August 2013 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months, 1 week

5
5
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

8
12
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 11 months

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

3
3
0 0

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 1 month

5
21
0 0

Baseband: MS '1' is up, service is limited

by Hoàng Mạnh Hùng

Hi all, *I connected, sent and made call successful with osmocombb (with real IMSI and IMEI). But, now, I get error, always be rejected:* OsmocomBB# show ms MS '1' is up, service is limited IMEI: 357337016773249 IMEISV: 3573370167732490 IMEI generation: fixed automatic network selection state: A0 null cell selection state: PLMN search radio ressource layer state: idle mobility management layer state: MM idle, PLMN search OsmocomBB# % (MS 1) % Trying to registering with network... *in my config file (/root/.osmocom/bb/mobile.cfg)**:* ! ! OsmocomBB () configuration saved from vty !! ! line vty no login ! gps device /dev/ttyACM0 gps baudrate default no gps enable ! no hide-default ! ms 1 layer2-socket /tmp/osmocom_l2 sap-socket /tmp/osmocom_sap sim reader network-selection-mode auto imei 357337016773249 0 imei-fixed emergency-imsi 452040399998391 sms-service-center +84980200030 no call-waiting no auto-answer no force-rekey no clip no clir tx-power auto no simulated-delay no stick location-updating neighbour-measurement codec full-speed prefer codec half-speed no abbrev support sms a5/1 a5/2 p-gsm e-gsm r-gsm gsm-850 dcs pcs class-900 4 class-850 4 class-dcs 1 class-pcs 1 channel-capability sdcch+tchf+tchh full-speech-v1 full-speech-v2 half-speech-v1 min-rxlev -106 dsc-max 90 no skip-max-per-band exit test-sim imsi 001010000000000 ki xor 00 00 00 00 00 00 00 00 00 00 00 00 no barred-access no rplmn hplmn-search foreign-country exit no shutdown exit ! Anyone help me???, thanks a lot! -- Thanks and Best Regards -- From: Hoàng Mạnh Hùng

8 years, 11 months

5
10
0 0

Location update problems on Motorola C118

by Maciej Grela

Hi, I'm trying to run the latest osmocom-bb git on a Motorola C118 phone. After a minor problem with the build (as you may've noticed in the patch I've sent). I got to the point of successfuly running layer1 on the phone and the mobile app on the PC (I have also enabled TX). The process seems to be stuck on trying to perform a location update. The status of the ms is always either: show ms MS '1' is up, MM connection active IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: connected mode 1 ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: connection pending mobility management layer state: wait for RR connection (location updating) OsmocomBB> or show ms MS '1' is up, service is limited (pending) IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: C3 camped normally ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: idle mobility management layer state: MM idle, attempting to update OsmocomBB> I think, that because of this I can't make any calls or send sms (all the requests are being rejected): OsmocomBB# call 1 <X> call 1 <X> OsmocomBB# % (MS 1) % Call has been rejected The log information from mobile when it's trying to do a location update is show below: <000b> gsm48_rr.c:2174 PAGING REQUEST 1 <000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us) <000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us) <000e> gsm48_mm.c:344 Location update retry <0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event in state MM IDLE, attempting to update <000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f) <0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f) <0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e <0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait for RR connection (location updating) <0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1318 Establish radio link due to mobility management request <0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3653 Going to camping (normal) ARFCN 19. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0001> gsm48_rr.c:366 new state idle -> connection pending <0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI) <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 <0003> gsm48_rr.c:4816 Channel provides data. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 0 ra 0x0e) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x07) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0f) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x01) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0a) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0) <0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts <0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1 SS 0 TSC 1) <0001> gsm48_rr.c:2393 request 0a matches but not frame number (IMM.ASS fn=22,6,30 != RACH fn=22,5,25) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:765 timer T3126 has fired <000e> gsm48_rr.c:770 Requesting channel failed <0001> gsm48_rr.c:366 new state connection pending -> idle <0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection in state 'connected mode 1' <0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally' <0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state wait for RR connection (location updating) (sapi 0) <0005> gsm48_mm.c:2732 RR link released after loc. upd. <000e> gsm48_mm.c:2676 Location update failed <000e> gsm48_mm.c:2686 Try location update later <0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0 <0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds <0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE <0005> gsm48_mm.c:1159 Loc. upd. allowed. <0005> gsm48_mm.c:919 new state wait for RR connection (location updating) -> MM IDLE, location updating needed <0005> gsm48_mm.c:909 new MM IDLE state location updating needed -> attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 Can you provide me any hints on how to debug this ? Why is the location update failing constantly ? Thanks in advance for your help. Best regards, Maciej Grela

9 years, 5 months

6
9
0 0

Osmovom-BB on Raspberry Pi

by Richard Menedetter

Hi All Just wanted to confirm that I got Osmocom-BB up and running on a Raspberry Pi. I did not use the GPIO UART pins but USB <-> serial converters. I tried Motorola C118 and C155 with success. Everything you need is already described: http://bb.osmocom.org/trac/wiki/GnuArmToolchain http://bb.osmocom.org/trac/wiki/libosmocore http://bb.osmocom.org/trac/wiki/Software/GettingStarted?redirectedfrom=Gett… My previous problem seems to have been a not fully compatible crosscompiled toolchain. (it worked mostly, but I could not log-in to a cell and the spectrum view crashed on the RSSI Firmware. Also if you want transmit capability (or flashing) then you need to activate those features in the makefile. Thanks Sylvain (confirming c118 will work) and all others who are involved!! PS: Any news on the "emulated BTS" that has been presented at last years chaos communication congress? I have 2 C118s + 1 normal USB serial dongle + 1 capable of burst ind. I hope this will suffice to also run also a possible future 1 trasmit phone + 1 receive phone configuration. I assume that even without the filter change it should be enough to send a few meters of distance.

9 years, 10 months

5
10
0 0

Cannot open serial device /dev/ttyUSB0

by George Andguladze

Cannot open serial device /dev/ttyUSB0 I am getting this error message when I try to connect to my C155 phone and upload hello_world.compalram.bin using this command: ./osmocon -p /dev/ttyUSB0 -m c155 ../../target/firmware/board/compal_e99/hello_world.compalram.bin Even though device ttyUSB0 exists in my /dev/ directory, and I have set modprobe cp210x, and chmod 777 /dev/ttyUSB0. Here is an output from dmesg: [ 105.110818] usb 6-3: USB disconnect, device number 2 [ 105.111098] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 105.111131] cp210x 6-3:1.0: device disconnected [ 113.728075] usb 6-3: new full speed USB device number 3 using ohci_hcd [ 113.901042] cp210x 6-3:1.0: cp210x converter detected [ 114.040085] usb 6-3: reset full speed USB device number 3 using ohci_hcd [ 114.206030] usb 6-3: cp210x converter now attached to ttyUSB0 Here is an output from ls -l /dev/tty : crw-rw-rw- 1 root tty 5, 0 2013-06-04 21:27 /dev/tty crw--w---- 1 root tty 4, 0 2013-06-04 20:40 /dev/tty0 crw------- 1 root root 4, 1 2013-06-04 20:40 /dev/tty1 crw--w---- 1 root tty 4, 10 2013-06-04 20:40 /dev/tty10 crw--w---- 1 root tty 4, 11 2013-06-04 20:40 /dev/tty11 crw--w---- 1 root tty 4, 12 2013-06-04 20:40 /dev/tty12 crw--w---- 1 root tty 4, 13 2013-06-04 20:40 /dev/tty13 crw--w---- 1 root tty 4, 14 2013-06-04 20:40 /dev/tty14 crw--w---- 1 root tty 4, 15 2013-06-04 20:40 /dev/tty15 crw--w---- 1 root tty 4, 16 2013-06-04 20:40 /dev/tty16 crw--w---- 1 root tty 4, 17 2013-06-04 20:40 /dev/tty17 crw--w---- 1 root tty 4, 18 2013-06-04 20:40 /dev/tty18 crw--w---- 1 root tty 4, 19 2013-06-04 20:40 /dev/tty19 crw------- 1 root root 4, 2 2013-06-04 20:40 /dev/tty2 crw--w---- 1 root tty 4, 20 2013-06-04 20:40 /dev/tty20 crw--w---- 1 root tty 4, 21 2013-06-04 20:40 /dev/tty21 crw--w---- 1 root tty 4, 22 2013-06-04 20:40 /dev/tty22 crw--w---- 1 root tty 4, 23 2013-06-04 20:40 /dev/tty23 crw--w---- 1 root tty 4, 24 2013-06-04 20:40 /dev/tty24 crw--w---- 1 root tty 4, 25 2013-06-04 20:40 /dev/tty25 crw--w---- 1 root tty 4, 26 2013-06-04 20:40 /dev/tty26 crw--w---- 1 root tty 4, 27 2013-06-04 20:40 /dev/tty27 crw--w---- 1 root tty 4, 28 2013-06-04 20:40 /dev/tty28 crw--w---- 1 root tty 4, 29 2013-06-04 20:40 /dev/tty29 crw------- 1 root root 4, 3 2013-06-04 20:40 /dev/tty3 crw--w---- 1 root tty 4, 30 2013-06-04 20:40 /dev/tty30 crw--w---- 1 root tty 4, 31 2013-06-04 20:40 /dev/tty31 crw--w---- 1 root tty 4, 32 2013-06-04 20:40 /dev/tty32 crw--w---- 1 root tty 4, 33 2013-06-04 20:40 /dev/tty33 crw--w---- 1 root tty 4, 34 2013-06-04 20:40 /dev/tty34 crw--w---- 1 root tty 4, 35 2013-06-04 20:40 /dev/tty35 crw--w---- 1 root tty 4, 36 2013-06-04 20:40 /dev/tty36 crw--w---- 1 root tty 4, 37 2013-06-04 20:40 /dev/tty37 crw--w---- 1 root tty 4, 38 2013-06-04 20:40 /dev/tty38 crw--w---- 1 root tty 4, 39 2013-06-04 20:40 /dev/tty39 crw------- 1 root root 4, 4 2013-06-04 20:40 /dev/tty4 crw--w---- 1 root tty 4, 40 2013-06-04 20:40 /dev/tty40 crw--w---- 1 root tty 4, 41 2013-06-04 20:40 /dev/tty41 crw--w---- 1 root tty 4, 42 2013-06-04 20:40 /dev/tty42 crw--w---- 1 root tty 4, 43 2013-06-04 20:40 /dev/tty43 crw--w---- 1 root tty 4, 44 2013-06-04 20:40 /dev/tty44 crw--w---- 1 root tty 4, 45 2013-06-04 20:40 /dev/tty45 crw--w---- 1 root tty 4, 46 2013-06-04 20:40 /dev/tty46 crw--w---- 1 root tty 4, 47 2013-06-04 20:40 /dev/tty47 crw--w---- 1 root tty 4, 48 2013-06-04 20:40 /dev/tty48 crw--w---- 1 root tty 4, 49 2013-06-04 20:40 /dev/tty49 crw------- 1 root root 4, 5 2013-06-04 20:40 /dev/tty5 crw--w---- 1 root tty 4, 50 2013-06-04 20:40 /dev/tty50 crw--w---- 1 root tty 4, 51 2013-06-04 20:40 /dev/tty51 crw--w---- 1 root tty 4, 52 2013-06-04 20:40 /dev/tty52 crw--w---- 1 root tty 4, 53 2013-06-04 20:40 /dev/tty53 crw--w---- 1 root tty 4, 54 2013-06-04 20:40 /dev/tty54 crw--w---- 1 root tty 4, 55 2013-06-04 20:40 /dev/tty55 crw--w---- 1 root tty 4, 56 2013-06-04 20:40 /dev/tty56 crw--w---- 1 root tty 4, 57 2013-06-04 20:40 /dev/tty57 crw--w---- 1 root tty 4, 58 2013-06-04 20:40 /dev/tty58 crw--w---- 1 root tty 4, 59 2013-06-04 20:40 /dev/tty59 crw------- 1 root root 4, 6 2013-06-04 20:40 /dev/tty6 crw--w---- 1 root tty 4, 60 2013-06-04 20:40 /dev/tty60 crw--w---- 1 root tty 4, 61 2013-06-04 20:40 /dev/tty61 crw--w---- 1 root tty 4, 62 2013-06-04 20:40 /dev/tty62 crw--w---- 1 root tty 4, 63 2013-06-04 20:40 /dev/tty63 crw--w---- 1 root tty 4, 7 2013-06-04 20:40 /dev/tty7 crw--w---- 1 root tty 4, 8 2013-06-04 20:40 /dev/tty8 crw--w---- 1 root tty 4, 9 2013-06-04 20:40 /dev/tty9 crw------- 1 root root 5, 3 2013-06-04 20:40 /dev/ttyprintk crw-rw---- 1 root dialout 4, 64 2013-06-04 20:40 /dev/ttyS0 crw-rw---- 1 root dialout 4, 65 2013-06-04 20:40 /dev/ttyS1 crw-rw---- 1 root dialout 4, 74 2013-06-04 20:40 /dev/ttyS10 crw-rw---- 1 root dialout 4, 75 2013-06-04 20:40 /dev/ttyS11 crw-rw---- 1 root dialout 4, 76 2013-06-04 20:40 /dev/ttyS12 crw-rw---- 1 root dialout 4, 77 2013-06-04 20:40 /dev/ttyS13 crw-rw---- 1 root dialout 4, 78 2013-06-04 20:40 /dev/ttyS14 crw-rw---- 1 root dialout 4, 79 2013-06-04 20:40 /dev/ttyS15 crw-rw---- 1 root dialout 4, 80 2013-06-04 20:40 /dev/ttyS16 crw-rw---- 1 root dialout 4, 81 2013-06-04 20:40 /dev/ttyS17 crw-rw---- 1 root dialout 4, 82 2013-06-04 20:40 /dev/ttyS18 crw-rw---- 1 root dialout 4, 83 2013-06-04 20:40 /dev/ttyS19 crw-rw---- 1 root dialout 4, 66 2013-06-04 20:40 /dev/ttyS2 crw-rw---- 1 root dialout 4, 84 2013-06-04 20:40 /dev/ttyS20 crw-rw---- 1 root dialout 4, 85 2013-06-04 20:40 /dev/ttyS21 crw-rw---- 1 root dialout 4, 86 2013-06-04 20:40 /dev/ttyS22 crw-rw---- 1 root dialout 4, 87 2013-06-04 20:40 /dev/ttyS23 crw-rw---- 1 root dialout 4, 88 2013-06-04 20:40 /dev/ttyS24 crw-rw---- 1 root dialout 4, 89 2013-06-04 20:40 /dev/ttyS25 crw-rw---- 1 root dialout 4, 90 2013-06-04 20:40 /dev/ttyS26 crw-rw---- 1 root dialout 4, 91 2013-06-04 20:40 /dev/ttyS27 crw-rw---- 1 root dialout 4, 92 2013-06-04 20:40 /dev/ttyS28 crw-rw---- 1 root dialout 4, 93 2013-06-04 20:40 /dev/ttyS29 crw-rw---- 1 root dialout 4, 67 2013-06-04 20:40 /dev/ttyS3 crw-rw---- 1 root dialout 4, 94 2013-06-04 20:40 /dev/ttyS30 crw-rw---- 1 root dialout 4, 95 2013-06-04 20:40 /dev/ttyS31 crw-rw---- 1 root dialout 4, 68 2013-06-04 20:40 /dev/ttyS4 crw-rw---- 1 root dialout 4, 69 2013-06-04 20:40 /dev/ttyS5 crw-rw---- 1 root dialout 4, 70 2013-06-04 20:40 /dev/ttyS6 crw-rw---- 1 root dialout 4, 71 2013-06-04 20:40 /dev/ttyS7 crw-rw---- 1 root dialout 4, 72 2013-06-04 20:40 /dev/ttyS8 crw-rw---- 1 root dialout 4, 73 2013-06-04 20:40 /dev/ttyS9 crwxrwxrwx 1 root dialout 188, 0 2013-06-04 21:07 /dev/ttyUSB0 What is it that I am doing wrong? Thanks, George

10 years, 4 months

7
10
0 0

Query on flashing the loader

by Bhaskar11

This is my first attempt to flash the loader. 1) The instructions on http://bb.osmocom.org/trac/wiki/flashing require loading the file named "target/firmware/board/compal_e88/loader.*e88loader* .bin". Strangely I do not have this file after compilation. I have loader.compalram.bin and loader.highram.bin. I also have layer1.e88loader.bin and rssi.e88loader.bin. Can you please guide me? 2) The guide for flashing an application says to use rssi.e88flash.bin. Does that mean if I want to flash "layer1" as my application, then I must use layer1.*e88flash*.bin at that point? Thank you for your help. B.

10 years, 5 months

2
2
0 0

[PATCH] Improve cell_log

by ☎

Hi. Attached are set of patches with small improvements to cell_log, si_dump and mcc/mnc printers. Please review and merge if code is ok. -- best regards, Max, http://fairwaves.ru

10 years, 8 months

1
0
0 0

[PATCH 4/4] Add filtering and additional information printing to cell_log.

by Max

--- src/host/layer23/src/misc/app_cell_log.c | 53 ++++++++++++++++++++++++++------ src/host/layer23/src/misc/cell_log.c | 52 +++++++++++++++++++++---------- 2 files changed, 78 insertions(+), 27 deletions(-) diff --git a/src/host/layer23/src/misc/app_cell_log.c b/src/host/layer23/src/misc/app_cell_log.c index a7f42c3..1f69c31 100644 --- a/src/host/layer23/src/misc/app_cell_log.c +++ b/src/host/layer23/src/misc/app_cell_log.c @@ -27,6 +27,7 @@ #include <osmocom/bb/common/osmocom_data.h> #include <osmocom/bb/common/l1ctl.h> +#include <osmocom/bb/common/networks.h> #include <osmocom/bb/common/l23_app.h> #include <osmocom/bb/common/logging.h> #include <osmocom/bb/common/gps.h> @@ -45,6 +46,7 @@ extern uint16_t (*band_range)[][2]; char *logname = "/var/log/osmocom.log"; int RACH_MAX = 2; +uint16_t MCC = 0, MNC = 0, QUIET_PRINT = 0, PRINT_XTRA = 0, SCAN_ONCE = 0; int _scan_work(struct osmocom_ms *ms) { @@ -94,16 +96,21 @@ static int l23_cfg_supported() static int l23_getopt_options(struct option **options) { static struct option opts [] = { - {"logfile", 1, 0, 'l'}, - {"rach", 1, 0, 'r'}, - {"no-rach", 1, 0, 'n'}, + {"logfile", required_argument, NULL, 'l'}, + {"rach", required_argument, NULL, 'r'}, + {"no-rach", no_argument, NULL, 'n'}, #ifdef _HAVE_GPSD - {"gpsd-host", 1, 0, 'g'}, - {"gpsd-port", 1, 0, 'p'}, + {"gpsd-host", required_argument, NULL, 'g'}, + {"gpsd-port", required_argument, NULL, 'p'}, #endif - {"gps", 1, 0, 'g'}, - {"baud", 1, 0, 'b'}, - {"arfcns", 1, 0, 'A'} + {"gps", required_argument, NULL, 'g'}, + {"baud", required_argument, NULL, 'b'}, + {"arfcns", required_argument, NULL, 'A'}, + {"mcc", required_argument, NULL, 'c'}, + {"mnc", required_argument, NULL, 'm'}, + {"quiet", no_argument, NULL, 'q'}, + {"extra", no_argument, NULL, 'x'}, + {"once", no_argument, NULL, 'o'} }; *options = opts; @@ -162,7 +169,11 @@ static int l23_cfg_print_help() printf(" -f --gps DEVICE /dev/ttyACM0. GPS serial device.\n"); printf(" -b --baud BAUDRAT The baud rate of the GPS device\n"); printf(" -A --arfcns ARFCNS The list of arfcns to be monitored\n"); - + printf(" -c --mcc 000 The MCC to look for.\n"); + printf(" -m --mnc 00 The MNC to look for.\n"); + printf(" -q --quiet Do not print additional information.\n"); + printf(" -x --extra Print additional info from SI.\n"); + printf(" -o --once Exit after first scan is complete.\n"); return 0; } @@ -180,6 +191,15 @@ static int l23_cfg_handle(int c, const char *optarg) case 'n': RACH_MAX = 0; break; + case 'q': + QUIET_PRINT = 1; + break; + case 'x': + PRINT_XTRA = 1; + break; + case 'o': + SCAN_ONCE = 1; + break; case 'g': #ifdef _HAVE_GPSD snprintf(g.gpsd_host, ARRAY_SIZE(g.gpsd_host), "%s", optarg); @@ -224,6 +244,19 @@ static int l23_cfg_handle(int c, const char *optarg) parse_band_range((char*)optarg); printf("New frequencies range: %s\n", print_band_range(*band_range, buf, sizeof(buf))); break; + case 'c': + MCC = atoi(optarg); + if (GSM_INPUT_INVALID == MCC) MCC = 0; + else LOGP(DGPS, LOGL_INFO, "Target MCC is %s (%s)\n", gsm_print_mcc(MCC), gsm_get_mcc(MCC)); + break; + case 'm': + MNC = gsm_input_mnc(optarg); + if (GSM_INPUT_INVALID == MNC) MNC = 0; + if (0 != MCC) + LOGP(DGPS, LOGL_INFO, "Target MNC is %s (%s)\n", gsm_print_mnc(MNC), gsm_get_mnc(MCC, MNC)); + else + LOGP(DGPS, LOGL_INFO, "Target MNC is %s\n", gsm_print_mnc(MNC)); + break; } return 0; @@ -234,7 +267,7 @@ cmd_line_error: static struct l23_app_info info = { .copyright = "Copyright (C) 2010 Andreas Eversberg\n", - .getopt_string = "g:p:l:r:nf:b:A:", + .getopt_string = "g:p:l:r:noqxf:b:A:c:m:", .cfg_supported = l23_cfg_supported, .cfg_getopt_opt = l23_getopt_options, .cfg_handle_opt = l23_cfg_handle, diff --git a/src/host/layer23/src/misc/cell_log.c b/src/host/layer23/src/misc/cell_log.c index 7340dcb..8740965 100644 --- a/src/host/layer23/src/misc/cell_log.c +++ b/src/host/layer23/src/misc/cell_log.c @@ -37,6 +37,7 @@ #include <osmocom/gsm/protocol/gsm_04_08.h> #include <osmocom/gsm/rsl.h> +#include <osmocom/bb/common/l23_app.h> #include <osmocom/bb/common/l1ctl.h> #include <osmocom/bb/common/osmocom_data.h> #include <osmocom/bb/common/logging.h> @@ -78,7 +79,7 @@ static struct pm_info { int8_t rxlev_dbm; } pm[1024]; -static int started = 0; +static int started = 0, measured = 0; static int state; static int8_t min_rxlev_dbm = MIN_RXLEV_DBM; static int sync_count; @@ -89,7 +90,11 @@ static int rach_count; static FILE *logfp = NULL; extern char *logname; extern int RACH_MAX; - +extern uint16_t QUIET_PRINT; +extern uint16_t PRINT_XTRA; +extern uint16_t SCAN_ONCE; +extern uint16_t MCC; +extern uint16_t MNC; static struct gsm48_sysinfo sysinfo; @@ -135,14 +140,17 @@ static void log_time(void) LOGFILE("time %lu\n", now); } -static void log_frame(char *tag, uint8_t *data) +static void si_printer(void *priv, const char *fmt, ...) { - int i; + va_list a; + va_start(a, fmt); + fprintf(priv, fmt, a); + va_end(a); +} - LOGFILE("%s", tag); - for (i = 0; i < 23; i++) - LOGFILE(" %02x", *data++); - LOGFILE("\n"); +static void log_frame(char *tag, uint8_t *data) +{ + LOGFILE("%s %s\n", tag, osmo_hexdump(data, 23)); } static void log_pm(void) @@ -183,6 +191,8 @@ static void log_sysinfo(void) int8_t rxlev_dbm; char ta_str[32] = ""; + if (((0 != MCC) && (s->mcc != MCC)) || ((0 != MNC) && (s->mnc != MNC))) return; + if (log_si.ta != 0xff) sprintf(ta_str, " TA=%d", log_si.ta); @@ -198,20 +208,21 @@ static void log_sysinfo(void) rxlev_dbm = meas->rxlev / meas->frames - 110; LOGFILE("rxlev %d\n", rxlev_dbm); if (s->si1) - log_frame("si1", s->si1_msg); + log_frame("si1", s->si1_msg); if (s->si2) - log_frame("si2", s->si2_msg); + log_frame("si2", s->si2_msg); if (s->si2bis) - log_frame("si2bis", s->si2b_msg); + log_frame("si2bis", s->si2b_msg); if (s->si2ter) - log_frame("si2ter", s->si2t_msg); + log_frame("si2ter", s->si2t_msg); if (s->si3) - log_frame("si3", s->si3_msg); + log_frame("si3", s->si3_msg); if (s->si4) - log_frame("si4", s->si4_msg); + log_frame("si4", s->si4_msg); if (log_si.ta != 0xff) LOGFILE("ta %d\n", log_si.ta); - + if (PRINT_XTRA) + gsm48_sysinfo_dump_ext(s, s->arfcn, si_printer, logfp, NULL, 1, 0); LOGFILE("\n"); LOGFLUSH(); } @@ -337,8 +348,10 @@ static void start_sync(void) return; } pm[arfcn].flags |= INFO_FLG_SYNC; - LOGP(DSUM, LOGL_INFO, "Sync ARFCN %d (rxlev %d, %d syncs left)%s\n", - arfcn, pm[arfcn].rxlev_dbm, sync_count--, dist_str); + if (!QUIET_PRINT) { + LOGP(DSUM, LOGL_INFO, "Sync ARFCN %d (rxlev %d, %d syncs left)%s\n", + arfcn, pm[arfcn].rxlev_dbm, sync_count--, dist_str); + } memset(&sysinfo, 0, sizeof(sysinfo)); sysinfo.arfcn = arfcn; state = SCAN_STATE_SYNC; @@ -351,12 +364,17 @@ static void start_pm(void) { uint16_t from, to; + if (measured && SCAN_ONCE) { + l23_app_exit(NULL); + exit(0); + } state = SCAN_STATE_PM; from = (*band_range)[pm_index][0]; to = (*band_range)[pm_index][1]; if (from == 0 && to == 0) { LOGP(DSUM, LOGL_INFO, "Measurement done\n"); + measured = 1; pm_gps_valid = g.enable && g.valid; if (pm_gps_valid) geo2space(&pm_gps_x, &pm_gps_y, &pm_gps_z, -- 1.8.1.2 --------------000206000400030101050401--

10 years, 8 months

1
0
0 0

[PATCH 3/4] Make SI printing more flexible.

by Max

--- .../layer23/include/osmocom/bb/common/sysinfo.h | 3 ++ src/host/layer23/src/common/sysinfo.c | 46 +++++++++++++--------- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/src/host/layer23/include/osmocom/bb/common/sysinfo.h b/src/host/layer23/include/osmocom/bb/common/sysinfo.h index f843f27..f0af7ba 100644 --- a/src/host/layer23/include/osmocom/bb/common/sysinfo.h +++ b/src/host/layer23/include/osmocom/bb/common/sysinfo.h @@ -125,6 +125,9 @@ uint8_t gsm_refer_pcs(uint16_t arfcn, struct gsm48_sysinfo *s); int gsm48_sysinfo_dump(struct gsm48_sysinfo *s, uint16_t arfcn, void (*print)(void *, const char *, ...), void *priv, uint8_t *freq_map); +int gsm48_sysinfo_dump_ext(struct gsm48_sysinfo *s, uint16_t arfcn, + void (*print)(void *, const char *, ...), void *priv, + uint8_t *freq_map, uint8_t no_map, uint8_t print_stat); int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc, uint16_t *mnc, uint16_t *lac); int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc, diff --git a/src/host/layer23/src/common/sysinfo.c b/src/host/layer23/src/common/sysinfo.c index b42bd65..3892d1b 100644 --- a/src/host/layer23/src/common/sysinfo.c +++ b/src/host/layer23/src/common/sysinfo.c @@ -68,40 +68,46 @@ uint8_t gsm_refer_pcs(uint16_t arfcn, struct gsm48_sysinfo *s) } int gsm48_sysinfo_dump(struct gsm48_sysinfo *s, uint16_t arfcn, - void (*print)(void *, const char *, ...), void *priv, uint8_t *freq_map) + void (*print)(void *, const char *, ...), void *priv, uint8_t *freq_map) +{ + return gsm48_sysinfo_dump_ext(s, arfcn, print, priv, freq_map, 0, 1); +} + +int gsm48_sysinfo_dump_ext(struct gsm48_sysinfo *s, uint16_t arfcn, + void (*print)(void *, const char *, ...), void *priv, uint8_t *freq_map, uint8_t no_map, uint8_t print_stat) { char buffer[81]; int i, j, k, index; int refer_pcs = gsm_refer_pcs(arfcn, s); - /* available sysinfos */ - print(priv, "ARFCN = %s channels 512+ refer to %s\n", - gsm_print_arfcn(arfcn), - (refer_pcs) ? "PCS (1900)" : "DCS (1800)"); - print(priv, "Available SYSTEM INFORMATIONS ="); - if (s->si1) + if (print_stat) {/* available sysinfos */ + print(priv, "ARFCN = %s channels 512+ refer to %s\n", + gsm_print_arfcn(arfcn), + (refer_pcs) ? "PCS (1900)" : "DCS (1800)"); + print(priv, "Available SYSTEM INFORMATIONS ="); + if (s->si1) print(priv, " 1"); - if (s->si2) + if (s->si2) print(priv, " 2"); - if (s->si2bis) + if (s->si2bis) print(priv, " 2bis"); - if (s->si2ter) + if (s->si2ter) print(priv, " 2ter"); - if (s->si3) + if (s->si3) print(priv, " 3"); - if (s->si4) + if (s->si4) print(priv, " 4"); - if (s->si5) + if (s->si5) print(priv, " 5"); - if (s->si5bis) + if (s->si5bis) print(priv, " 5bis"); - if (s->si5ter) + if (s->si5ter) print(priv, " 5ter"); - if (s->si6) + if (s->si6) print(priv, " 6"); - print(priv, "\n"); - print(priv, "\n"); - + print(priv, "\n"); + print(priv, "\n"); + } /* frequency list */ j = 0; k = 0; for (i = 0; i < 1024; i++) { @@ -173,6 +179,8 @@ int gsm48_sysinfo_dump(struct gsm48_sysinfo *s, uint16_t arfcn, } print(priv, "\n"); + if (no_map) return 0; + /* frequency map */ for (i = 0; i < 1024; i += 64) { sprintf(buffer, " %3d ", i); -- 1.8.1.2 --------------000206000400030101050401 Content-Type: text/x-patch; name="0004-Add-filtering-and-additional-information-printing-to.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0004-Add-filtering-and-additional-information-printing-to.pa"; filename*1="tch"

10 years, 8 months

1
0
0 0

[PATCH 2/4] Declare constant parameters as constant.

by Max

--- src/host/layer23/include/osmocom/bb/common/networks.h | 4 ++-- src/host/layer23/src/common/networks.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/host/layer23/include/osmocom/bb/common/networks.h b/src/host/layer23/include/osmocom/bb/common/networks.h index d34f316..9311f6f 100644 --- a/src/host/layer23/include/osmocom/bb/common/networks.h +++ b/src/host/layer23/include/osmocom/bb/common/networks.h @@ -17,8 +17,8 @@ const char *gsm_get_mcc(uint16_t mcc); const char *gsm_get_mnc(uint16_t mcc, uint16_t mnc); const char *gsm_imsi_mcc(char *imsi); const char *gsm_imsi_mnc(char *imsi); -const uint16_t gsm_input_mcc(char *string); -const uint16_t gsm_input_mnc(char *string); +const uint16_t gsm_input_mcc(const char *string); +const uint16_t gsm_input_mnc(const char *string); #endif /* _NETWORKS_H */ diff --git a/src/host/layer23/src/common/networks.c b/src/host/layer23/src/common/networks.c index ad2caa6..0bb143f 100644 --- a/src/host/layer23/src/common/networks.c +++ b/src/host/layer23/src/common/networks.c @@ -1852,7 +1852,7 @@ const char *gsm_print_mnc(uint16_t mnc) return string; } -const uint16_t gsm_input_mcc(char *string) +const uint16_t gsm_input_mcc(const char *string) { uint16_t mcc; @@ -1873,7 +1873,7 @@ const uint16_t gsm_input_mcc(char *string) return mcc; } -const uint16_t gsm_input_mnc(char *string) +const uint16_t gsm_input_mnc(const char *string) { uint16_t mnc = 0; -- 1.8.1.2 --------------000206000400030101050401 Content-Type: text/x-patch; name="0003-Make-SI-printing-more-flexible.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0003-Make-SI-printing-more-flexible.patch"

10 years, 8 months

1
0
0 0

[PATCH 1/4] Comment out print duplicating debug output.

by Max

--- src/host/layer23/src/common/l1ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c index 91bab89..80aa4df 100644 --- a/src/host/layer23/src/common/l1ctl.c +++ b/src/host/layer23/src/common/l1ctl.c @@ -244,7 +244,7 @@ static int rx_ph_data_ind(struct osmocom_ms *ms, struct msgb *msg) } if (dl->fire_crc >= 2) { -printf("Dropping frame with %u bit errors\n", dl->num_biterr); +//printf("Dropping frame with %u bit errors\n", dl->num_biterr); LOGP(DL1C, LOGL_NOTICE, "Dropping frame with %u bit errors\n", dl->num_biterr); msgb_free(msg); -- 1.8.1.2 --------------000206000400030101050401 Content-Type: text/x-patch; name="0002-Declare-constant-parameters-as-constant.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0002-Declare-constant-parameters-as-constant.patch"

10 years, 8 months

1
0
0 0

Re: UI work - qemu and key repeating

by Craig Comstock

> > I'm writing some UI/firmware [...] > That sounds neat... are you doing it in some visible git repository perchance? I'm just hacking on layer1/main.c right now. Not even sure I would put in a repo since I want to implement some form of t-9 character and word fanciness. Maybe I could make that a module or think of an open-source/free paradigm for entering text w/ the keypad. http://www.google.com/patents?id=PmgCAAAAEBAJ (T9) http://www.google.com/patents/US3967273 (funny bell labs method using two key presses always) (the list goes on and on I think...) My thinking is that I might start with this hacked layer1 and gradually try to bring bits of mobile into the firmware/ui. Also just wanting to fiddle around with how the phone will "feel" with a console interface. aka UI prototyping. Cheers, Craig

10 years, 8 months

1
0
0 0

UI work - qemu and key repeating

by Craig Comstock

Was wondering if anyone has tried to use qemu to make a device emulator? I'm writing some UI/firmware and it seems like it might be a nice way to iterate on code. Also was thinking I would need to rework keypad.c so that I can get key hold/repeat events since I want to know when a key is being held down at some fairly short interval. Any suggestions/previous work/cautions? Thanks, Craig

10 years, 8 months

2
1
0 0

chainload.compalram.bin missing?

by Craig Comstock

I was trying to load some apps to a Motorola C139 and found that after building osmocom-bb that there were no chainload image files built. Am I using the wrong branch somehow? Are the instructions out of date on this page: http://bb.osmocom.org/trac/wiki/MotorolaC140 ./osmocon -p /dev/ttyUSB0 -m c140 -c ../../target/firmware/board/compal_e86/layer1.highram.bin ../../target/firmware/board/compal_e86/chainload.compalram.bin The page mentions something about a magic value that must be placed into memory for the bootloader... could that be added to osmocon somehow so that specifying -m c140 takes care of it? "After the download has completed, it expects the magic string "1003" (0x31 0x30 0x30 0x33) at the RAM address 0x803ce0" Thanks, Craig

10 years, 8 months

3
5
0 0

Uplink sniffing

by George Andguladze

Dear all, I was wondering if uplink sniffing is enabled by default in latest firmware as file "osmocom-bb/src/target/firmware/layer1/prim_sniff.c" has been modified and does not hold "#if 0" bit at line 288 anymore. Thanks, George Andguladze

10 years, 8 months

1
0
0 0

howto use osmocom / mobile app without a sim-card

by "Robert Köberl"

10 years, 8 months

2
1
0 0

osmocombb / mobile app ... sms without simcard

by robert

hello! how is it possible to send a sms without a sim-card in my C123? with simcard its possible ... :-) how to use "sim testcard 1"?

10 years, 8 months

1
0
0 0

Re: Calypso/Iota/Rita chip recommendations

by msokolov＠ivan.Harhan.ORG

Peter Stuge <peter(a)stuge.se> wrote: > > Actually my hope is to build a quad-band phone > That would be neat too. > [...] > I was thinking about phone-as-BTS, but same principle, no > (or just the appropriate) filters. Unfortunately these two goals (quad-band support on the one hand, and filter hackability on the other hand) seem to be in conflict. It seems to me that trying to build a quad-band phone using separate antenna switch and Rx SAW filter components would be very messy, probably too messy for an RF-clean PCB layout - hence necessitating the use of an integrated RF front-end part that has all that mess hidden inside. (See ftp.ifctf.org/pub/GSM/Calypso/M034F.pdf for an example of wha I mean.) But using an integrated RF FEM like that M034F would surely preclude the possibility of filter hacking... Once again, my goal is to produce a Totally Free Phone for everyday use in one's pocket/purse, not GSM hacking - and I reason I must not be the only person on this list who desires such; I reason that there must be other lurkers on this list who watch with frustration as the years go by, there are all kinds of hacks made, but virtually zero progress toward an end-user-usable Free phone. It's obvious that OsmocomBB and FreeCalypso will always be two separate projects: the former focused on GSM hacking and security research, the latter on everyday-phone end-user needs. All I'm hoping for is that the two projects could be at least somewhat amicable, and cooperate in things like amassing hardware knowledge - rather than be all-out hostile. SF

10 years, 8 months

1
0
0 0

Re: Calypso/Iota/Rita chip recommendations

by msokolov＠ivan.Harhan.ORG

Sylvain Munaut <246tnt(a)gmail.com> wrote: > And why exactly should we help you when you publicly stated [1] that > you'd rather shoot us then yourself > [1] http://lists.openmoko.org/pipermail/community/2012-March/066565.html A little clarification is in order: * In my past negative interactions with certain individuals who have previously served as employees or contractors of Openmoko-Inc and who currently serve as lead developers of OsmocomBB, the crux of the dispute was those individuals' unwillingness to share with all Humanity (yes, *all Humanity*, *not* "me" - I could be dead tomorrow and nothing will change) those COFF object files with symbolic information which Om-Inc had received from TI, and/or their voluntary choice to live and/or accept voluntary citizenship in a country that deems such sharing to be illegal - obviously a voluntary choice which I have NOT made. * There has been one major change in the year and a half since that post of mine quoted by Sylvain - I have discovered this: http://scottn.us/downloads/peek/ [In case ScottN, whoever he is, takes the ware down from his website, it's already archived on my mini-Wikileaks at ftp.ifctf.org/pub/GSM/LoCosto - but for as long as ScottN's copy is up, it should be much faster.] The discovery of the above source (which is almost complete source with very little in object-only form) makes it now unnecessary for me to sacrifice my life in a gunfire exchange with German or Russian police in order to free Openmoko's COFF objects - I'm pretty confident in my ability to recreate something very similar, but full-source from this recently discovered "peek" ware and other more recently discovered leaks, also on my FTP site. > than help us in any way ... It is true that I have chosen to use a different Free Software GSM stack (plus UI etc) implementation for my personal use, hence any contributions from me to the software side of the OsmocomBB project are indeed unlikely. However, I am hoping that the project to build new free phone hardware can be done as a joint project between the two camps. The hardware design files will be free for anyone to download and do with as s/he pleases, and obviously each user is free to run whatever software s/he likes: OsmocomBB, FreeCalypso, or some 3rd or 4th or other choice that may exist in the future. SF

10 years, 8 months

2
1
0 0

Calypso/Iota/Rita chip recommendations

by msokolov＠ivan.Harhan.ORG

Hello fellow Calypso phone hackers, Not having found an already-existing Calypso phone that is exactly to my liking (of the ones supported by OsmocomBB, the Pirelli comes closest to my ideal, but even that one has a few things I don't like, and most important of all, the availability of these phones on the market has already shrunk down to zilch - so the day is near when it will be just as legendary-unobtainium as the TSM30), I am setting out to build my own. I am setting out to design and build a new Calypso/Iota/Rita phone, one that will be specifically designed to run Free Software as its firmware: either OsmocomBB or FreeCalypso (my own personal alternative free GSM firmware implementation), up to each user's individual choice. My design will be a phone, not a modem (i.e., complete with the essential UI elements, as in LCD and keypad), and it will be a dumb/plain/feature phone, i.e., the Calypso will be the main/sole CPU - not a smartphone like Openmoko etc. Before I tackle the difficult problem of either making a new plastic case or choosing some existing one, I will start out by building a bare GSM development board - basically a complete phone sans case, built on a non-form-factor-controlled PCB. This development board will probably end up being very similar to the one which Harard Welte has announced here a little over a year ago, but with one major difference: *all* hardware design source files (as in schematic, BOM and PCB layout source) will be openly released, with absolutely nothing withheld, and in fact the development itself will take place in a public source control repository. Therefore, regardless of whether I succeed or fail in the ultimate goal of producing a complete phone packaged in a plastic case, there will be an Open Source Hardware design for a working Calypso GSM board which others will be able to use as a starting point - something that wouldn't be possible (or at least less convenient) with Harald's PDF-schematics-only version. However, the above vaporware announcement is not the real purpose of my post. Instead, I am currently in the negotiations with several Chinese sellers of Calypso/Iota/Rita/etc chips, and I'm soliciting advice on exactly which variant of each chip I should use: * The Calypso chip in both GTA02 and Pirelli DP-L10 (the two existing designs I use as references to be copied whenever it makes sense) is PD751992AZHH. I can easily get this exact part, but I can also get ones with GHH or AGHH suffixes. I'm venturing a guess in that the A seems to go with the 751992 number, i.e., it's part of the die revision, and as to the difference between GHH and ZHH, I'm guessing that it's the RoHS difference: I'm guessing that GHH has balls made of real SnPb solder, whereas ZHH has the "lead-free solder" junk substituted instead. Because I'm very fortunate to NOT live in the EU or anywhere near, I'm not subject to any EU-nian laws like the RoHS idiocy, and I generally prefer to use real SnPb solder whenever possible. So I wonder: can someone confirm if indeed PD751992AGHH is the exact same Calypso chip as the PD751992AZHH used in the GTA02 and Pirelli phones, but with real non-RoHS solder balls instead, or is it something different? * Which Iota variant is better: TWL3014 or TWL3025? I'm thinking TWL3025, reasoning that it being newer probably means having some internal bugfixes or minor improvements, but perhaps the older TWL3014 is better instead? * As to the Rita, the base part number appears to be TRF6151C in all phones currently supported by OsmocomBB, so I'm sticking with this base part number. But there are additional suffixes after the 'C' in that P/N - would anyone happen to know what these suffixes mean, and which variant I should use? * For the RF PA, I see that the GTA02 uses RF3166 from RF Micro Devices (one of Harald Welte's posts regarding his planned Calypso board also mentioned him planning to use the same PA), whereas the Pirelli and most other feature phones supported by OsmocomBB tend to use Skyworks parts instead. Which is better? I'm currently leaning toward the RF3166, but if someone has a recommendation that is actually backed by some knowledge/reason rather than just a guess like mine, I'll listen. :-) * If I do go with the RF3166, any idea as to what the different suffix versions are? TIA for any input, SF

10 years, 8 months

3
4
0 0

Re: Calypso/Iota/Rita chip recommendations

by msokolov＠ivan.Harhan.ORG

Peter Stuge <peter(a)stuge.se> wrote: > It would be neat if you choose a filter part with a footprint that > can also accomodate a balun more easily than in the Compal phones, Actually my hope is to build a quad-band phone (unlike the dual- or tri-band ones we have so far) by copying this reference design from TI: ftp://ftp.ifctf.org/pub/GSM/Calypso/Leonardo_plus_quadband_schem.pdf [The above PDF came from one of the Chinese sites; the /pub/GSM directory of my FTP site above is my own sort of mini-Wikileaks for all things dealing with the Calypso and related things - I encourage everyone to check out the collection of goodies which I've accumulated so far, and which only keeps growing. :-)] As you can see on that schematic, instead of using separate antenna switch and Rx SAW filter parts, the Leonardo reference boards used integrated RF front-end modules - in the case of the quad-band Leonardo Plus, it's a quad-band RF FEM that works perfectly with the Rita. The specific part on that Leonardo+ board seems to be Epcos M034F. A quick search for that part hasn't shown up any availability, but then it was only a very quick search, and even if that specific part isn't available, I reason that there must be functional equivalents from other manufacturers. > so that a phone could be assembled "either way". You mean a filterless sniffer version? I have to admit that sniffing and other GSM hacking aren't really my areas of interest - instead all I want is a 100% "normal" cellphone, but with just one difference: running software/firmware whose full source is physically available (be it legal or otherwise) for the exercise of the Four Freedoms defined by the FSF, as a moral requirement. SF

10 years, 8 months

2
1
0 0

Channel Request Info RACH GSMTAP Wireshark?

by dagar

hello, when reading gsm spec online i have understood that on an MT call the BTS pages the phone on the RR paging channel(PCH) the phone then asks for a channel in the RR channel request (RACH) the BTS replies with RR immediate assignment(AGCH) etc etc Now I have tried to see a live example of this using osmocom-bb layer1/mobile + gsmtap/wirehshark However I cannot figure out or see anywhere in these logs the *RR channel request (RACH) packet*. Does GSMTAP or OsmocomBB actually capture the RR channel request or am I missing something here?? the logs I get are like this (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) System Information Type 1 (CCCH) (RR) System Information Type 2 (CCCH) (RR) System Information Type 3 (CCCH) (SS) (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Paging Request Type 1 (CCCH) (RR) Immediate Assignment and so on Thanks! -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Channel-Request-Info-RACH-GSMTAP… Sent from the baseband-devel mailing list archive at Nabble.com.

10 years, 8 months

2
1
0 0

Filtering in baseband spectrum

by Neela Neela

Hi I am a beginner with RTL and observing that the baseband spectrum is centred at 0 Hz and is asymmetric going from -1 MHz to +1 MHz. How does one filter a part of such a spectrum? For example if signal of interest lied in -300 kHz to -150 kHz. The filtering techniques for typical band pass filters work with positive frequencies and have symmetric frequency selection response. As such a 150 to 300 KHz band pass filter will select signal in both 150 to 300 kHz band as well as from -150 to 300 kHz. Is there a special filtering method available to work with negative frequencies and with an asymmetric baseband spectrum. I am sure this has been addressed as preassumably the FM and other signals of interest are filtered somehow. Anu indications will be appreciated.

10 years, 8 months

2
2
0 0

fmtool error

by Ahmed Gawad

Hello, I am trying to run osmocom on Motorola C117. Using the following : PC(Ubuntu12 64bit)<---->USB To Serial cable (5v)<---->serial to (3.3V)<---->phone when i press power button all i can get is "fmtoolerror" . and there is no more messages only that . I am wounding if that means the phone is not working properly or it could be a cable issue ? Thanks very much .

10 years, 8 months

1
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel August 2013