- baseband-devel - lists.osmocom.org

AW: you know phone maybe can made USRP

by Andreas.Eversberg

sylvain, looks like you are talking to a spam bot. (harald already did earlier :)

13 years, 5 months

1
0
0 0

you know phone maybe can made USRP

by 麦田守望

do you know Which phone can made USRP thanks

13 years, 5 months

3
2
0 0

RE: Sim on C115 & C118

by Bogdan Alecu

I was going to ask the same question because I have same problem with sim reader mode. However I haven't used Sylvain test. I will and come back with an update.

13 years, 5 months

3
3
0 0

Problem compiling OsmocomBB on BT4 RC2

by quem tu quiseres

Hi, I just started playing around with this great project and am ashamed to say I'm stumped with an annoying error when compiling. I'm compiling on a Backtrack 4 RC2 (*buntu based distro) and that may be why I'm having problems. Basically I downloaded the proper packages as per the instructions on the wiki, exported the PATH and all that, but when I run make I get this error: cd shared/libosmocore/build-target && ../configure \ --host=arm-elf-linux --disable-vty --enable-panic-infloop \ --disable-shared --disable-talloc --disable-tests \ CC="arm-elf-gcc" CFLAGS="-Os -ffunction-sections -I/root/GSM/osmocom-bb/src/target/firmware/include" configure: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used. configure: error: cannot find install-sh or install.sh in ".." "../.." "../../.." make: *** [shared/libosmocore/build-target/Makefile] Error 1 Attached is my config.log and you can see the PATH are there. The error can be seen on this line in the log "configure:1766: error: cannot find install-sh or install.sh in ".." "../.." "../../.." Now i've checked to see if I have autoconf and automake installed (I do, I have autoconf 2.61 and automake 1.10) since my searches on the internet seem to indicate that maybe the problem. Now I usually do all my own leg work and I read and read before asking questions, but I'm afraid I can't resolve this on my own. Before I spend another afternoon searching for the solution, I remembered to ask here. Anyone have any hints on what I'm doing wrong? Do I need different automake or autoconf versions? Thanks and keep up the great work. It's been fascinating to watch the evolution of GSM hacking these last few years.

13 years, 5 months

10
13
0 0

Sim on C115 & C118

by Dario Lombardo

Hello everybody I'm trying to run the "mobile" application on a C115 and a C118 phone. I want to use the real sim, so I used "sim reader" in the config. Both phones have the same behaviour: <000e> sim.c:1206 init SIM client <0005> gsm48_cc.c:61 init Call Control <0001> gsm48_rr.c:4944 init Radio Ressource process <0004> gsm48_mm.c:1220 init Mobility Management process <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:3471 init PLMN process <0003> gsm322.c:3472 init Cell Selection process Mobile '1' initialized, please start phone now! VTY available on port 4247. <0004> subscriber.c:556 Requesting SIM file 0x2fe2 <000e> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000e> sim.c:697 go MF <000e> sim.c:241 SELECT (file=0x3f00) <000e> sim.c:187 sending APDU (class 0xa0, ins 0xa4) no more output beyond this point. Phones work correctly with other softwares, sim works correctly. I get no response from the sim. Is the card reader working on these phones? If yes, does anyone have suggestions to solve this issue? Thanks a lot to everybody. Dario.

13 years, 5 months

2
1
0 0

C115 loader.compalram.bin

by list_mailing＠libero.it

Hello. I'm trying to load the loader.compalram.bin. The behaviour is very strange because sometimes the download is complete and successfull, sometimes; in particular, in this case, the download is complete, but any ACK is sent back from the mobile phone (see below). ./osmocon -p /dev/ttyUSB0 -m c123 ../.. /target/firmware/board/compal_e99/loader.compalram.bin got 2 bytes from modem, data looks like: 2e c8 .. got 5 bytes from modem, data looks like: 1b f6 02 00 41 ....A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e99/loader.compalram.bin): file_size=21752, hdr_len=4, dnload_len=21759 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/21759) handle_write(): 4096 bytes (8192/21759) handle_write(): 4096 bytes (12288/21759) handle_write(): 4096 bytes (16384/21759) handle_write(): 4096 bytes (20480/21759) handle_write(): 1279 bytes (21759/21759) handle_write(): finished The target phone is C115. I tried compal_exx and the result is the same :-( Please, can someone help me to understand the reasons? Thanks in advance.

13 years, 5 months

2
1
0 0

running voice data/encryption on compal?

by Aaron Zauner

hi, a while ago i've read that someone managed to have an active phone call over osmocom for about 20mins. i woundered if it is theoretically & technically possible to have an active, serious (thus not a5) encryption running for voice or data calls on the stack? thanks in advance & greetings from vienna ;) azet

13 years, 5 months

8
10
0 0

[PATCH libosmocore] gsm 03.41: fix GSM341_MSG_CODE macro argument

by Alex Badea

One usage of the "ms" argument is typoed as "msg". Fix it to prevent subtle future failures. Also paranthesize the macro argument for good measure. Signed-off-by: Alex Badea <vamposdecampos(a)gmail.com> --- This was found by visual inspection. include/osmocore/protocol/gsm_03_41.h | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/include/osmocore/protocol/gsm_03_41.h b/include/osmocore/protocol/gsm_03_41.h index 3b1b7c9..54365cb 100644 --- a/include/osmocore/protocol/gsm_03_41.h +++ b/include/osmocore/protocol/gsm_03_41.h @@ -40,7 +40,7 @@ struct gsm341_etws_message { uint8_t data[0]; } __attribute__((packed)); -#define GSM341_MSG_CODE(ms) (ms->serial.code_lo | (msg->serial.code_hi << 4)) +#define GSM341_MSG_CODE(ms) ((ms)->serial.code_lo | ((ms)->serial.code_hi << 4)) /* Section 9.3.2.1 - Geographical Scope */ #define GSM341_GS_CELL_WIDE_IMMED 0 -- 1.7.0.4

13 years, 5 months

2
1
0 0

open cell phone hardware questions

by Scott Weisman

Hi everyone. I'm admittedly more a lurker than an active participant in this project. I find it very fascinating and regard its objectives as important. I recently watched several of the C3 presentations, from this and previous years. Having open, documented hardware and software seems to be an important goal in itself. Just knowing about all the potential weaknesses in the software stacks of most phones, as well as hidden "features" like SMS messages that could, theoretically, do things like remotely enable the phone mic, among other things (things that are certainly technically possible, and also due to the closed nature of the software, completely unknown) are of grave concern to me. Now, given that the supported phone hardware is old and not reliably available, I was wondering if anyone knows if the Calypso and other chips in these old phones are still available for new designs? How much interest would there be, say, in an open, but VERY SIMPLE, actual phone? Kind of like the Pandora project, but without the ambition to make the most advanced portable game player possible. The Osmocom software would then be very easily portable to such a device. Given the seemingly widespread interest and enthusiasm for the Osmocom, OpenBTS, and OpenBSC projects, a real, genuinely open phone (not a pseudo-open phone like the FreeRunner) might possibly have enough interest, and be buildable for a low-enough cost, to merit further discussion. Anyone want to discuss this?

13 years, 5 months

3
3
0 0

TODO: OsmocomBB to continually iterate over all cells and dump SI

by Harald Welte

Hi! A number of people want to do some long-term evaluation of their cellular environment and would be interested in an 'app' for OsmocomBB that continuously scans the spectrum and dumps the cell parameters such as * ARFCN, Signal Level, SNR * frequency synch offset * SCH info (BCC/NCC) * SI (at least 1-4) from BCCH I would love to do it, but I simply don't have the time. I thought maybe somebody on this list is looking for a relatively simple task and has some time. I think this is a great project to work with OsmocomBB without having to go into the details. The algorithm would look something like STATE 1: Power Scan * do power measurement over all supported bands * pick strongest N carriers and iterate over them STATE 2: FCCH/SCH acquisition * try to get lock on the carrier * if not, go back to next carrier from power scan * if yes, continue with STATE 3 STATE 3: Wait until all relevant SI have been received * generate GSMTAP output for the SI messages (or timeout) * go back to STATE 2 for next strongest ARFCN * after last ARFCN, re-start from STATE 1 This is basically the initial step of the GSM 03.22 cell (re)selection that we already have as part of the 'mobile' program. So all the code is there, but what's needed is a separate rady-made app, not requiring any user interaction. It should also include some e.g. shell script that automatically generates a new pcap file every N minutes/hours, and make sure to never overwrite any existing PCAP file. In the end, having this running for an extended period of time should simply produce a large number of PCAP files without any manual interaction. Lock-ups in any state should be detected by timers, singalling a proper L1_RESET to make sure it continues. Unplugging / re-plugging the phone should also not require any re-start of the program. Optional extensions: * software to aggregate info from the pcap files (remove duplicate entries, e.g.) * optional logging of GPS coordinates from a GPS receiver If anyone has some time to give this some work, I'd most appreciate it. Please inform the mailing list to ensure no duplicate work is created. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

13 years, 5 months

4
3
0 0

i need help i use MTK chip to do a GSM USRP For my love girl

by 麦田守望

i need help i will USE MTK6219+6129 to do a GSM USRP i need baseband Firmware or USB interface to Connection PC the all base openbts

13 years, 5 months

3
2
0 0

Is this true? ----> Re: ＵＳＥ　ＭＴＫ　ｃｈｉｐ　ｐｈｏｎｅ　ｆｏｒ　ＤＩＹ　ｙｏｕｒｓｅｌｆ　ＢＴＳ

by SoftwareRadioGuy

Everyone, Is it true you can use a MTK Chipset as a DIY GSM BTS/USRP ? I've emailed this fellow who posted this back in December 2010 but have gotten no reply to date. This would be excellent for use on something I'm working on in Africa for about 50 - 100 IMPOVERISHED villages. Awaiting anyone's input on this. Thank you SoftwareDefinesRadio 2010/12/15 <baseband-devel-request(a)lists.osmocom.org> > > > Today's Topics: > > 1. Price Cheap of USRP for openbts and GSM ( ???? ) > > > ---------- Forwarded message ---------- > From: "麦田守望" <775725965(a)qq.com> > To: "baseband-devel" <baseband-devel(a)lists.osmocom.org> > Date: Wed, 15 Dec 2010 14:18:50 +0800 > Subject: Price Cheap of USRP for openbts and GSM > > Hello everybody > you may have USRP ＵＳＥＭＴＫｃｈｉｐｐｈｏｎｅｆｏｒＤＩＹｙｏｕｒｓｅｌｆＢＴＳ Simple ａｎｄ > Practical ｉｆｉｎｄ Developmentｅｒ Contact ｍｅ > >

13 years, 5 months

2
1
0 0

problems on ubuntu (64bit?)

by mki

if i boot the c118 from a ubuntu 10.04 lts (64bit) or a g20 arm minipc i get this here /opt/osmocom/bin/osmocon -m c123 -p /dev/ttyUSB0 /opt/osmocom/firmware/board/compal_e88/layer1.compalram.bin got 2 bytes from modem, data looks like: 2f 81 /. got 5 bytes from modem, data looks like: 00 f6 02 00 41 ....A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . if i boot it from my mac book or a ubuntu (32bit) i get this: osmocon -m c123xor -p /dev/tty.usbserial sylvain/osmocom-bb/src/target/firmware/board/compal_e88/layer1.compalram.bin got 6 bytes from modem, data looks like: 00 00 00 00 00 00 ...... got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 81 . got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(sylvain/osmocom-bb/src/target/firmware/board/compal_e88/layer1.compalram.bin): file_size=54152, hdr_len=4, dnload_len=54159 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 1023 bytes (1023/54159) handle_write(): 1024 bytes (2047/54159) handle_write(): 1024 bytes (3071/54159) handle_write(): 1024 bytes (4095/54159) handle_write(): 1024 bytes (5119/54159) handle_write(): 1024 bytes (6143/54159) handle_write(): 1024 bytes (7167/54159) handle_write(): 1024 bytes (8191/54159) handle_write(): 1024 bytes (9215/54159) handle_write(): 1024 bytes (10239/54159) handle_write(): 1024 bytes (11263/54159) handle_write(): 1024 bytes (12287/54159) handle_write(): 1024 bytes (13311/54159) handle_write(): 1024 bytes (14335/54159) handle_write(): 1024 bytes (15359/54159) handle_write(): 1024 bytes (16383/54159) handle_write(): 1024 bytes (17407/54159) handle_write(): 1024 bytes (18431/54159) handle_write(): 1024 bytes (19455/54159) handle_write(): 1024 bytes (20479/54159) handle_write(): 1024 bytes (21503/54159) handle_write(): 1024 bytes (22527/54159) handle_write(): 1024 bytes (23551/54159) handle_write(): 1024 bytes (24575/54159) handle_write(): 1024 bytes (25599/54159) handle_write(): 1024 bytes (26623/54159) handle_write(): 1024 bytes (27647/54159) handle_write(): 1024 bytes (28671/54159) handle_write(): 1024 bytes (29695/54159) handle_write(): 1024 bytes (30719/54159) handle_write(): 1024 bytes (31743/54159) handle_write(): 1024 bytes (32767/54159) handle_write(): 1024 bytes (33791/54159) handle_write(): 1024 bytes (34815/54159) handle_write(): 1024 bytes (35839/54159) handle_write(): 1024 bytes (36863/54159) handle_write(): 1024 bytes (37887/54159) handle_write(): 1024 bytes (38911/54159) handle_write(): 1024 bytes (39935/54159) handle_write(): 1024 bytes (40959/54159) handle_write(): 1024 bytes (41983/54159) handle_write(): 1024 bytes (43007/54159) handle_write(): 1024 bytes (44031/54159) handle_write(): 1024 bytes (45055/54159) handle_write(): 1024 bytes (46079/54159) handle_write(): 1024 bytes (47103/54159) handle_write(): 1024 bytes (48127/54159) handle_write(): 1024 bytes (49151/54159) handle_write(): 1024 bytes (50175/54159) handle_write(): 1024 bytes (51199/54159) handle_write(): 1024 bytes (52223/54159) handle_write(): 1024 bytes (53247/54159) handle_write(): 912 bytes (54159/54159) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! OSMOCOM Layer 1 (revision osmocon_v0.0.0-737-ga4e3431-modified) ====================================================================== Device ID code: 0xb4fb Device Version code: 0x0000 ARM ID code: 0xfff3 cDSP ID code: 0x0128 Die ID code: c1900c14ae021565 ====================================================================== REG_DPLL=0x2413 CNTL_ARM_CLK=0xf0a1 CNTL_CLK=0xff91 CNTL_RST=0xfff3 CNTL_ARM_DIV=0xfff9 ====================================================================== Power up simcard: Assert DSP into Reset Releasing DSP from Reset Setting some dsp_api.ndb values Setting API NDB parameters DSP Download Status: 0x0001 DSP API Version: 0x0000 0x0000 Finishing download phase DSP Download Status: 0x0002 DSP API Version: 0x3606 0x0000 LOST 1880! -- its working :-) I have tried to copy the firmware from the working machine to the bad machines but the result is the same. Is it possible that the usb driver from ubuntu 10.04 lts 64bit is silly???? cable (akku-king) phone all is the same on every plattform. Have some body an Idea? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/problems-on-ubuntu-64bit-tp22208… Sent from the baseband-devel mailing list archive at Nabble.com.

13 years, 5 months

2
4
0 0

OSX build

by MATTHEW EVANS

Hi All, I'm really struggling to get the latest source to build on OSX. Would anyone be kind enough to offer some assistance to getting this compiled? Build fails with: ./configure: line 3461: syntax error near unexpected token `LIBOSMOCORE,' ./configure: line 3461: `PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore)' Any help or advice would be appreciated! Many Thanks, Matt.

13 years, 5 months

2
1
0 0

C123: reading SIM stuck

by Frank Rosengart

Hi, just for curiosity, I would like to get the osmocomBB running on the Motorola C123. Everything works fine (radio starts scanning for networks) if I use the test SIM feature. But reading a real SIM plugged into the phone does not work for me. The 'mobile' app shows: <0004> subscriber.c:556 Requesting SIM file 0x2fe2 <000e> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000e> sim.c:697 go MF <000e> sim.c:241 SELECT (file=0x3f00) <000e> sim.c:187 sending APDU (class 0xa0, ins 0xa4) -end- Any hints where to start debugging? (does neither work with 3 different SIMs: swisscom, blau, super-sim) BTW: Are there any plans to support external SIM readers via PC/SC etc.? Thanks Frank

13 years, 5 months

4
4
0 0

GSM Codes with Osmocombb

by Tim Ehlers

Hi, I'm playing around with Osmocom for a while now. My final goal is to use it as a stationary phone on a PC to be able to remotly control the phone. I checked out the sylvain/testing tree, to use my SIM card and managed to be able to make and receive calls. Very amazing so far. :-) Now I tried to send GSM codes (like *#21#, oder *21*{NUMBER}#) to set and unset call diverts. It seems, that "call 1 *21*{NUMBER}#" does not work. Normal GSM cellphones seem to handle these codes not as a normal call. Does anybody know how one could send GSM codes to the network? Thanks Tim

13 years, 5 months

3
2
0 0

where to get osmocom-supported phones

by Scott Weisman

I know this has been asked before, but I can't find the email(s). eBay in the past has generally had a few GSM900/1800 Osmocom-supported phones, although the prices weren't always great. I managed to get a V171 that way from a Hong Kong source (for about US$20 including shipping). However, the only phones that seem available today are all GSM850/1900. Someone a while back gave a link to Polish site where you could buy phones for even cheaper. Does someone have that site, or other sites that might be useful? Thanks, Scott

13 years, 5 months

2
1
0 0

osmocom on windows

by Enzo Zordan

Hello from Argentina, I'm a 26 years old student of Electronical Engineering, I'm realy very interesting in this project, I have a C115, so I'll try to compile the code, but I'm not Linux user yet. Can I run this in Windows? If not... I'll download a live cd distribution of linux =) I want to use this c115 as a test field. Best regards buddy Enzo.

13 years, 5 months

3
2
0 0

simtrace simtrace_usb.h

by ml＠mail.tsaitgaist.info

Hi in simtrace/at91sam7/host, simtrace_usb.h is symbolically linked to sunbeam/home/laforge/projects/git/openpcd/firmware/include/simtrace_usb.h this might not be generic enough to keep it linked, it could point to ../../../openpcd/firmware/include/simtrace_usb.h or will openpcd and simtrace be merged, or combined in any way ? thanks, kevin

13 years, 5 months

2
1
0 0

sam7utils

by ml＠mail.tsaitgaist.info

Hi, I'm trying to flash simtrace on an at91sam7s, using samba. sam7utils compiles well under amd64, but does not work. It does not output anything and quits. the only indication on dmesg is : usb 4-1: usbfs: interface 0 claimed by cdc_acm while 'sam7' sets config #1 Sam_I_Am works great on amd64, but the firmware format is not the same. Does anyone knows how to convert main_simtrace.samba to a valid intel hex ? Kevin

13 years, 5 months

2
2
0 0

stuck in A1 Trying RPLMN while using testing branch? - change toolchain

by Dobrica Pavlinusic

Yesterday I asked on #osmocom irc channel about my problems with using provider card and testing branch of osmocom-bb to connect to network. I was stuck in "A1 Trying RPLMN", and I didn't see any response received with all debugging turned on. Today, I decided to change my arm toolchain to gnu-arm recommended at http://bb.osmocom.org/trac/wiki/GettingStarted I recompiled, and it worked without problems. I'm writing this e-mail as future reference since I saw few people having problem with this on irc. -- Dobrica Pavlinusic 2share!2flame dpavlin(a)rot13.org Unix addict. Internet consultant. http://www.rot13.org/~dpavlin

13 years, 5 months

1
0
0 0

connect to a specific network with the mobil app

by mki

I hink my mobil is always connecting to the net with the most power. is there a way to connect to a specific network? Down her my config and tries to connect to t-mobile. if i type in the vty: local# network select 1 262 01 Network not in list! local# network search 1 local# my config: local# sh run Current configuration: ! service advanced-vty ! line vty no login ! gps device /dev/ttyACM0 gps baudrate default no gps enable ! ms 1 layer2-socket /tmp/osmocom_l2 sap-socket /tmp/osmocom_sap sim none network-selection-mode auto imei 000000000000000 0 imei-fixed no emergency-imsi no call-waiting no auto-answer no clip no clir tx-power auto no simulated-delay no stick location-updating codec full-speed prefer codec half-speed no abbrev support sms a5/1 a5/2 p-gsm e-gsm r-gsm dcs class-900 4 class-dcs 1 channel-capability sdcch+tchf+tchh full-speech-v1 full-speech-v2 half-speech-v1 min-rxlev -106 dsc-max 90 exit test-sim imsi 001010000000000 ki xor 00 00 00 00 00 00 00 00 00 00 00 00 no barred-access no rplmn hplmn-search foreign-country exit no shutdown exit ! end -- View this message in context: http://baseband-devel.722152.n3.nabble.com/connect-to-a-specific-network-wi… Sent from the baseband-devel mailing list archive at Nabble.com.

13 years, 5 months

1
1
0 0

Re: Osmocon not loading

by Bogdan Alecu

I used the steps from here http://bb.osmocom.org/trac/wiki/GnuArmToolchain to build the toolchain. I also tried with and without xor, no results.

13 years, 5 months

4
9
0 0

RE: AW: AW: Osmocom-BB

by Sebastian ---

no,display shows nothing. Osmocon shows: r00t@r00t-laptop:~/install/osmocom-bb/src/host/osmocon$ ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 2 bytes from modem, data looks like: 2f 81 /. got 1 bytes from modem, data looks like: 00 . got 4 bytes from modem, data looks like: f6 02 00 41 ...A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 81 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 81 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 2e . got 1 bytes from modem, data looks like: c8 . got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=21740, hdr_len=4, dnload_len=21747 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 1023 bytes (1023/21747) handle_write(): 768 bytes (1791/21747) handle_write(): 768 bytes (2559/21747) handle_write(): 768 bytes (3327/21747) handle_write(): 768 bytes (4095/21747) handle_write(): 768 bytes (4863/21747) handle_write(): 768 bytes (5631/21747) handle_write(): 768 bytes (6399/21747) handle_write(): 768 bytes (7167/21747) handle_write(): 768 bytes (7935/21747) handle_write(): 768 bytes (8703/21747) handle_write(): 768 bytes (9471/21747) handle_write(): 768 bytes (10239/21747) handle_write(): 768 bytes (11007/21747) handle_write(): 768 bytes (11775/21747) handle_write(): 768 bytes (12543/21747) handle_write(): 768 bytes (13311/21747) handle_write(): 768 bytes (14079/21747) handle_write(): 768 bytes (14847/21747) handle_write(): 768 bytes (15615/21747) handle_write(): 768 bytes (16383/21747) handle_write(): 768 bytes (17151/21747) handle_write(): 768 bytes (17919/21747) handle_write(): 768 bytes (18687/21747) handle_write(): 768 bytes (19455/21747) handle_write(): 768 bytes (20223/21747) handle_write(): 768 bytes (20991/21747) handle_write(): 756 bytes (21747/21747) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! Received DOWNLOAD ACK from phone, your code is running now! OSMOCOM Loader (revision osmocon_v0.0.0-740-g34bbb12-modified) ====================================================================== Running on compal_e88 in environment compalram Found flash of 2097152 bytes at 0x0 with 2 regions I have to press Power on few times before it loads. Subject: AW: AW: Osmocom-BB Date: Fri, 7 Jan 2011 15:59:21 +0100 From: Andreas.Eversberg(a)versatel.de To: seppel18(a)hotmail.com does the mobile show "layer1.bin" on the display after startup? did the firmware actually load on the phone? p.s. do you mind if we CC to the mailing list, so others can help or profit from the final solution? Von: Sebastian --- [mailto:seppel18@hotmail.com] Gesendet: Freitag, 7. Januar 2011 15:51 An: Andreas.Eversberg Betreff: RE: AW: Osmocom-BB still shows "MS '1' is down, radio is not started" Subject: AW: Osmocom-BB Date: Fri, 7 Jan 2011 09:43:32 +0100 From: Andreas.Eversberg(a)versatel.de To: seppel18(a)hotmail.com CC: baseband-devel(a)lists.osmocom.org hi, can you try the following steps: 1. start osmocon 2. start mobile (be sure it is not shutdown) 3. press the power button on the phone to start the loading process after loading the binary into the phone, the phone should indicate power on to the mobile process. andreas Von: Sebastian --- [mailto:seppel18@hotmail.com] Gesendet: Freitag, 7. Januar 2011 01:37 An: Andreas.Eversberg Betreff: Osmocom-BB Hi Thanks for your Help. Now it says ms 1 is still down "radio not started". Osmocon is running (with ramloader) and layer2 socket is available. hi sebastian, there are three ways to bing it down: - "enable" -> "conf t" -> "ms 1" -> "shutdown" - the layer2 socket does not exist on startup (osmocon loader not started) - the shutdown state is stored in the config (doing "write" when it is down) just bring it up after starting osmocon: - "enable" -> "conf t" -> "ms 1" -> "no shutdown" and don't forget "write" the config, so it must not be done on every startup. andreas

13 years, 5 months

2
2
0 0

Osmocon not loading

by Bogdan Alecu

Hello, I have managed to compile everything, I connected my phone trough USB but when I try to run ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin I do not get the " Received PROMPT1 from phone, responding with CMD" message All I get is this: root@ubuntu:/home/trepx/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 2 bytes from modem, data looks like: f1 06 .. got 5 bytes from modem, data looks like: 72 82 bf 7d fd r..}. got 1 bytes from modem, data looks like: 7f . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: a6 . got 1 bytes from modem, data looks like: 0a . got 1 bytes from modem, data looks like: 3a : got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 4d M got 1 bytes from modem, data looks like: da . root@ubuntu:/home/trepx/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 2 bytes from modem, data looks like: f1 06 .. got 4 bytes from modem, data looks like: a6 51 d2 51 .Q.Q got 1 bytes from modem, data looks like: 4d M got 1 bytes from modem, data looks like: a3 . got 1 bytes from modem, data looks like: a3 . got 1 bytes from modem, data looks like: 00 . I have waited for 10 minutes and still nothing. Any idea how to make it work? Regards, Bogdan

13 years, 5 months

3
2
0 0

Newbie: C123 + layer1.compalram.bin + layer23

by Nicolas Bareil

Hello, I try to use the 'host23/mobile' application on a C123 but without success. I followed Steve's instructions[1] with today's git tree (d95eddad): 1. osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin 2. ./host/layer23/src/mobile/mobile 3. Power on the phone (output of theses commands is thereafter) But I'm not sure it really works: the firmware seems to freeze (not responding to the power button anymore) and the last output of 'mobile' is: <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE) Based on the low rxlevel, I guess it is not acquiring any meaningful signal? In [2], Steve said the internal antenna was switched off when the cable is plugged in, is it still true? I tried to RTFM but I am stuck here. Thanks for your patience, Footnotes: [1] http://baseband-devel.722152.n3.nabble.com/Running-osmocombb-on-a-Motorol-C… [2] http://lists.osmocom.org/pipermail/baseband-devel/2010-May/000435.html ,---- | % osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin | ... | Received DOWNLOAD ACK from phone, your code is running now! | | OSMOCOM Layer 1 (revision osmocon_v0.0.0-598-gd95edda) | ====================================================================== | Device ID code: 0xb4fb | Device Version code: 0x0000 | ARM ID code: 0xfff3 | cDSP ID code: 0x0128 | Die ID code: ebd8283cba021198 | ====================================================================== | REG_DPLL=0x2413 | CNTL_ARM_CLK=0xf0a1 | CNTL_CLK=0xff91 | CNTL_RST=0xfff3 | CNTL_ARM_DIV=0xfff9 | ====================================================================== | | THIS FIRMWARE WAS COMPILED WITHOUT TX SUPPORT!!! | Assert DSP into Reset | Releasing DSP from Reset | Setting some dsp_api.ndb values | Setting API NDB parameters | DSP Download Status: 0x0001 | DSP API Version: 0x0000 0x0000 | Finishing download phase | DSP Download Status: 0x0002 | DSP API Version: 0x3606 0x0000 | LOST 7478! | L1CTL_RESET_REQ: FULL!L1CTL_PM_REQ start=0 end=124 | PM MEAS: ARFCN=0, 27 dBm at baseband, -110 dBm at RF | PM MEAS: ARFCN=0, 26 dBm at baseband, -112 dBm at RF | PM MEAS: ARFCN=1, 30 dBm at baseband, -107 dBm at RF | PM MEAS: ARFCN=2, 29 dBm at baseband, -108 dBm at RF | PM MEAS: ARFCN=3, 43 dBm at baseband, -94 dBm at RF | PM MEAS: ARFCN=4, 32 dBm at baseband, -105 dBm at RF | ../.. | PM MEAS: ARFCN=1023, 33 dBm at baseband, -104 dBm at RF | L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=104, flags=0x7) | Starting FCCH RecognitionFB0 (1748:10): TOA=11712, Power=-106dBm, Angle=-22058Hz | FB0 (1775:11): TOA=12528, Power= -65dBm, Angle=-3818Hz | FB0 (1796:5): TOA= 5280, Power= -68dBm, Angle=-16117Hz | FB0 (1799:1): TOA= 96, Power=-109dBm, Angle= 7082Hz `---- ,---- | % ./host/layer23/src/mobile/mobile | ... | Failed to connect to '/tmp/osmocom_sap'. | Failed during sap_open(), no SIM reader | <000e> sim.c:1206 init SIM client | <0005> gsm48_cc.c:61 init Call Control | <0001> gsm48_rr.c:5330 init Radio Ressource process | <0004> gsm48_mm.c:1220 init Mobility Management process | <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM. | <0002> gsm322.c:3466 init PLMN process | <0003> gsm322.c:3467 init Cell Selection process | <0003> gsm322.c:3521 No stored BA list | VTY available on port 4247. | Mobile initialized, please start phone now! | <0002> gsm322.c:3093 (ms 1) Event 'EVENT_SWITCH_ON' for automatic PLMN selection in state 'A0 null' | <000d> gsm322.c:1055 SIM is removed | <0002> gsm322.c:1056 SIM is removed | <0002> gsm322.c:511 new state 'A0 null' -> 'A6 no SIM inserted' | <0003> gsm322.c:3313 (ms 1) Event 'EVENT_SWITCH_ON' for Cell selection in state 'C0 null' | <0003> gsm322.c:2986 Switch on without SIM. | <0003> gsm322.c:540 new state 'C0 null' -> 'C6 any cell selection' | <0003> gsm322.c:2404 Getting PM for frequency 0 twice. Overwriting the first! Please fix prim_pm.c | <0003> gsm322.c:2415 Found signal (frequency 3 rxlev -94 (16)) | <0003> gsm322.c:2415 Found signal (frequency 8 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 16 rxlev -93 (17)) | ... | <0003> gsm322.c:2415 Found signal (frequency 819 rxlev -97 (13)) | <0003> gsm322.c:2404 Getting PM for frequency 955 twice. Overwriting the first! Please fix prim_pm.c | <0003> gsm322.c:2415 Found signal (frequency 982 rxlev -98 (12)) | ... | <0003> gsm322.c:2415 Found signal (frequency 1004 rxlev -91 (19)) | <0003> gsm322.c:2415 Found signal (frequency 1007 rxlev -89 (21)) | <0003> gsm322.c:2415 Found signal (frequency 1009 rxlev -97 (13)) | <0003> gsm322.c:2415 Found signal (frequency 1010 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 1011 rxlev -67 (43)) | <0003> gsm322.c:2415 Found signal (frequency 1012 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 1013 rxlev -80 (30)) | <0003> gsm322.c:2415 Found signal (frequency 1014 rxlev -87 (23)) | <0003> gsm322.c:2415 Found signal (frequency 1021 rxlev -82 (28)) | <0003> gsm322.c:2415 Found signal (frequency 1022 rxlev -98 (12)) | <0003> gsm322.c:2348 Found 97 frequencies. | <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE) `----

13 years, 5 months

4
7
0 0

AW: Osmocom-BB

by Andreas.Eversberg

hi, can you try the following steps: 1. start osmocon 2. start mobile (be sure it is not shutdown) 3. press the power button on the phone to start the loading process after loading the binary into the phone, the phone should indicate power on to the mobile process. andreas ________________________________ Von: Sebastian --- [mailto:seppel18@hotmail.com] Gesendet: Freitag, 7. Januar 2011 01:37 An: Andreas.Eversberg Betreff: Osmocom-BB Hi Thanks for your Help. Now it says ms 1 is still down "radio not started". Osmocon is running (with ramloader) and layer2 socket is available. hi sebastian, there are three ways to bing it down: - "enable" -> "conf t" -> "ms 1" -> "shutdown" - the layer2 socket does not exist on startup (osmocon loader not started) - the shutdown state is stored in the config (doing "write" when it is down) just bring it up after starting osmocon: - "enable" -> "conf t" -> "ms 1" -> "no shutdown" and don't forget "write" the config, so it must not be done on every startup. andreas

13 years, 5 months

1
0
0 0

OsmocomBB support in Motorola C168

by rakesh mukundan

Hi All. I am a newbie to OssmocomBB, though I have been reading the mails, never actually got a chance to start working. But after watching the 27C3 video, now I am totally inspired :) The problem I am facing the unavailability of the hardware, the only phone available to me as of now is Motorola C168, Can anyone tell me if it will be compact able with OsmocomBB? I have searched in the mailing list archives but could find an answer :( Thanks in Advance Regards ----- Rakesh Mukundan http://simplified-security.blogspot.com/

13 years, 5 months

3
2
0 0

MT612X RF Transceiver Data Sheet

by Fadil Berisha

I need programming Data Sheet for MT612X RF Transceiver, especially data for programming serial interface, internal registers, vco etc. Does somebody know link to get data? I did some google search and come to this link: http://code.google.com/p/ptmtk/source/checkout There, under directory mtk_datasheet found MT612X IC data with electrical data, pin description etc. There is also, reference phone design and detailed programming data sheet for Baseband processors MT6217, MT6219 and MT6253. Knowing that is under developing osmocomBB driver for MT, I thought this might interest you! koliqi

13 years, 5 months

1
0
0 0

Dropping the layer23 application?

by Holger Hans Peter Freyther

Hi all, I think the layer23 app was great when Dieter and others worked on the TX part of Osmocom but right now it has the potential of disturbing a real network. So it could be changed in a way that it checks if the firmware has TX disabled (maybe even make TX disabling a runtime setting), and then still follow the first assignment, never transmit anything and on a CIPHER MODE COMMAND switch back to the BCCH (or when no enc is used at the release message). comments? holger

13 years, 5 months

2
1
0 0

AW: administratively down?

by Andreas.Eversberg

hi sebastian, there are three ways to bing it down: - "enable" -> "conf t" -> "ms 1" -> "shutdown" - the layer2 socket does not exist on startup (osmocon loader not started) - the shutdown state is stored in the config (doing "write" when it is down) just bring it up after starting osmocon: - "enable" -> "conf t" -> "ms 1" -> "no shutdown" and don't forget "write" the config, so it must not be done on every startup. andreas ________________________________ Von: baseband-devel-bounces(a)lists.osmocom.org [mailto:baseband-devel-bounces@lists.osmocom.org] Im Auftrag von Sebastian --- Gesendet: Mittwoch, 5. Januar 2011 21:57 An: baseband-devel(a)lists.osmocom.org Betreff: administratively down? Next Problem: ./mobile says "MS '1' is administratively down". I tried everything..put osmocom.cfg in /etc/osmocom .... How can I bring it "UP"? (Like in Cisco world :)

13 years, 5 months

1
0
0 0

Compile Errors

by Sebastian ---

Hi, I use Ubuntu 9.10, when i try to Compile Osmocom, i get this: root@r00t-laptop:~# cd /home/r00t/install/osmocom-bb/src root@r00t-laptop:~/install/osmocom-bb/src# make cd shared/libosmocore/build-target && ../configure \ --host=arm-elf-linux --disable-vty --enable-panic-infloop \ --disable-shared --disable-talloc --disable-tests \ CC="/home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc" CFLAGS="-Os -ffunction-sections -I/home/r00t/install/osmocom-bb/src/target/firmware/include" configure: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used. checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for arm-elf-linux-strip... no checking for strip... strip checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make sets $(MAKE)... (cached) yes checking for arm-elf-linux-gcc... /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... yes checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc accepts -g... yes checking for /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc option to accept ISO C89... none needed checking for style of include used by make... GNU checking dependency style of /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc... gcc3 checking build system type... i686-pc-linux-gnulibc1 checking host system type... arm-elf-linux-gnu checking for a sed that does not truncate output... /bin/sed checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for fgrep... /bin/grep -F checking for ld used by /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc... /home/r00t/install/gnuarm-3.4.3/arm-elf/bin/ld checking if the linker (/home/r00t/install/gnuarm-3.4.3/arm-elf/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... no checking for arm-elf-linux-dumpbin... no checking for arm-elf-linux-link... no checking for dumpbin... no checking for link... link -dump -symbols configure: WARNING: using cross tools not prefixed with host triplet checking the name lister (link -dump -symbols) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 805306365 checking whether the shell understands some XSI constructs... yes checking whether the shell understands "+="... yes checking for /home/r00t/install/gnuarm-3.4.3/arm-elf/bin/ld option to reload object files... -r checking for arm-elf-linux-objdump... no checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for arm-elf-linux-ar... no checking for ar... ar checking for arm-elf-linux-strip... strip checking for arm-elf-linux-ranlib... no checking for ranlib... ranlib checking command to parse link -dump -symbols output from /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc object... failed checking how to run the C preprocessor... /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... no checking for inttypes.h... no checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... no checking for objdir... .libs checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc supports -fno-rtti -fno-exceptions... no checking for /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc option to produce PIC... -fPIC -DPIC checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc PIC flag -fPIC -DPIC works... yes checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc static flag -static works... yes checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc supports -c -o file.o... yes checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc supports -c -o file.o... (cached) yes checking whether the /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc linker (/home/r00t/install/gnuarm-3.4.3/arm-elf/bin/ld) supports shared libraries... yes checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... no checking whether to build static libraries... yes checking for ANSI C header files... (cached) yes checking execinfo.h usability... no checking execinfo.h presence... no checking for execinfo.h... no checking sys/select.h usability... no checking sys/select.h presence... no checking for sys/select.h... no checking if /home/r00t/install/gnuarm-3.4.3/bin/arm-elf-gcc supports -fvisibility=hidden... no configure: creating ./config.status config.status: creating libosmocore.pc config.status: creating libosmocodec.pc config.status: creating libosmovty.pc config.status: creating include/osmocom/Makefile config.status: creating include/osmocom/vty/Makefile config.status: creating include/osmocom/codec/Makefile config.status: creating include/osmocom/crypt/Makefile config.status: creating include/osmocore/Makefile config.status: creating include/osmocore/protocol/Makefile config.status: creating include/Makefile config.status: creating src/Makefile config.status: creating src/vty/Makefile config.status: creating src/codec/Makefile config.status: creating tests/Makefile config.status: creating tests/timer/Makefile config.status: creating tests/sms/Makefile config.status: creating tests/msgfile/Makefile config.status: creating tests/ussd/Makefile config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged config.status: executing depfiles commands config.status: executing libtool commands cd shared/libosmocore/build-target && make make[1]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target' make all-recursive make[2]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target' Making all in include make[3]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include' Making all in osmocom make[4]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom' Making all in codec make[5]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom/codec' make[5]: Für das Ziel »all« ist nichts zu tun. make[5]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom/codec' Making all in crypt make[5]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom/crypt' make[5]: Für das Ziel »all« ist nichts zu tun. make[5]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom/crypt' make[5]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom' make[5]: Für das Ziel »all-am« ist nichts zu tun. make[5]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom' make[4]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocom' Making all in osmocore make[4]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore' Making all in protocol make[5]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore/protocol' make[5]: Für das Ziel »all« ist nichts zu tun. make[5]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore/protocol' make[5]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore' make[5]: Für das Ziel »all-am« ist nichts zu tun. make[5]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore' make[4]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include/osmocore' make[4]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include' make[4]: Für das Ziel »all-am« ist nichts zu tun. make[4]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include' make[3]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/include' Making all in src make[3]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/src' Making all in . make[4]: Betrete Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/src' CC rate_ctr.lo ../../src/rate_ctr.c:24:22: inttypes.h: No such file or directory make[4]: *** [rate_ctr.lo] Fehler 1 make[4]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/src' make[3]: *** [all-recursive] Fehler 1 make[3]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target/src' make[2]: *** [all-recursive] Fehler 1 make[2]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target' make[1]: *** [all] Fehler 2 make[1]: Verlasse Verzeichnis '/home/r00t/install/osmocom-bb/src/shared/libosmocore/build-target' make: *** [shared/libosmocore/build-target/src/.libs/libosmocore.a] Fehler 2 root@r00t-laptop:~/install/osmocom-bb/src#

13 years, 5 months

11
14
0 0

administratively down?

by Sebastian ---

Next Problem: ./mobile says "MS '1' is administratively down". I tried everything..put osmocom.cfg in /etc/osmocom .... How can I bring it "UP"? (Like in Cisco world :)

13 years, 5 months

1
0
0 0

HP 8922 at Helmut Singer

by Harald Welte

Hi, just in case anyone is looking for a HP 8922 MS tester, there is one available from Helmut Singer. It has an 'ok but not ridiculously cheap' price, based on Dieter and my experience. http://www.helmut-singer.de/stock/1552426140.html The 8922 is particularly well suited for layer 1 testing + development. I personally don't have one (only Racal 6103), and don't want to put another 20kg of old measurement equipment in my lab... -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

13 years, 5 months

2
1
0 0

IMPORTANT clarifications about 27C3 GSM Sniff Talk

by Sylvain Munaut

Hi, Since a lot of people are asking the same questions and there seems to be a rush on the C123 on ebay I tought some clarification is needed. Short version: - The exact tools I used on stage are _not_ and will _not_ be released (or sold ... several people asked ...) - Any one willing to re-code them without any apriori knowledge of GSM would most likely need months to read/understand both the specifications and the way the code works. (That's thousands of page of GSM spec and thousands of line of code) - Osmocom-BB project is not designed to be a sniffer, it's a baseband implementation, I just used part of it as a base. So basically, unless you are really interested in GSM and are willing to dedicate time to understand it deeply and to contribute the various projects, there is not much point in you buying phones, or hanging out in the ml/irc or whatever ... For those who are still reading and interested here's a little more detail: * The HLR query step: -> Go watch the awesome 25C3 talk about it * The TMSI recovering step - Won't be published - If you know how paging works, you know what to do anyway and it's trivial. Method is in the talk, there is nothing to it. * The targeted sniffing application - Won't be published either - Some improvements to the layer23 app frame work will be done but these are generic framework stuff, not app-specific - Again, if you know how L2 works and have looked at several traces, it's obvious what to do. - The 'DSP' part of the sniffer is public for a while with a small demo app (single phone and doesn't exploit the full potential of the DSP patch) and it's perfectly sufficient to debug things on your o wn controlled network. (This is basically what I showed at Deepsec 2010). * The tool to generate the input to Kraken - Won't be published either - Making the guesses is easy for anyone that knows what he's doing. * The improved Kraken - No idea about it, see with Karsten / Sacha / Frank, I only got access to it 1 hour or so before the talk :) * Conversion from burst to audio - This was a hacked software mostly with airprobe code. - The exact app will not be released but I'd like to see the capability put in some clean library we can re-use from airprobe and other application without having to multiply the code each time. - ... But since I'd like it to support AMR and viterbi softoutput before that happens, it could take some time. - Anyone familiar with GSM, airprobe and C could re-hack the same thing in an hour ... As you can see, everything you need to analyze your own network / your own traffic, even at the burst level is already published and has been for more than a month. The other tools have been written only so that we could demonstrate that what we _say_ is possible for about year, we can now do it _practically_. It's apparently needed to get people attentions, "theoretical" attacks are not enough to get the operators / gsma to react. We'll see if that did it ... A few advices that are always good: - Make sure to checkout the a5/1 project ML and airprobe project ML and try to ask your questions in the proper mailing list as much as possible. - Check the wiki and mailing list archives toroughly before asking questions. Cheers, Sylvain Munaut PS: I only posted on this list because it seems a lot of people were pointed here while in fact airprobe would probably be more appropriate to discuss attack scenarios and such, so make sure to answer / start new discussion on the right list.

13 years, 5 months

1
0
0 0

27c3 videos

by Jason

I found the videos at [1], but I don't have an iphone... Are the videos available in different formats? Apparently, Apple's HTTP streaming, segmented mpeg-ts is rather new [2] and there isn't much support for it. I found how to create them [3] and code [4] to create the playlist and segments, but nothing on how to play them or cat them back together. I tried using ffmpeg to convert them the mpeg-ps files, then catting them together (from the ffmpeg manual). This worked, except that the audio went out of sync, and every five seconds the screen goes grey because of the original file boundaries. Any pointers? thx, Jason. [1] http://27c3.iphoneblog.de/recordings/3952.html [2] http://tools.ietf.org/html/draft-pantos-http-live-streaming-01 [3] http://www.ioncannon.net/projects/http-live-video-stream-segmenter-and-dist… [4] https://github.com/carsonmcdonald/HTTP-Live-Video-Stream-Segmenter-and-Dist…

13 years, 5 months

2
2
0 0

On the gsm positioning faking

by Fabio Pietrosanti (naif)

Hi guys, i just looked at 27c3 talk on http://27c3.iphoneblog.de/recordings/3952.html (i really wanted to be there!) and heard about the concept of being able to fake gsm based position systems. Which could in theory the distance that could be faked respect to the knowledge that the BTS can acquire? I mean, the modified timing information provided by phone running osmocombb, how many meters distance from BTS could be? -naif

13 years, 5 months

1
0
0 0

Fwd: MTK port: Interesting device.

by Andrew

Hello all. Just back from the hospital, so I haven't followed the development much for some time. Anyway, I've recently stumbled upon an interesting device: https://www.dealextreme.com/details.dx/sku.50391 I think I'll order that one sometime soon, so that I can look at it in more detail. This is a chinese phone with android, but some things make me think that's MTK inside. According to desctiption: ARM926EJ-S rev 5(v5l) BogoMIPS: 207.66 Android 2.2.1 OS system/Wifi(802.11b)/TV/GPS/FM/JAVA Price - 130 bucks. Sounds familiar? Compared to my E1000: ARM926EJ-S rev 5 (v5l) BogoMIPS: 104.24 Twice more Bogomips. The hardware pretty much seems like a typical MTK, and for that price I guess there actually is MTK inside, something a little better than 2635, so the problem is to find the sources somewhere (And my bet is, that if they don't make it to the mainline - they'll leak out to the web) If the chips are pretty much identical, and they are, this might be a good thing. I think I'll buy one after the holiday madness is over and, hopefully, provide teardown photos, firmware dump and more details. Regards, Andrew.

13 years, 5 months

3
2
0 0

AW: TODO: OsmocomBB to continually iterate over all cells and dump SI

by Andreas.Eversberg

> Just to avoid any duplicate of work as well: most of this is already > done by cell_log (layer23/src/misc). It iterates over the whole spectrum > and tries to get an Immediate Assignment by sending a RACH to every cell. > It stores SI1-4, GPS position and the TA in a logfile, and using the > gsmmap utility you can create a *.kml map of the calculated cell > positions for Google Earth. > So what's missing is really only the PCAP support and a command line > switch to turn off the "active" scanning by sending no RACHs. hi steve, exactly. almost everything is already there. there are some things that may need to be improved in my opinion: - deactivating/activating the RACH request - altering maximum distance (gps) moving off the position of last power scan, before restarting scanning process. - multiple radio support for faster scanning and deeper scanning while moving. - selecting between the generic text format and PCAP. - option to wait some more time to receive more system informations than the mandatory 1..4 regards, andreas

13 years, 6 months

2
2
0 0

different behaviour when osmocom-bb runs on c155 and c115

by ste7an

When running the layer23/mobile host application in combination with layer1 firmware on a c115 (compal_e88 based) I can easily connect with a network (when using Sylvain's test trunk, which supports the SIM very well!). However, running the same code on the C155 (compal_e99 based) the phone refuses to connect to the network and keeps scanning ARFCN's. Is there any real difference between these phones except for the LCD's? In rffe_dualband.c I see a remark about the value of SYSTEM_INHERENT_GAIN that has been measured by Harald on the C123. May that be a different value for the C155? Is this a problem observed by others, or is there a workaround?

13 years, 6 months

1
0
0 0

can't get SAM7-p64 board into SAM-BA

by Stefan Op de Beek

I tried to load the dfu.bin+main.bin (=samba) onto the Olimex SAM7-P64 board. I connected jumper TEST for >10s, disconnected power, reconnected power. I assume that it is possible now to upload firmware using sam-ba (i tried both linux and windows) over the USB port. Even trying to connect through the dbg serial port failed. Is there something wrong with the board or in the procedure I follow. Should I see a USB-CDC serial port when the SAM7 is running the SAM-BA bootloader? Any comments would be appreciated.

13 years, 6 months

2
1
0 0

Working on the documentation...

by Holger Freyther

Hi all, I have started a GettingStarted[1] page to cover the topics of getting the code, getting an ARM toolchain and pointing to the osmocon and layer23 pages for the details. I was also going through the search to update the names of the firmware binaries. The CalypsoRomloader[2] page deserves an update as well. It is referring to the GTA0X but then tries to flash a nonexistent E88 binary. I am not sure what to turn this page into. Do we also have a list of Milestones we want to accomplish (besides merging the sending code to master)? Do we have junior tasks for people that would like to get started on target and host firmware? regards z. [1] http://bb.osmocom.org/trac/wiki/GettingStarted [2] http://bb.osmocom.org/trac/wiki/CalypsoRomloader

13 years, 6 months

1
0
0 0

SIMtrace hardware

by ml＠mail.tsaitgaist.info

Hi, I made a lot of changes to the SIMtrace hardware schema. Here my v0.5 : https://gsm.tsaitgaist.info/SIMtrace/v0.5/SIMtrace.ps Some important point that are unclear, where I would like to have some comments : - I do not use USB_DP_PUP which I found in several at91sam7s design (and openPCD). I don't know if it will be useful or required. - I use npn transistor as switches (2 for I/O because bidirectional). Maybe (N/P/C)MOS is a better solution. I already bought most of the parts and would like to start drawing the PCB. Please tell me if you find some errors or have any advices. kevin

13 years, 6 months

1
0
0 0

got Simtrace to compile

by ste7an

I ordered a SAM7-P64 board for running Simtrace (received board today, but still waiting for the REBELSIm connectors). When compiling the code (using Gnuarm3.4.3) I got two errors: 1) the --g($DEBUGF) option was not understood; omitting this, made the Makefile (for dfu and main) working 2) in /lib/vsprintf.c I had to add #include <limits.h> in order to prevent errors related to MAX_INT etc. Are there any ideas for making a man-in-the-middle SIM device? One master interface to a real SIM, another slave interface providing a SIM interface towards a phone with the possibility to filter certain APDU's or to add files or commands on top of the real SIM. This would need an additional SIM master interface (to send and receive APDU's to the real SIM) on top of what already is in SIMtrace and the slave interface should be capable of sending messaged back to the real SIM master. I will look into it, first starting with implementing a simple SIM card master on the other UART.

13 years, 6 months

3
4
0 0

sciphone g2 connector

by Alexander Huemer

hi, i want to make a cable for the sciphone g2 that provides serial communication and charging with one connector. unfortunately the pictures at [1] aren't clear enough for me. i don't want to kill my phone. actually i count 15 pins in the picture, where mine has only 12. that's weird. i guess that 2 are just for aligning the case, but that still makes 13 vs. 12. i tried to ascii draw the connector from the back (soldering) side. the rounded half of the connector on the upper side. The pins i found described elsewhere on the internet are already marked. -------------------------- ( ) ( ) | ( ) | +-------------------------+ | | | | | | | | | / | | | | | | | | / +-------------------------+/ ^ ^ ^ ^ | | | | | | | +--- GND | | +----- GND | +----------- RX (PC -> Phone) +--------------- TX (Phone -> PC) could someone please mark the pins that have to be connected for charging ? i guess one of the two GND pins is involved. kind regards and thanks for your time -Alex [1] http://en.qi-hardware.com/wiki/Sciphone_Dream_G2

13 years, 6 months

2
1
0 0

Price Cheap of USRP for openbts and GSM

by 麦田守望

Hello everybody you may have USRP ＵＳＥ　ＭＴＫ　ｃｈｉｐ　ｐｈｏｎｅ　ｆｏｒ　ＤＩＹ　ｙｏｕｒｓｅｌｆ　ＢＴＳ　Simple　ａｎｄ　Practical　　ｉ　ｆｉｎｄ　Developmentｅｒ　Contact　ｍｅ

13 years, 6 months

1
0
0 0

MTK chip for GSM USRP

by 麦田守望

Hello everybody I want to develop USB Interface USRP Use MTK 6218 chip, But no Firmware Source Code 6218 is ARM Core 'USE it is a GSM Way of USRP .Friends if you Have to know Please contact me

13 years, 6 months

1
0
0 0

Qualcomm documentation

by Andreas Galauner

Hello everybody, last year I stumbled upon a PDF which describes all registers inside the Qualcomm MSM7200 series chipset. I now got a new mobile phone and remembered about that document because wanted to play a bit with my old one (HTC Magic/Sapphire/G2/Ion). I googled a few hours now and found several documents from Qualcomm, but I just found a whole svn repository full of Documentation [1]. Those Qualcomm chipsets are particularly interesting, because, due to Android, there already is a Linux kernel for the ARM11 core available. The missing part is a free implementation of the ARM9 baseband. My next goal is, as soon as I managed to solder cables to the JTAG pins covered in epoxy, to get own code running on the ARM9. I don't know how hard this will get, because this chipset has several security features like signature checking of code, fusebits for security configuration etc., but I will give it a try. JTAG definitely is still activated, because several people developed a method to unbrick their phones in case they have a bad ARM11 bootloader. And even if there is no chance to get own code running right away, I'm pretty certain that there somewhere is a buffer overflow which is exploitable. Either inside the baseband itself or in the serial console command parser of the early bootloaders provided by the OEM (OEMSBL). Time will tell. I hope I've got something to show you at the 27C3. My problem is that I don't have enough experience and knowledge about GSM yet to estimate if all this documentation is sufficient to implement a real baseband software on this chipset. If it's not, I think it's pointless to invest several days/nights of work to get own code running. Maybe somebody of you can have a quick look over the repository and the documents? Thanks, Andy [1]: http://code.google.com/p/ptwcdma/source/browse/

13 years, 6 months

4
4
0 0

Osmocom SIMtrace

by Simon Barnett

Hi All, I'm not 100% sure this is the right place to post this really, maybe someone can point me in the right direction if I'm in the wrong place. I'm trying to build the Osmocom SIMtrace firmware, but so far I'm not having much luck When I try to make it I get the following output: - make -f Makefile.dfu BOARD=OLIMEX -------- begin (mode: RUN_FROM_ROM) -------- arm-elf-gcc (GCC) 4.0.2 Copyright © 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. scripts/mkcompile_h > include/compile.h svn: '.' is not a working copy svn: warning: '.' is not a working copy make: *** No rule to make target `src/simtrace/usb_strings_dfu.txt', needed by `src/simtrace/usb_strings_dfu.h'. Stop. Has anyone got any ideas how I might be able to fix this? Thanks, Simon

13 years, 6 months

4
5
0 0

Sciphone's Versions and European Shops

by luca bongiorni

Hi mates, i was thinking to start to work also on Sciphone and starting to learn as much as i can and contribute to the community (even if actually i'm a noob of phone firmwares, i worked only on MIPS router firmwares ). Have you some usefull books/wiki/etc to start on? These are the 3 versions identified of Sciphone: HY27XS08121M - 512Mb (64MB) NAND + 32MB RAM HY27XA081G1M - 1Gb (128MB) NAND + 32MB RAM TC58NVG0S3AFT - 1Gb (128MB) NAND + 64MB RAM How i could ask to sellers for the best version? (TC58NVG0S3AFT - 1Gb (128MB) NAND + 64MB RAM) Do you know an european shop where i can find it? Thankyou for attention folks Regards Luca

13 years, 6 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel