Hello! I Need Help
I install these three programs OpenBTS, OsmocomBB, Asterisk
Then run them, Everything works well
OpenBTS sent an SMS to my phones
I answered and he checked me
I registered into OpenBTS a second phone
I tried to transfer SMS between phones - all good
but when I try to call from one to another I did not get
Asterisk writes
================================================================
*CLI> Retransmission timeout reached on transmission 755803415(a)127.0.0.1 for
seqno 179 (Critical Response) -- See
wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
================================================================
Why?
What do I do?
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/OpenBTS-OsmocomBB-Asterisk-tp402…
Sent from the baseband-devel mailing list archive at Nabble.com.
Hey there, I bumped into this error when testing gprsdecode from srldabs.de When I try the sample .dat files provided from srlabs.de it works fine though. Any hints?
Kind Regards
George AndguladzeSenior Software EngineerBusiness Management Technology
www.bmt.ge
Hey, I finally watched Nico's talk "let me answer that for you" and heard him say he ported layer2/3 to target.
Also found a mailing list message about him cleaning it up and putting it up on git and sending it to a few folks.
Did that code ever get shared? Would be cool to play around with and is certainly something I would eventually want to accomplish for my project of making a phone that works by itself.
-Craig
Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific
chipset.
When i run osmocon i get :- an its just sits there with no further
processing.
./osmocon -p /dev/ttyUSB0 -m c123xor
../../target/firmware/board/compal_e88/loader.compalram.bin
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin):
file_size=17120, hdr_len=4, dnload_len=17127
got 1 bytes from modem, data looks like: 00 .
got 2 bytes from modem, data looks like: 2f 00 /.
got 1 bytes from modem, data looks like: 1b .
got 3 bytes from modem, data looks like: f6 02 00 ...
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 01 .
got 1 bytes from modem, data looks like: 40 @
Received PROMPT1 from phone, responding with CMD
got 1 bytes from modem, data looks like: 66 f
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6d m
got 1 bytes from modem, data looks like: 74 t
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 6c l
Received FTMTOOL from phone, ramloader has aborted
got 1 bytes from modem, data looks like: 65 e
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 6f o
got 1 bytes from modem, data looks like: 72 r
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 00 .
I think the cable is ok as when i run my fingers on the tip i get random
Zeros so it appears to be talking to the cable.
Also when i tried to run Mobile i get the :- even though i created the
Mobile.cfg file in /etc/osmoco
Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg'
Please check or create config file using: 'touch
/home/raz/.osmocom/bb/mobile.cfg'
I have spent some hours researching the lists and trying various things to
no avail but I want to continue until I resolve this issues and use this
great stack to learn about the GSM network.
Please advise.
Great full for any help or pointers but this maybe a timing issue that is
difficult to debug.
Thanks
Raz
hi,
i did a lot of resarch and testing on cell selection and re-selection
process the last two week.
the cell selection process, network selection process (manual and
automatic) and mobility management process were already implemented in
OsmocomBB a long time, but turned out to be buggy and incomplete. i made
test drives to check the process and debugged it.
the re-selection process is new. it is used to track surrounding cells
while listening to the BCCH of the current cell (camping on a cell).
special extension to the layer1 firmare is used to measure neighbour
cells. if an neighbour cell becomes 'better', the mobile switches to
that cell, depening on different criteria. now it is possible to move
with OsmocomBB.
the re-selection process is not handover! handover is a process where a
phone switches between cells while doing a call. handover is one next
step to implement. the process is a little more complex, because it
requires not only neighbour cell measurements, but also syncing to them
without interrupting the traffic channel. most layer 3 stuff of handover
is already implemented.
if you like to play and test your moving OsmocomBB, you can check out
the "jolly/roaming" branch. it contains the extension to layer1, as well
as sim reader and fixes from "sylvain/testing" branch. use both "mobile"
and "layer1" firmware from this branch.
in order to see some process at VTY, you can do:
enable
monitor network 1 (continously display the strongest cell and neighbour
cells)
show ms 1 (to see current states)
show neighbour-cells 1 (to see a more detailed current list of
neighbours)
andreas
Hi,
in the osmocom bb mobile.cfg I don't see any posibility to set a fixed
Kc encryption key and the tmsi.
How could I achieve that osmocom uses my defined Kc and tmsi?
cheers,
Simian
Hi all,
*I connected, sent and made call successful with osmocombb (with real IMSI
and IMEI).
But, now, I get error, always be rejected:*
OsmocomBB# show ms
MS '1' is up, service is limited
IMEI: 357337016773249
IMEISV: 3573370167732490
IMEI generation: fixed
automatic network selection state: A0 null
cell selection state: PLMN search
radio ressource layer state: idle
mobility management layer state: MM idle, PLMN search
OsmocomBB#
% (MS 1)
% Trying to registering with network...
*in my config file (/root/.osmocom/bb/mobile.cfg)**:*
!
! OsmocomBB () configuration saved from vty
!!
!
line vty
no login
!
gps device /dev/ttyACM0
gps baudrate default
no gps enable
!
no hide-default
!
ms 1
layer2-socket /tmp/osmocom_l2
sap-socket /tmp/osmocom_sap
sim reader
network-selection-mode auto
imei 357337016773249 0
imei-fixed
emergency-imsi 452040399998391
sms-service-center +84980200030
no call-waiting
no auto-answer
no force-rekey
no clip
no clir
tx-power auto
no simulated-delay
no stick
location-updating
neighbour-measurement
codec full-speed prefer
codec half-speed
no abbrev
support
sms
a5/1
a5/2
p-gsm
e-gsm
r-gsm
gsm-850
dcs
pcs
class-900 4
class-850 4
class-dcs 1
class-pcs 1
channel-capability sdcch+tchf+tchh
full-speech-v1
full-speech-v2
half-speech-v1
min-rxlev -106
dsc-max 90
no skip-max-per-band
exit
test-sim
imsi 001010000000000
ki xor 00 00 00 00 00 00 00 00 00 00 00 00
no barred-access
no rplmn
hplmn-search foreign-country
exit
no shutdown
exit
!
Anyone help me???, thanks a lot!
--
Thanks and Best Regards
--
From: Hoàng Mạnh Hùng
Hi there,
I am sorry to bother you but I am really confused by recent experiment.
When I was doing the GSM sniffing I found that some of sms messages that
were sent continuesly were missing, I can only capture 50-60% of all test
messages. By analyzing wireshark data I found that osmocom program keeps
tracking packets(lapdm) once an Immediate Assignment captured and if at the
same time there comes another Immediate Assignment the program will miss
it.I think this is the reason why i lost some messages.So is there any
suggestions I can fix this up? Like using a backup phone to capture the
second Immediate Assignment during one period?
Thanks,
Swift
--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Missing-packet-when-sniffing-by-…
Sent from the baseband-devel mailing list archive at Nabble.com.
Hi,
I'm trying to run the latest osmocom-bb git on a Motorola C118 phone.
After a minor problem with the build (as you may've noticed in the
patch I've sent). I got to the point of successfuly running layer1 on
the phone and the mobile app on the PC (I have also enabled TX). The
process seems to be stuck on trying to perform a location update. The
status of the ms is always either:
show ms
MS '1' is up, MM connection active
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: connected mode 1
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: connection pending
mobility management layer state: wait for RR connection (location updating)
OsmocomBB>
or
show ms
MS '1' is up, service is limited (pending)
IMEI: 000000000000000
IMEISV: 0000000000000000
IMEI generation: fixed
automatic network selection state: A1 trying RPLMN
MCC=104 MNC=002 (104, 002)
cell selection state: C3 camped normally
ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9
(104, 002)
radio ressource layer state: idle
mobility management layer state: MM idle, attempting to update
OsmocomBB>
I think, that because of this I can't make any calls or send sms (all
the requests are being rejected):
OsmocomBB# call 1 <X>
call 1 <X>
OsmocomBB#
% (MS 1)
% Call has been rejected
The log information from mobile when it's trying to do a location
update is show below:
<000b> gsm48_rr.c:2174 PAGING REQUEST 1
<000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us)
<000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us)
<000e> gsm48_mm.c:344 Location update retry
<0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event
in state MM IDLE, attempting to update
<000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f)
<0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST
<0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f)
<0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e
<0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait
for RR connection (location updating)
<0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state
idle (sapi 0)
<000e> gsm48_rr.c:1318 Establish radio link due to mobility management request
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell
selection in state 'C3 camped normally'
<0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1'
<0003> gsm322.c:3653 Going to camping (normal) ARFCN 19.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0001> gsm48_rr.c:366 new state idle -> connection pending
<0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI)
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
<0003> gsm48_rr.c:4816 Channel provides data.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 0 ra 0x0e)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x07)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38
TS 2 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0f)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x01)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1
SS 3 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1)
<0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no
S(lots) 55 ra 0x0a)
<0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm)
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0)
<0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts
<0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1
SS 0 TSC 1)
<0001> gsm48_rr.c:2393 request 0a matches but not frame number
(IMM.ASS fn=22,6,30 != RACH fn=22,5,25)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1
SS 1 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1
SS 4 TSC 1)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38
TS 3 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT:
<0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38
TS 1 SS 0 TSC 0)
<0001> gsm48_rr.c:2503 Request, but not for us.
<0001> gsm48_rr.c:2225 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:2170 PAGING ignored, we are not camping.
<0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9
<0001> gsm48_rr.c:765 timer T3126 has fired
<000e> gsm48_rr.c:770 Requesting channel failed
<0001> gsm48_rr.c:366 new state connection pending -> idle
<0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection
in state 'connected mode 1'
<0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD.
<0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB)
<0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally'
<0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state
wait for RR connection (location updating) (sapi 0)
<0005> gsm48_mm.c:2732 RR link released after loc. upd.
<000e> gsm48_mm.c:2676 Location update failed
<000e> gsm48_mm.c:2686 Try location update later
<0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0
<0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds
<0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE
<0005> gsm48_mm.c:1159 Loc. upd. allowed.
<0005> gsm48_mm.c:919 new state wait for RR connection (location
updating) -> MM IDLE, location updating needed
<0005> gsm48_mm.c:909 new MM IDLE state location updating needed ->
attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event
in state MM IDLE, attempting to update
<0005> gsm48_mm.c:2215 Loc. upd. already pending.
<0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17)
<0001> gsm322.c:2959 using DSC of 90
Can you provide me any hints on how to debug this ? Why is the
location update failing constantly ?
Thanks in advance for your help.
Best regards,
Maciej Grela
"TSAREGORODTSEV, Yury" <yury(a)bridgecommunication.co.uk> wrote:
> Damn, yeah
> its not charging at all :)
> even when connected to hub with external power :)
Unfortunately there are no schematics available for the DP-L10 (and
reconstructing them from steve-m's PCB layer scans is anything but
easy), so everything that follows is ultimately pure guesswork, but it
*seems* to me that the battery charging circuit in this phone is
fundamentally the same as in the more traditional Calypso+Iota phones
(Compal etc), aside from using USB VBUS as the charging power source
instead of a dedicated round-plug type of power jack.
If the charging circuit in the DP-L10 works the way I think it does,
following common sense and all that, than the battery charging process
ought to be controlled by Iota ABB. The ABB chip in this phone is
TWL3014, but I'll use the more readable TWL3025 datasheet as a
reference instead - back in 2011 both Steve M. and Sylvain M. said on
this list that the two chips are functionally identical.
The battery charging functionality is described on pages 46-48 of
TWL3025_SWRS021.pdf; in particular, refer to Figure 4-10 on page 48.
If my understanding of this datasheet description is correct, and if
the phone in question (Pirelli DP-L10) indeed has its battery charging
circuit implemented in the canonical way, then one of the following
two conditions must be met in order for charging current to pass from
VBUS into the battery:
1. The "precharge" function is enabled inside the ABB chip, such that
an internal transistor in the ABB opens up to pass some current from
the VCHG pin to the PCHG pin. This precharge function is intended for
situation when the battery has discharged so low that it needs to be
charged some before one can boot the CPU, hence this precharge phase
has to be done entirely in hardware without any CPU firmware
supervision. But it appears that this hardware-only precharge function
is automatically disabled when the CPU is turned on, or maybe the
precharge current is so feeble that the drain from the running CPU is
greater than the amount of power coming from the precharge circuit.
-or-
2. The "normal" way of charging the battery (with the CPU running) is
for the CPU to enable the main charging circuit in the ABB via some
register writes. In this case the power flows from the charging source
(USB VBUS in the case of Pirelli DP-L10) into the battery through an
external power transistor controlled by the ICTL output from the ABB.
In TI's standard firmware the battery charging function lives in the
PWR SWE (RiViera Software Entity) in the older versions and in the LCC
SWE in newer ones. Pirelli's version appears to use PWR rather than
LCC. We (the world public) have the source for the PWR SWE in the
MV100 find, and that for LCC in the Sotovik find, but I haven't really
looked at either of them yet - working on L1 integration currently.
If you would like to get Pirelli battery charging working in OsmocomBB,
I would recommend that you take the charging code for compal_e88,
enable it for the DP-L10 build, and experiment from there. Don't be
fooled by Pirelli's use of USB charging instead of a round-plug
charger, my guess is that they use USB VBUS in exactly the same way as
how Compal etc use their charging power source.
It also seems to me that Pirelli's charging mechanism does not strictly
comply with the USB spec. Per the spec, you are supposed to draw no
more than 100 mA from VBUS until and unless you negotiate a higher
power budget with the host, and that negotiation takes place over the
D+ and D- wires. But in Pirelli's case these D+ and D- wires go to
the CP2102 USB-serial chip and nowhere else, and only this CP2102
speaks the USB protocol - the Calypso only sees UART-serial on the
other side of the CP2102. So they "illegally" tap VBUS (which per the
spec must not go anywhere but to the device that speaks the USB
protocol) to use it as the charging power source, but have no way to
negotiate their current draw.
When Pirelli's fw detects the presence of VBUS via the charger-insert
interrupt from the ABB and decides to start charging the battery, it
has no choice but to enable some hard-coded charging current value -
the charging current can be adjusted by programming a register in the
ABB, but the fw has no way of knowing how much current it is allowed
to draw from VBUS, if any at all, because only the USB logic in the
CP2102 has access to this knowledge. So whatever charging current it
draws, it must do so blindly. I can only guess that this current must
be somewhere around 500 mA, as charging at 100 mA would be too slow.
I actually like Pirelli's design in this regard, and I currently plan
on copying it in my own Pirelli-inspired Calypso dumbphone design: put
a CP2102 inside the phone just like Pirelli did, and use the same USB
charging arrangement, drawing 500 mA for charging unconditionally,
showing "the middle finger" to the developer-unfriendly Unusable
Serial Botch specs... Or can someone think of a better way?
VLR,
SF
Hello,
anyone has experience to use application mobile on pirelli ?
there is no layer1.compalram.bin for this model,
any ideas how to run app mobile?
Sincerely Yours,
Tsaregorodtsev Yury
Bridge Communication Billing & Settlement Plan Limited
Fernhills Business Center, Foerster Chambers,
Todd Street Bury, Gtr Manchester, BL9 5BJ
United Kingdom
Tel: +441570200000
ICQ: 622719210
MSN: y.tsaregorodtsev(a)live.com
Skype: tsarik-108
web: www.bridgecommunication.co.uk
Hi
I wonder if there is a way to develop a Denial of Service or Conditional Access system for a GSM network based on Osmocom. The idea is to develop a commercial product intended to be used to limit unlawful communication in prisons or correctional facilities. My investigation is that this is a kind of worldwide necessity as inmates use smuggled mobile phones for criminal activities (I live in Central America and constantly see news that confirm this is urgent requirement). Currently there a few options available to achieve this purpose:
1. Government authorities require telecom operators to reduce radio signal in the vicinity of confinement facilities2. The use of radio jamming systems to propagate a noise signal3. One or two commercial solutions like iNAC Managed Access from Tecore (a very clever and patented technology)
I imagine a solution based on Osmocom as a base station simulating a roaming area in the correctional facility area, for authorized users, dummy network should appear as a FPLMN but for illegal users the fake network must grant access entering driving them into a dead end network with no communication. However I see there are several flaws for this aproach: one is that inmates could set their mobiles to manual network selection and connect themself to commercial mobile networks but I hope this could serve as a ground for further discussion. I will appreciate very much your comments. Regards,
Hi
I thought I try to flash some osmocom tools into a C118.
I have the loader loaded succesfully onto the C118.
I can do a finfo (see below)
So I wanted to backup the complete flash:
osmoload memdump 0x000000 0x200000 c118.bin
-> I get "bad crc" for every page
Same when I try to backup the loader as on the flashing wiki.
Dumping 8192 bytes of memory at 0x0 to file compal_loader.bin
bad crc 4190 (not 5c9a) at offset 0x00000000
bad crc f041 (not d50d) at offset 0x000000f0
bad crc f041 (not 3afa) at offset 0x000001e0
Is the C118 not supported for flashing?
Can somebody give me any helpful hints?
CU, Ricsi
chip 0 at 0x00000000 of 2097152 bytes in 2 regions
region 0 with 31 blocks of 65536 bytes each
block 0 with 65536 bytes at 0x00000000 on chip 0
block 1 with 65536 bytes at 0x00010000 on chip 0
block 2 with 65536 bytes at 0x00020000 on chip 0
block 3 with 65536 bytes at 0x00030000 on chip 0
block 4 with 65536 bytes at 0x00040000 on chip 0
block 5 with 65536 bytes at 0x00050000 on chip 0
block 6 with 65536 bytes at 0x00060000 on chip 0
block 7 with 65536 bytes at 0x00070000 on chip 0
block 8 with 65536 bytes at 0x00080000 on chip 0
block 9 with 65536 bytes at 0x00090000 on chip 0
block 10 with 65536 bytes at 0x000a0000 on chip 0
block 11 with 65536 bytes at 0x000b0000 on chip 0
block 12 with 65536 bytes at 0x000c0000 on chip 0
block 13 with 65536 bytes at 0x000d0000 on chip 0
block 14 with 65536 bytes at 0x000e0000 on chip 0
block 15 with 65536 bytes at 0x000f0000 on chip 0
block 16 with 65536 bytes at 0x00100000 on chip 0
block 17 with 65536 bytes at 0x00110000 on chip 0
block 18 with 65536 bytes at 0x00120000 on chip 0
block 19 with 65536 bytes at 0x00130000 on chip 0
block 20 with 65536 bytes at 0x00140000 on chip 0
block 21 with 65536 bytes at 0x00150000 on chip 0
block 22 with 65536 bytes at 0x00160000 on chip 0
block 23 with 65536 bytes at 0x00170000 on chip 0
block 24 with 65536 bytes at 0x00180000 on chip 0
block 25 with 65536 bytes at 0x00190000 on chip 0
block 26 with 65536 bytes at 0x001a0000 on chip 0
block 27 with 65536 bytes at 0x001b0000 on chip 0
block 28 with 65536 bytes at 0x001c0000 on chip 0
block 29 with 65536 bytes at 0x001d0000 on chip 0
block 30 with 65536 bytes at 0x001e0000 on chip 0
region 1 with 8 blocks of 8192 bytes each
block 31 with 8192 bytes at 0x001f0000 on chip 0
block 32 with 8192 bytes at 0x001f2000 on chip 0
block 33 with 8192 bytes at 0x001f4000 on chip 0
block 34 with 8192 bytes at 0x001f6000 on chip 0
block 35 with 8192 bytes at 0x001f8000 on chip 0
block 36 with 8192 bytes at 0x001fa000 on chip 0
block 37 with 8192 bytes at 0x001fc000 on chip 0
block 38 with 8192 bytes at 0x001fe000 on chip 0
Hi List
I have just reactivated my Pirelli Osmocom phone, and recompiled osmocom-bb.
(after rolling back libosmocore it works great)
But can it be that charging is not implemented on the Pirelli phone with OsmocomBB?
When I attach the MiniUSB cable, I can upload the code great, but when I leave it running for a longer time, it booted into the default charging pirelli screen.
I assume that the battery is not that good any more, and it seems that it is running on battery power instead of on USB power.
When I upload the RSSI app to the phone it shows me an empty battery icon in the right.
(Pirelli SW showed completely full battery icon)
Can somebody confirm that the pirelli phone is not charging in osmocom-bb?
Is there a chance tha somebody is looking into this anytime?
CU, Ricsi
PS: Is it still correct that the jolly/test branch is the best for 2 phone transceiver (for OpenBTS/OpenBSC)?
This branch should support 2 phones.
But as half rate channels are not supported you can only make one call.
(ie not possible to make a testcall without going over SIP)
Is this information still valid?
Does the current version of OsmocomBB supports
to run the layer 2 or the layer 3 on the baseband
chip, now?
I read through the arxiv of the mailing list but
have maybe overlooked this.
best,
\jo
mark.neuhaus(a)email.de wrote:
> Pleae, then tell me where to get phones with a Calypso
> baseband.
www.ebay.com
> And I'm talking about marked relevant prices.
> Don't waste my time with numbers like 5000$.
Several OsmocomBB-supported models are currently available on ebay for
dirt cheap.
> And to be relevant these phones must still be produced so
> I can get many, if I want.
How many? My company will be happy to produce 5000 Calypso-based
phones for you if you make a non-cancelable purchase order and prepay
the cost of parts and production. (5000 is the number of Calypso&co
chipsets I can buy immediately from my established supplier *without
doing any extensive searching*; one can probably get more with some
effort.)
> Beside, I think its better to work on reverse engineered
> GSM stacks like the Qualcom project as started in
It's easy to tell other people what they should work on. While you
are busy doing that, I'll just keep working on my own solution which
will actually result in a usable phone less than a year from now.
VLR,
SF
Someone (not clear who) said:
> > [...] The calypso is just to outdated to be interesting
> > for anything 'useable' beyond pure hacking-fun.
I violently disagree with that statement. I personally carry a
cellphone for one and only one purpose: so I can call my significant
other (soon to be wife) and she can cell me at any time. A handset
based on the Calypso chipset does this job wonderfully, and is IMO
the optimal tool for the job.
But the problem is that at the present time there does not exist any
cellphone at all, of any kind (dumb, smart, old, new, whatever) that
can make and receive cellular phone calls using only Free Software, as
defined by the Free Software Foundation, i.e., providing the user with
the most essential Four Freedoms:
http://www.gnu.org/philosophy/free-sw.html
Hence I am currently forced to use a cellphone that runs proprietary
firmware, such that I lack the ability to fix any of the UI design
flaws that constantly drive me nuts. This situation causes me severe
distress, hence I have committed my hobby time and cash budget to a
multi-year project to solve this pressing (for me) problem.
OsmocomBB is not a solution: it works wonders for "hacking-fun" (the
wording in the comment I'm responding to), but is utterly useless for
a practical phone which one can carry around in a pocket or purse: my
back just isn't strong enough to carry a supersized backpack containing
a full PC for running the L23 stack plus a bank of lead-acid batteries.
Hence I need a totally different Free Software GSM handset
implementation, one that actually runs on the phone itself with proper
power management exactly like the original proprietary firmware. And
because no one else is working on such a thing, I started my own, and
made quite a bit of progress:
https://bitbucket.org/falconian/freecalypso-sw
But I am using the same Calypso GSM chipset for my project as OsmocomBB
uses, simply because it is IMO the optimal tool for the job at hand:
allowing a person to communicate with his or her significant other by
way of cellular phone calls. The word "outdated" does not exist in my
vocabulary; I evaluate a tool based on how well it does the job, rather
than some arbitrary irrelevant criteria like manufacture date stamps
or whatever.
Viva la Revolucion,
SF
Hi Scott,
On 8/5/14, Scott Weisman <sweisman(a)pobox.com> wrote:
> I think this desire is recognized. I remember an initiative some years
> back, started with some enthusiasm, that never got passed the stage of
> deciding on NuttX as the OS to use, and forking it.
>
We got NuttX running on compal phones (Motorola C1xx, W220, etc),
including display support using NuttX's native graphic subsystem. The
code was submitted to NuttX mainline and now it is integrated.
Unfortunately nobody with more knowledge about GSM L1/L2 layers was
available to help in the stack porting. During the porting we got help
from Steve Markgraf.
Now the scenario is more complex, the original "team" is separated and
we don't have spare time to help.
Best Regards,
Alan
Steve Markgraf <steve(a)steve-m.de> wrote:
> I don't quite see how waving the Free Software flag and distributing
> proprietary source from the TSM30/Locosto leaks (pretty much everything
> in freecalypso-sw/gsm-fw/) go together.
That source is NOT proprietary, it is *ex*-proprietary. It *was*
proprietary, but not any more - it is now in the public domain.
Free Software is not just a "flag" to be waved, it is a practical
reality: in *practical* terms, software that is based on ex-proprietary
code that has been liberated through the exercise of Eminent Domain
and subsequently developed and maintained in the manner of a free sw
project gives its users all of the 4 freedoms defined by FSF.
However, I shall leave it here -- any further replies or comments or
questions in this thread will *not* elicit a further reply from me.
But if there is anyone else on this list who desires a usable cellphone
for talking to his or her significant other like I do, please be assured
that I have no plans of dropping the project; the work is progressing
at a steady pace as you can see from the Mercurial commit history, and
I have high hopes of some actually-usable result some time around the
end of 2014.
VLR,
SF
The kernel comes with a hypervisor (under BSD on Githu, too)
and you can run Linux in one virtual environment
(see http://l4linux.org/) and for example an GSM stack in
another virtual environment. So you can think of that kernel
as a kind of virtual machine that seperates the hardware
This way all virtual systems are prooven separated and I think
that is what the merkel-phone does.
owever NICTA is actually going much further. Thei are working
on a zero-bug (verified file system) and much more.
This kind of programming is entirely different from common
way to write a program. (YOU don't write the program, but you
write a proof in Coq or ISABEL ect and from this proof a
programm can be derived automatically)
> Gesendet: Dienstag, 05. August 2014 um 10:50 Uhr
> Von: "Sebastien Lorquet" <sebastien(a)lorquet.fr>
> An: mark.neuhaus(a)email.de
> Betreff: Re: Aw: Re: Re: Re: seL4 is open source now
>
> Hello,
>
> Reading through the se4l FAQ at http://sel4.systems/FAQ/ , I'm reading this:
>
>
> Unique about seL4 is its unprecedented degree of assurance, achieved through
> formal verification. Specifically, the ARM version of seL4 is the first (and
> still only) general-purpose OS kernel with a full code-level functional
> correctness proof, meaning a mathematical proof that the implementation (written
> in C) adheres to its specification. In short, the implementation is proved to be
> bug-free (see below). This also implies a number of other properties, such as
> freedom from buffer overflows, null pointer exceptions, use-after-free, etc.
>
>
> Okay with that. But also:
>
>
> There is a further proof that the binary code which executes on the hardware is
> a correct translation of the C code. This means that the compiler does not have
> to be trusted, and extends the functional correctness property to the binary.
>
>
> So that is very cool, even the binary result is proved, not only the source code !
>
> The only thing that bothers me is: what can I do with this cool software? It
> seems that little can be done without a set of userspace servers, so I guess we
> have to wait until some open source community provides useful software to run
> with this microkernel.
>
> Best regards,
>
> Sébastien Lorquet
>
> Le 02/08/2014 12:49, mark.neuhaus(a)email.de a écrit :
> >
> >> My idea is that at some point, the developers working at xda-developers
> >> (android phone hackers) will get enough knowledge of their baseband
> >> chips so that something can be done with osmocom. But this is only my
> >> opinion!
> >
> > Yes lets hope. The calypso is just to outdated to be interesting
> > for anything 'useable' beyond pure hacking-fun.
> >
>