I was wondering how and if IMSI Catchers can be detected and how much work it would be to support that in OsmocomBB. The only problem is that I have not seen any IMSI Catchers, have not written one and have read too little about it. So how does an IMSI Catcher operate? Well, I have no idea and need to speculate. In contrast to a real network it is only meant to be used by a few Mobile Stations…
I have spend the last week differently than I had planned. I have been to Iceland, the Hotel still didn’t restart their DVB-S receivers or renewed their smartcards. So 13/16 Channels are stuck in different set-top box messages and only RTLII of Switzerland, BBC and Eurosport are fully functional. The sad part is thet one could receive China’s CCTV program here… I have spend the last week working on the MGCP Gateway of OpenBSC to allocate the network and the…
This is just a small list of things that have happened in OpenBSC: Introduce a GSM 08.08 BSC API to separate channel management from the MSC Code. This has also killed reference counting of our logical channels and we release channels a lot faster. Toying with USSD. I started to play with ASN.1 and generate USSD messages, right now we can send a unstructuredSS-Notify down to the Cellphone and play with the alerting types, sending a notifySS as part of…
I was playing with ASN1 and Supplementary Services over the Weekend. My goal was to provide extended user information during a call setup. So the first step was searching for information of how it could look like, this involved going through the GSM Spec, the 2nd part was wrestling with asn1c to generate some dummy data (as I couldn’t find a trace doing that), the 3rd part was being able to generate that from OpenBSC and send it to the…
Hi, with some more debugging and fun with wireshark scripting and looking a pretty obvious issue has been resolved. Now GPRS for us is actually using IP, UDP, NS (some simple address and type of the messages), BSSGP (protocol between SGSN and BSS) and for actual data there is LLC at the end of the BSSGP. The LLC is part of the BSSGP payload as TLV (Tag, Length, Value). I created a simple setup that worked. It involved getting the…
Traditionally we have a struct gsm_lchan representing a logical channel. It has a given type based on the physical allocation (SDCCH, TCH/H, TCH/F), a given mode (traffic or signalling) and the trx and timeslot it is on. We also have a struct gsm_subscr representing a GSM Subscriber in our combined HLR/VLR. Whenever a Channel is used for a subscriber we are taking a reference count and assign the subscriber to the lchan. Whenever releasing the lchan we check the subscriber…
Yesterday I had the pleasure of trying OpenBSC on a real network and the result was desaster, but honestly what else to expect when trying it the first time. It is not that OpenBSC was crashing, leaking memory, or not recovering from failure it is just the load of the network was differrent than what I assumed and that leads to problems. What happens is one is seeing a lot of location updating requests, which will load the SDCCH but…
I was invited to visit the On-Waves (they have a shiny new website) office in Paris this week and I was quite busy hacking away on the OpenBSC codebase. On-Waves allows me to play a bit with their MSC and learn more about GSM and in exchange OpenBSC gains a more and more complete and stable GSM A-Interface. When developing code for OpenBSC we are mostly sitting very close to the BTS, only have one active subscriber, test one thing,…
Something like 14 months ago I had no idea about GSM protocols, 12 months ago I was implementing paging for OpenBSC, beginning from last summer I explored SS7 and SCCP, wrote a simple SCCP stack for On-Waves. Started to implement the GSM A Interface for OpenBSC, the last week I saw myself learning more about MTP Level3. With the Osmocom I start to explore GSM Layer 1 (TDMA, bursts, syncing), GSM Layer 2 (LAPDm) and on GSM Layer3 we mostly…
My debug build of libQtWebKit finished and I thought the horror of linking a huge library is over and that I could start to debug. Turned out that gdb was segfaulting when launching my application. Eeeek., google… well googling for gdb and crash is not really finding gdb things. Okay so I was using cvs to get the latest version of gdb, compiling… *crash*. It seemed to crash in demangling, so just in case I was updating binutils and rebuilding…