Hi all,
On Mon, May 29, 2017 at 03:29:49PM +0200, Harald Welte wrote:
Over the weekend I was thinking of yet another method
to make this much
simpler: Every phone is supposed to include a voice loop-back mode. In
this mode, the phone siply loops back all voice frames received in the
downlink and sends them back in the uplink. This functionality is
mandatory by the spec, and used to test the receiver performance of the
phone during development, manufacturing and service. IT is specified in
3GPP TS 44.014
(
http://www.etsi.org/deliver/etsi_ts/144000_144099/144014/14.00.00_60/ts_144…)
which used to be GSM TS 04.04
(
http://www.etsi.org/deliver/etsi_ts/101200_101299/101293/08.06.00_60/ts_101…)
before.
The idea is that one puts a special "Test SIM" (as specified in TS
51.010-1 Annex 4, where EF.AD first byte == 0x80 is the criteria in this
context) into the phone, and then sends some specific commands on Layer3
to activate the loop.
I have now produced such a "test sim". It's as easy as to update the
firsrt byte of EF.AD with 0x80, e.g. using the following APDU (after
authorizing with proper credentials like ADM1 pin and selecting EF.AD):
00d60000048000ff02
I also have an experimental branch[1] of OsmoNITB which can send the
loopback commands. And at least with a K800i I also get an
acknowledgement.
* first start a silent call to establish a dedicated TCH
subscriber imsi 262423203000003 silent-call start tch/f
* then send the CLOSE_TCH_LOOP command with loop type A
subscriber imsi 262423203000003 ms-test close-loop a
* OsmoNITB reports success:
<0002> gsm_04_14.c:129 FIXME: Received TEST class message
'CLOSE_TCH_LOOP_ACK'
I haven't actually tried yet to see if the voice channel is actually
looped back. But at least the results look promising so far.
Regards,
Harald
[1]
http://git.osmocom.org/openbsc/log/?h=laforge/ts_04_14
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)