From laforge at gnumonks.org Wed Dec 9 14:55:16 2015 From: laforge at gnumonks.org (Harald Welte) Date: Wed, 9 Dec 2015 15:55:16 +0100 Subject: DEc 9, 8pm / Osmocom Berlin Meeting Message-ID: <20151209145516.GS21423@nataraja> Hi all! This is the announcement for the re-incarnation of our bi-weekly Osmocom Berlin Meeting. Dec 09, 8pm @ CCC Berlin, Marienstr. 11, 10117 Berlin There is no formal presentation this time, but * there will be SIMtrace equipment in case somebody wants to play with it there will be a sysmoBTS with OsmoBTS, OsmoPCU, OsmoNITB, OsmoSGSN and OpenGGSN if somebody wants to play with it * there will be Huawei Femtocells to play with The meeting is open to anyone interested in mobile communications. You do not have to be involved with the Osmocom projects in order to attend. Anyone interested in mobile communications protocols is welcome. If you are interested to show up, feel free to do so. The meeting is "free as in free beer", despite no actual free beer being around ;) More information can be found at http://openbsc.osmocom.org/trac/wiki/OsmocomMeeting/Berlin Regards, Harald -- - Harald Welte ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6) From case at SDF.ORG Thu Dec 10 18:27:58 2015 From: case at SDF.ORG (John Case) Date: Thu, 10 Dec 2015 18:27:58 +0000 (UTC) Subject: Why isn't there an airprobe for other protocols ? (3G, CDMA, LTE) Message-ID: I have successfully used airprobe (and gr-gsm, derived from airprobe) to see broadcast, unencrypted status messages from GSM base stations. It is my understanding that other protocols (like CDMA, UMTS, HSPA, LTE) have similar unencrypted, broadcast or "beacon" traffic that could be viewed the same way ... But there are no tools like airprobe for CDMA or 3G or LTE ... why is that ? Is there a technical reason that they are much more difficult, or has it just not been done yet out of lack of interest ? Thank you. From falcon at ivan.Harhan.ORG Sat Dec 12 22:58:22 2015 From: falcon at ivan.Harhan.ORG (Mychaela Falconia) Date: Sat, 12 Dec 2015 22:58:22 GMT Subject: Motorola C139 V1.9.24 Won't Load from osmocom-bb Message-ID: <1512122258.AA11445@ivan.Harhan.ORG> Hello fellow phone hackers, Back in March-April of 2014 there was a user on this list (Rusty Dekema, Cc'ed) who wanted to use OsmocomBB tools with a Mot C139 phone, but was stopped by a locked-down bootloader; the phone had Cingular firmware version 1.9.24 which none of us knew how to unlock back then. Fast-forwarding to the present, I recently got yet another batch of Mot C139 phones from ebay, and one of them came with that same fw version with a locked-down bootloader. This encounter prompted me to research the problem some more and develop a new shellcode injection- based method of breaking into these phones that should work with all existing Mot C1xx fw versions, gaining code execution on the phone's Calypso and allowing one to reflash the bootloader with an unlocked version, among arbitrary other reflashing and hacking operations. The new "universal" Mot C1xx unlocking tool is released as part of fc-host-tools-r4; the link to the tarball appears at the bottom of this web page: https://www.freecalypso.org/c139.html Happy hacking, Mychaela From laforge at gnumonks.org Sat Dec 12 23:32:09 2015 From: laforge at gnumonks.org (Harald Welte) Date: Sun, 13 Dec 2015 00:32:09 +0100 Subject: Why isn't there an airprobe for other protocols ? (3G, CDMA, LTE) In-Reply-To: References: Message-ID: <20151212233209.GA28681@nataraja> Hi John, > It is my understanding that other protocols (like CDMA, UMTS, HSPA, LTE) > have similar unencrypted, broadcast or "beacon" traffic that could be viewed > the same way ... correct. > But there are no tools like airprobe for CDMA or 3G or LTE ... why is that ? I'm not sure if that's correct. At lest for LTE you should find several open source implementatiosn that at least claim to be able to decode the beacon/broadcast channel. > Is there a technical reason that they are much more difficult, or has it > just not been done yet out of lack of interest ? Yes, it is more difficult, as the modulation and encoding schemes are more complex. But the fundamental reason is probably that somebody needs to sit down and get it done. It's not like there is a magical group of people that just implements all of this for everyone else to use. I'm not aware of a CDMA (IS-95 / CDMA2000) or WCDMA beacon receiver. But you you can find similar projects for TETRA, GMR and OP25 all under the Osmocom umbrella. What's needed is somebody who scratches his (strong enough) itch for understanding / implementing the related bits of synchronization, demodulation and decoding. Regards, Harald -- - Harald Welte http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)