19 Jan
2009
19 Jan
'09
8:39 p.m.
Hello Holger,
Couldn't we use a GNU-Radio combined with the
GSM-HF-RX? We had a
student research project which used that with Wireshark. I think I could
borrow it for a few days and sniff some stuff at our lab. Just tell me
what sequences you need.
You mean the USRP ? As far as I know its no big problem to save the
raw RF data with it but there is no easy-to-use software yet to get
nice traces from those data (e.g. extract all the different channels
like BCCH, CCCH and so on) which for example could be used to see the
messages between the BTS and the phone. I am not interested in the
traffic (speech or data), just the signaling on the Air-Interface would
be nice to have. But lets see what the future brings, projects like
airprobe.org might fill this gap.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
21 Jan
21 Jan
3:53 a.m.
New subject: GSM Um protocol analysis
On Mon, Jan 19, 2009 at 07:39:51PM +0000, Dieter Spaar wrote:
Well, it's not easy-to-use, but I have that entire chain working here
(USRP+gnuradio+gsm-tvoid+wireshark). However, many receive errors due to
very limited demodulation, no working equalizer, sometimes looses sync, etc.
But depending on signal quality you can actually capture and decode CCCH +
multiple SDCCH/8 timeslots (if there are any) on C0 of a BTS.
However, one of the bigger problems is that it is purely unidirectional, i.e.
you only get the downlink but not the uplink from the phone. To do that, you
would need two DBSRX or two RFX900 frontends and much more unwritten code.
And yes, hopefully with airprobe.org those problems will be resolved at some
point.
For OpenBSC this is not a top priority, since we never had any problems with
the air interface so far. We have the BS-11 taking care of that, and so far
there is no reason to believe it is doing anything wrong on the Um side of
things.. and the Abis side we can completely dump and decode, either with
a commercial Abis analyzier (Wandel+Goltermann MA10) or by just looking at
the pcap files that OpenBSC can create thanks to zeckes' patches.
Regards from Taipei,
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Couldn't
we use a GNU-Radio combined with the GSM-HF-RX? We had a
student research project which used that with Wireshark. I think I could
borrow it for a few days and sniff some stuff at our lab. Just tell me
what sequences you need.
You mean the USRP ? As far as I know its no big problem to save the
raw RF data with it but there is no easy-to-use software yet to get
nice traces from those data (e.g. extract all the different channels
like BCCH, CCCH and so on) which for example could be used to see the
messages between the BTS and the phone. I am not interested in the
traffic (speech or data), just the signaling on the Air-Interface would
be nice to have. But lets see what the future brings, projects like
airprobe.org might fill this gap.
5580
days inactive
5582
days old
1 comments
2 participants
participants (2)
-
Dieter Spaar -
Harald Welte