freq_list.
Can someone tell me another point for searching in source?
Thanks in advance.
Best regards.
kasio
Hi all,
as the year 2012 has already ended or will soon end depending on your
timezone, it might be a good occasion to start thinking of an OsmoDevCon
2013.
I personally percevied OsmoDevCon 2012 as a big success, and it was fun
to bring everyone together.
Generally, I prefer to keep the spirit of an invitation-only
developer+contributor-only event of those involved in Osmocom. At the
same time, I would consider it a good idea to add a one day
user-conference to the schedule, where we try to get interested users up
to speed with the various projects, possibly including some workshops
and the like.
So schedule-wise, I would suggest something like:
* one day user conference
* two day developer/contributor event
* optionally: 1-2 "hacking days".
The concept of "hacking days" has proven to be quite useful for the
netfilter project in the past (Pablo and I can acknowledge to that
fact). I'm not sure how many people would be able to spend even more
days of their schedule, but even if it's a much smaller group it would
still be useful, IMHO.
I'd like you to
1) provide feedback on the ideas about the one-day user event and the
hacking days
2) consider whether late march (like 2012) would be a good schedule
again
3) what we can improve from the last event
In terms of improvements, I so far have noted down:
* larger venue needs to be found
* complaints about the venue not having sufficient heating
Venue-wise, I would again suggest to hold it in Berlin, as it's
reasonbly well connected, has lots of low-cost flights to it,
accomodation is not too expensive and holger/me/sysmocom can take care
of local organization related activities. Hoewver, if somebody has a
strong opinion against berlin _and_ is willing to organize it, I'm not
completely against another venue.
Regards and happy new year,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
hi thomas,
i saw your work for your master of science. i must say: congratulations!
it really brings both openbts and openbsc projects together. it allows
to use both sdr and real bts together in one network. as shown at the
chaos communication congress (29c3), sylvain presented a compal phone
with firmware to turn it into a trx for openbts. with your code, it is
possible to use it with openbsc. this is something i aimed at too.
i like to know if your work is (only) a proof of concept or something
that could be used in a productive environment. i would help to review
the changes to osmo-bts and help to get them merged to the current
master branch. iirc, there are just some fixes and minor issues to solve.
i already had planed a similar approach: but instead of using source
from openbts, i wanted to do scheduling and coding/fec inside osmo-bts.
code from libosmocore could be used for that. instead of using the
device to the femto-dsp as an interface, i wanted to add the trx
manager's udp interface to osmo-bts code. this way it would not require
an additional process to run a trx with osmo-bts. special things
regarding to the trx could be configured with the osmo-bts' config.
as some guys at the 29c3 might have noticed, i was a little shocked when
i read about your work. i was highly motivated to do a work that i found
it was already done, so my motivation dropped to zero. i would like to
apologize for my bad mood at the congress.
best regards,
andreas
Hi guys
Please find attached a patch to cell_log that allows a user to specify a
custom frequency range instead of the standard one.
In the past I've done the same job changing the code by hand and
recompiling, but a command line switch is more feasible.
This is useful when one wants to monitor a subset of arfcns (like in
GSM900) or even a single one.
Any comment appreciated.
Dario.
When parsing SI4, there's a check and a log message saying that CBCH
MA is ignored until SI1 is received. Then the MA is decoded anyway --
incorrectly -- such that it remains incorrect even after receiving
the next SI1.
Fix that with an "else".
Signed-off-by: Alex Badea <vamposdecampos(a)gmail.com>
---
src/host/layer23/src/common/sysinfo.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/host/layer23/src/common/sysinfo.c b/src/host/layer23/src/common/sysinfo.c
index 2816c26..b42bd65 100644
--- a/src/host/layer23/src/common/sysinfo.c
+++ b/src/host/layer23/src/common/sysinfo.c
@@ -753,6 +753,7 @@ short_read:
LOGP(DRR, LOGL_NOTICE, "Ignoring CBCH allocation of "
"SYSTEM INFORMATION 4 until SI 1 is "
"received.\n");
+ } else {
gsm48_decode_mobile_alloc(s->freq, data + 2, data[1],
s->hopping, &s->hopp_len, 1);
}
--
1.7.0.4
In gsm411_sms.c the function gsm411_rx_rl_data receives "struct gsm48_hdr
*gh" as input then in very first line typecasts the pointer to "struct
gsm411_rp_hdr *rp_data" to access its "data" field.
struct gsm411_rp_hdr *rp_data = (struct gsm411_rp_hdr*)&gh->data;
But the two header structures have their "data" fields offset by one byte
as in:
struct gsm411_rp_hdr {
> uint8_t len;
> uint8_t msg_type;
> uint8_t msg_ref;
> uint8_t data[0];
> } __attribute__ ((packed));
>
> struct gsm48_hdr {
> uint8_t proto_discr;
> uint8_t msg_type;
> uint8_t data[0];
> } __attribute__((packed));
Obviously this displacement has been compensated for elsewhere in the code
as the application works. But this seems to be inadvertent. And if it is
deliberate, it is risky programming practice and could create problems
later on.
Request you to correct and update suitably.
Thanks.
B.
I perfectly understand and agree about being reluctant to publish code that could be used for malicious purposes.
I was talking more about what Harald suggested: a public/private git repo related with Layers implementation into the MS.
Cheers,
Luca
> Currently there is no commercial activity going on. and tool mostly contain testing tools like Multiple IMSI Detach .Identity impersonation , channel hijacking like one presented in this 29C3. Channel DOS. more issue is if we publish such tools we might get in trouble from Government and also from telecom Operator for creating such tools. for same purpose we didnt published those tools. its more like publishing complete sniffing app for GSM with all codec support.
>
> currently we shall publish l1 l2 l3 app on target code soon when code cleaning will be completed. but dont get time as code is having multiple changes and uses library from different osmocom git hosted locally.
>
>
> about publishing tools and research papers we shall do it after total research is complete.
>
> and reason that its taking too much time is am single person who can do technical work and coding rest team is more on core telecom network security.
>
> thats major issue in completing research .
>
>
> On Wed, Jan 2, 2013 at 10:07 AM, <luca.bongiorni1(a)studenti.unimi.it> wrote:
> So, if I may ask, since you are NOT having anykind of commercial activity related with osmocom's tools and is more than one year that you are asking for technical explanations over this ml/irc... Why u didn't publish yet the sources/results of your researches into a public repo as Harald suggested?
>
> Cheers,
> Luca
> Sent from my Fuffaphone®
> From: Akib Sayyed <akibsayyed(a)gmail.com>
> Sender: baseband-devel-bounces(a)lists.osmocom.org
> Date: Wed, 02 Jan 2013 08:36:46 +0300
> To: Luca Bongiorni<luca.bongiorni1(a)studenti.unimi.it>
> Cc: <baseband-devel(a)lists.osmocom.org>; Harald Welte<laforge(a)gnumonks.org>
> Subject: Re: 29c3 youtube video
>
> Damn typo mistake
> On Jan 2, 2013 8:35 AM, "Akib Sayyed" <akibsayyed(a)gmail.com> wrote:
> >
> > Currently we are not in production stage.
> > We are more focused on buying own stack or buying chipset with compatible stack as there is no gprs/edge/3g suppprt in osmocom.
> > Our first tool was based on osmocom but we are not in production.
> >
> > On Jan 2, 2013 12:12 AM, "Luca Bongiorni" <luca.bongiorni1(a)studenti.unimi.it> wrote:
> >>
> >> Hey all,
> >> actually is "interesting" his web site.
> >>
> >> Since it seems a commercial website*:
> >>
> >> * " Matrix Shell developed own GSM penetration testing tool.This tool is comprised of hardware unit and a laptop.it can perform various test on network using custom firmware.
> >> Using this too tester can identify state in which end user is getting service in terms of security."
> >>
> >> * "We provide following services.
> >> GSM Network Penetration Testing
> >> Matrixshell have developed a tool that can be used for testing attack vectors from users point of view. That is attacks that can be carried out by using modified handsets which may cause misusing identity of GSM subscriber , mass cellphone cell phone switch off ,denial of service of subscriber etc. Such vulnerability may cause loss in reputation of provider.
> >> We can find out such issues using our own tools. Our tools comprised of UM interface hardware and a laptop communicating with UM interface. This tool can run different tests on network like: Checking encryption type, Authentication bypass, Wrong way of TMSI assignment by network, Identity impersonating."
> >>
> >> I am wondering how his software tools are dealing with Osmocom's licenses.
> >>
> >> Cheers,
> >> Luca
> >>
> >> > are you sharing your current progress in a public git repository? If
> >> > not, I'd like to strongly encourage you to do so. I can also give you
> >> > commit access so you can push to a private branch on git.osmocom.org, if you
> >> > prefer that.
> >> >
> >> > --
> >> > - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
> >> > ============================================================================
> >> > "Privacy in residential applications is a desirable marketing option."
> >> > (ETSI EN 300 175-7 Ch. A6)
> >> >
> >>
> >>
>
>
>
> --
> Akib Sayyed
> Matrix-Shell
> akibsayyed(a)gmail.com
> akibsayyed(a)matrixshell.com
> Mob:- +91-966-514-2243
>
Hi,
yesterday I fucked up the second C123 while trying to replace the filters, so I decided to buy one model from Sysmocom (with the filters already replaced), but due to too many orders they do not offer this service anymore.
Is somebody on this list able and willing to sell me one C123 with the filter kit already built in (and tested)? I'd really appreciate if someone, who is more experienced in SMD soldering than me, could help me out.
If so, please contact me at: clemensgru(a)gmail.com
I live in Austria, so delivery from Europe should not be a problem.
Thanks.
Clemens
When I run ccch_scan on a regular network, every once in a while, at random
I find the app stops sniffing with the error:
> <000c> l1ctl.c:291 BURST IND: @(1428545 = 1077/01/35) (-105 dBm, SNR 3,
> SACCH)
> <000c> l1ctl.c:114 FBSB RESP: result=255
At the same time Osmocon gives a message like the following:
> => DSP reports FB in bit that is 1031487569 bits in the future?!?
> Synchronize_TDMA
> LOST 2313!
The problems seems therefore to emerge from some corruption of data in
reception which causes l1ctl.c to dispatch the S_L1CTL_FBSB_ERR signal.