Hello GSM network side folks,
I assume that most of you are probably aware of the existence of a certain hack called CalypsoBTS: it's a rather unbelievable hack that takes a piece of hw meant to be a GSM MS and turns it into a poor man's GSM BTS, all inherent asymmetry in the GSM air interface be damned. As a manufacturer of Calypso-based GSM MS devices I occasionally get approached by people who seek to acquire a Calypso device seemingly for the sole purpose of running that CalypsoBTS hack, and every time I get approached by someone of that sort, I always shake my head in bewilderment - isn't there a better way to get your own little toy BTS running than to misuse GSM MS hardware?
The purpose of the present post is to solicit advice from the community as to what I should tell those poor souls who are seeking to set up their own toy BTS and are looking to do it via the CalypsoBTS route - is there some better way that we as a community can steer them toward instead?
It is my understanding - please correct me if I'm wrong - that the least expensive way to set up your own GSM BTS for toy purposes (as opposed to running a real operational GSM network which people will depend on for real communication) is to use a generic SDR device of one of several types that are supported by osmo-bts-trx/osmo-trx - but this is where my knowledge in this area ends, as this particular mode of GSM toying has never been an area of interest for me. But for those people who (unlike me) *are* interested in setting up their own toy BTS in the least expensive way, what SDR hardware should we as the community recommend for them? What is the cheapest option that will be good enough - especially if the criteria for "good enough" are compared to CalypsoBTS? What would be the least expensive option that is just good enough to be advocated as a better alternative to the CalypsoBTS hack?
In the case of my current FCDEV3B hardware the price tag seems to be an effective deterrent against people misusing it as CalypsoBTS: FCDEV3B is expensive, and someone whose actual need is to run their own BTS rather than MS can easily buy a suitable SDR device for the same price or less, it seems. But the issue is beginning to rear its ugly head again because I have another development board in the works (not here yet, probably won't have the hw until December), and there is a possibility (nothing is certain yet) that it might be a bit less expensive than FCDEV3B.
Is there an SDR-based option (or any other non-CalypsoBTS option) for running a toy BTS with osmo-bts-trx and the Osmocom CNI stack behind it that would cost $250 or less in hardware? The $250 number comes from my anticipated-around-December new FreeCalypso development board - there is a chance that it might be that cheap (but again, absolutely nothing is certain at the present moment) - and if there is no SDR or other option for running your own toy BTS for the same or lower hw price, then I fear that I am going to be flooded with support requests from people asking for help with using my new board as CalypsoBTS, which I absolutely dread. Hence my present attempt to pre-emptively seek some better solution for those people.
(It would be nice if that stream of support requests from people seeking to run the CalypsoBTS hack could be redirected to Sysmocom or some other commercial entity who could make some money helping those people, but my experience is that these people are not the kind who would ever pay for commercial support, so no hope there...)
It may also be worth mentioning that the filter replacement hack (removing or replacing Rx SAW filters that are meant to limit the GSM MS device's Rx capability to only specific GSM downlink bands) will not be possible on the new FreeCalypso GSM MS board that will be coming around December - that design uses an integrated RF FEM (front end module) instead of discrete antenna switch and SAW filter components. But I've also heard that plenty of people run the CalypsoBTS hack without doing any filter rework, just letting the strong signal from a nearby GSM MS force its way through wrong SAW filters and not caring about the 40 dB or so of attenuation being incurred - I cringe at the thought, but that's what people do...
M~
Hi Mychaela,
I have long been running my tests using a USRP, because on the long run it is always worth to buy something that is better in quality. However indeed people interested in cheap hacks would not like the price tag of the device. Throwing a quick glimps at the OsmoTRX wiki page I think the cheapest hardware that should work well is the LimeSDR - coming in at around 300 USD. I think most of the bugs and issues with it are more or less sorted - however this is only based on what I see on the mailing list, I am not actively following the code developments. BTW I have run without any hardware modification a calypsoBTS with 2 phones. It worked suprisingly well, even a single voice call was possible reliably. I know it is complete abuse of the hardware, but otoh it was a unique and awesome experience :).
Cheers, Domi
- szept. 11. dátummal, 0:21 időpontban Mychaela Falconia mychaela.falconia@gmail.com írta:
Hello GSM network side folks,
I assume that most of you are probably aware of the existence of a certain hack called CalypsoBTS: it's a rather unbelievable hack that takes a piece of hw meant to be a GSM MS and turns it into a poor man's GSM BTS, all inherent asymmetry in the GSM air interface be damned. As a manufacturer of Calypso-based GSM MS devices I occasionally get approached by people who seek to acquire a Calypso device seemingly for the sole purpose of running that CalypsoBTS hack, and every time I get approached by someone of that sort, I always shake my head in bewilderment - isn't there a better way to get your own little toy BTS running than to misuse GSM MS hardware?
The purpose of the present post is to solicit advice from the community as to what I should tell those poor souls who are seeking to set up their own toy BTS and are looking to do it via the CalypsoBTS route - is there some better way that we as a community can steer them toward instead?
It is my understanding - please correct me if I'm wrong - that the least expensive way to set up your own GSM BTS for toy purposes (as opposed to running a real operational GSM network which people will depend on for real communication) is to use a generic SDR device of one of several types that are supported by osmo-bts-trx/osmo-trx - but this is where my knowledge in this area ends, as this particular mode of GSM toying has never been an area of interest for me. But for those people who (unlike me) *are* interested in setting up their own toy BTS in the least expensive way, what SDR hardware should we as the community recommend for them? What is the cheapest option that will be good enough - especially if the criteria for "good enough" are compared to CalypsoBTS? What would be the least expensive option that is just good enough to be advocated as a better alternative to the CalypsoBTS hack?
In the case of my current FCDEV3B hardware the price tag seems to be an effective deterrent against people misusing it as CalypsoBTS: FCDEV3B is expensive, and someone whose actual need is to run their own BTS rather than MS can easily buy a suitable SDR device for the same price or less, it seems. But the issue is beginning to rear its ugly head again because I have another development board in the works (not here yet, probably won't have the hw until December), and there is a possibility (nothing is certain yet) that it might be a bit less expensive than FCDEV3B.
Is there an SDR-based option (or any other non-CalypsoBTS option) for running a toy BTS with osmo-bts-trx and the Osmocom CNI stack behind it that would cost $250 or less in hardware? The $250 number comes from my anticipated-around-December new FreeCalypso development board
- there is a chance that it might be that cheap (but again, absolutely
nothing is certain at the present moment) - and if there is no SDR or other option for running your own toy BTS for the same or lower hw price, then I fear that I am going to be flooded with support requests from people asking for help with using my new board as CalypsoBTS, which I absolutely dread. Hence my present attempt to pre-emptively seek some better solution for those people.
(It would be nice if that stream of support requests from people seeking to run the CalypsoBTS hack could be redirected to Sysmocom or some other commercial entity who could make some money helping those people, but my experience is that these people are not the kind who would ever pay for commercial support, so no hope there...)
It may also be worth mentioning that the filter replacement hack (removing or replacing Rx SAW filters that are meant to limit the GSM MS device's Rx capability to only specific GSM downlink bands) will not be possible on the new FreeCalypso GSM MS board that will be coming around December - that design uses an integrated RF FEM (front end module) instead of discrete antenna switch and SAW filter components. But I've also heard that plenty of people run the CalypsoBTS hack without doing any filter rework, just letting the strong signal from a nearby GSM MS force its way through wrong SAW filters and not caring about the 40 dB or so of attenuation being incurred - I cringe at the thought, but that's what people do...
M~
Hi Domi,
Throwing a quick glimps at the OsmoTRX wiki page I think the cheapest hardware that should work well is the LimeSDR - coming in at around 300 USD.
Looking around myself, I came to the same general conclusion - but there are several different members of the Lime family. It looks like LimeSDR-Mini is the cheapest of all of them, but does it have some problem compared to the original LimeSDR-USB? Does it have a worse clock that isn't good enough to run a GSM BTS? And what about LimeNET-Micro? It appears to be priced the same as the original LimeSDR-USB, but has a built-in RPi microcomputer that the software would run on, and its GPSDO seems like a better clock option than all of the predecessors - but I could be missing something...
M~
Hi Mychaela,
On Fri, Sep 11, 2020 at 09:54:37AM -0800, Mychaela Falconia wrote:
Throwing a quick glimps at the OsmoTRX wiki page I think the cheapest hardware that should work well is the LimeSDR - coming in at around 300 USD.
Looking around myself, I came to the same general conclusion - but there are several different members of the Lime family. It looks like LimeSDR-Mini is the cheapest of all of them, but does it have some problem compared to the original LimeSDR-USB?
LimeSDR-USB is the oldest and best supported device. LimeSDR mini does not have a clock input for an external reference clock. Yes, with some board rework it can be added, but even then it has much stricter requirements on the clock (IIRC phase noise), as it doesn't have any onboard PLL but directly feeds that input to the Transceiver chip which is very sensitive to phase noise.
Does it have a worse clock that isn't good enough to run a GSM BTS?
Any SDR without a a built-in or external OCXO, Rubidium or GPS-DO has a clock that is insufficient for operating a GSM BTS.
And what about LimeNET-Micro? It appears to be priced the same as the original LimeSDR-USB, but has a built-in RPi microcomputer that the software would run on, and its GPSDO seems like a better clock option than all of the predecessors - but I could be missing something...
OsmoTRX + OsmoBTS will run on it (and we actually even provide Raspbian binar packages in our nightly and latest feeds, for people who don't want to build everything from source).
Please note that - as far as I know - the CPU power of the RPi compute module is insufficient for operating multiple software transceivers/carriers within one wideband channel ('multi-arfcn mode'). So you are constrained to 1TRX operation. If you don't need that, the LimeNET-Micro might be a good choice. If you do, go for a LimeSDR-USB within the Lime device portfolio, but add a GPS-DO like a BG7TBL if you don't already have a 10MHz reference around in your lab.
Hi Harald,
Thanks for the explanation regarding different LimeSDR devices. Just in case I wasn't clear, the present inquiry was *not* for me - instead I was trying to make a pre-emptive move, trying to prepare a canned answer for that inevitable case when some very green newbie asks about getting the anticipated cheaper-than-FCDEV3B Calypso board for the purpose of misusing it as CalypsoBTS. I was (and still am to some extent) looking for a canned answer along the lines of "no, please don't misuse Calypso devices as a poor man's BTS, they are meant to be MS rather than BTS, if you need absolute lowest cost BTS, please use $This_lowend_SDR instead" - and I was looking to see what that $This_lowend_SDR metavariable should be set to.
Unfortunately the very existence of that CalypsoBTS hack has seriously muddied the waters we all have to swim in - the world would have been a cleaner place had that hack never been invented. I don't know if you have noticed it or not, but over the last few years there has been a very significant influx of very green noobs coming to OsmocomBB not for the purpose of doing research or tinkering from GSM MS side, but who seek old Motorola phones for the *sole* purpose of turning them into a poor's man BTS via that CalypsoBTS hack, and who seem to have no interest whatsoever in GSM MS side.
Remember that guy a few years ago who was adamantly asking for a port of OsmocomBB to Qualcomm phones and who thought it would be a slam dunk because there apparently exist some leaked QC sources? A careful reading of his posts, parsing to see exactly what he sought out of OBB and out of that hypothetical Qualcomm port, reveals that he was *not* seeking a FOSS or research-oriented implementation of GSM MS (or of 3G/4G UE) on a newer platform, instead he was seeking to turn his QC-based phone into a BTS in the spirit of CalypsoBTS! I was truly disgusted and sickened to my stomach when I saw what we was really after - but he was not alone by any means, there are a great plenty of them.
I assume that this attitude that leads people to seeking Motorola phones for the sole purpose of turning them into CalypsoBTS stems out of ignorance, rather than intentional hostility toward those who work on the MS side of the air interface - but ignorance needs to be treated with education, we need to educate those green newbies that GSM MS devices make a *very* poor BTS and that they should get something more appropriate for the BTS role - and my question was exactly what should be recommended to those greenest of newbies.
Please note that - as far as I know - the CPU power of the RPi compute module is insufficient for operating multiple software transceivers/carriers within one wideband channel ('multi-arfcn mode'). So you are constrained to 1TRX operation. If you don't need that, the LimeNET-Micro might be a good choice.
But this 1TRX operation is still better than CalypsoBTS, or is it not? Remember that the goal is to convince the super-newbie to follow some path other than CalypsoBTS...
You may not be able to relate because you are not in my shoes, but as a maker of Calypso GSM MS devices and as the world's most active supporter of that chipset in the present time, I stand as the front- line target for those people seeking a Calypso device for the purpose of misusing it as a BTS - I am typically the first person they reach out to, usually in extremely terse inquiries in half-broken English, typically asking for subsidized hardware, and only revealing their true intentions several emails later, after I have already wasted a ton of emotional energy on them. So yeah, I seriously resent the very existence of CalypsoBTS.
M~
-
Harald Welte -
Mychaela Falconia -
Tomcsanyi, Domonkos