baseband-devel

baseband-devel@lists.osmocom.org

2 participants
2003 discussions

IMEIs
by Tudor Pop 25 Mar '18

25 Mar '18

Hi. I’m just a GSM enthusiast and pretty new on OsmocomBB project. I have some experience with OpenBTS and Range hardware (lab kit). I would like to know if running OsmoBTS, I can get instead on IMSI/TMSI pairs, only camped phone IMEIs. How can I do that? Thank you very much for helping me. Cheers, Tudor Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

1 0

Re: TRX toolkit - mobile app
by Vadim Yanitskiy 16 Mar '18

16 Mar '18

Hello Victor, > I would like to congratulate and thanking you for the excellent > job you did on the osmocom TRX/gr-gsm project. Thanks. Please note that I am also CCing this message to the Osmocom baseband-development mailing list, because this info could be helpful for someone else. > I'm trying to implement into your fixeria/trx branch the ability > for mobile app to connect to a commercial network using > a SIM card into a PC/SC reader. Great. I also was going to implement this, but happy to see your efforts towards this direction. > I have a working "prototype" of an osmocom-bb (latest version) > using a PC/SC reader. I can sucessfully connect a C139 running > osmocom-bb with a commercial SIM inserted into > a PC/SC reader to its network. Please send your changes for review to gerrit.osmocom.org. I'll be more than happy to facilitate merging this work to master. See: https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit > I'm trying to import my code into osmocom TRX but I can't get mobile > working at all (even without my code) I tried using > "7fd8ef2d3f3d296a6032745396d3af8e8e3d4da2" and the last one > "4ccb2261b1ac2e207303393fe509878f160dd96b" using > "7fd8ef2d3f3d296a6032745396d3af8e8e3d4da2", It looks like mobile app > is sending Location Update Request corectly to GR-GSM but I can't sniff > it (over the air or from wireshark). > > I'm pretty sure the BTS doesn't receive it neither. > using "4ccb2261b1ac2e207303393fe509878f160dd96b", > it doesn't do anything. It's only receiving packets from PCH/AGCH. Would be great to see both logs and PCAP traces attached. I cannot say anything without knowing what is actually happening on your side, > My setup : my B200( or my B210) with GPSDO is connected trough > a commercial duplexer for the appropriate GSM band (E-GSM) > and a omnidirectional antenna. I am also using B200, but without GPSDO. Probably, your device has different delays, which causes out of sync with BTS TDMA. Piotr Krysik was working on this part, and we had an idea to implement a tool for automatical device calibration... But let's look at your logs first. > Are you able to connect the mobile app using osmocom TRX to > a network (even a test network without ciphering) ? especially > using the latest version of libosmocore/ osmocom fixeria/trx branch ? Mostly, I am working in the virtual environment - FakeTRX. Didn't try since 34c3, but it was working. With best regards, Vadim Yanitskiy.

2 1

GSM 04.08 L2 pseudo length in ACCH System Information messages
by Vadim Yanitskiy 12 Mar '18

12 Mar '18

Hi everyone, I few days ago, during some usual R&D process, I noticed the following messages, appearing in the log output of OsmocomBB/mobile application: "ACCH message type 0xXX unknown." The network, a phone was connected to, was may own and based on more or less recent versions of OsmoNiTB, OsmoBTS, and OsmoTRX. Despite I used to see such messages before, I didn't pay too much attention. But this time I've decided to figure out, what's wrong there... The source of such messages is the gsm48_rr.c / gsm48_rr_rx_acch(): static int gsm48_rr_rx_acch(struct osmocom_ms *ms, struct msgb *msg) { // ... struct gsm48_system_information_type_header *sih = msgb_l3(msg); // ... switch (sih->system_information) { case GSM48_MT_RR_SYSINFO_5: return gsm48_rr_rx_sysinfo5(ms, msg); case GSM48_MT_RR_SYSINFO_5bis: return gsm48_rr_rx_sysinfo5bis(ms, msg); case GSM48_MT_RR_SYSINFO_5ter: return gsm48_rr_rx_sysinfo5ter(ms, msg); case GSM48_MT_RR_SYSINFO_6: return gsm48_rr_rx_sysinfo6(ms, msg); default: LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n", sih->system_information); return -EINVAL; } } To get I bit more details, I modified this function to print the whole L3 payload, and got some interesting results. As it turned out, the payloads were shifted one byte left - there was no 'l2_plen', which is assumed by: /* Section 9.1.3x System information Type header */ struct gsm48_system_information_type_header { uint8_t l2_plen; uint8_t rr_protocol_discriminator :4, skip_indicator:4; uint8_t system_information; } __attribute__ ((packed)); So, my first idea was that this is a bug of OsmocomBB, that would be fairly easy to fix, so after a quick look at the GSM 04.08 specification I wrote (and merged :/) this: https://gerrit.osmocom.org/#/c/5204/ And everything was great, until I connected a 'patched' mobile to a commercial mobile network... And all SI messages during a dedicated connection were false-identified as SI5ter. This seemed strange to me, so I decided to compare a SI message from commercial network with a message captured in my own one: https://habrastorage.org/webt/t8/zs/vv/t8zsvvjjglzfisnjqlnnsy4kgas.png And this confused me even more, then I've expected. Why there is 0x49? Wireshark false-identified this message as something related to SMS... What if this is exactly the 'l2_plen' assumed in OsmocomBB before? I looked at the specifications again, and found out that initially I refered an outdated 5.3.0 version, which was the first link in Google: http://www.etsi.org/deliver/etsi_gts/04/0408/05.03.00_60/gsmts_0408v050300p… while the latest one is 7.21.0: http://www.etsi.org/deliver/etsi_ts/100900_100999/100940/07.21.00_60/ts_100… So, I compared the 9.1.37-40 sections of both versions, and bingo! In the higher version ACCH System Information messages do have the 'L2 Pseudo Length' (10.5.2.19) field. Finally, what I've learned: - OsmocomBB / mobile follows the new version here (with l2_plen); - OsmoNiTB generates the ACCH SI messages without the l2_plen; - Recent Wireshark versions fail to decode the ACCH SI messages with l2_plen, while older ones are able to do that; - I should not merge the changes so quick. My questions are: - Which way of composing the SI messages is correct? - If both are correct, how to parse them correctly? - Should we change OsmoNiTB / OsmoBSC to follow the latest specs? And of course, I have to revert the change I've merged. With best regards, Vadim Yanitskiy.

2 1

MS driver: GSM tester config integration
by Holger Freyther 07 Mar '18

07 Mar '18

Hey, pespin left a good comment about the question of how the MS driver and the GSM tester could be better integrated. I was about to write some argparse code for the MS driver but I think it is best to make this configurable as a scenario. In terms of scenario knobs I can see: - #MS - CDF function - IMSI generator (start with XXX and count upwards) - virtphy vs. trxcon? The actual test would remain separate (and maybe turn it into a suite at some point in the future). What do you think? What should I obey when parsing/handling config? holger

3 4

port numbers in FakeTRX / trxcon
by Harald Welte 23 Feb '18

23 Feb '18

Hi Vadim, while playing with fake_trx and trxcon I was wondering about the port numbers you used. I think it's not the best idea to re-use the same port numbers / port number range on the MS side which are used on the network side. Is there any requirement to do so? why not simply shift the entire base port (5700) on the client side to something else like 6700? (Side note: The entrire TRX protocol using so many non-standard/non-IANA port numbers, not containing any version numbers for extensions, etc. is a mess, but that's for a separate discussion altogether. Would love to re-do this from scratch at some point) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

re: sciphone dream g2 mtk 6235 status? ;)
by Craig Comstock 16 Feb '18

16 Feb '18

Sorry for the premature mail posting. I did some more digging and found a quite good thread of information from around 2011 or so. http://baseband-devel.722152.n3.nabble.com/Mediatek-MT6235-status-Sciphone-… I note that Harald mentioned whether Marcin had suitable lab equipment and I was starting to wonder this as well. Harald, you suggested Racal 6103 or similar, spectrum analyzer/scope up to 900/1800/1900 MHz. I'm wondering if you have any more current recommendations for equipment. I would imagine I might use an RTL-SDR possibly to receive/monitor TX. I see Racal 6103 devices for around $100 on ebay so I could get one of those if need be. So I found the uboot sources and looked through and see board/mtk/sciphone_g2/mt6140.c which has the rf_tx <arfcn> uboot command. So I'll check fernvale/mtk6260 and see if similar code could be made for fernvale. -Craig

4 11

Re: [OsmoBTS - Bug #2944] OsmoBTS master does not work with CalypsoBTS based transceivers
by Harald Welte 16 Feb '18

16 Feb '18

On Thu, Feb 15, 2018 at 06:38:50PM +0000, pespin [REDMINE] wrote: > So we now have the patches reviewed (+2) but due to the branch being old and having no jenkins.sh, Jenkins Builder set validate -1, and I'm not able to merge it. Help on how to fight against gerrit is required here. I could manually override the V-1 and set it to V+1. However, I guess the better solution would be to first merge a patch that adds jenkins.sh to the respective branch, and then re-trigger the validation of those patches. This way we would have a working solution even for future patches. Or even better: Rebas those old but still relevant branches on top of current master, and they would get the jenkins.sh and associated build verification for free. Do we have any volunteers for this? -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

sciphone dream g2 mtk 6235 status? ;)
by Craig Comstock 04 Feb '18

04 Feb '18

Hello, I have several of these devices now and am working on porting fernly code for the fernvale board (and other mtk626x devices) to osmocom-bb. I found this document: https://elinux.org/images/9/9a/Getting_the_First_Open_Source_GSM_Stack_in_L… and was wondering about the "GSM RF chips slide" which seems to indicate that you may have written RF HW drivers enough to transmit? I don't see the u-boot sources from the links at https://osmocom.org/projects/baseband/wiki/SciphoneDreamG2 but interestingly I can get to them directly with git. :) git clone git://git.osmocom.org/uboot-mt623x.git So I will take a look at what you have and see if I can get somewhere with these devices. If you have any suggestions please let me know. Cheers, Craig

1 0

GAPK merge request
by Vadim Yanitskiy 14 Jan '18

14 Jan '18

Hi Sylvain, as you probably already know, I made a few changes in GAPK and now they are in a separate branch called 'fixeria/lib'. In a few words, the main idea of this set of changes is to compose a shared library called libosmogapk and add some basic test coverage. Please see: http://git.osmocom.org/gapk/log/?h=fixeria/lib As you're the maintainer and author of this project, I would like to ask you: is it possible to merge this branch into the mainline? At the moment, the new library is used by OsmocomBB, see: http://git.osmocom.org/osmocom-bb/commit/?h=fixeria/audio&id=0ed60f68b86b47… and moreover I am developing a set of GNU Radio blocks for GSM audio transcoding based on the GAPK library. Probably, some other projects may also benefit from a possibility to link against a shared library and use its features... If you support this idea, please let me know, which way of merging the branch is better for you: - using Gerrit, where I am not sure: if I will send a merge commit for review, would it 'drag' the whole long chain of commits, or the only one? - or using your write access rights. In both cases, I'll provide you detailed description of the merge commit. But first, I need to know your decision. With best regards, Vadim Yanitskiy.

2 3

help : osmocombb transfer problem
by hao_zhang 10 Jan '18

10 Jan '18

sorry to bother you, i install openbsc and osmocombb in a pc. i want to transfer authentication information rand from osmocombb to openbsc, and transfer sres information from openbsc to osmocombb. What should I do? thanks zhanghao

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel