baseband-devel July 2013

baseband-devel@lists.osmocom.org

8 participants
15 discussions

Start a nNew thread

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months, 1 week

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 11 months

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 1 month

Baseband: MS '1' is up, service is limited

by Hoàng Mạnh Hùng

Hi all, *I connected, sent and made call successful with osmocombb (with real IMSI and IMEI). But, now, I get error, always be rejected:* OsmocomBB# show ms MS '1' is up, service is limited IMEI: 357337016773249 IMEISV: 3573370167732490 IMEI generation: fixed automatic network selection state: A0 null cell selection state: PLMN search radio ressource layer state: idle mobility management layer state: MM idle, PLMN search OsmocomBB# % (MS 1) % Trying to registering with network... *in my config file (/root/.osmocom/bb/mobile.cfg)**:* ! ! OsmocomBB () configuration saved from vty !! ! line vty no login ! gps device /dev/ttyACM0 gps baudrate default no gps enable ! no hide-default ! ms 1 layer2-socket /tmp/osmocom_l2 sap-socket /tmp/osmocom_sap sim reader network-selection-mode auto imei 357337016773249 0 imei-fixed emergency-imsi 452040399998391 sms-service-center +84980200030 no call-waiting no auto-answer no force-rekey no clip no clir tx-power auto no simulated-delay no stick location-updating neighbour-measurement codec full-speed prefer codec half-speed no abbrev support sms a5/1 a5/2 p-gsm e-gsm r-gsm gsm-850 dcs pcs class-900 4 class-850 4 class-dcs 1 class-pcs 1 channel-capability sdcch+tchf+tchh full-speech-v1 full-speech-v2 half-speech-v1 min-rxlev -106 dsc-max 90 no skip-max-per-band exit test-sim imsi 001010000000000 ki xor 00 00 00 00 00 00 00 00 00 00 00 00 no barred-access no rplmn hplmn-search foreign-country exit no shutdown exit ! Anyone help me???, thanks a lot! -- Thanks and Best Regards -- From: Hoàng Mạnh Hùng

8 years, 11 months

Location update problems on Motorola C118

by Maciej Grela

Hi, I'm trying to run the latest osmocom-bb git on a Motorola C118 phone. After a minor problem with the build (as you may've noticed in the patch I've sent). I got to the point of successfuly running layer1 on the phone and the mobile app on the PC (I have also enabled TX). The process seems to be stuck on trying to perform a location update. The status of the ms is always either: show ms MS '1' is up, MM connection active IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: connected mode 1 ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: connection pending mobility management layer state: wait for RR connection (location updating) OsmocomBB> or show ms MS '1' is up, service is limited (pending) IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: C3 camped normally ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: idle mobility management layer state: MM idle, attempting to update OsmocomBB> I think, that because of this I can't make any calls or send sms (all the requests are being rejected): OsmocomBB# call 1 <X> call 1 <X> OsmocomBB# % (MS 1) % Call has been rejected The log information from mobile when it's trying to do a location update is show below: <000b> gsm48_rr.c:2174 PAGING REQUEST 1 <000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us) <000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us) <000e> gsm48_mm.c:344 Location update retry <0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event in state MM IDLE, attempting to update <000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f) <0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f) <0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e <0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait for RR connection (location updating) <0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1318 Establish radio link due to mobility management request <0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3653 Going to camping (normal) ARFCN 19. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0001> gsm48_rr.c:366 new state idle -> connection pending <0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI) <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 <0003> gsm48_rr.c:4816 Channel provides data. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 0 ra 0x0e) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x07) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0f) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x01) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0a) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0) <0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts <0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1 SS 0 TSC 1) <0001> gsm48_rr.c:2393 request 0a matches but not frame number (IMM.ASS fn=22,6,30 != RACH fn=22,5,25) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:765 timer T3126 has fired <000e> gsm48_rr.c:770 Requesting channel failed <0001> gsm48_rr.c:366 new state connection pending -> idle <0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection in state 'connected mode 1' <0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally' <0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state wait for RR connection (location updating) (sapi 0) <0005> gsm48_mm.c:2732 RR link released after loc. upd. <000e> gsm48_mm.c:2676 Location update failed <000e> gsm48_mm.c:2686 Try location update later <0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0 <0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds <0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE <0005> gsm48_mm.c:1159 Loc. upd. allowed. <0005> gsm48_mm.c:919 new state wait for RR connection (location updating) -> MM IDLE, location updating needed <0005> gsm48_mm.c:909 new MM IDLE state location updating needed -> attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 Can you provide me any hints on how to debug this ? Why is the location update failing constantly ? Thanks in advance for your help. Best regards, Maciej Grela

9 years, 5 months

Osmovom-BB on Raspberry Pi

by Richard Menedetter

Hi All Just wanted to confirm that I got Osmocom-BB up and running on a Raspberry Pi. I did not use the GPIO UART pins but USB <-> serial converters. I tried Motorola C118 and C155 with success. Everything you need is already described: http://bb.osmocom.org/trac/wiki/GnuArmToolchain http://bb.osmocom.org/trac/wiki/libosmocore http://bb.osmocom.org/trac/wiki/Software/GettingStarted?redirectedfrom=Gett… My previous problem seems to have been a not fully compatible crosscompiled toolchain. (it worked mostly, but I could not log-in to a cell and the spectrum view crashed on the RSSI Firmware. Also if you want transmit capability (or flashing) then you need to activate those features in the makefile. Thanks Sylvain (confirming c118 will work) and all others who are involved!! PS: Any news on the "emulated BTS" that has been presented at last years chaos communication congress? I have 2 C118s + 1 normal USB serial dongle + 1 capable of burst ind. I hope this will suffice to also run also a possible future 1 trasmit phone + 1 receive phone configuration. I assume that even without the filter change it should be enough to send a few meters of distance.

9 years, 10 months

Cannot open serial device /dev/ttyUSB0

by George Andguladze

Cannot open serial device /dev/ttyUSB0 I am getting this error message when I try to connect to my C155 phone and upload hello_world.compalram.bin using this command: ./osmocon -p /dev/ttyUSB0 -m c155 ../../target/firmware/board/compal_e99/hello_world.compalram.bin Even though device ttyUSB0 exists in my /dev/ directory, and I have set modprobe cp210x, and chmod 777 /dev/ttyUSB0. Here is an output from dmesg: [ 105.110818] usb 6-3: USB disconnect, device number 2 [ 105.111098] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 105.111131] cp210x 6-3:1.0: device disconnected [ 113.728075] usb 6-3: new full speed USB device number 3 using ohci_hcd [ 113.901042] cp210x 6-3:1.0: cp210x converter detected [ 114.040085] usb 6-3: reset full speed USB device number 3 using ohci_hcd [ 114.206030] usb 6-3: cp210x converter now attached to ttyUSB0 Here is an output from ls -l /dev/tty : crw-rw-rw- 1 root tty 5, 0 2013-06-04 21:27 /dev/tty crw--w---- 1 root tty 4, 0 2013-06-04 20:40 /dev/tty0 crw------- 1 root root 4, 1 2013-06-04 20:40 /dev/tty1 crw--w---- 1 root tty 4, 10 2013-06-04 20:40 /dev/tty10 crw--w---- 1 root tty 4, 11 2013-06-04 20:40 /dev/tty11 crw--w---- 1 root tty 4, 12 2013-06-04 20:40 /dev/tty12 crw--w---- 1 root tty 4, 13 2013-06-04 20:40 /dev/tty13 crw--w---- 1 root tty 4, 14 2013-06-04 20:40 /dev/tty14 crw--w---- 1 root tty 4, 15 2013-06-04 20:40 /dev/tty15 crw--w---- 1 root tty 4, 16 2013-06-04 20:40 /dev/tty16 crw--w---- 1 root tty 4, 17 2013-06-04 20:40 /dev/tty17 crw--w---- 1 root tty 4, 18 2013-06-04 20:40 /dev/tty18 crw--w---- 1 root tty 4, 19 2013-06-04 20:40 /dev/tty19 crw------- 1 root root 4, 2 2013-06-04 20:40 /dev/tty2 crw--w---- 1 root tty 4, 20 2013-06-04 20:40 /dev/tty20 crw--w---- 1 root tty 4, 21 2013-06-04 20:40 /dev/tty21 crw--w---- 1 root tty 4, 22 2013-06-04 20:40 /dev/tty22 crw--w---- 1 root tty 4, 23 2013-06-04 20:40 /dev/tty23 crw--w---- 1 root tty 4, 24 2013-06-04 20:40 /dev/tty24 crw--w---- 1 root tty 4, 25 2013-06-04 20:40 /dev/tty25 crw--w---- 1 root tty 4, 26 2013-06-04 20:40 /dev/tty26 crw--w---- 1 root tty 4, 27 2013-06-04 20:40 /dev/tty27 crw--w---- 1 root tty 4, 28 2013-06-04 20:40 /dev/tty28 crw--w---- 1 root tty 4, 29 2013-06-04 20:40 /dev/tty29 crw------- 1 root root 4, 3 2013-06-04 20:40 /dev/tty3 crw--w---- 1 root tty 4, 30 2013-06-04 20:40 /dev/tty30 crw--w---- 1 root tty 4, 31 2013-06-04 20:40 /dev/tty31 crw--w---- 1 root tty 4, 32 2013-06-04 20:40 /dev/tty32 crw--w---- 1 root tty 4, 33 2013-06-04 20:40 /dev/tty33 crw--w---- 1 root tty 4, 34 2013-06-04 20:40 /dev/tty34 crw--w---- 1 root tty 4, 35 2013-06-04 20:40 /dev/tty35 crw--w---- 1 root tty 4, 36 2013-06-04 20:40 /dev/tty36 crw--w---- 1 root tty 4, 37 2013-06-04 20:40 /dev/tty37 crw--w---- 1 root tty 4, 38 2013-06-04 20:40 /dev/tty38 crw--w---- 1 root tty 4, 39 2013-06-04 20:40 /dev/tty39 crw------- 1 root root 4, 4 2013-06-04 20:40 /dev/tty4 crw--w---- 1 root tty 4, 40 2013-06-04 20:40 /dev/tty40 crw--w---- 1 root tty 4, 41 2013-06-04 20:40 /dev/tty41 crw--w---- 1 root tty 4, 42 2013-06-04 20:40 /dev/tty42 crw--w---- 1 root tty 4, 43 2013-06-04 20:40 /dev/tty43 crw--w---- 1 root tty 4, 44 2013-06-04 20:40 /dev/tty44 crw--w---- 1 root tty 4, 45 2013-06-04 20:40 /dev/tty45 crw--w---- 1 root tty 4, 46 2013-06-04 20:40 /dev/tty46 crw--w---- 1 root tty 4, 47 2013-06-04 20:40 /dev/tty47 crw--w---- 1 root tty 4, 48 2013-06-04 20:40 /dev/tty48 crw--w---- 1 root tty 4, 49 2013-06-04 20:40 /dev/tty49 crw------- 1 root root 4, 5 2013-06-04 20:40 /dev/tty5 crw--w---- 1 root tty 4, 50 2013-06-04 20:40 /dev/tty50 crw--w---- 1 root tty 4, 51 2013-06-04 20:40 /dev/tty51 crw--w---- 1 root tty 4, 52 2013-06-04 20:40 /dev/tty52 crw--w---- 1 root tty 4, 53 2013-06-04 20:40 /dev/tty53 crw--w---- 1 root tty 4, 54 2013-06-04 20:40 /dev/tty54 crw--w---- 1 root tty 4, 55 2013-06-04 20:40 /dev/tty55 crw--w---- 1 root tty 4, 56 2013-06-04 20:40 /dev/tty56 crw--w---- 1 root tty 4, 57 2013-06-04 20:40 /dev/tty57 crw--w---- 1 root tty 4, 58 2013-06-04 20:40 /dev/tty58 crw--w---- 1 root tty 4, 59 2013-06-04 20:40 /dev/tty59 crw------- 1 root root 4, 6 2013-06-04 20:40 /dev/tty6 crw--w---- 1 root tty 4, 60 2013-06-04 20:40 /dev/tty60 crw--w---- 1 root tty 4, 61 2013-06-04 20:40 /dev/tty61 crw--w---- 1 root tty 4, 62 2013-06-04 20:40 /dev/tty62 crw--w---- 1 root tty 4, 63 2013-06-04 20:40 /dev/tty63 crw--w---- 1 root tty 4, 7 2013-06-04 20:40 /dev/tty7 crw--w---- 1 root tty 4, 8 2013-06-04 20:40 /dev/tty8 crw--w---- 1 root tty 4, 9 2013-06-04 20:40 /dev/tty9 crw------- 1 root root 5, 3 2013-06-04 20:40 /dev/ttyprintk crw-rw---- 1 root dialout 4, 64 2013-06-04 20:40 /dev/ttyS0 crw-rw---- 1 root dialout 4, 65 2013-06-04 20:40 /dev/ttyS1 crw-rw---- 1 root dialout 4, 74 2013-06-04 20:40 /dev/ttyS10 crw-rw---- 1 root dialout 4, 75 2013-06-04 20:40 /dev/ttyS11 crw-rw---- 1 root dialout 4, 76 2013-06-04 20:40 /dev/ttyS12 crw-rw---- 1 root dialout 4, 77 2013-06-04 20:40 /dev/ttyS13 crw-rw---- 1 root dialout 4, 78 2013-06-04 20:40 /dev/ttyS14 crw-rw---- 1 root dialout 4, 79 2013-06-04 20:40 /dev/ttyS15 crw-rw---- 1 root dialout 4, 80 2013-06-04 20:40 /dev/ttyS16 crw-rw---- 1 root dialout 4, 81 2013-06-04 20:40 /dev/ttyS17 crw-rw---- 1 root dialout 4, 82 2013-06-04 20:40 /dev/ttyS18 crw-rw---- 1 root dialout 4, 83 2013-06-04 20:40 /dev/ttyS19 crw-rw---- 1 root dialout 4, 66 2013-06-04 20:40 /dev/ttyS2 crw-rw---- 1 root dialout 4, 84 2013-06-04 20:40 /dev/ttyS20 crw-rw---- 1 root dialout 4, 85 2013-06-04 20:40 /dev/ttyS21 crw-rw---- 1 root dialout 4, 86 2013-06-04 20:40 /dev/ttyS22 crw-rw---- 1 root dialout 4, 87 2013-06-04 20:40 /dev/ttyS23 crw-rw---- 1 root dialout 4, 88 2013-06-04 20:40 /dev/ttyS24 crw-rw---- 1 root dialout 4, 89 2013-06-04 20:40 /dev/ttyS25 crw-rw---- 1 root dialout 4, 90 2013-06-04 20:40 /dev/ttyS26 crw-rw---- 1 root dialout 4, 91 2013-06-04 20:40 /dev/ttyS27 crw-rw---- 1 root dialout 4, 92 2013-06-04 20:40 /dev/ttyS28 crw-rw---- 1 root dialout 4, 93 2013-06-04 20:40 /dev/ttyS29 crw-rw---- 1 root dialout 4, 67 2013-06-04 20:40 /dev/ttyS3 crw-rw---- 1 root dialout 4, 94 2013-06-04 20:40 /dev/ttyS30 crw-rw---- 1 root dialout 4, 95 2013-06-04 20:40 /dev/ttyS31 crw-rw---- 1 root dialout 4, 68 2013-06-04 20:40 /dev/ttyS4 crw-rw---- 1 root dialout 4, 69 2013-06-04 20:40 /dev/ttyS5 crw-rw---- 1 root dialout 4, 70 2013-06-04 20:40 /dev/ttyS6 crw-rw---- 1 root dialout 4, 71 2013-06-04 20:40 /dev/ttyS7 crw-rw---- 1 root dialout 4, 72 2013-06-04 20:40 /dev/ttyS8 crw-rw---- 1 root dialout 4, 73 2013-06-04 20:40 /dev/ttyS9 crwxrwxrwx 1 root dialout 188, 0 2013-06-04 21:07 /dev/ttyUSB0 What is it that I am doing wrong? Thanks, George

10 years, 4 months

Query on flashing the loader

by Bhaskar11

This is my first attempt to flash the loader. 1) The instructions on http://bb.osmocom.org/trac/wiki/flashing require loading the file named "target/firmware/board/compal_e88/loader.*e88loader* .bin". Strangely I do not have this file after compilation. I have loader.compalram.bin and loader.highram.bin. I also have layer1.e88loader.bin and rssi.e88loader.bin. Can you please guide me? 2) The guide for flashing an application says to use rssi.e88flash.bin. Does that mean if I want to flash "layer1" as my application, then I must use layer1.*e88flash*.bin at that point? Thank you for your help. B.

10 years, 5 months

chainload.compalram.bin missing?

by Craig Comstock

I was trying to load some apps to a Motorola C139 and found that after building osmocom-bb that there were no chainload image files built. Am I using the wrong branch somehow? Are the instructions out of date on this page: http://bb.osmocom.org/trac/wiki/MotorolaC140 ./osmocon -p /dev/ttyUSB0 -m c140 -c ../../target/firmware/board/compal_e86/layer1.highram.bin ../../target/firmware/board/compal_e86/chainload.compalram.bin The page mentions something about a magic value that must be placed into memory for the bootloader... could that be added to osmocon somehow so that specifying -m c140 takes care of it? "After the download has completed, it expects the magic string "1003" (0x31 0x30 0x30 0x33) at the RAM address 0x803ce0" Thanks, Craig

10 years, 8 months

Pirelli DP-L10 display subsystem (was Re: JTAG setup for Pirelli DP-L10)

by ubuntugirl

On 7/27/13, Steve Markgraf <steve(a)steve-m.de> wrote: > Unfortunately there's only a datasheet of the SPCA554 floating around, > just search for "SPCA554AV02". Found it, thanks. > unfortunately the SPCA552 and 554 seem to have quite a few differences, > so not everything could be figured out. Yeah, the differences do seem big indeed. While I was searching around for an SPCA552E datasheet, I found this: http://www.download.revosupport.com/scp2009_download_folder!/BONUS%20MEMBER… On page 12 of that schematic there's our lovely Sunplus chip. Of course it's a totally different phone, but at least we can see what are the pin interfaces coming off this chip. In the above schematic, we see that SPCA552E connects to just the host CPU, the LCM and the camera - no frills. But the 554 datasheet you've found describes a much more complex device - adds USB, audio, mass storage... > At least it was enough information to get the bypass mode working, > which was my main goal. Were you ever able to figure out just how the backlight works on this display? Your code has a comment about a particular register in the SPCA supposedly turning the BL on or off, but looking at the pin interfaces of this SPCA in the Nokia schematic, I don't see anything even remotely related to the backlight... Yet the original firmware is able to not only turn this BL on and off at will, but also change the brightness - during calls, the display dims instead of blanking completely. On a related note, were you ever able to figure out the pinout of the 30-pin flex between the main PCB and the LCM? If this pinout were known, I could probably trace out the stuff of interest to me (like the backlight) on the main PCB using your layer pictures, but if I have to reverse-eng the LCM itself, that might be a bit above my skill level. :( > Since the SPCA has an integrated 8051 core, you probably need to upload > proprietary code to get the camera working, or you have to rewrite the > firmware for this chip as well... Bummer. But just out of curiosity, how did you figure out that it's an 8051? Did you see the original phone fw pushing something to the SPCA that looked like 8051 instructions? FWIW, the 554 datasheet describes its CPU as a "32-bit RISC processor" - too closed to even name what it is! Kim

10 years, 8 months

JTAG setup for Pirelli DP-L10

by ubuntugirl

Hello, I finally got some time to play with OsmocomBB again. It works intermittently on my Pirelli DP-L10: sometimes ok, other times MO call attempts fail inexplicably and there are messages pouring in the vty window about network contact being lost and reestablished. I suspect that the lack of RF calibration may be an issue, especially considering that I'm in PCS land whereas most active developers are in EGSM/DCS. So I got this crazy idea: what if we can figure out where and how the original factory calibration values are stored, and make use of them? It looks like the last 64kb sector of the flash (at 0x027f0000 as seen by the cpu) is where the factory data are stored, but the format looks incomprehensible. :( So here's what I'm thinking: I would like to try putting JTAG on this phone, and using a hardware watchpoint to catch where the proprietary fw reads from the 0x027f0000-0x027fffff region. I saw in the Wiki that there is an unpopulated footprint for a JTAG connector, and upon taking my phone apart, I have confirmed that it's there indeed. But I wonder, has anyone here (steve-m perhaps?) actually used this JTAG interface and got it to work? If someone has, I'd like to ask the following: * What connector part did you populate on that footprint? * What actual JTAG adapter gadget did you use? * How did you connect that JTAG adapter gadget to the phone? Thanks, Kim

10 years, 9 months

Calypso phone with RX filters removed

by George Andguladze

Hi List, Could anyone suggest me where to buy a C155 with RX filters removed? My soldering skills are not that great so I am trying to avoid buying the filter replacement kit from here http://shop.sysmocom.de/products/osmocombb-filter-kit and doing it myself. It seems from the mailing list (http://comments.gmane.org/gmane.comp.mobile.osmocom.baseband.devel/1840) that you could buy it from shop.sysmocom.de, but not anymore? Kind Regards George AndguladzeSenior Software EngineerBusiness Management Technology www.bmt.ge

10 years, 9 months

[ADMIN] Wanted: List moderator

by Harald Welte

Dear Osmocom community, I'm currently looking for one or multiple volunteers who are willing to tend to the mailman 'moderator queue' of the various osmocom mailing lists (baseband-devel, openbsc, simtrace, tetra, osmocom-pcu, ...) Our lists are 'member posting only' to protect them from spam. This means that spammers will be caught in the list moderation queue together with the occasional legitimate message from a non-subscriber. You need to manually look over that queue in the mailman web interface, select those legitimate posts as 'approve' and 'defer' all others. The task requires very few minutes, but it requires them every day or second day. It is a perfect opportunity how non-developers can contribute to the project :) Please let me know if anyone is willing to take care of this. Thanks! Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

10 years, 9 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel July 2013