Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific
chipset.
When i run osmocon i get :- an its just sits there with no further
processing.
./osmocon -p /dev/ttyUSB0 -m c123xor
../../target/firmware/board/compal_e88/loader.compalram.bin
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
got 1 bytes from modem, data looks like: 00 .
got 2 bytes from modem, data looks like: 2f 00 /.
got 1 bytes from modem, data looks like: 1b .
got 3 bytes from modem, data looks like: f6 02 00 ...
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 01 .
got 1 bytes from modem, data looks like: 40 @
Received PROMPT1 from phone, responding with CMD
got 1 bytes from modem, data looks like: 66 f
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6d m
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6c l
Received FTMTOOL from phone, ramloader has aborted
got 1 bytes from modem, data looks like: 65 e
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 00 .
I think the cable is ok as when i run my fingers on the tip i get random
Zeros so it appears to be talking to the cable.
Also when i tried to run Mobile i get the :- even though i created the
Mobile.cfg file in /etc/osmoco
Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg'
Please check or create config file using: 'touch
/home/raz/.osmocom/bb/mobile.cfg'
I have spent some hours researching the lists and trying various things to
no avail but I want to continue until I resolve this issues and use this
great stack to learn about the GSM network.
Please advise.
Great full for any help or pointers but this maybe a timing issue that is
difficult to debug.
Thanks
Raz
hi,
i did a lot of resarch and testing on cell selection and re-selection
process the last two week.
the cell selection process, network selection process (manual and
automatic) and mobility management process were already implemented in
OsmocomBB a long time, but turned out to be buggy and incomplete. i made
test drives to check the process and debugged it.
the re-selection process is new. it is used to track surrounding cells
while listening to the BCCH of the current cell (camping on a cell).
special extension to the layer1 firmare is used to measure neighbour
cells. if an neighbour cell becomes 'better', the mobile switches to
that cell, depening on different criteria. now it is possible to move
with OsmocomBB.
the re-selection process is not handover! handover is a process where a
phone switches between cells while doing a call. handover is one next
step to implement. the process is a little more complex, because it
requires not only neighbour cell measurements, but also syncing to them
without interrupting the traffic channel. most layer 3 stuff of handover
is already implemented.
if you like to play and test your moving OsmocomBB, you can check out
the "jolly/roaming" branch. it contains the extension to layer1, as well
as sim reader and fixes from "sylvain/testing" branch. use both "mobile"
and "layer1" firmware from this branch.
in order to see some process at VTY, you can do:
enable
monitor network 1 (continously display the strongest cell and neighbour
cells)
show ms 1 (to see current states)
show neighbour-cells 1 (to see a more detailed current list of
neighbours)
andreas
Hi,
in the osmocom bb mobile.cfg I don't see any posibility to set a fixed
Kc encryption key and the tmsi.
How could I achieve that osmocom uses my defined Kc and tmsi?
cheers,
Simian
Hi all,
*I connected, sent and made call successful with osmocombb (with real IMSI
and IMEI).
But, now, I get error, always be rejected:*
OsmocomBB# show ms
MS '1' is up, service is limited
IMEI: 357337016773249
IMEISV: 3573370167732490
IMEI generation: fixed
automatic network selection state: A0 null
cell selection state: PLMN search
radio ressource layer state: idle
mobility management layer state: MM idle, PLMN search
OsmocomBB#
% (MS 1)
% Trying to registering with network...
*in my config file (/root/.osmocom/bb/mobile.cfg)**:*
!
! OsmocomBB () configuration saved from vty
!!
!
line vty
no login
!
gps device /dev/ttyACM0
gps baudrate default
no gps enable
!
no hide-default
!
ms 1
layer2-socket /tmp/osmocom_l2
sap-socket /tmp/osmocom_sap
sim reader
network-selection-mode auto
imei 357337016773249 0
imei-fixed
emergency-imsi 452040399998391
sms-service-center +84980200030
no call-waiting
no auto-answer
no force-rekey
no clip
no clir
tx-power auto
no simulated-delay
no stick
location-updating
neighbour-measurement
codec full-speed prefer
codec half-speed
no abbrev
support
sms
a5/1
a5/2
p-gsm
e-gsm
r-gsm
gsm-850
dcs
pcs
class-900 4
class-850 4
class-dcs 1
class-pcs 1
channel-capability sdcch+tchf+tchh
full-speech-v1
full-speech-v2
half-speech-v1
min-rxlev -106
dsc-max 90
no skip-max-per-band
exit
test-sim
imsi 001010000000000
ki xor 00 00 00 00 00 00 00 00 00 00 00 00
no barred-access
no rplmn
hplmn-search foreign-country
exit
no shutdown
exit
!
Anyone help me???, thanks a lot!
--
Thanks and Best Regards
--
From: Hoàng Mạnh Hùng
Hi,
I'm trying to run the latest osmocom-bb git on a Motorola C118 phone.
After a minor problem with the build (as you may've noticed in the
patch I've sent). I got to the point of successfuly running layer1 on
the phone and the mobile app on the PC (I have also enabled TX). The
process seems to be stuck on trying to perform a location update. The
status of the ms is always either:
show ms
MS '1' is up, MM connection active
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: connected mode 1
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: connection pending
mobility management layer state: wait for RR connection (location updating)
OsmocomBB>
or
show ms
MS '1' is up, service is limited (pending)
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: C3 camped normally
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: idle
mobility management layer state: MM idle, attempting to update
OsmocomBB>
I think, that because of this I can't make any calls or send sms (all
the requests are being rejected):
OsmocomBB# call 1 <X>
call 1 <X>
OsmocomBB#
% (MS 1)
% Call has been rejected
The log information from mobile when it's trying to do a location
update is show below:
<000b> gsm48_rr.c:2174 PAGING REQUEST 1
<000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us)
<000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us)
<000e> gsm48_mm.c:344 Location update retry
<0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event
in state MM IDLE, attempting to update
<000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f)
<0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST
<0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f)
<0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e
<0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait
for RR connection (location updating)
<0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state
idle (sapi 0)
<000e> gsm48_rr.c:1318 Establish radio link due to mobility management request
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell
selection in state 'C3 camped normally'
<0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1'
<0003> gsm322.c:3653 Going to camping (normal) ARFCN 19.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0001> gsm48_rr.c:366 new state idle -> connection pending
<0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI)
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
<0003> gsm48_rr.c:4816 Channel provides data.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 0 ra 0x0e)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x07)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0f)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x01)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0a)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0)
<0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts
<0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1
SS 0 TSC 1)
<0001> gsm48_rr.c:2393 request 0a matches but not frame number
(IMM.ASS fn=22,6,30 != RACH fn=22,5,25)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:765 timer T3126 has fired
<000e> gsm48_rr.c:770 Requesting channel failed
<0001> gsm48_rr.c:366 new state connection pending -> idle
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection
in state 'connected mode 1'
<0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally'
<0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state
wait for RR connection (location updating) (sapi 0)
<0005> gsm48_mm.c:2732 RR link released after loc. upd.
<000e> gsm48_mm.c:2676 Location update failed
<000e> gsm48_mm.c:2686 Try location update later
<0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0
<0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds
<0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE
<0005> gsm48_mm.c:1159 Loc. upd. allowed.
<0005> gsm48_mm.c:919 new state wait for RR connection (location
updating) -> MM IDLE, location updating needed
<0005> gsm48_mm.c:909 new MM IDLE state location updating needed ->
attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event
in state MM IDLE, attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
Can you provide me any hints on how to debug this ? Why is the
location update failing constantly ?
Thanks in advance for your help.
Best regards,
Maciej Grela
Hi All
Just wanted to confirm that I got Osmocom-BB up and running on a Raspberry Pi.
I did not use the GPIO UART pins but USB <-> serial converters.
I tried Motorola C118 and C155 with success.
Everything you need is already described:
http://bb.osmocom.org/trac/wiki/GnuArmToolchainhttp://bb.osmocom.org/trac/wiki/libosmocorehttp://bb.osmocom.org/trac/wiki/Software/GettingStarted?redirectedfrom=Gett…
My previous problem seems to have been a not fully compatible crosscompiled toolchain. (it worked mostly, but I could not log-in to a cell and the spectrum view crashed on the RSSI Firmware.
Also if you want transmit capability (or flashing) then you need to activate those features in the makefile.
Thanks Sylvain (confirming c118 will work) and all others who are involved!!
PS: Any news on the "emulated BTS" that has been presented at last years chaos communication congress?
I have 2 C118s + 1 normal USB serial dongle + 1 capable of burst ind.
I hope this will suffice to also run also a possible future 1 trasmit phone + 1 receive phone configuration.
I assume that even without the filter change it should be enough to send a few meters of distance.
This is my first attempt to flash the loader.
1) The instructions on http://bb.osmocom.org/trac/wiki/flashing require
loading the file named "target/firmware/board/compal_e88/loader.*e88loader*
.bin".
Strangely I do not have this file after compilation. I have
loader.compalram.bin and loader.highram.bin. I also
have layer1.e88loader.bin and rssi.e88loader.bin.
Can you please guide me?
2) The guide for flashing an application says to use rssi.e88flash.bin.
Does that mean if I want to flash "layer1" as my application, then I must
use layer1.*e88flash*.bin at that point?
Thank you for your help.
B.
So far three persons have indicated their interest to join
a meeting at my place.
Considering the time it takes to drive to my place, it
probably makes sense to have the meeting at the weekend
(either Saturday or Sunday) so that there is more time
for the meeting itself. I can suggest one of the following
dates for the first meeting, somewhere between 10:00 to
18:00 on each day:
25.8. (Sa) or 26.8. (Su)
1.9. (Sa) or 2.9. (Su)
8.9. (Sa) or 9.9. (Su)
So please let me know when you have time and also make
suggestions in which Osmocom topic you are interested
in so that we can have some sort of agenda for the
meeting to make best use of the time.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
I have been successful in running the calypso BTS and registering phones to
it. I have also examined the source code implemented.
I am currently doing an Internship in Berlin and the company wants to
demonstrate to it customers that 2G services are not secure. Basically we
are designing a securtiy demonstrator. We want to do man-in-the-middle
attacks with the existing open source s/w. So we thought a B100 USrp would
be the need of the hour. But I am really interested working with the calypso
phones because I am comfortable with the source code and have already worked
on it.
I want to try (do) implementing the GPRS functionality to this calypso BTS.
Since the work is mostly involved at Layer1 or lets say transceiver.
I tried running OpenBTS-gprs version and resulted with some info. The
mframe_sched in the trx doesnt contain info about the how to handle packet
channels or the multiframes do not have the Packet channels. So when the BTS
assigns (on CCCH) a dedicated channel and the calypso phone fails to receive
uplink or doesnt provide a way for the phone to access the BTS. I understand
the working of trx and want to add this GPRS functionality to trx. I am
aiming to implement minimal GPRS functionality. I have also seen how
OpenBTS-gprs has triggers this packet channel or the way multiframes handle
PDCH, PTCH.. By observing them I can get some idea.
In this regard I request from you few suggestions such as where I have to
work more and what are the challenges I will face. your suggestions are
valuable to me.
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Suggestions-required-to-implemen…
Sent from the baseband-devel mailing list archive at Nabble.com.
The two patches I have posted (separately) relating to "msgb_pull" use in
Osmocom and firmware are required to fix the flashing problem!
With these patches, I am able to use all the flash functions now.
I still need to load the file "loader.e88loader.bin" which does not appear
in my compile, as mentioned in a separate email. I bricked a phone by
aborting the flashing at that stage! :-(
Any advice on this will be appreciated.
B.
On Thu, May 23, 2013 at 5:51 PM, Akib Sayyed <akibsayyed(a)gmail.com> wrote:
> bhaskar
>
> Have you solved issue with flashing.
>
>
> On Thu, May 23, 2013 at 4:44 PM, Bhaskar11 <niceguy108(a)gmail.com> wrote:
>
>> Patched in format according to guidelines.
>>
>> B.
>>
>>
>
>
> --
> Akib Sayyed
> Matrix-Shell
> akibsayyed(a)gmail.com
> akibsayyed(a)matrixshell.com
> Mob:- +91-966-514-2243
>
>
I have some problem sending patches by "git send-email" since I am working
in a Windows system.
My next email is an experimental workaround.
Please let me know if it works ok.
B.
Here is a better Patch more consistent with rest of OsmocomBB coding style
and more elegant.
Please ignore previous patch offered (which works also but is relatively
kludgy).
B.
On Wed, May 22, 2013 at 10:57 PM, Bhaskar11 <niceguy108(a)gmail.com> wrote:
> Solved the "bad crc" problem in Osmoload.
>
> The bug was inadvertently introduced in osmoload.c in update SHA
> ID 6ce46e7a86f4de0b1eef9c641ef6cfb49f1255cd on 9.9..2012 when msgb_get()
> was replaced by msgb_pull() as part of a large scale change. Looks like no
> one else had tried a "osmoload memdump" since then.
>
> Am enclosing patch to fix this bug.
>
> B.
>
>
>
> On Tue, May 14, 2013 at 5:26 PM, Bhaskar11 <niceguy108(a)gmail.com> wrote:
>
>> Hi all,
>>
>> I'm trying to flash RSSI app to my C118 following instructions on
>> http://bb.osmocom.org/trac/wiki/flashing.
>>
>> First step Osmocon with loader works fine.
>>
>> Second step with "osmoload memdump 0x000000 0x2000 compal_loader.bin"
>> gives the following output:
>>
>> Dumping 8192 bytes of memory at 0x0 to file compal_loader.bin
>>
>> bad crc 4190 (not 0000) at offset 0x00000000
>> bad crc f041 (not b209) at offset 0x000000f0
>> bad crc f041 (not 79d3) at offset 0x000001e0
>> ...
>> bad crc f041 (not fe61) at offset 0x00001e00
>> bad crc 8257 (not 4cd6) at offset 0x00001ef0
>> bad crc a401 (not 0000) at offset 0x00001fe0done.
>>
>> Would appreciate any guidance on what I can do to set this right.
>>
>> A general question:
>> If I flash RSSI app succesfully, can I later restore the original C118
>> code and use the cell as before? (assuming I have saved the full memory
>> dump to disk!) Or is that gone for good?
>>
>> Thanks for your guidance.
>>
>> B.
>>
>>
>>
>
Solved the "bad crc" problem in Osmoload.
The bug was inadvertently introduced in osmoload.c in update SHA
ID 6ce46e7a86f4de0b1eef9c641ef6cfb49f1255cd on 9.9..2012 when msgb_get()
was replaced by msgb_pull() as part of a large scale change. Looks like no
one else had tried a "osmoload memdump" since then.
Am enclosing patch to fix this bug.
B.
On Tue, May 14, 2013 at 5:26 PM, Bhaskar11 <niceguy108(a)gmail.com> wrote:
> Hi all,
>
> I'm trying to flash RSSI app to my C118 following instructions on
> http://bb.osmocom.org/trac/wiki/flashing.
>
> First step Osmocon with loader works fine.
>
> Second step with "osmoload memdump 0x000000 0x2000 compal_loader.bin"
> gives the following output:
>
> Dumping 8192 bytes of memory at 0x0 to file compal_loader.bin
>
> bad crc 4190 (not 0000) at offset 0x00000000
> bad crc f041 (not b209) at offset 0x000000f0
> bad crc f041 (not 79d3) at offset 0x000001e0
> ...
> bad crc f041 (not fe61) at offset 0x00001e00
> bad crc 8257 (not 4cd6) at offset 0x00001ef0
> bad crc a401 (not 0000) at offset 0x00001fe0done.
>
> Would appreciate any guidance on what I can do to set this right.
>
> A general question:
> If I flash RSSI app succesfully, can I later restore the original C118
> code and use the cell as before? (assuming I have saved the full memory
> dump to disk!) Or is that gone for good?
>
> Thanks for your guidance.
>
> B.
>
>
>
The TPU Debugger code lists:
static const char *tpu_addr_name[0x1f] = {
[0] = "TSP_CTLR1",
[1] = "TSP_CTRL2",
[*4*] = "TSP_TX_*1*",
[*3*] = "TSP_TX_*2*",
[*2*] = "TSP_TX_*3*",
[5] = "TSP_TX_4",
[6] = "TSPACT_L",
......
Was wondering if the numbering is a typo. Could not find documentation
online.
Just bringing to your notice for check.
Could you please confirm that items 2,3,4 are not supposed to be in
sequence.
Thanks.
B.
Hi everyone
I have hacked the game Snake for OsmocomBB. It was mostly for my own education
and I thought I make a short announcement on this list that such piece of code
also exists. Feel free to play around with it and merge it in the project
repository if you want.
Code: https://github.com/sdrfnord/osmocom-bb/tree/sdrfnord/ui
A picture of the game:
http://www.flickr.com/photos/sdrfnord/8626533489/in/photostream
I developed and tested it for the C121. During development I also implemented
fb_set_p to set one pixel and fb_bw8_line to draw a line. (For the ST7558 LC
Display Controller)
The code for fb_bw8_line is copied from
http://de.wikipedia.org/w/index.php?title=Bresenham-Algorithmus&stable=1#Ko…
I hope this does not interfere with the GPL …
Another thing I added is twl3025_power_off_now for a fast reboot which I used
for development.
--
Kind regards
Marcel `sdrfnord` McKinnon
Hello
My Motorola batteries are all swollen and therefore defective. anyone
has a solution for connecting to power directly to the battery connector
by usb?
I thought used a 3.7V zener diodes in parallel between the - and + USB
power and a series resistor.
Thank you.
Hello,
I have just got myself a Pirelli DP-L10, and I would like to use it to
demonstrate OsmocomBB to my local LUG. I would like to demonstrate
mobile, talking to layer1 via osmocon, making and receiving a voice
call, sending and receiving SMS.
I only have a few basic questions:
- Should I use the master branch in osmocom-bb git, or one of the
other branches? The Branches page in the wiki is blank.
- Am I correct in my understanding that, at least in some branch (see
above), osmocom-bb does support this phone well enough to actually
make a call? (Yes, I realize that layers 2&3 run on an attached host,
hence the phone has to be tethered to a laptop running osmocon and
mobile the whole time, and I do know how to enable Tx in the target
build. :)
- How is the voice routing implemented? Do I need to use lcr
integration on the host, or will the audio come out of the phone's own
speaker even though all higher layers of the stack are running on the
PC? If the voice call audio does go through the phone's own speaker
and mic, which ones? This phone model has both an earpiece speaker and
a loudspeaker, plus the usual analog headset jack. Which of these
audio routing options are supported, if any?
Thanks everyone for this awesome project! I can't wait to show it
working to my LUG.
Kim
Hi all,
So now I have nuttx console working via IRDA on my Pirelli DPL-10 phone. Here are my next steps... I wanted to see if anyone else was working on these?
- port the osmocom fb driver over to a nuttx lcd driver
- get layer1 + some version of "mobile" working on the device
- write a custom UI so this can be my daily driver
- and in relation to the last item... send a finished phone w/ firmware to be certified by the FCC?
http://transition.fcc.gov/oet/ea/procedures.html
Does that sound about right? Anybody working on any of these bits? I'm not expecting this to happen
overnight by any means... just expect it to be interesting and a good learning experience.
Thanks,
Craig
Hey folks, I got my Pirelli DPL10 yesterday and was able to get hello world, rssi, layer1 etc up and working pretty easily. It's quite a bit easier than the other phones I was trying to use with my RaspberryPi.
I was wondering if someone could give me a nudge on how to get started getting nuttx working on this phone?
Also I'd like to ask if there are directions somewhere on how to save the standard software presently on the phone so I can restore it later. I looked at osmoload but didn't quite understand what to do. finfo seemed to come back with all zeros for information and I confirmed that ping received a pong from the phone.
My goal is to work towards using osmocom/nuttx to make this phone my daily use phone.
Thanks,
Craig