Hello Marcel,
On Wed, 01 Apr 2009 15:52:21 +0200, "Marcel Klein" marcel@koeln.ccc.de wrote:
Some phones can find the "001 01" network directly but most of the time it takes around an hour until some phones start to notice it (or they never do). I tried restarting bsc_hack several times, changed the ARFCN, MNC and MCC but without success. Even restarting the phone doesn't always help.
So far everything seems to work fine, bsc_hack shows no warnings, I see lots of RXs when I use the debug option, and Abis-Link is up.
I don't know if this is related but when a phone manages to see my network it's not able to see any others. I just see one - my own network.
You mean you can only see the "001 01" network and nothing else ? Does this happen before or after having registered to the "001 01" network ?
Something different to try: If finding the "001 01" network takes too long and changing the ARFCN also does not help (to make sure that there is no interference) maybe increasing the TRX power changes the result ? Just try it for a short time (one or two minutes) and see if that helps. Here at my place (most certainly a rather "clean" RF environment) I don't have problems to find the "001 01" network, this works with different phones (old and new ones) and only takes about 30 seconds doing a "manual search". I can also see all the other official networks.
Best regards, Dieter
Dieter Spaar wrote:
You mean you can only see the "001 01" network and nothing else ?
That's right.
Does this happen before or after having registered to the "001 01" network ?
Before (and after). Even when I reject everybody and a particular phone sees "001 01" then it only show this network.
Something different to try: If finding the "001 01" network takes too long and changing the ARFCN also does not help (to make sure that there is no interference) maybe increasing the TRX power changes the result ? Just try it for a short time (one or two minutes) and see if that helps. Here at my place (most certainly a rather "clean" RF environment) I don't have problems to find the "001 01" network, this works with different phones (old and new ones) and only takes about 30 seconds doing a "manual search". I can also see all the other official networks.
Thank you, I will try this tomorrow and I will let you know if anything changes. ;)
kenny_
Dieter Spaar wrote:
Something different to try: If finding the "001 01" network takes too long and changing the ARFCN also does not help (to make sure that there is no interference) maybe increasing the TRX power changes the result ? Just try it for a short time (one or two minutes) and see if that helps. Here at my place (most certainly a rather "clean" RF environment) I don't have problems to find the "001 01" network, this works with different phones (old and new ones) and only takes about 30 seconds doing a "manual search". I can also see all the other official networks.
Okay I just tried it with "TRX Power: 80mW (GSM)" an it seems to work much better. Three phones found the network in less than a minute and showed it along with the official networks.
However, one phone (k800i) still loses the list of the official networks after connecting to the "00! 01".
More tests later, I don't want to disturb the neighbors. :)
So Andreas, you might want to try increasing the TRX power too.
Thank you. :)
kenny_
Marcel Klein wrote:
Okay I just tried it with "TRX Power: 80mW (GSM)" an it seems to work much better. Three phones found the network in less than a minute and showed it along with the official networks.
However, one phone (k800i) still loses the list of the official networks after connecting to the "00! 01".
Okay, second try didn't work anymore... so the problem still exists. I even tried 250mW.
bsc_hack --debug=DRLL:DCC:DMM:DRR:DRSL:DNM:DMI:DMUX:DPAG:DRLL:DSMS just shows lots of:
--- Thu Apr 2 23:57:43 2009 <1000> input/misdn.c:151 RX: 0c 12 01 90 0f 00 3c Thu Apr 2 23:57:43 2009 <1000> input/misdn.c:123 alen =6, dev(0) channel(3) sapi(0) tei(1) Thu Apr 2 23:57:43 2009 <1000> input/misdn.c:126 <= len = 20, prim(0x3008) id(0x30100): DL_DATA_IND Thu Apr 2 23:57:43 2009 <1000> input/misdn.c:151 RX: 0c 12 01 88 12 06 00 fa 00 00 00 00 ---
kenny_
Don't know if this helps a bit but I will post the output of bsc_hack and bs11_config.
bsc_hack: --- DB: Database initialized. DB: Database prepared. 1 device found id: 0 Dprotocols: 00000018 Bprotocols: 0000006e protocol: 4 nrbchan: 30 name: hfc-e1.1 activate bchan bootstrapping OML Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=0) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=1) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=1) E1=(0,2,1) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=2) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=2) E1=(0,2,2) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=3) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=3) E1=(0,2,3) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=4) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=4) E1=(0,3,0) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=5) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=5) E1=(0,3,1) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=6) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=6) E1=(0,3,2) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1405 Set Chan Attr (bts=0,trx=0,ts=7) Thu Apr 2 22:38:27 2009 <0020> abis_nm.c:1344 CONNECT TERR TRAF Um=(bts=0,trx=0,ts=7) E1=(0,3,3) bootstrapping RSL MCC=1 MNC=1 Thu Apr 2 22:38:31 2009 <0020> abis_nm.c:505 STATE CHG: OC=UNKNOWN(a4) INST=(00,ff,ff) ---
bs11_config query: --- bs11_config (C) 2009 by Harald Welte and Dieter Spaar This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY
LMT LOGON: ACK
PHASE: 3 Normal MBCCU0: Load MBCCU1: No Load Abis-link: Up
BS11 ATTRIBUTES: BS-11 ESN PCB Serial Number: 001064 BS-11 ESN Hardware Code Number: 135-2044/03.03 BS-11 ESN Firmware Code Number: 135-2044/03.03
SITE MANAGER ATTRIBUTES: E1 Channel: Port=0 Timeslot=1 (Full Slot) TEI: 25
BS11 Power Amplifier 0 ATTRIBUTES: TRX Power: 250mW (GSM) Thu Apr 2 22:42:59 2009 <0020> abis_nm.c:689 GET ATTRIBUTE NACK LMT LOGOFF: ACK ---
kenny_
On Thu, Apr 02, 2009 at 06:03:24PM +0200, Marcel Klein wrote:
However, one phone (k800i) still loses the list of the official networks after connecting to the "00! 01".
that might be a bug (or a feature?) in that particular phone. Try a different (like a real operator id of an existing operator in a different country) and check again.
001-01 is what is used by all the handset testers that I have seen, so there might be some special case treatment in the phone firmware.
Harald Welte wrote:
However, one phone (k800i) still loses the list of the official networks after connecting to the "00! 01".
that might be a bug (or a feature?) in that particular phone. Try a different (like a real operator id of an existing operator in a different country) and check again.
Okay now I have access to some more cell phones. But still the same issue even with a Nokia 3330 and Nokia 6210.
Sony Ericson k800i (no branding) - doesn't find the network most of the time or rather takes very long (when I'm lucky). Only one network in list when it manages to find my network. (Just happened once that everything was correct).
Nokia 3330 and 6210 - Finds the network quick or just needs to be rebooted. Only one network in list.
Siemens S45 - Network not found (yet)
I already tried several networks that really exist but without success. ARFCN is free and stable - I checked this with a radio.
kenny_
-
Dieter Spaar -
Harald Welte -
Marcel Klein