Hello Deiter ,Sylvian

As u advised I completed reading GSM standard, and dig down source code AFAIK , i have recognized the files and parameters where i need to change values to tune for particular TCH, and also understood that how important signaling is to be involved .

I just want to know one thing that is , during the channel request MS send burst on RACH with RA ref number, where this RAF or RA reference number stored on MS side , because when Immediate assignment send from the network it must be match before tuning to particular SDCCH, i want to apply a trick here i will copy the RA reference from the immediate assignment message and will replace with original one stored in MS, hence MS will think this channel is for me and tune to the SDCCH accordingly, further it will keep on listening all process like authentication, location updating , again the TCH channel information is send SDCCH without encryption as only authentication procedure needs Kc Ki and SRES, SDCCH is not encrypted and all MS hosting on that SDCCH can decode TCH parameter like FN , TS, ARFCN hopping sequence.

but again i need to clarify how L1ctl.c and L23_api.c fetch the decoded data, from immediate assinment masseg.

as it is written printf..........%u . From where this will scan or fetch.

if i will be able to know, where MS kept stored the input values advised in signaling messages by BTS on PCH, or AGCH. so i can manipulate them and land on CCCH, and then SDCCH then TCH.

kindly tell me if it is feasible , or there is more i need to think.

Kind Regards,