August 2014 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months

5
5
0 0

OpenBTS OsmocomBB Asterisk

by trixbox.t

Hello! I Need Help I install these three programs OpenBTS, OsmocomBB, Asterisk Then run them, Everything works well OpenBTS sent an SMS to my phones I answered and he checked me I registered into OpenBTS a second phone I tried to transfer SMS between phones - all good but when I try to call from one to another I did not get Asterisk writes ================================================================ *CLI> Retransmission timeout reached on transmission 755803415(a)127.0.0.1 for seqno 179 (Critical Response) -- See wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32001ms with no response ================================================================ Why? What do I do? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/OpenBTS-OsmocomBB-Asterisk-tp402… Sent from the baseband-devel mailing list archive at Nabble.com.

5 years, 9 months

6
14
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

8
12
0 0

"Type not handled! 40" gprsdecode

by George Andguladze

Hey there, I bumped into this error when testing gprsdecode from srldabs.de When I try the sample .dat files provided from srlabs.de it works fine though. Any hints? Kind Regards George AndguladzeSenior Software EngineerBusiness Management Technology www.bmt.ge

7 years, 5 months

2
1
0 0

layer2/3 ported to target? paging attack code?

by Craig Comstock

Hey, I finally watched Nico's talk "let me answer that for you" and heard him say he ported layer2/3 to target. Also found a mailing list message about him cleaning it up and putting it up on git and sending it to a few folks. Did that code ever get shared? Would be cool to play around with and is certainly something I would eventually want to accomplish for my project of making a phone that works by itself. -Craig

7 years, 8 months

8
15
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 10 months

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

3
3
0 0

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 1 month

5
21
0 0

Baseband: MS '1' is up, service is limited

by Hoàng Mạnh Hùng

Hi all, *I connected, sent and made call successful with osmocombb (with real IMSI and IMEI). But, now, I get error, always be rejected:* OsmocomBB# show ms MS '1' is up, service is limited IMEI: 357337016773249 IMEISV: 3573370167732490 IMEI generation: fixed automatic network selection state: A0 null cell selection state: PLMN search radio ressource layer state: idle mobility management layer state: MM idle, PLMN search OsmocomBB# % (MS 1) % Trying to registering with network... *in my config file (/root/.osmocom/bb/mobile.cfg)**:* ! ! OsmocomBB () configuration saved from vty !! ! line vty no login ! gps device /dev/ttyACM0 gps baudrate default no gps enable ! no hide-default ! ms 1 layer2-socket /tmp/osmocom_l2 sap-socket /tmp/osmocom_sap sim reader network-selection-mode auto imei 357337016773249 0 imei-fixed emergency-imsi 452040399998391 sms-service-center +84980200030 no call-waiting no auto-answer no force-rekey no clip no clir tx-power auto no simulated-delay no stick location-updating neighbour-measurement codec full-speed prefer codec half-speed no abbrev support sms a5/1 a5/2 p-gsm e-gsm r-gsm gsm-850 dcs pcs class-900 4 class-850 4 class-dcs 1 class-pcs 1 channel-capability sdcch+tchf+tchh full-speech-v1 full-speech-v2 half-speech-v1 min-rxlev -106 dsc-max 90 no skip-max-per-band exit test-sim imsi 001010000000000 ki xor 00 00 00 00 00 00 00 00 00 00 00 00 no barred-access no rplmn hplmn-search foreign-country exit no shutdown exit ! Anyone help me???, thanks a lot! -- Thanks and Best Regards -- From: Hoàng Mạnh Hùng

8 years, 11 months

5
10
0 0

Missing packet when sniffing by luca/gsmmap

by Swift

Hi there, I am sorry to bother you but I am really confused by recent experiment. When I was doing the GSM sniffing I found that some of sms messages that were sent continuesly were missing, I can only capture 50-60% of all test messages. By analyzing wireshark data I found that osmocom program keeps tracking packets(lapdm) once an Immediate Assignment captured and if at the same time there comes another Immediate Assignment the program will miss it.I think this is the reason why i lost some messages.So is there any suggestions I can fix this up? Like using a backup phone to capture the second Immediate Assignment during one period? Thanks, Swift -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Missing-packet-when-sniffing-by-… Sent from the baseband-devel mailing list archive at Nabble.com.

9 years, 1 month

2
1
0 0

Location update problems on Motorola C118

by Maciej Grela

Hi, I'm trying to run the latest osmocom-bb git on a Motorola C118 phone. After a minor problem with the build (as you may've noticed in the patch I've sent). I got to the point of successfuly running layer1 on the phone and the mobile app on the PC (I have also enabled TX). The process seems to be stuck on trying to perform a location update. The status of the ms is always either: show ms MS '1' is up, MM connection active IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: connected mode 1 ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: connection pending mobility management layer state: wait for RR connection (location updating) OsmocomBB> or show ms MS '1' is up, service is limited (pending) IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: C3 camped normally ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: idle mobility management layer state: MM idle, attempting to update OsmocomBB> I think, that because of this I can't make any calls or send sms (all the requests are being rejected): OsmocomBB# call 1 <X> call 1 <X> OsmocomBB# % (MS 1) % Call has been rejected The log information from mobile when it's trying to do a location update is show below: <000b> gsm48_rr.c:2174 PAGING REQUEST 1 <000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us) <000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us) <000e> gsm48_mm.c:344 Location update retry <0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event in state MM IDLE, attempting to update <000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f) <0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f) <0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e <0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait for RR connection (location updating) <0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1318 Establish radio link due to mobility management request <0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3653 Going to camping (normal) ARFCN 19. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0001> gsm48_rr.c:366 new state idle -> connection pending <0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI) <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 <0003> gsm48_rr.c:4816 Channel provides data. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 0 ra 0x0e) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x07) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0f) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x01) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0a) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0) <0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts <0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1 SS 0 TSC 1) <0001> gsm48_rr.c:2393 request 0a matches but not frame number (IMM.ASS fn=22,6,30 != RACH fn=22,5,25) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:765 timer T3126 has fired <000e> gsm48_rr.c:770 Requesting channel failed <0001> gsm48_rr.c:366 new state connection pending -> idle <0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection in state 'connected mode 1' <0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally' <0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state wait for RR connection (location updating) (sapi 0) <0005> gsm48_mm.c:2732 RR link released after loc. upd. <000e> gsm48_mm.c:2676 Location update failed <000e> gsm48_mm.c:2686 Try location update later <0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0 <0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds <0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE <0005> gsm48_mm.c:1159 Loc. upd. allowed. <0005> gsm48_mm.c:919 new state wait for RR connection (location updating) -> MM IDLE, location updating needed <0005> gsm48_mm.c:909 new MM IDLE state location updating needed -> attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 Can you provide me any hints on how to debug this ? Why is the location update failing constantly ? Thanks in advance for your help. Best regards, Maciej Grela

9 years, 5 months

6
9
0 0

Mobile testing branch

by tom mc loughlin

Hi all I have built Osmocommbb with testing branch and I want to run Mobile app allowing me to make a call via my local network. All goes well in the build but I am unable to register on my own network while using a genuine network sim. This is output from my compal_e88/layer1.compalram.bin. As you can see all looks good with signal levels fairly ok until this point and then level drops to -138 dbm and there it stays on all chanells. I have tried this with 3 different sims and all is the same. Can someone help? Tom bat_compal_e88_chg_state=0 L1CTL_RESET_REQ: FULL!SIM Request (7): a0 a4 00 00 02 3f 00 SIM Response (2): 9f 20 SIM Request (5): a0 c0 00 00 20 SIM Response (34): 00 00 02 b7 3f 00 01 00 00 00 00 00 13 b3 05 0a 04 00 83 8a 83 8a 00 03 00 00 02 b7 00 00 02 b7 90 00 SIM Request (7): a0 a4 00 00 02 2f e2 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 0a 2f e2 04 00 0f 00 ff 01 02 00 00 90 00 SIM Request (5): a0 b0 00 00 0a SIM Response (12): 98 53 03 11 02 08 22 45 65 f6 90 00 SIM Request (7): a0 a4 00 00 02 7f 20 SIM Response (2): 9f 20 SIM Request (5): a0 c0 00 00 20 SIM Response (34): 00 00 00 00 7f 20 02 00 00 00 00 00 13 b3 00 23 04 00 83 8a 83 8a 00 03 00 00 02 b7 00 00 00 00 90 00 SIM Request (7): a0 a4 00 00 02 6f 07 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 09 6f 07 04 00 14 00 14 01 02 00 00 90 00 SIM Request (5): a0 b0 00 00 09 SIM Response (11): 08 29 27 10 17 21 89 26 33 90 00 SIM Request (7): a0 a4 00 00 02 6f 7e SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 0b 6f 7e 04 00 11 00 14 01 02 00 00 90 00 SIM Request (5): a0 b0 00 00 0b SIM Response (13): ff ff ff ff 72 f2 60 ff fe 00 03 90 00 SIM Request (7): a0 a4 00 00 02 6f 20 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 00 09 6f 20 04 00 11 00 44 01 02 00 00 90 00 SIM Request (5): a0 b0 00 00 09 SIM Response (11): ff ff ff ff ff ff ff ff 07 90 00 SIM Request (7): a0 a4 00 00 02 6f 30 SIM Response (2): 9f 0f SIM Request (5): a0 c0 00 00 0f SIM Response (17): 00 00 01 2c 6f 30 04 00 11 00 44 01 02 00 00 90 00 SIM Request (5): a0 b0 00 00 2c SIM Response (46): 32 f4 51 02 f8 01 12 f4 60 12 f4 10 62 f2 20 02 f4 40 22 f2 01 02 f6 10 22 f8 10 72 f0 77 62 f8 10 42 f0 80 32 f8 10 02 f2 50 32 f2 90 00 BAT-ADC: 593 6 0 0 1023 353 327 277 Charger at 51 mV. PM MEAS: ARFCN=1016, 33 dBm at baseband, -104 dBm at RF PM MEAS: ARFCN=1017, 33 dBm at baseband, -104 dBm at RF PM MEAS: ARFCN=1018, 29 dBm at baseband, -108 dBm at RF PM MEAS: ARFCN=1019, 29 dBm at baseband, -108 dBm at RF PM MEAS: ARFCN=1020, 28 dBm at baseband, -109 dBm at RF PM MEAS: ARFCN=1021, 29 dBm at baseband, -108 dBm at RF PM MEAS: ARFCN=1022, 27 dBm at baseband, -110 dBm at RF PM MEAS: ARFCN=1023, 39 dBm at baseband, -98 dBm at RF L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=1, flags=0x7) Starting FCCH RecognitionFB0 (3859:4): TOA= 3792, Power= -88dBm, Angle=-1361Hz DSP Error Status: 256 FB1 (3869:8): TOA= 8751, Power= -88dBm, Angle= -36Hz fn_offset=3867 (fn=3869 + attempt=8 + ntdma = 6) delay=8 (fn_offset=3867 + 11 - fn=3869 - 1 scheduling next FB/SB detection task with delay 8 =>FB @ FNR 3867 fn_offset=3867 qbits=4820 Synchronize_TDMA LOST 3711! DSP Error Status: 256 DSP Error Status: 264 L1CTL_RESET_REQ: FULL!LOST 1893! L1CTL_FBSB_REQ (arfcn=981, flags=0x7) Starting FCCH RecognitionLOST 1857! L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=71, flags=0x7) Starting FCCH RecognitionL1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=993, flags=0x7) Starting FCCH RecognitionL1CTL_RESET_REQ: FULL!LOST 1899! L1CTL_FBSB_REQ (arfcn=979, flags=0x7) Starting FCCH RecognitionLOST 1851! DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=4, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 BAT-ADC: 590 6 0 0 1023 356 330 277 Charger at 51 mV. Battery at 4033 mV. Charging at 0 mA. Battery capacity is 100%. Battery range is 3199..3999 mV. Battery full at 468 LSB .. full at 585 LSB Charging at 239 LSB (204 mA). BCICTL2=0x3ff battery-info.flags=0x00000000 bat_compal_e88_chg_state=0 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=1023, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!LOST 1900! L1CTL_FBSB_REQ (arfcn=980, flags=0x7) Starting FCCH RecognitionLOST 1850! DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=78, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=53, flags=0x7) LOST 1880! Starting FCCH RecognitionLOST 1870! DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=69, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=94, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=57, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=985, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=970, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=45, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=43, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=33, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=7, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=988, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=971, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=969, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=42, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=40, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=32, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 BAT-ADC: 592 6 0 0 1023 353 327 270 Charger at 51 mV. Battery at 4047 mV. Charging at 0 mA. Battery capacity is 100%. Battery range is 3199..3999 mV. Battery full at 468 LSB .. full at 585 LSB Charging at 239 LSB (204 mA). BCICTL2=0x3ff battery-info.flags=0x00000000 bat_compal_e88_chg_state=0 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=85, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=55, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=47, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=28, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=5, flags=0x7) Starting FCCH RecognitionDSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 DSP Error Status: 8 L1CTL_RESET_REQ: FULL!L1CTL_PM_REQ start=0 end=124 DSP Error Status: 8 PM MEAS: ARFCN=0, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=1, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=2, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=3, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=4, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=5, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=6, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=7, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=8, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=9, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=10, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=11, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=12, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=13, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=14, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=15, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=16, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=17, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=18, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=19, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=20, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=21, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=22, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=23, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=24, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=25, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=26, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=27, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=28, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8 PM MEAS: ARFCN=29, 0 dBm at baseband, -138 dBm at RF DSP Error Status: 8

9 years, 7 months

5
7
0 0

Can osmocomBB support multi phone simultaneously for a same sniff

by huang

For example, if i use three phone to catch TS0,can this three phones work at the same time -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Can-osmocomBB-support-multi-phon… Sent from the baseband-devel mailing list archive at Nabble.com.

9 years, 7 months

1
0
0 0

Re: Aw: pirelli dp-l10 stuck

by msokolov＠ivan.Harhan.ORG

"TSAREGORODTSEV, Yury" <yury(a)bridgecommunication.co.uk> wrote: > Damn, yeah > its not charging at all :) > even when connected to hub with external power :) Unfortunately there are no schematics available for the DP-L10 (and reconstructing them from steve-m's PCB layer scans is anything but easy), so everything that follows is ultimately pure guesswork, but it *seems* to me that the battery charging circuit in this phone is fundamentally the same as in the more traditional Calypso+Iota phones (Compal etc), aside from using USB VBUS as the charging power source instead of a dedicated round-plug type of power jack. If the charging circuit in the DP-L10 works the way I think it does, following common sense and all that, than the battery charging process ought to be controlled by Iota ABB. The ABB chip in this phone is TWL3014, but I'll use the more readable TWL3025 datasheet as a reference instead - back in 2011 both Steve M. and Sylvain M. said on this list that the two chips are functionally identical. The battery charging functionality is described on pages 46-48 of TWL3025_SWRS021.pdf; in particular, refer to Figure 4-10 on page 48. If my understanding of this datasheet description is correct, and if the phone in question (Pirelli DP-L10) indeed has its battery charging circuit implemented in the canonical way, then one of the following two conditions must be met in order for charging current to pass from VBUS into the battery: 1. The "precharge" function is enabled inside the ABB chip, such that an internal transistor in the ABB opens up to pass some current from the VCHG pin to the PCHG pin. This precharge function is intended for situation when the battery has discharged so low that it needs to be charged some before one can boot the CPU, hence this precharge phase has to be done entirely in hardware without any CPU firmware supervision. But it appears that this hardware-only precharge function is automatically disabled when the CPU is turned on, or maybe the precharge current is so feeble that the drain from the running CPU is greater than the amount of power coming from the precharge circuit. -or- 2. The "normal" way of charging the battery (with the CPU running) is for the CPU to enable the main charging circuit in the ABB via some register writes. In this case the power flows from the charging source (USB VBUS in the case of Pirelli DP-L10) into the battery through an external power transistor controlled by the ICTL output from the ABB. In TI's standard firmware the battery charging function lives in the PWR SWE (RiViera Software Entity) in the older versions and in the LCC SWE in newer ones. Pirelli's version appears to use PWR rather than LCC. We (the world public) have the source for the PWR SWE in the MV100 find, and that for LCC in the Sotovik find, but I haven't really looked at either of them yet - working on L1 integration currently. If you would like to get Pirelli battery charging working in OsmocomBB, I would recommend that you take the charging code for compal_e88, enable it for the DP-L10 build, and experiment from there. Don't be fooled by Pirelli's use of USB charging instead of a round-plug charger, my guess is that they use USB VBUS in exactly the same way as how Compal etc use their charging power source. It also seems to me that Pirelli's charging mechanism does not strictly comply with the USB spec. Per the spec, you are supposed to draw no more than 100 mA from VBUS until and unless you negotiate a higher power budget with the host, and that negotiation takes place over the D+ and D- wires. But in Pirelli's case these D+ and D- wires go to the CP2102 USB-serial chip and nowhere else, and only this CP2102 speaks the USB protocol - the Calypso only sees UART-serial on the other side of the CP2102. So they "illegally" tap VBUS (which per the spec must not go anywhere but to the device that speaks the USB protocol) to use it as the charging power source, but have no way to negotiate their current draw. When Pirelli's fw detects the presence of VBUS via the charger-insert interrupt from the ABB and decides to start charging the battery, it has no choice but to enable some hard-coded charging current value - the charging current can be adjusted by programming a register in the ABB, but the fw has no way of knowing how much current it is allowed to draw from VBUS, if any at all, because only the USB logic in the CP2102 has access to this knowledge. So whatever charging current it draws, it must do so blindly. I can only guess that this current must be somewhere around 500 mA, as charging at 100 mA would be too slow. I actually like Pirelli's design in this regard, and I currently plan on copying it in my own Pirelli-inspired Calypso dumbphone design: put a CP2102 inside the phone just like Pirelli did, and use the same USB charging arrangement, drawing 500 mA for charging unconditionally, showing "the middle finger" to the developer-unfriendly Unusable Serial Botch specs... Or can someone think of a better way? VLR, SF

9 years, 7 months

2
1
0 0

pirelli dp-l10 stuck

by TSAREGORODTSEV, Yury

Hi, everybody has same trouble that pirelli stuck after some usage ?

9 years, 7 months

3
6
0 0

pirelli dp10

by TSAREGORODTSEV, Yury

Hello, anyone has experience to use application mobile on pirelli ? there is no layer1.compalram.bin for this model, any ideas how to run app mobile? Sincerely Yours, Tsaregorodtsev Yury Bridge Communication Billing & Settlement Plan Limited Fernhills Business Center, Foerster Chambers, Todd Street Bury, Gtr Manchester, BL9 5BJ United Kingdom Tel: +441570200000 ICQ: 622719210 MSN: y.tsaregorodtsev(a)live.com Skype: tsarik-108 web: www.bridgecommunication.co.uk

9 years, 8 months

1
2
0 0

[PATCH] layer23: initialize l2h/l3h pointers

by Igor Almeida

Signed-off-by: Igor Almeida <igor.contato(a)gmail.com> --- src/host/layer23/src/common/l1ctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c index 91bab89..c75872e 100644 --- a/src/host/layer23/src/common/l1ctl.c +++ b/src/host/layer23/src/common/l1ctl.c @@ -148,6 +148,7 @@ static int rx_l1_rach_conf(struct osmocom_ms *ms, struct msgb *msg) } dl = (struct l1ctl_info_dl *) msg->l1h; + msg->l2h = msg->l3h = dl->payload; osmo_prim_init(&pp.oph, SAP_GSM_PH, PRIM_PH_RACH, PRIM_OP_CONFIRM, msg); -- 2.0.1 --------------070704030600070907020805--

9 years, 8 months

1
0
0 0

GSM DoS or conditional access project

by Abel Magaña

Hi I wonder if there is a way to develop a Denial of Service or Conditional Access system for a GSM network based on Osmocom. The idea is to develop a commercial product intended to be used to limit unlawful communication in prisons or correctional facilities. My investigation is that this is a kind of worldwide necessity as inmates use smuggled mobile phones for criminal activities (I live in Central America and constantly see news that confirm this is urgent requirement). Currently there a few options available to achieve this purpose: 1. Government authorities require telecom operators to reduce radio signal in the vicinity of confinement facilities2. The use of radio jamming systems to propagate a noise signal3. One or two commercial solutions like iNAC Managed Access from Tecore (a very clever and patented technology) I imagine a solution based on Osmocom as a base station simulating a roaming area in the correctional facility area, for authorized users, dummy network should appear as a FPLMN but for illegal users the fake network must grant access entering driving them into a dead end network with no communication. However I see there are several flaws for this aproach: one is that inmates could set their mobiles to manual network selection and connect themself to commercial mobile networks but I hope this could serve as a ground for further discussion. I will appreciate very much your comments. Regards,

9 years, 8 months

1
0
0 0

Memdump gives bad crc on Motorola C118

by Richard Menedetter

Hi I thought I try to flash some osmocom tools into a C118. I have the loader loaded succesfully onto the C118. I can do a finfo (see below) So I wanted to backup the complete flash: osmoload memdump 0x000000 0x200000 c118.bin -> I get "bad crc" for every page Same when I try to backup the loader as on the flashing wiki. Dumping 8192 bytes of memory at 0x0 to file compal_loader.bin bad crc 4190 (not 5c9a) at offset 0x00000000 bad crc f041 (not d50d) at offset 0x000000f0 bad crc f041 (not 3afa) at offset 0x000001e0 Is the C118 not supported for flashing? Can somebody give me any helpful hints? CU, Ricsi chip 0 at 0x00000000 of 2097152 bytes in 2 regions region 0 with 31 blocks of 65536 bytes each block 0 with 65536 bytes at 0x00000000 on chip 0 block 1 with 65536 bytes at 0x00010000 on chip 0 block 2 with 65536 bytes at 0x00020000 on chip 0 block 3 with 65536 bytes at 0x00030000 on chip 0 block 4 with 65536 bytes at 0x00040000 on chip 0 block 5 with 65536 bytes at 0x00050000 on chip 0 block 6 with 65536 bytes at 0x00060000 on chip 0 block 7 with 65536 bytes at 0x00070000 on chip 0 block 8 with 65536 bytes at 0x00080000 on chip 0 block 9 with 65536 bytes at 0x00090000 on chip 0 block 10 with 65536 bytes at 0x000a0000 on chip 0 block 11 with 65536 bytes at 0x000b0000 on chip 0 block 12 with 65536 bytes at 0x000c0000 on chip 0 block 13 with 65536 bytes at 0x000d0000 on chip 0 block 14 with 65536 bytes at 0x000e0000 on chip 0 block 15 with 65536 bytes at 0x000f0000 on chip 0 block 16 with 65536 bytes at 0x00100000 on chip 0 block 17 with 65536 bytes at 0x00110000 on chip 0 block 18 with 65536 bytes at 0x00120000 on chip 0 block 19 with 65536 bytes at 0x00130000 on chip 0 block 20 with 65536 bytes at 0x00140000 on chip 0 block 21 with 65536 bytes at 0x00150000 on chip 0 block 22 with 65536 bytes at 0x00160000 on chip 0 block 23 with 65536 bytes at 0x00170000 on chip 0 block 24 with 65536 bytes at 0x00180000 on chip 0 block 25 with 65536 bytes at 0x00190000 on chip 0 block 26 with 65536 bytes at 0x001a0000 on chip 0 block 27 with 65536 bytes at 0x001b0000 on chip 0 block 28 with 65536 bytes at 0x001c0000 on chip 0 block 29 with 65536 bytes at 0x001d0000 on chip 0 block 30 with 65536 bytes at 0x001e0000 on chip 0 region 1 with 8 blocks of 8192 bytes each block 31 with 8192 bytes at 0x001f0000 on chip 0 block 32 with 8192 bytes at 0x001f2000 on chip 0 block 33 with 8192 bytes at 0x001f4000 on chip 0 block 34 with 8192 bytes at 0x001f6000 on chip 0 block 35 with 8192 bytes at 0x001f8000 on chip 0 block 36 with 8192 bytes at 0x001fa000 on chip 0 block 37 with 8192 bytes at 0x001fc000 on chip 0 block 38 with 8192 bytes at 0x001fe000 on chip 0

9 years, 8 months

2
2
0 0

Pirelli phone charging function in osmocom-bb

by Richard Menedetter

Hi List I have just reactivated my Pirelli Osmocom phone, and recompiled osmocom-bb. (after rolling back libosmocore it works great) But can it be that charging is not implemented on the Pirelli phone with OsmocomBB? When I attach the MiniUSB cable, I can upload the code great, but when I leave it running for a longer time, it booted into the default charging pirelli screen. I assume that the battery is not that good any more, and it seems that it is running on battery power instead of on USB power. When I upload the RSSI app to the phone it shows me an empty battery icon in the right. (Pirelli SW showed completely full battery icon) Can somebody confirm that the pirelli phone is not charging in osmocom-bb? Is there a chance tha somebody is looking into this anytime? CU, Ricsi PS: Is it still correct that the jolly/test branch is the best for 2 phone transceiver (for OpenBTS/OpenBSC)? This branch should support 2 phones. But as half rate channels are not supported you can only make one call. (ie not possible to make a testcall without going over SIP) Is this information still valid?

9 years, 8 months

2
1
0 0

mobile app crash

by TSAREGORODTSEV, Yury

Hello, can anyone help with fix? Mobile application crashing all time: root@aero-bts:/with_sim/osmocom-bb/src/host/layer23/src/mobile# ./mobile Copyright (C) 2008-2010 ... Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. <000f> sim.c:1223 init SIM client <0006> gsm48_cc.c:63 init Call Control <0007> gsm480_ss.c:231 init SS <0019> gsm411_sms.c:63 init SMS <0001> gsm48_rr.c:5500 init Radio Ressource process <0005> gsm48_mm.c:1324 init Mobility Management process <0005> gsm48_mm.c:1037 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:5037 init PLMN process <0003> gsm322.c:5038 init Cell Selection process <0003> gsm322.c:5095 Read stored BA list (mcc=214 mnc=07 Spain, movistar) Mobile '1' initialized, please start phone now! VTY available on port 4247. <0005> subscriber.c:600 Requesting SIM file 0x2fe2 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x1e) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=30) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=30 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:241 SELECT (file=0x2fe2) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 10) <000f> sim.c:277 READ BINARY (offset=0 len=10) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=10 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:232 received ICCID 8934076100140610329 from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f07 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:706 requested path is longer, go child DFgsm <000f> sim.c:241 SELECT (file=0x7f20) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x1e) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=30) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=30 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:241 SELECT (file=0x6f07) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 9) <000f> sim.c:277 READ BINARY (offset=0 len=9) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=9 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:262 received IMSI 214075542695571 from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f7e <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f7e) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 11) <000f> sim.c:277 READ BINARY (offset=0 len=11) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=11 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:299 received LOCI from SIM (mcc=214 mnc=07 lac=0x0b58 U1) <0005> subscriber.c:600 Requesting SIM file 0x6f20 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f20) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 9) <000f> sim.c:277 READ BINARY (offset=0 len=9) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=9 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:376 received KEY from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f30 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f30) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 48) <000f> sim.c:277 READ BINARY (offset=0 len=48) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=48 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:414 received PLMN selector (mcc=208 mnc=01) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=208 mnc=20) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=234 mnc=10) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=268 mnc=06) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=268 mnc=03) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=222 mnc=01) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=262 mnc=07) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=204 mnc=08) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=604 mnc=00) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=232 mnc=03) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=228 mnc=02) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=272 mnc=02) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=334 mnc=030) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=202 mnc=10) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=226 mnc=10) from SIM <0005> subscriber.c:414 received PLMN selector (mcc=226 mnc=03) from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f31 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f31) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 1) <000f> sim.c:277 READ BINARY (offset=0 len=1) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=1 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:435 received HPPLMN 5 (30 mins) from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f46 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f46) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 17) <000f> sim.c:277 READ BINARY (offset=0 len=17) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=17 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:687 SIM reading failed, file invalid <0005> subscriber.c:600 Requesting SIM file 0x6f78 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f78) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 2) <000f> sim.c:277 READ BINARY (offset=0 len=2) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=2 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:476 received ACC 0002 from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f7b <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f7b) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1065 selected file (len 12) <000f> sim.c:277 READ BINARY (offset=0 len=12) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb0) <000f> sim.c:876 received APDU (len=12 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:515 received Forbidden PLMN 214 01 from SIM <0005> subscriber.c:515 received Forbidden PLMN 214 03 from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f40 <000f> sim.c:209 got new job: SIM_JOB_READ_RECORD (handle=00000004) <000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x1e) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=30) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=30 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:706 requested path is longer, go child DFtelecom <000f> sim.c:241 SELECT (file=0x7f10) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x1e) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=30) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=30 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:241 SELECT (file=0x6f40) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1060 selected record (len 28 structure 1) <000f> sim.c:312 READ RECORD (rec_no=1 mode=4 len=28) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb2) <000f> sim.c:876 received APDU (len=28 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:327 received MSISDN from SIM <0005> subscriber.c:600 Requesting SIM file 0x6f42 <000f> sim.c:209 got new job: SIM_JOB_READ_RECORD (handle=00000004) <000f> sim.c:241 SELECT (file=0x6f42) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x9f sw2=0x0f) <000f> sim.c:949 command successfull <000f> sim.c:571 GET RESPONSE (len=15) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xc0) <000f> sim.c:876 received APDU (len=15 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:1060 selected record (len 42 structure 1) <000f> sim.c:312 READ RECORD (rec_no=1 mode=4 len=42) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xb2) <000f> sim.c:876 received APDU (len=42 sw1=0x90 sw2=0x00) <000f> sim.c:949 command successfull <000f> sim.c:151 sending result to callback function (type=0) <0005> subscriber.c:357 received SMSP from SIM (sca=+34609090909) <0005> subscriber.c:560 (ms 1) Done reading SIM card (IMSI=214075542695571 Spain, movistar) <0005> subscriber.c:572 -> SIM card registered to 214 07 (Spain, movistar) <0005> gsm48_mm.c:4388 (ms 1) Received 'MMR_REG_REQ' event <0002> gsm322.c:3818 (ms 1) Event 'EVENT_SIM_INSERT' for automatic PLMN selection in state 'A0 null' <000e> gsm322.c:1378 Start search of last registered PLMN (mcc=214 mnc=07 Spain, movistar) <0002> gsm322.c:1382 Use RPLMN (mcc=214 mnc=07 Spain, movistar) <0002> gsm322.c:806 new state 'A0 null' -> 'A1 trying RPLMN' <0003> gsm322.c:4049 (ms 1) Event 'EVENT_NEW_PLMN' for Cell selection in state 'C0 null' <000e> gsm322.c:3631 Selecting PLMN (mcc=214 mnc=07 Spain, movistar) <0003> gsm322.c:3637 Start stored cell selection. <0003> gsm322.c:829 new state 'C0 null' -> 'C2 stored cell selection' <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (3..3) <0003> gsm322.c:2910 Found signal (ARFCN 3 rxlev -90 (20)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (5..5) <0003> gsm322.c:2910 Found signal (ARFCN 5 rxlev -82 (28)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (7..8) <0003> gsm322.c:2910 Found signal (ARFCN 7 rxlev -101 (9)) <0003> gsm322.c:2910 Found signal (ARFCN 8 rxlev -86 (24)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (10..19) <0003> gsm322.c:2910 Found signal (ARFCN 10 rxlev -81 (29)) <0003> gsm322.c:2910 Found signal (ARFCN 11 rxlev -88 (22)) <0003> gsm322.c:2910 Found signal (ARFCN 12 rxlev -76 (34)) <0003> gsm322.c:2910 Found signal (ARFCN 13 rxlev -57 (53)) <0003> gsm322.c:2910 Found signal (ARFCN 14 rxlev -75 (35)) <0003> gsm322.c:2910 Found signal (ARFCN 15 rxlev -77 (33)) <0003> gsm322.c:2910 Found signal (ARFCN 16 rxlev -98 (12)) <0003> gsm322.c:2910 Found signal (ARFCN 17 rxlev -97 (13)) <0003> gsm322.c:2910 Found signal (ARFCN 18 rxlev -73 (37)) <0003> gsm322.c:2910 Found signal (ARFCN 19 rxlev -92 (18)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (21..22) <0003> gsm322.c:2910 Found signal (ARFCN 21 rxlev -93 (17)) <0003> gsm322.c:2910 Found signal (ARFCN 22 rxlev -87 (23)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2861 Scanning frequencies. (69..69) <0003> gsm322.c:2910 Found signal (ARFCN 69 rxlev -101 (9)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2793 Scanning power for stored BA list. <0003> gsm322.c:2836 Found 17 frequencies. <0003> gsm322.c:2255 Scanning frequency 13 (rxlev -57). <0003> gsm322.c:474 Sync to ARFCN=13 rxlev=-57 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2947 Channel synched. (ARFCN=13, snr=16, BSIC=7) <0003> gsm322.c:698 Starting CS timer with 4 seconds. <0001> gsm322.c:2968 using DSC of 90 <0003> gsm48_rr.c:4820 Channel provides data. <0003> gsm322.c:698 Starting CS timer with 4 seconds. <0001> gsm48_rr.c:1882 New SYSTEM INFORMATION 2ter <0001> sysinfo.c:705 New SYSTEM INFORMATION 3 (mcc 214 mnc 07 lac 0x0b58) <0001> gsm48_rr.c:1916 Changing CCCH_MODE to 1 <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2214 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1950 New SYSTEM INFORMATION 4 (mcc 214 mnc 07 lac 0x0b58) <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> sysinfo.c:616 Now updating previously received SYSTEM INFORMATION 4 <0001> gsm48_rr.c:1795 New SYSTEM INFORMATION 1 <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2159 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1824 New SYSTEM INFORMATION 2 <0003> gsm322.c:2714 Received relevant sysinfo. <0003> gsm322.c:708 stopping pending CS timer. <0003> gsm322.c:2325 Scan frequency 13: Cell found. (rxlev -57 mcc 214 mnc 07 lac 0b58) <0003> gsm322.c:1836 Select using access class <0003> gsm322.c:379 A (RLA_C (-57) - RXLEV_ACC_MIN (-102)) = 45 <0003> gsm322.c:381 B (MS_TXPWR_MAX_CCH (33) - p (33)) = 0 <0003> gsm322.c:382 C1 (A - MAX(B,0)) = 45 <0003> gsm322.c:1955 Cell ARFCN 13: Cell found, (rxlev=-57 mcc=214 mnc=07 lac=0b58 Spain, movistar) <0003> gsm322.c:1966 Cell ARFCN 13 selected. <0003> gsm322.c:2423 Tune to frequency 13. <0003> gsm322.c:468 Sync to ARFCN=13 rxlev=-57 (Sysinfo, ccch mode NON-COMB) <0003> gsm322.c:2450 Cell available. <0003> gsm322.c:4049 (ms 1) Event 'EVENT_CELL_FOUND' for Cell selection in state 'C2 stored cell selection' <000e> gsm322.c:3383 Camping normally on cell (ARFCN=13 mcc=214 mnc=07 Spain, movistar) <0003> gsm322.c:829 new state 'C2 stored cell selection' -> 'C3 camped normally' <0005> gsm48_mm.c:4320 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, PLMN search <0005> gsm48_mm.c:909 new MM IDLE state PLMN search -> location updating needed <0005> gsm48_mm.c:909 new MM IDLE state location updating needed -> attempting to update <0005> gsm48_mm.c:426 starting T3212 (periodic loc. upd. delay) with 14400 seconds <0005> gsm48_mm.c:2287 Do Loc. upd. for IMSI attach. <000e> gsm48_mm.c:2208 Perform location update (MCC 214, MNC 07 LAC 0x0b58) <0005> gsm48_mm.c:2342 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2364 using LAI (mcc 214 mnc 07 lac 0x0b58) <0005> gsm48_mm.c:2372 using TMSI 0x8800ea74 <0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait for RR connection (location updating) <0001> gsm48_rr.c:5449 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1307 Establish radio link due to mobility management request <0003> gsm322.c:4049 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:829 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3665 Going to camping (normal) ARFCN 13. <0003> gsm322.c:452 Sync to ARFCN=13, but there is a sync already pending <0001> gsm48_rr.c:355 new state idle -> connection pending <0001> gsm48_rr.c:1459 CHANNEL REQUEST: 00 (Location Update no NECI) <0003> gsm322.c:2947 Channel synched. (ARFCN=13, snr=16, BSIC=7) <0001> gsm322.c:2968 using DSC of 90 <0003> gsm48_rr.c:4820 Channel provides data. <0001> gsm48_rr.c:1590 RANDOM ACCESS (requests left 5) <0001> gsm48_rr.c:1647 RANDOM ACCESS (Tx-integer 10 combined no S(lots) 0 ra 0x0f) <0001> gsm48_rr.c:1686 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) msgb(0x1ed6a40): Not enough headroom msgb_push (4262630712 < 7) backtrace() returned 11 addresses /usr/local/lib/libosmocore.so.4(osmo_panic+0xb8) [0x7fb0c623e918] /usr/local/lib/libosmogsm.so.5(+0x18986) [0x7fb0c5e0a986] /usr/local/lib/libosmogsm.so.5(lapdm_phsap_up+0x188) [0x7fb0c5e0b628] ./mobile() [0x437599] ./mobile() [0x43989e] /usr/local/lib/libosmocore.so.4(osmo_wqueue_bfd_cb+0x93) [0x7fb0c623c033] /usr/local/lib/libosmocore.so.4(osmo_select_main+0x19a) [0x7fb0c623aefa] ./mobile() [0x404917] /lib/libc.so.6(__libc_start_main+0xfd) [0x7fb0c58acc8d] ./mobile() [0x404489] Signal 6 received. full talloc report on 'layer2 context' (total 31816 bytes in 30 blocks) Layer2 contains 424 bytes in 1 blocks (ref 0) 0x1ed6a40 GSM 04.08 L3 contains 456 bytes in 1 blocks (ref 0) 0x1ed7cf0 struct gsm48_sysinfo contains 1452 bytes in 1 blocks (ref 0) 0x1ed72e0 struct gsm_sub_plmn_na contains 24 bytes in 1 blocks (ref 0) 0x1ed7270 struct gsm_sub_plmn_na contains 24 bytes in 1 blocks (ref 0) 0x1ed7200 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed7190 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed7120 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed70b0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed7040 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6fd0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6f60 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6ef0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6e80 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6e10 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6da0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ecf440 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ecf3d0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ecf360 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ecf0c0 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ecf050 struct gsm_sub_plmn_list contains 24 bytes in 1 blocks (ref 0) 0x1ed6650 struct gsm_sim_handler contains 32 bytes in 1 blocks (ref 0) 0x1ed68c0 struct gsm_sim_handler contains 32 bytes in 1 blocks (ref 0) 0x1ed6940 struct gsm_sim_handler contains 32 bytes in 1 blocks (ref 0) 0x1ed69c0 telnet_connection contains 1 bytes in 1 blocks (ref 0) 0x1ecf510 struct gsm322_ba_list contains 192 bytes in 1 blocks (ref 0) 0x1ed6c80 struct osmocom_ms contains 28704 bytes in 1 blocks (ref 0) 0x1ecf5d0 /root/.osmocom/bb contains 29 bytes in 1 blocks (ref 0) 0x1e6c770 main.c:240 contains 29 bytes in 1 blocks (ref 0) 0x1e6c6f0 Aborted (core dumped) Thx a lot, Yury

9 years, 8 months

6
9
0 0

support for L2/3 on chip

by mark.neuhaus＠email.de

Does the current version of OsmocomBB supports to run the layer 2 or the layer 3 on the baseband chip, now? I read through the arxiv of the mailing list but have maybe overlooked this. best, \jo

9 years, 8 months

5
6
0 0

Re: Usefulness of the Calypso (was Re: seL4 is open source now)

by msokolov＠ivan.Harhan.ORG

mark.neuhaus(a)email.de wrote: > Pleae, then tell me where to get phones with a Calypso > baseband. www.ebay.com > And I'm talking about marked relevant prices. > Don't waste my time with numbers like 5000$. Several OsmocomBB-supported models are currently available on ebay for dirt cheap. > And to be relevant these phones must still be produced so > I can get many, if I want. How many? My company will be happy to produce 5000 Calypso-based phones for you if you make a non-cancelable purchase order and prepay the cost of parts and production. (5000 is the number of Calypso&co chipsets I can buy immediately from my established supplier *without doing any extensive searching*; one can probably get more with some effort.) > Beside, I think its better to work on reverse engineered > GSM stacks like the Qualcom project as started in It's easy to tell other people what they should work on. While you are busy doing that, I'll just keep working on my own solution which will actually result in a usable phone less than a year from now. VLR, SF

9 years, 8 months

1
0
0 0

Usefulness of the Calypso (was Re: seL4 is open source now)

by msokolov＠ivan.Harhan.ORG

Someone (not clear who) said: > > [...] The calypso is just to outdated to be interesting > > for anything 'useable' beyond pure hacking-fun. I violently disagree with that statement. I personally carry a cellphone for one and only one purpose: so I can call my significant other (soon to be wife) and she can cell me at any time. A handset based on the Calypso chipset does this job wonderfully, and is IMO the optimal tool for the job. But the problem is that at the present time there does not exist any cellphone at all, of any kind (dumb, smart, old, new, whatever) that can make and receive cellular phone calls using only Free Software, as defined by the Free Software Foundation, i.e., providing the user with the most essential Four Freedoms: http://www.gnu.org/philosophy/free-sw.html Hence I am currently forced to use a cellphone that runs proprietary firmware, such that I lack the ability to fix any of the UI design flaws that constantly drive me nuts. This situation causes me severe distress, hence I have committed my hobby time and cash budget to a multi-year project to solve this pressing (for me) problem. OsmocomBB is not a solution: it works wonders for "hacking-fun" (the wording in the comment I'm responding to), but is utterly useless for a practical phone which one can carry around in a pocket or purse: my back just isn't strong enough to carry a supersized backpack containing a full PC for running the L23 stack plus a bank of lead-acid batteries. Hence I need a totally different Free Software GSM handset implementation, one that actually runs on the phone itself with proper power management exactly like the original proprietary firmware. And because no one else is working on such a thing, I started my own, and made quite a bit of progress: https://bitbucket.org/falconian/freecalypso-sw But I am using the same Calypso GSM chipset for my project as OsmocomBB uses, simply because it is IMO the optimal tool for the job at hand: allowing a person to communicate with his or her significant other by way of cellular phone calls. The word "outdated" does not exist in my vocabulary; I evaluate a tool based on how well it does the job, rather than some arbitrary irrelevant criteria like manufacture date stamps or whatever. Viva la Revolucion, SF

9 years, 8 months

4
3
0 0

Re: Usefulness of the Calypso (was Re: seL4 is open source now)

by Alan Carvalho de Assis

Hi Scott, On 8/5/14, Scott Weisman <sweisman(a)pobox.com> wrote: > I think this desire is recognized. I remember an initiative some years > back, started with some enthusiasm, that never got passed the stage of > deciding on NuttX as the OS to use, and forking it. > We got NuttX running on compal phones (Motorola C1xx, W220, etc), including display support using NuttX's native graphic subsystem. The code was submitted to NuttX mainline and now it is integrated. Unfortunately nobody with more knowledge about GSM L1/L2 layers was available to help in the stack porting. During the porting we got help from Steve Markgraf. Now the scenario is more complex, the original "team" is separated and we don't have spare time to help. Best Regards, Alan

9 years, 8 months

1
0
0 0

Re: Usefulness of the Calypso (was Re: seL4 is open source now)

by msokolov＠ivan.Harhan.ORG

Steve Markgraf <steve(a)steve-m.de> wrote: > I don't quite see how waving the Free Software flag and distributing > proprietary source from the TSM30/Locosto leaks (pretty much everything > in freecalypso-sw/gsm-fw/) go together. That source is NOT proprietary, it is *ex*-proprietary. It *was* proprietary, but not any more - it is now in the public domain. Free Software is not just a "flag" to be waved, it is a practical reality: in *practical* terms, software that is based on ex-proprietary code that has been liberated through the exercise of Eminent Domain and subsequently developed and maintained in the manner of a free sw project gives its users all of the 4 freedoms defined by FSF. However, I shall leave it here -- any further replies or comments or questions in this thread will *not* elicit a further reply from me. But if there is anyone else on this list who desires a usable cellphone for talking to his or her significant other like I do, please be assured that I have no plans of dropping the project; the work is progressing at a steady pace as you can see from the Mercurial commit history, and I have high hopes of some actually-usable result some time around the end of 2014. VLR, SF

9 years, 8 months

3
2
0 0

Aw: Re: Re: Re: Re: seL4 is open source now

by mark.neuhaus＠email.de

The kernel comes with a hypervisor (under BSD on Githu, too) and you can run Linux in one virtual environment (see http://l4linux.org/) and for example an GSM stack in another virtual environment. So you can think of that kernel as a kind of virtual machine that seperates the hardware This way all virtual systems are prooven separated and I think that is what the merkel-phone does. owever NICTA is actually going much further. Thei are working on a zero-bug (verified file system) and much more. This kind of programming is entirely different from common way to write a program. (YOU don't write the program, but you write a proof in Coq or ISABEL ect and from this proof a programm can be derived automatically) > Gesendet: Dienstag, 05. August 2014 um 10:50 Uhr > Von: "Sebastien Lorquet" <sebastien(a)lorquet.fr> > An: mark.neuhaus(a)email.de > Betreff: Re: Aw: Re: Re: Re: seL4 is open source now > > Hello, > > Reading through the se4l FAQ at http://sel4.systems/FAQ/ , I'm reading this: > > > Unique about seL4 is its unprecedented degree of assurance, achieved through > formal verification. Specifically, the ARM version of seL4 is the first (and > still only) general-purpose OS kernel with a full code-level functional > correctness proof, meaning a mathematical proof that the implementation (written > in C) adheres to its specification. In short, the implementation is proved to be > bug-free (see below). This also implies a number of other properties, such as > freedom from buffer overflows, null pointer exceptions, use-after-free, etc. > > > Okay with that. But also: > > > There is a further proof that the binary code which executes on the hardware is > a correct translation of the C code. This means that the compiler does not have > to be trusted, and extends the functional correctness property to the binary. > > > So that is very cool, even the binary result is proved, not only the source code ! > > The only thing that bothers me is: what can I do with this cool software? It > seems that little can be done without a set of userspace servers, so I guess we > have to wait until some open source community provides useful software to run > with this microkernel. > > Best regards, > > Sébastien Lorquet > > Le 02/08/2014 12:49, mark.neuhaus(a)email.de a écrit : > > > >> My idea is that at some point, the developers working at xda-developers > >> (android phone hackers) will get enough knowledge of their baseband > >> chips so that something can be done with osmocom. But this is only my > >> opinion! > > > > Yes lets hope. The calypso is just to outdated to be interesting > > for anything 'useable' beyond pure hacking-fun. > > >

9 years, 8 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel August 2014