Hello,
I try to use the 'host23/mobile' application on a C123 but without success. I followed Steve's instructions[1] with today's git tree (d95eddad):
1. osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin
2. ./host/layer23/src/mobile/mobile
3. Power on the phone
(output of theses commands is thereafter)
But I'm not sure it really works: the firmware seems to freeze (not responding to the power button anymore) and the last output of 'mobile' is:
<0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)
Based on the low rxlevel, I guess it is not acquiring any meaningful signal?
In [2], Steve said the internal antenna was switched off when the cable is plugged in, is it still true?
I tried to RTFM but I am stuck here.
Thanks for your patience,
Footnotes: [1] http://baseband-devel.722152.n3.nabble.com/Running-osmocombb-on-a-Motorol-C1...
[2] http://lists.osmocom.org/pipermail/baseband-devel/2010-May/000435.html
,---- | % osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin | ... | Received DOWNLOAD ACK from phone, your code is running now! | | OSMOCOM Layer 1 (revision osmocon_v0.0.0-598-gd95edda) | ====================================================================== | Device ID code: 0xb4fb | Device Version code: 0x0000 | ARM ID code: 0xfff3 | cDSP ID code: 0x0128 | Die ID code: ebd8283cba021198 | ====================================================================== | REG_DPLL=0x2413 | CNTL_ARM_CLK=0xf0a1 | CNTL_CLK=0xff91 | CNTL_RST=0xfff3 | CNTL_ARM_DIV=0xfff9 | ====================================================================== | | THIS FIRMWARE WAS COMPILED WITHOUT TX SUPPORT!!! | Assert DSP into Reset | Releasing DSP from Reset | Setting some dsp_api.ndb values | Setting API NDB parameters | DSP Download Status: 0x0001 | DSP API Version: 0x0000 0x0000 | Finishing download phase | DSP Download Status: 0x0002 | DSP API Version: 0x3606 0x0000 | LOST 7478! | L1CTL_RESET_REQ: FULL!L1CTL_PM_REQ start=0 end=124 | PM MEAS: ARFCN=0, 27 dBm at baseband, -110 dBm at RF | PM MEAS: ARFCN=0, 26 dBm at baseband, -112 dBm at RF | PM MEAS: ARFCN=1, 30 dBm at baseband, -107 dBm at RF | PM MEAS: ARFCN=2, 29 dBm at baseband, -108 dBm at RF | PM MEAS: ARFCN=3, 43 dBm at baseband, -94 dBm at RF | PM MEAS: ARFCN=4, 32 dBm at baseband, -105 dBm at RF | ../.. | PM MEAS: ARFCN=1023, 33 dBm at baseband, -104 dBm at RF | L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=104, flags=0x7) | Starting FCCH RecognitionFB0 (1748:10): TOA=11712, Power=-106dBm, Angle=-22058Hz | FB0 (1775:11): TOA=12528, Power= -65dBm, Angle=-3818Hz | FB0 (1796:5): TOA= 5280, Power= -68dBm, Angle=-16117Hz | FB0 (1799:1): TOA= 96, Power=-109dBm, Angle= 7082Hz `----
,---- | % ./host/layer23/src/mobile/mobile | ... | Failed to connect to '/tmp/osmocom_sap'. | Failed during sap_open(), no SIM reader | <000e> sim.c:1206 init SIM client | <0005> gsm48_cc.c:61 init Call Control | <0001> gsm48_rr.c:5330 init Radio Ressource process | <0004> gsm48_mm.c:1220 init Mobility Management process | <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM. | <0002> gsm322.c:3466 init PLMN process | <0003> gsm322.c:3467 init Cell Selection process | <0003> gsm322.c:3521 No stored BA list | VTY available on port 4247. | Mobile initialized, please start phone now! | <0002> gsm322.c:3093 (ms 1) Event 'EVENT_SWITCH_ON' for automatic PLMN selection in state 'A0 null' | <000d> gsm322.c:1055 SIM is removed | <0002> gsm322.c:1056 SIM is removed | <0002> gsm322.c:511 new state 'A0 null' -> 'A6 no SIM inserted' | <0003> gsm322.c:3313 (ms 1) Event 'EVENT_SWITCH_ON' for Cell selection in state 'C0 null' | <0003> gsm322.c:2986 Switch on without SIM. | <0003> gsm322.c:540 new state 'C0 null' -> 'C6 any cell selection' | <0003> gsm322.c:2404 Getting PM for frequency 0 twice. Overwriting the first! Please fix prim_pm.c | <0003> gsm322.c:2415 Found signal (frequency 3 rxlev -94 (16)) | <0003> gsm322.c:2415 Found signal (frequency 8 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 16 rxlev -93 (17)) | ... | <0003> gsm322.c:2415 Found signal (frequency 819 rxlev -97 (13)) | <0003> gsm322.c:2404 Getting PM for frequency 955 twice. Overwriting the first! Please fix prim_pm.c | <0003> gsm322.c:2415 Found signal (frequency 982 rxlev -98 (12)) | ... | <0003> gsm322.c:2415 Found signal (frequency 1004 rxlev -91 (19)) | <0003> gsm322.c:2415 Found signal (frequency 1007 rxlev -89 (21)) | <0003> gsm322.c:2415 Found signal (frequency 1009 rxlev -97 (13)) | <0003> gsm322.c:2415 Found signal (frequency 1010 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 1011 rxlev -67 (43)) | <0003> gsm322.c:2415 Found signal (frequency 1012 rxlev -86 (24)) | <0003> gsm322.c:2415 Found signal (frequency 1013 rxlev -80 (30)) | <0003> gsm322.c:2415 Found signal (frequency 1014 rxlev -87 (23)) | <0003> gsm322.c:2415 Found signal (frequency 1021 rxlev -82 (28)) | <0003> gsm322.c:2415 Found signal (frequency 1022 rxlev -98 (12)) | <0003> gsm322.c:2348 Found 97 frequencies. | <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE) `----
<0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)
Based on the low rxlevel, I guess it is not acquiring any meaningful signal?
-65 dBm is a pretty strong signal actually :)
It should be able to sync down to -105 dBm or so.
In [2], Steve said the internal antenna was switched off when the cable is plugged in, is it still true?
It's true and won't ever change ... it's a hardware switch, when you plug something in the antenna plug, it disconnects the built-in antenna.
| L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=104, flags=0x7) | Starting FCCH RecognitionFB0 (1748:10): TOA=11712, Power=-106dBm, Angle=-22058Hz | FB0 (1775:11): TOA=12528, Power= -65dBm, Angle=-3818Hz | FB0 (1796:5): TOA= 5280, Power= -68dBm, Angle=-16117Hz | FB0 (1799:1): TOA= 96, Power=-109dBm, Angle= 7082Hz
It's weird that the power varies so much ... it's also weird that it even _tried_ to sync with a 22kHz frequency error .. It might try to sync to something that's not a C0 ...
Try to force the ARFCN to a known good cell (that you get from a phone with netmonitor) using the stick option.
Cheers,
Sylvain
same newbie prob here --
1. starting osmocon: osmocon -m c123xor -p /dev/tty.usbserial firmware/board/compal_e88/layer1.compalram.bin
2. starting layer23 (the arfcn is from my "field test" (iPhone)): layer23 -i 224.0.0.1 -a 46 -d
3. press the power button
like a minute I receive messages then layer23 is saying:
<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/15/00) -72 dBm: 4d 3b 42 69 1a db 34 d3 a4 0b 1d 0a 4d 98 ba 52 50 e8 d2 c2 42 8c 81 <000b> l1ctl.c:210 Dropping frame with 78 bit errors <000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/14/00) -71 dBm: 6d f2 0a db 05 54 70 cd a4 0b 1d 0a 94 99 ba 52 50 e8 d2 c2 c2 68 81 <000b> l1ctl.c:210 Dropping frame with 72 bit errors <000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/20/32) -72 dBm: 84 ea f1 c3 cd 4a dc da e4 51 1d 33 b6 29 29 98 c1 24 5d 2e 9a 3f 73 <000b> l1ctl.c:210 Dropping frame with 67 bit errors <000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/13/00) -72 dBm: e2 96 ef f8 8b dc 84 85 e2 29 d4 10 ff 6e 82 c0 17 1e f6 db 29 d9 9f <000b> l1ctl.c:210 Dropping frame with 81 bit errors <000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/12/00) -72 dBm: 16 d6 61 e7 c2 4a 4c 2f 6c bd 8c 32 b6 29 29 6a 99 f2 ee 69 28 75 a5 <000b> l1ctl.c:210 Dropping frame with 76 bit errors
osmocon is saying:
L1CTL_RESET_REQ: FULL!LOST 1641! EMPTY L1CTL_FBSB_REQ (arfcn=46, flags=0x7) Starting FCCH RecognitionFB0 (1523172:1): TOA= 768, Power= -73dBm, Angle= 2625Hz FB1 (1523182:8): TOA= 9475, Power= -73dBm, Angle= 464Hz fn_offset=1523181 (fn=1523182 + attempt=8 + ntdma = 7)m delay=9 (fn_offset=1523181 + 11 - fn=1523182 - 1 scheduling next FB/SB detection task with delay 9 =>FB @ FNR 1523181 fn_offset=1523181 qbits=2716 Synchronize_TDMA LOST 2921! SB2 (330721:2): TOA= 29, Power= -73dBm, Angle= 324Hz => SB 0x0080c66d: BSIC=27 fn=1205386(909/ 0/ 1) qbits=24 Synchronize_TDMA =>FB @ FNR 330719 fn_offset=1205385 qbits=4932 LOST 1912! nb_cmd(0) and rxnb.msg != NULLL1CTL_DM_EST_REQ (arfcn=46, chan_nr=0x41, tsc=3) L1CTL_DATA_REQ (link_id=0x00) ul=00811d68, ul->payload=00811d6c, data_ind=00811d6c, data_ind->data=00811d6c l3h=00811d6c LOST 2110!
what do i wrong here???
has nobody an Idea about my problem??
On 01/06/2011 12:54 PM, mki wrote:
has nobody an Idea about my problem??
Hi,
you have not forumalated a question that can be answered in a very specific way? You seem to have an expectation that the invocation of tools is doing something, but they don't do what you think they should do.
Maybe as a start you should describe what you expect should happen and what happens instead? Maybe people can then help you more.
sorry, my question is, what is with the dropped frames in my submited output of layer23 is that ok? or not? and if not what must i do?
sorry, my question is, what is with the dropped frames in my submited output of layer23 is that ok? or not? and if not what must i do?
layer23 is a debug tool that can only really be used on a network you control, because it will follow any immediate assignement without any further check (refer to GSM 04.08 if you don't understand what that means)
On a commercial network, it won't do anything good. The output you see is normal if you run it on a real network and not a test network you control.
Cheers,
Sylvain
Hi, sorry i misunderstand layer23, i am searching for a possibility to log my traffic on the um interface, to check out if my real phone traffic is encrypted and to what bts i am connected(is it the real network or a catcher).
PS: all that, i want to do it on a real network.
baseband-devel@lists.osmocom.org
-
Holger Hans Peter Freyther -
mki -
Nicolas Bareil -
Sylvain Munaut