I used mobile, trx,grgsm,sdr to connect to openBTS, still failed. I want to use gdb to trace the internal info, how to enable gdb info when build them? Thank.
I used osmocom-bb and grgsm with usrp b210 to connect openBTS, but failed. The command is "./mobile -c /home/oi/wf/osmocom-bb/doc/examples/mobile/default.cfg","./trxcon -p 5075 " ,"grgsm_trx -p 5075" .
When i used “./cell_log -A 1 ”, it could find plmn 1-1 with arfcn 1 which is same with openBTS.
DSUM INFO cell_log.c:344 Sync ARFCN 1 (rxlev -105, 1 syncs left)
DSUM INFO cell_log.c:372 Measure from 1 to 1
DSUM INFO l1ctl.c:1177 start_pm L1CTL_PM_CONF
DSUM INFO cell_log.c:400 start_pm S_L1CTL_PM_DONE
DSUM INFO cell_log.c:363 Measurement done
DSUM INFO cell_log.c:372 Measure from 1 to 1
DSUM INFO l1ctl.c:1177 start_pm L1CTL_PM_CONF
DSUM INFO cell_log.c:400 start_pm S_L1CTL_PM_DONE
DSUM INFO cell_log.c:363 Measurement done
DSUM INFO cell_log.c:372 Measure from 1 to 1
DSUM INFO l1ctl.c:1177 start_pm L1CTL_PM_CONF
DSUM INFO cell_log.c:400 start_pm S_L1CTL_PM_DONE
DSUM INFO cell_log.c:363 Measurement done
DSUM INFO cell_log.c:372 Measure from 1 to 1
DSUM INFO l1ctl.c:1177 start_pm L1CTL_PM_CONF
DSUM INFO cell_log.c:400 start_pm S_L1CTL_PM_DONE
DSUM INFO cell_log.c:363 Measurement done
DSUM INFO cell_log.c:372 Measure from 1 to 1
DSUM INFO l1ctl.c:1177 start_pm L1CTL_PM_CONF
DSUM INFO cell_log.c:400 start_pm S_L1CTL_PM_DONE
DSUM INFO cell_log.c:363 Measurement done
DSUM INFO cell_log.c:344 Sync ARFCN 1 (rxlev -105, 1 syncs left)
DSUM INFO cell_log.c:190 Cell: ARFCN=1 MCC-MNC=001-01 (Test, Test)
But when test with sim testcard 1, it failed to find the 1-1 cell. Could anyone give any suggestion about this? Thanks a lot!
6.5.0-25-generic #25~22.04.1-Ubuntu
osmocom-bb: commit 0d1ab4c8d2cbe0ba72662d5b466fb6c60cb8b45f (HEAD -> master, origin/master, origin/HEAD)
grgsm: https://github.com/bkerler/gr-gsm.git origin/maint-3.10_with_multiarfcn
Excel in NURS FPX 4010 Assessments with Our Expert Online Tutoring
Dominate your NURS FPX 4010 assessments with our specialized tutoring services. From Assessment 1 to 4, we provide comprehensive support to complete your nursing program with top grades. Start your success story today!
Introduction to NURS FPX 4010 Series Assessments
The NURS FPX 4010 series represents a significant milestone in the journey of nursing students. It challenges students to apply their knowledge in real-world scenarios, enhancing their clinical reasoning and decision-making skills. Whether you're just starting with NURS FPX 4010 Assessment 1 or gearing up for NURS FPX 4010 Assessment 4, each assessment is a step closer to achieving your academic and professional goals in nursing.
Why Our Tutoring Services Are Essential for Your Success
Navigating through the NURS FPX 4010 series requires more than just hard work; it demands strategic study plans and insights from experienced professionals. Our tutoring services are designed to guide you through each assessment, including NURS FPX 4010 Assessment 2 and NURS FPX 4010 Assessment 3, ensuring you grasp the core concepts and apply them effectively.
Customized Learning for Maximum Impact
We believe in a personalized approach to learning, recognizing that each student has unique strengths and challenges. Our tutors tailor their teaching methods to suit your individual needs, focusing on areas that require additional attention, such as NURS FPX 4010 Assessment 4, to maximize your learning outcome.
Expert Tutors Ready to Assist You
Our team comprises seasoned nursing educators who excel in their respective fields. They bring a wealth of knowledge and practical experience, providing invaluable insights into successfully completing assessments like NURS FPX 4010 Assessment 1. With our experts, you're not just preparing for an exam; you're gearing up for a successful career in nursing.
Achieve Excellence in One Billing Cycle
Our goal is to help you complete your BSN and MSN programs efficiently, without compromising the depth of learning. By focusing on crucial assessments, including NURS FPX 4010 Assessment 2 and NURS FPX 4010 Assessment 3, we streamline your study process to ensure you're exam-ready in the shortest possible time.
Comprehensive Support Tailored to Your Needs
From "Write my assessment" to "Online assessment help," we offer a range of services to support your academic journey. Our comprehensive tutoring package includes review sessions, practice questions, and personalized feedback, covering every aspect of the NURS FPX 4010 Assessment 4 and beyond.
Your Partner in Nursing Education
Choosing our tutoring services for the NURS FPX 4010 series is a step towards academic excellence and professional mastery. With our personalized support, expert guidance, and comprehensive resources, you'll be well-equipped to tackle each assessment with confidence and achieve your goals in the competitive field of nursing.
Elevate your nursing education with our expert tutors. Contact us now to learn how we can help you excel in the NURS FPX 4010 series and advance your career with confidence.
Dear osmocom developpers,
This is just to let you know that the Python library pycrate has a new home
: https://github.com/pycrate-org/pycrate. The packages on Pypi are now
feeded from there. This library can be used in many cases dealing with
mobile signalling.
I wanted to let you know, as even if I am not aware of any osmocom projects
depending on it, some of you may use the library from time to time, or
could have local applications depending on it.
Best Regards
Benoit
Hello Team,
I hope you are well and good .
While I am doing the compilation of osmocom BB , There are errors as
following , I committed the "Hello world" in the Makefile then there was
another error and it kept coming one after another after I did the commit .
Please note I have installed all the pre-requisites , GnuARM ToolChain
and Libsomocomcore as directed in document . Also I have tried on both
Ubuntu 20 and 22 but still the error keep coming .
Please let me know for any know solutions for the same and also let me know
if you need some more information from myside .
Advance thanks for your support and all this good work .
comm/timer.c: In function ‘timer_irq’:
comm/timer.c:184: warning: unused parameter ‘irq’
AR comm/libcomm.a
CC tiffs/globals.o
CC tiffs/init.o
CC tiffs/readfile.o
AR tiffs/libtiffs.a
LD board/compal_e88/hello_world.compalram.elf
arm-elf-gcc: board/compal_e88/hello_world.compalram.map: No such file or
directory
make[1]: *** [Makefile.inc:139: board/compal_e88/hello_world.compalram.elf]
Error 1
make[1]: Leaving directory '/home/lab3/osmocom-bb/src/target/firmware'
make: *** [Makefile:100: firmware] Error 2
BR//
Niraj Kumar
Hello Team,
I hope you are well and good .
While I am doing the compilation of osmocom BB , There are errors as
following , I committed the "Hello world" in the Makefile then there was
another error and it kept coming one after another after I did the commit .
Please note I have installed all the prerequisites , GnuARM ToolChain
and Libsomocomcore as directed in document . Also I have tried on both
Ubuntu 20 and 22 but still the error keep coming .
Please let me know for any know solutions for the same and also let me know
if you need some more information from myside .
Advance thanks for your support and all this good work .
comm/timer.c: In function ‘timer_irq’:
comm/timer.c:184: warning: unused parameter ‘irq’
AR comm/libcomm.a
CC tiffs/globals.o
CC tiffs/init.o
CC tiffs/readfile.o
AR tiffs/libtiffs.a
LD board/compal_e88/hello_world.compalram.elf
arm-elf-gcc: board/compal_e88/hello_world.compalram.map: No such file or
directory
make[1]: *** [Makefile.inc:139: board/compal_e88/hello_world.compalram.elf]
Error 1
make[1]: Leaving directory '/home/lab3/osmocom-bb/src/target/firmware'
make: *** [Makefile:100: firmware] Error 2
BR//
Niraj Kumar
Hi all,
I was approached by the person currently holding the [unused] airprobe.org
domain name. I guess it was at some point registered and intended to be used
for the project (back in the pre-osmocom days). As far as I know it was never
actually used for that.
So the question is now if anyone wants to get that domain transferred in
order to do something useful with it, or whether the current registrant
should simply let it expire?
Regards,
Harald
--
- Harald Welte <laforge(a)osmocom.org> https://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Dear Osmocom community,
we're happy to announce the next incarnation of OsmoDevCall.
when:
(today) November 15, 2023 at 20:00 CET
where:
https://osmocom.org/OsmoDevCall (Big Blue Button)
This time, @falconia will be presenting on
Calypso chipset history and development boards, from TI to FreeCalypso
This meeting will have the following schedule:
20:00 meet + greet
20:10 topic as outlined above
21:00 unstructured supplementary social event [*]
Attendance is free of charge and open to anyone with an interest
in Osmocom or open source cellular technologies.
More information about OsmoDevCall, including the schedule
for further upcoming events can be found at
https://osmocom.org/projects/osmo-dev-con/wiki/OsmoDevCall
Looking forward to meeting you soon!
Best regards,
Harald
[*] this is how we started to call the "unstructured" part of osmocom
developer conferences in the past, basically where anyone can talk about
anything, no formal schedule or structure.
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hello fellow GSM MS tinkerers,
Question: is there anyone on either ML who has any experience with
powering a GSM MS from USB, or had at least thought about this problem?
We all know the fundamental problem: during Tx bursts the PA in a GSM
MS can suck as much as 2 A, but the current budget of a classic USB
port is only 500 mA. However, that 2 A current draw has a duty cycle
of 1/8 of a TDMA frame, and the total energy transfer with 1/8 duty
cycle bursts of 2 A (at a given voltage) is equivalent to 250 mA
continuous draw - and the latter number is well within the range of
what a PC/laptop USB host port can supply.
Context: I am looking into the possibility of building a new GSM MS
board that would be just a little better than the one in OS#4030. The
goal is to produce a low-cost modem-only (no UI as in LCD etc, host
computer required for control) GSM MS using a pre-existing packaged
Calypso module (FC Tango, similar to GTM900, but a little better) with
a built-in USB adapter for the two Calypso UARTs - very similar goals
to OS#4030, but design it in such a way that will be suitable for both
firmware tastes, rather than OBB-only.
My initial thought was to require a separate non-USB supply for the
GSM side of this board, leaving USB power only for the FT2232H block.
This approach is not a problem from the perspective of cost - I
already have a large stock of 3.6V 2.2A power supply bricks that were
specifically made for powering FreeCalypso dev boards, hence the
least-effort and least-cost approach would be to simply include one of
these AC-to-3.6V adapters with each board and be done with it. But
use convenience does suffer with this approach: in addition to
connecting the GSM MS board to her PC/laptop with a USB cable, the
user would also have to connect the separate 3.6V power supply (and
have a spare AC power outlet for it) in order to bring the GSM MS to
life.
The whole arrangement would be much more convenient for the user if
she only needs to connect USB from her PC/laptop to the board and
that's it - have this USB supply power to the GSM MS and carry the two
ttyUSB channels for Calypso UARTs. But how to design it in hw so that
it will work correctly is the question.
My first thought in this direction is to implement a step-down
regulator (ideally a switcher, but linear may be OK too) from 5V down
to 3.5V as the first order of business, and then somehow deal with 2 A
current spikes on the 3.5V rail. Why 3.5V? Every power consumer
inside a Calypso+Iota+Rita module either uses actual LDO linear
regulators (Iota and Rita) or behaves (power-wise) in the manner of a
linear regulator (RF PA), thus one could actually feed 5V directly to
the VBAT input of such module - but this design would shorten the
longevity of components through higher heat dissipation inside Iota,
Rita and PA chips. If we stick a linear regulator down to 3.5V
somewhere between USB 5V power input and VBAT rail to the Calypso
module, the overall current and power consumption profile stays
exactly the same, but a big chunk of heat dissipation moves from
delicate RF components to that external 3.5V regulator, which can have
a proper heat sink. (The specific choice of 3.5V number is rather
arbitrary - the idea is to make it as low as possible while staying
within safe margins of "good battery" voltage.) And if we make that
5V to 3.5V regulator a switcher instead of linear, we'll have a little
less current drawn from the USB host for the same current into VBAT
GSM domain.
But what would be the right way to support 2 A current spikes during
GSM Tx bursts? I reason that a large capacitor will need to be placed
on the output of the 3.5V step-down regulator, one that will store
enough energy to feed the PA during that hungry burst - any thoughts
as to which type and size of capacitor would be most appropriate here?
And the most important question, for people with more EE experience
than me, and/or people who have already considered this problem: is
this capacitor solution expected to work, or is the problem intractable
in the sense that a USB-powered GSM MS, with the USB host limiting to
500 mA, will never be able to produce proper GSM Tx bursts at max power
without tripping overcurrent shutdown on the USB host port?
I would greatly appreciate some feedback on these ideas.
M~
P.S. Suggestions to move to USB Type C and USB-PD won't be helpful -
the dev board MUST be usable with traditional PC/laptop USB host ports
that max out at 500 mA and never switch from 5V to any other voltage.
Hi!
I am finishing an app in c++ for A5/3 rainbow tables on cuda.
Is somebody interested in sharing nvidia GPU for generating or costs for
cloud?
Regards!
пон, 23. окт 2023. у 14:04 <baseband-devel-request(a)lists.osmocom.org> је
написао/ла:
> Send baseband-devel mailing list submissions to
> baseband-devel(a)lists.osmocom.org
>
> To subscribe or unsubscribe via email, send a message with subject or
> body 'help' to
> baseband-devel-request(a)lists.osmocom.org
>
> You can reach the person managing the list at
> baseband-devel-owner(a)lists.osmocom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of baseband-devel digest..."Today's Topics:
>
> 1. Powering GSM MS from USB (Mychaela Falconia)
>
>
>
> ---------- Forwarded message ----------
> From: Mychaela Falconia <falcon(a)freecalypso.org>
> To: baseband-devel(a)lists.osmocom.org, community(a)freecalypso.org
> Cc:
> Bcc:
> Date: Sun, 22 Oct 2023 15:40:49 -0800
> Subject: Powering GSM MS from USB
> Hello fellow GSM MS tinkerers,
>
> Question: is there anyone on either ML who has any experience with
> powering a GSM MS from USB, or had at least thought about this problem?
>
> We all know the fundamental problem: during Tx bursts the PA in a GSM
> MS can suck as much as 2 A, but the current budget of a classic USB
> port is only 500 mA. However, that 2 A current draw has a duty cycle
> of 1/8 of a TDMA frame, and the total energy transfer with 1/8 duty
> cycle bursts of 2 A (at a given voltage) is equivalent to 250 mA
> continuous draw - and the latter number is well within the range of
> what a PC/laptop USB host port can supply.
>
> Context: I am looking into the possibility of building a new GSM MS
> board that would be just a little better than the one in OS#4030. The
> goal is to produce a low-cost modem-only (no UI as in LCD etc, host
> computer required for control) GSM MS using a pre-existing packaged
> Calypso module (FC Tango, similar to GTM900, but a little better) with
> a built-in USB adapter for the two Calypso UARTs - very similar goals
> to OS#4030, but design it in such a way that will be suitable for both
> firmware tastes, rather than OBB-only.
>
> My initial thought was to require a separate non-USB supply for the
> GSM side of this board, leaving USB power only for the FT2232H block.
> This approach is not a problem from the perspective of cost - I
> already have a large stock of 3.6V 2.2A power supply bricks that were
> specifically made for powering FreeCalypso dev boards, hence the
> least-effort and least-cost approach would be to simply include one of
> these AC-to-3.6V adapters with each board and be done with it. But
> use convenience does suffer with this approach: in addition to
> connecting the GSM MS board to her PC/laptop with a USB cable, the
> user would also have to connect the separate 3.6V power supply (and
> have a spare AC power outlet for it) in order to bring the GSM MS to
> life.
>
> The whole arrangement would be much more convenient for the user if
> she only needs to connect USB from her PC/laptop to the board and
> that's it - have this USB supply power to the GSM MS and carry the two
> ttyUSB channels for Calypso UARTs. But how to design it in hw so that
> it will work correctly is the question.
>
> My first thought in this direction is to implement a step-down
> regulator (ideally a switcher, but linear may be OK too) from 5V down
> to 3.5V as the first order of business, and then somehow deal with 2 A
> current spikes on the 3.5V rail. Why 3.5V? Every power consumer
> inside a Calypso+Iota+Rita module either uses actual LDO linear
> regulators (Iota and Rita) or behaves (power-wise) in the manner of a
> linear regulator (RF PA), thus one could actually feed 5V directly to
> the VBAT input of such module - but this design would shorten the
> longevity of components through higher heat dissipation inside Iota,
> Rita and PA chips. If we stick a linear regulator down to 3.5V
> somewhere between USB 5V power input and VBAT rail to the Calypso
> module, the overall current and power consumption profile stays
> exactly the same, but a big chunk of heat dissipation moves from
> delicate RF components to that external 3.5V regulator, which can have
> a proper heat sink. (The specific choice of 3.5V number is rather
> arbitrary - the idea is to make it as low as possible while staying
> within safe margins of "good battery" voltage.) And if we make that
> 5V to 3.5V regulator a switcher instead of linear, we'll have a little
> less current drawn from the USB host for the same current into VBAT
> GSM domain.
>
> But what would be the right way to support 2 A current spikes during
> GSM Tx bursts? I reason that a large capacitor will need to be placed
> on the output of the 3.5V step-down regulator, one that will store
> enough energy to feed the PA during that hungry burst - any thoughts
> as to which type and size of capacitor would be most appropriate here?
> And the most important question, for people with more EE experience
> than me, and/or people who have already considered this problem: is
> this capacitor solution expected to work, or is the problem intractable
> in the sense that a USB-powered GSM MS, with the USB host limiting to
> 500 mA, will never be able to produce proper GSM Tx bursts at max power
> without tripping overcurrent shutdown on the USB host port?
>
> I would greatly appreciate some feedback on these ideas.
>
> M~
>
> P.S. Suggestions to move to USB Type C and USB-PD won't be helpful -
> the dev board MUST be usable with traditional PC/laptop USB host ports
> that max out at 500 mA and never switch from 5V to any other voltage.
> _______________________________________________
> baseband-devel mailing list -- baseband-devel(a)lists.osmocom.org
> To unsubscribe send an email to baseband-devel-leave(a)lists.osmocom.org
>
For my thesis research, I am looking for a 3G protocol stack that enables users can call each other and make data connections. If I can, I need to establish 7-8Mbps for downlink in lab environment. Is it even possible, I don’t know yet? Besides, I am sure you know if I can make a call connection between 2G and 3G users via Osmocom. This is my another possible research subject. Thank you very much in advance for your answers. Best Regards,
Hello, I am a student at Kocaeli University. I am looking for open source software stack for 3G like OpenAirInterface for 5G or Osmocom for 2G for my work. (Osmocom has partial support for 3G)
I request you to direct me to the right resource that may know.
Thanks for your time and interest.
Kind regards,
Hello GSM MS communities,
I have a large inventory of FC Caramel2 boards that are in need of
loving homes. I mean these boards:
https://www.freecalypso.org/members/falcon/Caramel2/c2-fully-assembled.jpeg
For those who are familiar with FCDEV3B, Caramel2 boards are very
similar: all FreeCalypso tools work exactly the same (even with the
same -h fcfam target selector option), firmware functionality works
exactly the same (fcdev3b and tangomdm fw builds are made from the
same source, just minor electrical diffs between the two boards which
the fw needs to know about), same AT command interface, same rvinterf,
same everything. Vadim (fixeria) recently told me that he found FC to
have better CSD support than any other commonly available commercial
GSM modem - this aspect will work exactly the same on C2 as on FCDEV3B.
And for those who have an irresistible need to be naughty boys and run
naughty software, OBB can run on Tango/Caramel2 hardware too:
https://gerrit.osmocom.org/c/osmocom-bb/+/34297
The main diff between FCDEV3B and Caramel2 is that C2 came out a little
worse in terms of quality:
* FCDEV3B analog audio circuits (loudspeaker and mic) came out very
clean despite no special effort at design time: I never hear any "buzz"
from rectified GSM RF in FCDEV3B analog audio. OTOH, with C2 the audio
is dirty by default, and to get it mostly-clean, I have to insert a
long coax between the antenna connector on the board and the actual
antenna, to move the radiating element away from the analog audio
circuits.
* LEDs: the single green LED on FCDEV3B indicates 100% reliably if the
chipset is switched-on or switched-off, but Caramel2 board LEDs
sometimes exhibit erratic behaviour as a result of wayward current
paths, as I explain in the Status Report and User's Guide document:
https://www.freecalypso.org/pub/GSM/FreeCalypso/Tango/Caramel2-SR-UG-v1.2.p…
Seeing that Caramel2 design is flawed, I won't be making any more of
them: *if* I decide to produce another board in the future with similar
functionality, it will need to be a new design, adding LVC buffers for
proper PPD support (partial power-down) and reworking the audio
circuits. In this light, the existing inventory of C2 boards needs to
be put on clearance - they are just gathering dust right now, but they
should be perfectly suitable for more casual users with less stringest
quality requirements.
I have enough stock to supply 12 complete kits consisting of:
* Caramel2 main board;
* FT2232D-based DUART28 adapter board;
* Power adapter from universal AC (worldwide voltage and frequency
range) to 3.6 VDC;
* Possibly FC-HDS4 headset and quadband GSM antenna.
Once again, this board is a *clearance* item - no more will be made,
but the already-made ones are looking for loving homes.
*IF* there is any community interest in these boards, I would be happy
to ship a few to Sysmocom, to be further distributed via the webshop.
It would also be helpful if those who are interested in these clearance
boards (if any) could state what they would consider to be a fair price
for a full kit as described above.
M~
P.S. If anyone still does CalypsoBTS hacks, these boards would NOT be
a good choice for it, as the Rx SAW filters are totally inaccessible
to rework - all 4 SAW filters (for full quadband Rx) are integrated
into a monolithic chip-like module from Epcos, which is then embedded
into the TR-800 module which is not amenable at all to rework. However,
if you merely wish to see what's inside that TR-800 module, without
modifying it, we have published results of a complete PCB reverse eng
job on it:
https://www.freecalypso.org/pub/GSM/iWOW/TR800-reverse-eng-gerbers.tar.bz2https://www.freecalypso.org/pub/GSM/FreeCalypso/Tango/FC-Tango-netlist.tar.…
Dear Osmocom community,
while many people with a long history in FOSS development have no issues
at all with mailing lists as primary form of engaging with their
community, they have undoubtedly fallen out of fashion in favor of
various chat/messaging systems or web based forums.
In Osmocom, we've just launched an installation of the discourse forum
software available at https://discourse.osmocom.org/ providing an
alternative to our traditional mailing lists at https://lists.osmocom.org/
We're looking forward to see whether this web-based approach will
facilitate more and/or other people to engage with the Osmocom
developer/contributor community.
Feel free to join and get the discussions started. If there's a need
for more categories or sub-categories, just let one of the moderators
know and we can help with that.
The old mailing lists will continue to remain available for those who
prefer them.
--
- Harald Welte <laforge(a)osmocom.org> https://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Bastien Baranoff wrote:
> Hello all, the attack : you generate the rainbow tables for each possibles ki
> with a given rand set, send this rand (which is not random ;) the phone
> respond with sres you make the operation for 3 or 4 rand and meaningly
> decrease the possibility of ki. Do you think it is realisable ?
Someone please correct me if I'm wrong on this detail, but it is my
understanding that no mainstream commercial operator today (outside of
personal enthusiast tinkerers in Osmocom and similar communities)
issues native 2G SIM cards any more - instead all of their current SIM
cards are actually USIM/ISIM, and if GSM 11.11 SIM operation is
supported at all, it is only provided as a backward compatibility
mode. I reason that these "modern" SIMs must be using Milenage in
their native 3G/4G mode, thus their secret key material is not classic
Ki, but K/Ki (128 bits) plus OPc (another 128 bits), for a total of
256 bits of secret key material.
What happens when these "modern" SIMs are accessed via GSM 11.11 SIM
protocol, or when 2G authentication is requested in a USIM session?
I find it doubtful that they switch to COMP128 (any version) in this
mode, instead I reason that they use 2G mode of Milenage, which still
uses both K/Ki and OPc - thus the secret key material used even for 2G
Kc and SRES generation from RAND is still 256 bits rather than 128.
Again, someone please correct me if my reasoning is wrong here.
M~
Hello,
I am new to this Project and I am having a Problem with running the
Transceiver. I hope you can help me out.
When i start the Transceiver on 2 Phones with this commands
./osmocon -p /dev/ttyUSB1 -m c123xor -s /tmp/osmocom_l2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
./osmocon -p /dev/ttyUSB2 -m c123xor -s /tmp/osmocom_l2.2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
and
sudo ./transceiver -e 1 -2 -a 47 -r 99
it throws an error which i can not solve. Maybe i am blind or something,
but it doesn't work. I tried to kill the process but i can't find anything.
The CLI gave me this error:
~/osmocom/osmocom-bb/src/host/layer23/src/transceiver# sudo
./transceiver -e 1 -2 -a 47 -r 99
47
41
1
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
Aborted
Even when i try to start it with only 1 Phone, it doesn't run. There is
a Problem, but i can't figure out what it is...
I hope you can help me out for running my Transceiver or give me some hints.
Thank you very much
Sally
Hi guys,
First of all, I want to reassure all the ML members that this is an
isolated pseudo spam post and I asked in advance for permission from Harald
to post it.
Said that... I just wanted to let you know that ZTE is opening a
CyberSecurity Lab in Germany and they are looking for Security Engineers
passionate about Telco Security.
*Position: *
Cybersecurity Engineer
*Location:*
Düsseldorf, Germany
*Responsibilities**:*
1. Testing the the security performance (at least but not limited to
penetration testing) of ZTE products. Drafting documents and reporting
testing results to stakeholders.
2. Participating in security research activities and projects in the
Telecommunication field. Study and use cutting-edge security
technology/tools for test and research.
3. Participating in product security risk analysis and security
requirements collection.
4. Participating in lab operations.
5. Participate in the product security incident response, trace the
attack, and give rectification plans.
6. Assisting in security certifications, support security vulnerability
verification and rectification of products.
7. Assisting in communicating security-related matters on products
across multiple departments
*Link for applications:*
https://www.linkedin.com/jobs/view/3361789707/
In case of questions, feel free to ping me here or reach me on LinkedIn [1]
Cheers
Luca
[1] https://www.linkedin.com/in/lucabongiorni/
Hello,
i'm stucking at running my transceiver. it should be working, but it
doesn`t.
if i am trying to run both transceivers with:
root:~/osmocom/osmocom-bb/src/host/osmocon #? $ ./osmocon -p
/dev/ttyUSB1 -m c123xor -s /tmp/osmocom_l2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
root:~/osmocom/osmocom-bb/src/host/osmocon #? $ ./osmocon -p
/dev/ttyUSB2 -m c123xor -s /tmp/osmocom_l2.2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
this one here doesn`t work like it did before. It shows me this Error
here. What can ido to get rid of this Error? Can i kill the Process of
the TRX or restart it?
root:~/osmocom/osmocom-bb/src/host/layer23/src/transceiver #? $ sudo
./transceiver -e 1 -2 -a 47 -r 99
47
41
1
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
Aborted
it would be nice to hear from you. thanks
msfu777
Hello,
I found 3x C155, 1x C116 while cleaning out my attic.
I there is somebody interested in this devices? I would be happy to give
them to the community.
muebau
Hi Osmocom and FreeCalypso communities,
I would like to disclose my recent discovery, which so far was
discussed within a small group of Osmocom members and with Mychaela
Falconia.
==== A bit of history ====
There exists a tool for flashing old Sony Ericsson phones called
pstool (search for 'PSTool_SE_ODM_free' in your favorite search
engine). It's a Windows executable with a custom GUI, and with some
additional clarifications specifically for "big Russian specialists"
:P
Unlike the more famous SETool2 Lite, which does support a wide range
of phones based on SEMC's own A1 DB2xxx and A2 DB3xxx chipsets, the
pstool is limited to only a few phone models (all listed in GUI):
* J100i, J110i, J120i,
* K200i, K220i.
Among them is Sony Ericsson J100i [1], a Calypso based phone designed
by Compal, on which you can already run custom OsmocomBB or
FreeCalypso firmware. Both J110i and J120i are likely variants of
J100i with some minor differences (correct me if I am wrong).
[1] https://osmocom.org/projects/baseband/wiki/SonyEricssonJ100i
My curiosity was piqued when I saw K200i/K220i in the dropdown list of
the pstool. I ordered a few phones on a local advertising site
assuming that they may also be based on Calypso. And... yes, they are!
==== Hardware ====
For those who are interested to see the inside, here are some photos:
https://people.osmocom.org/fixeria/dump/se_k200i/board/
Some highlights (from Mychaela's E-mail):
* Calypso 751992A (C035, final DSP ROM version 3606, full 512 KiB IRAM),
* RF: Familiar Iota TWL3025 ABB and Rita, PA SKY77318,
* Flash: SPANSION S71PL129NB0HFW4B (16 MiB NOR + 4 Mib XRAM),
* Winbond W56932DYX - probably a ringtone melody player?
According to [2], K220i is identical to K200i with the only difference
that the former has an FM radio receiver. If anyone has a K220i, I
would be interested to see the board photos though.
[2] https://mobile-review.com/review/sonyericsson-k200.shtml
==== Software ====
I was able to get the FreeCalypso loadagent running:
https://people.osmocom.org/fixeria/dump/se_k200i/info.txt
and managed to dump the raw flash contents:
https://people.osmocom.org/fixeria/dump/se_k200i/K200i-fc-flash1.binhttps://people.osmocom.org/fixeria/dump/se_k200i/K200i-fc-flash2.bin
The DSP ROM is a well-known version 3606:
https://people.osmocom.org/fixeria/dump/se_k200i/dspromdump.txt
I was also able to get unmodified OsmocomBB layer1 firmware (the J100i
variant) running and even got the basic Rx functionality working:
* cell_log is able to find cells,
* ccch_scan happily decodes BCCH/AGCH/PCH messages.
What's really nice about the K200i is that (unlike the J100i) it has
the Calypso boot ROM unlocked, just like Pirelli DP-L10 [3]. This
makes it impossible to brick the phone by erasing the flash.
[3] https://osmocom.org/projects/baseband/wiki/PirelliDPL10
==== Summary ====
At the moment of writing this announcement, K200i is neither supported
by OsmocomBB nor by FreeCalypso. The big problem here is that we could
not find the board schematics, so we don't have sufficient knowledge
on how the RFFE control signals are routed. Figuring this out (be it
hw-based or fw-based approach) is quite a big effort, and I doubt
there will be a commercial interest to sponsor this.
In any case, I believe it's a nice *potential* target, so I created a
wiki page [4] with all the relevant information about K200i.
[4] https://osmocom.org/projects/baseband/wiki/SonyEricssonK200i
Now I am giving the podium to Mychaela, I am sure she has more to say :P
Best regards,
Vadim.
Dear Osmocom community,
your input is required in order to tune the re-launch of the OsmoDevCall
talk series. One of the complaints before the suspension in Summer this year
was that the "Friday night 8pm CEST" timeslot was not exactly ideal for several
people.
Finding a common denominator might be difficult, given that Osmocom is a dayjob
for some, a hobby for most, and we're of course not all in the same time zone
or even continent.
So let's try to run a couple of polls to figure out:
* What is the best day of the week for OsmoDevCall?
https://bitpoll.de/poll/CEQnaQKEvO/
* What is the best time of day for OsmoDevCall?
https://bitpoll.de/poll/59dgmzOocT/
* What is the best frequency of OsmoDevCall
https://bitpoll.de/poll/8jyuRJB6Hb/
The polls are open until October 21st, 2021. I would appreciate a high turn-out
so we have a good representation across our community to make an educated decision
about the schedule of futur events.
Can't wait to re-start OsmoDevCall!
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
hi there,
i ran into an error with ./transceiver in osmocom-bb
if i write
osmocom/osmocom-bb/src/host/layer23/src/transceiver # sudo ./transceiver
-a 47 -2 -r 99
the cli returns with
47
41
1
Aborted
what am i doing wrong? i hope you can help me out.
have a nice day
msfu
Hello if I remember i have tested to telnet 192.168.0.1 8090 or if I
broadcast DHCP from my PC I have 192.168.0.142 but in both cases i have
connection refused :( you mean that if I buy sysmocell i will be able to
flash FW on my nano3G will check if I can have serial. Thank you for your
response I will keep the community in touch if I can go further. I will
only be able to make new tests in 10 days... :(
Le dim. 7 août 2022 à 16:09, Neels Hofmeyr <nhofmeyr(a)sysmocom.de> a écrit :
> I dimly remember that the nano3G have both serial console contacts you can
> solder onto, as well as an exploitable DHCP client (what i heard is that
> the
> DHCP client is a bash script that fails to properly escape the host name
> given
> to the DHCP client). With that you might be able to gain ssh access. Even
> then
> you may not have much of a chance to get it to run, depending on the
> installed
> firmware.
>
> A factoid is that a nano3G obtained from sysmocom.de will work with
> osmo-hnbgw.
> Not sure if it is still in the shop... Some of them have also been given
> away
> free of charge, to non-commercial users: research / hacker spaces. So if I
> needed one to play with, I guess I would ask sysmocom indicating my
> intended
> use, or ask some of the people that got one from Accelerate3g5 -- in case
> there's someone no longer using their nano3G:
> https://osmocom.org/projects/cellular-infrastructure/wiki/Accelerate3g5
>
> HTH,
>
> ~N
>
Hello @osmocom i wonder something. I have bought IP. accès NANO 3 G S8
Modèle # 237BA UMTS Band 2/5 (800 Mhz) will i have a chance to make it work
with accelerate 3g5 software thanks, Bastien Baranoff
mailto:baseband-devel@lists.osmocom.org
Hello everybody!
I built osmocombb main branch many times without problem.
I downloaded sylvain_ind branch prebuilt vm because has no success to buiding.
My error is:
make[1]: Entering directory '/home/user/osmocom-bb-sylvain-burst_ind/src/target/firmware'
make[1]: *** No rule to make target 'include/tiffs.h', needed by 'board/compal_e88/init.o'. Stop.
But even prebuilt VM dosent show BURST_IND when start ccch_scan.
I have feeling that everything is firmware problem.
Can somebody send me a link with prebult sylvain_ind firmware or even better link oo some upload service with prebuilt VM?
I will be very thankfull and i am willing to pay for
that and some explanation via chat or email.
Thank you very much!
Kind regards!
hi there,
i ran into an error with ./transceiver in osmocom-bb
if i write
osmocom/osmocom-bb/src/host/layer23/src/transceiver # sudo ./transceiver
-a 47 -2 -r 99
the cli returns with
47
41
1
Aborted
what am i doing wrong? i hope you can help me out.
have a nice day
msfu
hi there,
i ran into an error with ./transceiver in osmocom-bb
if i write
osmocom/osmocom-bb/src/host/layer23/src/transceiver # sudo ./transceiver
-a 47 -2 -r 99
the cli returns with
47
41
1
Aborted
what am i doing wrong? i hope you can help me out.
have a nice day
msfu
Hello,
im trying to open the mobile application but it tells me that it failed
to parse the configuration file.
~/osmocom/osmocom-bb/src/host/layer23/src/mobile# sudo ./mobile
Copyright (C) 2010-2015 Andreas Eversberg, Sylvain Munaut, Holger
Freyther, Harald Welte
Contributions by Alex Badea, Pablo Neira, Steve Markgraf and others
License GPLv2+: GNU GPL version 2 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
<0011> app_mobile.c:451 Failed to parse the configuration file
'/root/.osmocom/bb/mobile.cfg'
<0011> app_mobile.c:454 Please make sure the file
'/root/.osmocom/bb/mobile.cfg' exists, or use an example from
'doc/examples/mobile/'
i was searching for the directory /root/.osmocom/bb/ to build the
missing file but i cannot find it.
Am i blind or where is this folder? it is not in my Home or root directory.
Thanks for your help
best regards
msfu
Hi there,
after a fresh new install i tried to open layer1 in osmocombb but the
tool gave me this error:
~/osmocom/osmocom-bb/src/host/osmocon# sudo ./osmocon -m c123xor -p
/dev/ttyUSB1 -c
root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/layer1.compalram.bin
got 2 bytes from modem, data looks like: 04 81 ..
got 5 bytes from modem, data looks like: 1b f6 02 00 41 ....A
got 1 bytes from modem, data looks like: 01 .
got 1 bytes from modem, data looks like: 40 @
Received PROMPT1 from phone, responding with CMD
read_file(chainloader): file_size=32, hdr_len=4, dnload_len=39
got 1 bytes from modem, data looks like: 1b .
got 1 bytes from modem, data looks like: f6 .
got 1 bytes from modem, data looks like: 02 .
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 02 .
got 1 bytes from modem, data looks like: 43 C
Received PROMPT2 from phone, starting download
handle_write(): 39 bytes (39/39)
handle_write(): finished
got 1 bytes from modem, data looks like: 1b .
got 1 bytes from modem, data looks like: f6 .
got 1 bytes from modem, data looks like: 02 .
got 1 bytes from modem, data looks like: 00 .
got 1 bytes from modem, data looks like: 41 A
got 1 bytes from modem, data looks like: 03 .
got 1 bytes from modem, data looks like: 42 B
Received DOWNLOAD ACK from phone, your code is running now!
Enabled Compal ramloader -> Calypso romloader chainloading mode
Received ident ack from phone, sending parameter sequence
opening file: No such file or directory
i dont think its broken, but maybe its a spelling error or something?
I hope you can help me. I'm just irritated.
Have a nice day
msfu
Hi all!
[please follow-up-to the openbsc(a)lists.osmocom.org mailing list, if
there is any discussion, we don't want to drag it over tons of mailing
lists in parallel]
Some weeks ago, I created https://osmocom.org/issues/5397 but it seems nobody
noticed the ticket or had any comments to it.
So let me post this as RFC here on the mailing list:
In the past, we had a gitolite/gitosis setup, which was fine in the
early days of git, but it means that people cannot easily create new
repositories, see who has permissions, and we cannot delegate ownership.
Even updating SSH keys requires manual interaction of a sysadmin like
me.
I would therefore suggest to migrate git.osmocom.org to gitea[1]
This would allow the following features:
* users can self-create any number of personal repositories (like gitlab/github)
* we can create 'organizations' along the line of reasonably independent
osmocom member projects like op25, who can then manage their own
repos/permissions/...
* gitea can link to redmine wiki and redmine issue trackers (rather than
using its own built-in)
For those repositories hosted in gerrit (mainly CNI), we would still
keep git.osmocom.org a read-only mirror, like we do it right now.
For those repositories not hosted in gerrit, users/projects could then
accept merge requests in gitea. Coupling this with 3rd party
authentication via github/gitlab/etc should make it easier for the
occasional contributor to submit changes.
There is a downside, of course; A lot of repo URLs have to change. Most
of our current repositories are at git.osmocom.org/project.git while
gitea follows a git.osmocom.org/organization/project.git scheme. I'm not
sure there is any way to help to mitigate this...
Any thoughts, comments?
[1] https://gitea.io/
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Dear fellow Osmocom developers,
as you all know, we've sadly had to skip OsmoDevCon 2020 and 2021,
trying to compensate it at least to some extent with our OsmoDevCall
every two weeks.
The COVID-19 pandemic is far from over, and we don't know what the
upcoming winter season will bring.
Nevertheless, I think it would be a good idea to start a discussion of
whether we should plan for an OsmoDevCon in 2022.
I personally would say let's plan for the usual late April 2022 time frame,
and if the pandemic situation deteriorates, we can still cancel it with
something like one month lead time.
I would also personally suggest to limit attendance to people who are fully
vaccinated, and in addition do a self-test for all participants every
morning.
In terms of venue, we might also consider to move to a venue that allows better
ventilation. Irrespective of the above we can also bring the air filters from
the sysmocom office.
So with that as an input statement, I would like to hear your opinion
on the above proposals. Who would want to attend? Any complaints against
the "vaccinated only plus daily self-tests in the morning" approach?
Regards,
Harald
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
As I understand it is now possible to have a full software GSM stack in
software[1], with the stock osmocomBB since trx_toolkit target was
merged in OsmocomBB.
Many network side components have releases[2] and several distributions
already have part of the osmocom stack packaged[3][4].
To me having releases for osmocomBB as well also look interesting as
we could then more easily make packages for it.
It could then be used to test the other components of the stack either
with hardware[5] or with pure software, or to easily install and
keep up to date the tools (osmocon, osmoload, etc).
Would the osmocomBB be interested in doing releases? Or is there
something that is preventing that from happening (lack of interest?,
lack of time/volunteers?, technical issues?).
References:
-----------
[1]https://osmocom.org/projects/baseband/wiki/FakeTRX
[2]https://projects.osmocom.org/news/152
[3]https://packages.debian.org/search?keywords=osmo&searchon=names&suite=sta…
[4]https://packages.gentoo.org/packages/net-libs/libosmocore
[5]As I understand, it would require either a test license or a specific
hardware setup with cables, attenuator(s) and a duplexer/circulator
and to enable transmit support.
Denis.
Hi everyone.
In MT Call flow must be as below MS BTS
<- Setup Call Confirmed -> <- Assignment Command Assignment Completed -> Alerting -> Connect->
but in implemented code in mnccms.c file immediately after sending Call Confirmed message, Alerting message is sent from MS to BTS , and this lead to ignorance of Assignment Command from BTS. WHY the procedure implemented as this ???
Dear Osmocom community,
today our mailing list server lists.osmocom.org has finally been migrated
from mailman2-on-freebsd to mailman3-on-linux. This also included a variety
of changes to DNS. I'll spare you the details, but everything _should_ be up
and running now.
* The List-Id headers should not have changed.
* all list subscriptions + user accounts have been converted.
* old 'static html' archives are still available (read only) at URLs like
https://lists.osmocom.org/pipermail/baseband-devel/
* old List URLs like https://lists.osmocom.org/mailman/listinfo/baseband-devel
are redirected to their respective modern counterparts
In case you notice any mailing list related problem, please don't hesitate to
contact me.
Happy hacking,
Harald
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Thanks and Regards,
RM
On Sat, May 10, 2014 at 4:13 PM, Labs <rp.labs(a)gmx.ch> wrote:
> Hello,
>
> In this case it can be some hardware issue with your phone.
> If your phone was pre 4.24 software version and it was upgraded it is
> possible to have a corrupted EEPROM and you need to use some software tools
> to repair it.
>
> If that is not the case you can try to identify what hardware component is
> broken by manually pickup a 900 or 1800 operator and check it if it works.
> If one is working and one not this means your duplexer has issues and needs
> to be replaced. Other components that might have issues are the PA and
> COBBA ICs. Considering that a 3310 you can get for free now it's not worth
> it to repair it.
>
> Regards,
> R.
>
>
> On 05/10/2014 05:21 PM, R M wrote:
>
>> Hi,
>>
>> The phone is not locked to any network. Its an unlocked phone. I have
>> confirmed that.
>>
>> Thanks and Regards,
>> RM
>>
>>
>> On Sat, May 10, 2014 at 7:25 AM, Labs <rp.labs(a)gmx.ch
>> <mailto:rp.labs@gmx.ch>> wrote:
>>
>>
>>
>> On 05/10/2014 12:51 PM, R M wrote:
>>
>> Hi,
>>
>> I have recently purchased a SIM card. When I use the SIM in
>> Nokia 3310,
>> and try to manually select a particular cell, it says no access.
>> SIM
>> belongs to the same network.
>>
>>
>> Looks like your 3310 has a network lock. Are you sure that your
>> phone is unlocked? You can test it with 2 different SIM cards for
>> real networks and confirm that it is OK. DCT3 phones can be easily
>> unlocked via IMEI.
>>
>> Regards,
>> R.
>>
>>
>>
--089e0158c1089091e804f922f13b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi,<div><br></div><div>Thanks for your assistance.<div sty=
le><br></div><div style>So far from my analysis, this is what I have got:</=
div><div style><br></div><div style>After the BTS sends Location Update Acc=
ept message to the MS, =C2=A0the MS responds with a MM status message sayin=
g=C2=A0</div>
<div style>"Invalid Mandatory Information".</div><div style><br><=
/div><div style>In a working case, the MS should respond with a TMSI Reallo=
cation Complete message which is not happening.</div></div><div style><br>
</div><div style>From here, I don't know how to proceed further.</div><=
div style><br></div><div style>Thanks and Regards,</div><div style>RM</div>=
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sat,=
May 10, 2014 at 4:13 PM, Labs <span dir=3D"ltr"><<a href=3D"mailto:rp.l=
abs(a)gmx.ch" target=3D"_blank">rp.labs(a)gmx.ch</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hello,<br>
<br>
In this case it can be some hardware issue with your phone.<br>
If your phone was pre 4.24 software version and it was upgraded it is possi=
ble to have a corrupted EEPROM and you need to use some software tools to r=
epair it.<br>
<br>
If that is not the case you can try to identify what hardware component is =
broken by manually pickup a 900 or 1800 operator and check it if it works. =
If one is working and one not this means your duplexer has issues and needs=
to be replaced. Other components that might have issues are the PA and COB=
BA ICs. Considering that a 3310 you can get for free now it's not worth=
it to repair it.<br>
<br>
Regards,<br>
R.<div class=3D""><br>
<br>
On 05/10/2014 05:21 PM, R M wrote:<br>
</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
eft:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br><div class=3D"">
The phone is not locked to any network. Its an unlocked phone. I have<br>
confirmed that.<br>
<br>
Thanks and Regards,<br>
RM<br>
<br>
<br>
On Sat, May 10, 2014 at 7:25 AM, Labs <<a href=3D"mailto:rp.labs@gmx.ch"=
target=3D"_blank">rp.labs(a)gmx.ch</a><br></div><div class=3D"">
<mailto:<a href=3D"mailto:rp.labs@gmx.ch" target=3D"_blank">rp.labs(a)gmx.=
ch</a>>> wrote:<br>
<br>
<br>
<br>
=C2=A0 =C2=A0 On 05/10/2014 12:51 PM, R M wrote:<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Hi,<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 I have recently purchased a SIM card. When I us=
e the SIM in<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Nokia 3310,<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 and try to manually select a particular cell, i=
t says no access. SIM<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 belongs to the same network.<br>
<br>
<br>
=C2=A0 =C2=A0 Looks like your 3310 has a network lock. Are you sure that yo=
ur<br>
=C2=A0 =C2=A0 phone is unlocked? You can test it with 2 different SIM cards=
for<br>
=C2=A0 =C2=A0 real networks and confirm that it is OK. DCT3 phones can be e=
asily<br>
=C2=A0 =C2=A0 unlocked via IMEI.<br>
<br>
=C2=A0 =C2=A0 Regards,<br>
=C2=A0 =C2=A0 R.<br>
<br>
<br>
</div></blockquote>
</blockquote></div><br></div>
--089e0158c1089091e804f922f13b--
lot of advanced linux users. You can get help from them as well if you<br>
still face issues as they can see your computer screen.<br>
<br>
Regards,<br>
RM<br>
</blockquote></div><br></div>
--047d7b5da6c7ede59304ff644e64--
And add some printf at voice.c
when run bb, i used one c118, I can see that the voice data from L2/L3
to L1, and got some data from L1(the first char is 0xd) at l1ctr.c
l1ctr_traffic_ind.
All seem ok, but the called phone can not hear any data that LCR send,
and the LCR also can not get any useful data.
Especially I still can hear voice form C118 speaker that the called
phone send,
and the called phone can hear that the voice data the C118 michone send.
But I already changed the audio mode in gsm48_rr.c at gsm48_rr_init.
please give me some advice.
best regards
shrek
TDI - TP8
TCK - TP17
TDO - TP16
TMS - TP18
Looking at the board from the battery compartment side with the top of the phone pointing North/Up I see at least TP17 is near the right-hand bank of test points visible from the battery compartment. From left-to-right there I see something like: TP12, TP18?, TP16?, TP17 so it looks like I have two of the TPs I need: 17 and
18.
I can't seem to find TP6 or TP8 anywhere on the schematic.
-Craig
---1562933420-544822754-1380899330=:47346
Content-Type: text/html; charset=us-ascii
<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt">I cracked open the shield on my C139 and didn't see the TPs I expected from the schematic. I thought maybe the angle of the photo on osmocom hid the TPs but it really didn't.<br><br>I'll try my C115 instead since that is more clear and accessible. Flashing hello_world on my C115 seemed to fail in a similar fashion as it does on my C139 so maybe the same issue exists there.<br><br>I was wrong too... it was TP16 not TP6, so I found TP16 but still haven't located TP8 on the C139 schematic.<br><br>-Craig<br><div><span><br></span></div><div><br></div> <div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Craig Comstock
<craig_comstock(a)yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> "baseband-devel(a)lists.osmocom.org" <baseband-devel(a)lists.osmocom.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, October 3, 2013 9:57 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> c139/c140 jtag anyone?<br> </font> </div> <div class="y_msg_container"><br><div id="yiv5755079058"><div><div style="color:#000;background-color:#fff;font-family:arial, helvetica, sans-serif;font-size:10pt;">I'm at the point w/ flashing firmware where I feel like I need to use a debugger w/ JTAG. I figured I could probably use serial line logging somehow but JTAG seems better and I should learn it anyway.<br><br>Has anyone pried open the shield on a c139/c140 and tried attaching to the JTAG test points that are just inside the shield next to the test points which are accessible via the battery compartment?<br><br>From what I can gather from the
schematics:<br>TDI - TP8<br>TCK - TP17<br>TDO - TP16<br>TMS - TP18<br><br>Looking at the board from the battery compartment side with the top of the phone pointing North/Up I see at least TP17 is near the right-hand bank of test points visible from the battery compartment. From left-to-right there I see something like: TP12, TP18?, TP16?, TP17 so it looks like I have two of the TPs I need: 17 and
18.<br><br>I can't seem to find TP6 or TP8 anywhere on the schematic.<br><br>-Craig<br><div><br></div></div></div></div><br><br></div> </div> </div> </div></body></html>
---1562933420-544822754-1380899330=:47346--
TDI - TP8
TCK - TP17
TDO - TP6
TMS - TP18
Looking at the board from the battery compartment side with the top of the phone pointing North/Up I see at least TP17 is near the right-hand bank of test points visible from the battery compartment. From left-to-right there I see something like: TP12, TP18?, TP16?, TP17 so it looks like I have two of the TPs I need: 17 and 18.
I can't seem to find TP6 or TP8 anywhere on the schematic.
-Craig
--344044665-458139408-1380812233=:84280
Content-Type: text/html; charset=us-ascii
<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt">I'm at the point w/ flashing firmware where I feel like I need to use a debugger w/ JTAG. I figured I could probably use serial line logging somehow but JTAG seems better and I should learn it anyway.<br><br>Has anyone pried open the shield on a c139/c140 and tried attaching to the JTAG test points that are just inside the shield next to the test points which are accessible via the battery compartment?<br><br>From what I can gather from the schematics:<br>TDI - TP8<br>TCK - TP17<br>TDO - TP6<br>TMS - TP18<br><br>Looking at the board from the battery compartment side with the top of the phone pointing North/Up I see at least TP17 is near the right-hand bank of test points visible from the battery compartment. From left-to-right there I see something like: TP12, TP18?, TP16?, TP17 so it looks like I have two of the TPs I need: 17 and
18.<br><br>I can't seem to find TP6 or TP8 anywhere on the schematic.<br><br>-Craig<br><div><br></div></div></body></html>
--344044665-458139408-1380812233=:84280--
fed to LAPDm at all. So when you get a L2 packet from L1, instead of
blindly feeding it to LAPDm, you should check a LPD handler table to
know who to feed it to, and for normal channels there would only be
handler for LAPDm and for CBCH channel there would be no LAPDm handler
and only a LPD=01 handler.
> In the future, we can also add the BTS-side implementation. I don't
> think they can share much code,
If they can't share code, then, I would make sure to mark the method
to be 'ms' side so as to keep the namespace clear.
Also, I would stick to the convention we used for sms and name it
something like gsm412_ms_entity (and same for the methods)
> but it might make sense to have both in the same place.
That's not really the policy we used so far. Only shared code goes to
libosmo-xxx
If it ever comes a time where we need it in another project, it'll
still be time to move it there then.
> I can spin a patch series directly on top of osmocom-bb, but the
> testcases will probably not make it.
Why ? layer23 is auto-tools based as well, copying the test suite
stuff from libosmocore shouldn't be too hard.
Cheers,
Sylvain
other but rather completely separate.
And again from the spec, should you expect one or the other on a
channel, you must ignore any packets with the wrong LPD. So AFAIK on a
CBCH channel if you ever get a LPD=00 it should be ignored and not fed
to a LAPDm processor. Same thing for a BTS side LAPDm instance if it
receives a LPD=01 it should be ignored.
Wireshark. Tracing the code shows that it is waiting for some input which
never comes. The only way to get things going again is to stop and restart
ccch_scan.
The issue has been briefly raised in two earlier emails from Altaf and
Joshua with a reply from Sylvain which I have copied below. Although
Sylvain explains the meaning of the error, no solution has been discussed
so far as far as can find.
Studying the code in various apps to see how they handle S_L1CTL_FBSB_ERR,
it seems the only way to get it going is to restart the sync to ARFCN. I do
it by copying code from app_cbch_sniff.c and inserting the following case
option in signal_cb() in app_ccch_scan.c:
case S_L1CTL_FBSB_ERR:
> ms = ((osmobb_fbsb_res *) signal_data)->ms;
> return l1ctl_tx_fbsb_req(ms, ms->test_arfcn,
> L1CTL_FBSB_F_FB01SB, 100, 0, CCCH_MODE_COMBINED,
> dbm2rxlev(-85));
Frankly I do not know what exactly l1ctl_tx_fbsb_req does, but it seems to
work pretty well. Except *very rarely* I find that after processing this
resync, ccch_scan gives repeated data corruptions messages like:
<000c> l1ctl.c:238 Dropping frame with 78 bit errors
repeating endlessly!
Can Holger or Harald who have written ccch_scan please confirm if this is
the correct way to fix the problem or if there is better solution? Can you
please also insert the update in the ccch_scan code in the burst_ind branch
so that others can benefit?
Thanks in advance!
B.
Related earlier emails below:
==========================
From: Altaf <altaf329 <at> gmail.com>
Subject: Re: Osmocom-bb Making a
call<http://news.gmane.org/find-root.php?message_id=%3c1337878154114%2d4013909.p…>
Date: 2012-05-24 16:49:14 GMT (31 weeks, 4 days, 18 hours and 16 minutes
ago)
When I run the Layer23(ccch_scan) application it gives me the following
output on the terminal....
Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<000c> l1ctl.c:114 FBSB RESP: result=255
What does it mean.. Can some one help me at this point..
--
*What does FBSB RESP: result=255 mean?*
*Sylvain Munaut* 246tnt at gmail.com
<baseband-devel%40lists.osmocom.org?Subject=Re%3A%20What%20does%20FBSB%20RESP%3A%20result%3D255%20mean%3F&In-Reply-To=%3CCAHL%2Bj08dHmbuRtcwPFeyVVQnpROLCu6n7kZi%3D%3Dat%3DHrbeWtW2A%40mail.gmail.com%3E>
*Thu Apr 26 01:45:42 CEST 2012*
Hi,
>* Running ccch_scan or bcch_scan in the sylvain/burst_ind branch, I keep*>* getting this error:*
bcch_scan doesn't make sense on burst_ind. Only ccch_scan is meant to
do anything useful, all the other apps may do random things becaue
they're not meant for use in burst_ind.
>* <000c> l1ctl.c:114 FBSB RESP: result=255*>**>* I tried checking the code, but I can't quite figure out what's going on. It*>* looks like 255 is an error code, but I don't know where to go from there.*
It just means failure to sync ...
Most likely the ARFCN you gave doesn't carry a valid C0.
Note that it's only tested on 900/1800. US band support is not tested
and probably not functional especially in burst_ind. Fixing it is left
as an exercise to the reader ...
--f46d044468e32d3f9604d2391d02
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div>When I run ccch_scan on a regular network, every once in a while, at r=
andom I find the app stops sniffing with the error:</div><div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1p=
x;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1=
ex">
<000c> l1ctl.c:291 BURST IND: @(1428545 =3D 1077/01/35) (-105 dBm, SN=
R =A0 3, SACCH)<br><000c> l1ctl.c:114 FBSB RESP: result=3D255</blockq=
uote><div><br></div></div><div>At the same time Osmocon gives a message lik=
e the following:</div>
<div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:so=
lid;padding-left:1ex">=3D> DSP reports FB in bit that is 1031487569 bits=
in the future?!?<br>
Synchronize_TDMA<br>LOST 2313!</blockquote></div><div><br></div><div>The pr=
oblems seems therefore to emerge from some corruption of data in reception =
which causes l1ctl.c to dispatch the=A0<span style=3D"font-family:'cour=
ier new',monospace">S_L1CTL_FBSB_ERR</span>=A0signal.</div>
<div><br></div><div>From this point on ccch_scan ceases to send any further=
messages to Wireshark. Tracing the code shows that it is waiting for some =
input which never comes. The only way to get things going again is to stop =
and restart ccch_scan.</div>
<div><br></div><div>The issue has been briefly raised in two earlier emails=
from Altaf and =A0Joshua with a reply from Sylvain which I have copied bel=
ow. Although Sylvain explains the meaning of the error, no solution has bee=
n discussed so far as far as can find.</div>
<div><br></div><div>Studying the code in various apps to see how they handl=
e=A0<span style=3D"font-family:'courier new',monospace">S_L1CTL_FBS=
B_ERR</span>, it seems the only way to get it going is to restart the sync =
to ARFCN. I do it by copying code from app_cbch_sniff.c and inserting the f=
ollowing case option in=A0signal_cb() in app_ccch_scan.c:</div>
<div><br></div><div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);borde=
r-left-style:solid;padding-left:1ex"><font face=3D"courier new, monospace">=
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>case S_L1C=
TL_FBSB_ERR: =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0=A0<br>
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>ms =3D ((=
osmobb_fbsb_res *) signal_data)->ms;<br><span class=3D"Apple-tab-span" s=
tyle=3D"white-space:pre"> </span>return l1ctl_tx_fbsb_req(ms, ms->test_=
arfcn,<br>
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>L1CTL_FB=
SB_F_FB01SB, 100, 0, CCCH_MODE_COMBINED,<br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>dbm2rxlev(-85));</font></blockquote></d=
iv><div>
<br></div><div>Frankly I do not know what exactly=A0<span style=3D"font-fam=
ily:'courier new',monospace">l1ctl_tx_fbsb_req </span>does, but it =
seems to work pretty well. Except *very rarely* I find that after processin=
g this resync, ccch_scan gives repeated data corruptions messages like:</di=
v>
<div><br></div><div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);borde=
r-left-style:solid;padding-left:1ex"><000c> l1ctl.c:238 Dropping fram=
e with 78 bit errors</blockquote>
<div><br></div></div><div>repeating endlessly!</div><div><br></div><div>Can=
Holger or Harald who have written ccch_scan please confirm if this is the =
correct way to fix the problem or if there is better solution? Can you plea=
se also insert the update in the ccch_scan code in the burst_ind branch so =
that others can benefit?</div>
<div><br></div><div>Thanks in advance!</div><div><br></div><div>B.</div><di=
v><br></div>Related earlier emails below:<br><div>=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div><div class=
=3D"headers" style=3D"margin-top:2pt;font-family:arial,sans-serif;font-size=
:medium">
From: Altaf <altaf329 <at> <a href=3D"http://gmail.com">gmail.com<=
/a>><br>Subject:=A0<a target=3D"_top" rel=3D"nofollow" href=3D"http://ne=ws.gmane.org/find-root.php?message_id=3D%3c1337878154114%2d4013909.post%40n=
3.nabble.com%3e" style=3D"color:rgb(0,35,144);font-weight:bold;text-decorat=
ion:initial">Re: Osmocom-bb Making a call</a><br>
Date: 2012-05-24 16:49:14 GMT (31 weeks, 4 days, 18 hours and 16 minutes ag=
o)</div><pre>When I run the Layer23(ccch_scan) application it gives me the =
following
output on the terminal....
Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<000c> l1ctl.c:114 FBSB RESP: result=3D255
What does it mean.. Can some one help me at this point..
--</pre><pre><b><u><font size=3D"4" face=3D"arial, helvetica, sans-serif">W=
hat does FBSB RESP: result=3D255 mean?</font></u></b></pre><pre><b style=3D=
"font-family:'Times New Roman';font-size:medium;white-space:normal"=
>Sylvain Munaut</b><span style=3D"font-family:'Times New Roman';fon=
t-size:medium;white-space:normal;background-color:rgb(255,255,255)">=A0</sp=
an><a href=3D"mailto:baseband-devel%40lists.osmocom.org?Subject=3DRe%3A%20W=
hat%20does%20FBSB%20RESP%3A%20result%3D255%20mean%3F&In-Reply-To=3D%3CC=
AHL%2Bj08dHmbuRtcwPFeyVVQnpROLCu6n7kZi%3D%3Dat%3DHrbeWtW2A%40mail.gmail.com=
%3E" title=3D"What does FBSB RESP: result=3D255 mean?" style=3D"font-family=
:'Times New Roman';font-size:medium;white-space:normal">246tnt at g=
mail.com=A0</a><br style=3D"font-family:'Times New Roman';font-size=
:medium;white-space:normal">
<i style=3D"font-family:'Times New Roman';font-size:medium;white-sp=
ace:normal">Thu Apr 26 01:45:42 CEST 2012</i><pre style=3D"white-space:pre-=
wrap">Hi,
><i> Running ccch_scan or bcch_scan in the sylvain/burst_ind branch, I k=
eep
</i>><i> getting this error:
</i>
bcch_scan doesn't make sense on burst_ind. Only ccch_scan is meant to
do anything useful, all the other apps may do random things becaue
they're not meant for use in burst_ind.
><i> <000c> l1ctl.c:114 FBSB RESP: result=3D255
</i>><i>
</i>><i> I tried checking the code, but I can't quite figure out wha=
t's going on. =A0It
</i>><i> looks like 255 is an error code, but I don't know where to =
go from there.
</i>
It just means failure to sync ...
Most likely the ARFCN you gave doesn't carry a valid C0.
Note that it's only tested on 900/1800. US band support is not tested
and probably not functional especially in burst_ind. Fixing it is left
as an exercise to the reader ...
</pre><div><br></div></pre></div>
--f46d044468e32d3f9604d2391d02--
keep doing the same style. Good food makes a brain work better.
> Venue-wise, I would again suggest to hold it in Berlin, as it's
> reasonbly well connected, has lots of low-cost flights to it,
> accomodation is not too expensive and holger/me/sysmocom can take care
> of local organization related activities. Hoewver, if somebody has a
> strong opinion against berlin _and_ is willing to organize it, I'm not
> completely against another venue.
Berlin is perfect.
--
Regards,
Alexander Chemeris.
CEO, Fairwaves LLC / =D0=9E=D0=9E=D0=9E =D0=A3=D0=BC=D0=A0=D0=B0=D0=B4=D0=
=B8=D0=BE
http://fairwaves.ru
osmo_auth_load()
osmo_auth_supported()
osmo_auth_gen_vec()
osmo_auth_gen_vec_auts()
osmo_auth_alg_name()
osmo_auth_alg_parse()
You can check the libosmocore/utils/osmo-auc-gen.c example on how they
are used to generate authentication truplets or quintuples.
OpenBSC predates this generic API and should be updated. Once again,
contributions are welcome.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
ISM868 bands that are located adjacent to the GSM 850/900 frequency<br>
allocations.<br>
<br>
My initial investigations and enquiries indicate that this should be<br>
possible by creative programming of the baseband processor in many<br>
models of phones. =A0The trick, as I suspect you well know, is the<br>
difficulty in getting the information and tools required to reprogram<br>
these radios.<br>
<br>
I am now in a position to potentially fund further work on this.<br>
<br>
So, as the open-source group with the most experience reprogramming<br>
baseband radios, what is the feasibility of creating a<br>
proof-of-concept using the types of phones you already work with to<br>
send and receive arbitrary data packets without reliance on a cell<br>
tower (even for time synchronisation)?<br>
<br>
I know there are a lot of constraints and problems, but I am most<br>
interested in creative solutions that can get us to a working<br>
prototype, however crude, that can be used to demonstrate the<br>
feasibility of what I am proposing.<br>
<br>
If this discussion is off-topic here, I am happy to hold the<br>
conversation at the serval-project-developers google group, but I am<br>
equally comfortable with it continuing here.<br>
<br>
Thanks in advance,<br>
<font color=3D"#888888">Paul Gardner-Stephen.<br>
Shuttleworth Telecommunications Fellow at Flinders University.<br>
<br>
</font></blockquote></div><br></div></div>
--0016367b5dfaa9e5ed04abe063a0--
ISM868 bands that are located adjacent to the GSM 850/900 frequency<br>
allocations.<br>
<br>
My initial investigations and enquiries indicate that this should be<br>
possible by creative programming of the baseband processor in many<br>
models of phones. =A0The trick, as I suspect you well know, is the<br>
difficulty in getting the information and tools required to reprogram<br>
these radios.<br>
<br>
I am now in a position to potentially fund further work on this.<br>
<br>
So, as the open-source group with the most experience reprogramming<br>
baseband radios, what is the feasibility of creating a<br>
proof-of-concept using the types of phones you already work with to<br>
send and receive arbitrary data packets without reliance on a cell<br>
tower (even for time synchronisation)?<br>
<br>
I know there are a lot of constraints and problems, but I am most<br>
interested in creative solutions that can get us to a working<br>
prototype, however crude, that can be used to demonstrate the<br>
feasibility of what I am proposing.<br>
<br>
If this discussion is off-topic here, I am happy to hold the<br>
conversation at the serval-project-developers google group, but I am<br>
equally comfortable with it continuing here.<br>
<br>
Thanks in advance,<br>
<font color=3D"#888888">Paul Gardner-Stephen.<br>
Shuttleworth Telecommunications Fellow at Flinders University.<br>
<br>
</font></blockquote></div><br></div></div>
--0016367faa93c4a56b04abdc0ca5--