gssm-v0.1 Groupe Special (Software) Mobile or The Global Software System for Mobile communications --- SUMMARY Okay, calling gssm "The Global Software System for Mobile communications" is a bit of a stretch as all it does is monitor GSM control channels. What this package does is use the USRP and various daughterboards to capture live data, GNU Radio and custom modules to demodulate and decode the GSM packets, and then Wireshark to display the data. Get it here: http://thre.at/gsm Install instructions: http://thre.at/gsm/index.html#install. Talk about it here: email@example.com. More here: http://wiki.thc.org/gsm. --- WHAT This package monitors GSM base station control channels. It uses the USRP and various daughterboards to capture live data, GNU Radio and custom modules to demodulate and decode the GSM packets, and then Wireshark to display the data. This version of gssm decodes most of the control channels. The control channels contain the information necessary for a mobile to communicate with a base station. The control channels gssm currently decodes are: FCCH The frequency correction channel. SCH The synchronization channel. BCCH The broadcast control channel. PCH The paging channel. Downlink only, used to page mobiles. AGCH The access grant channel. Downlink only, used to allocate an SDCCH or directly a TCH. SACCH Slow associated control channel. SDCCH Stand-alone dedicated control channel. gssm displays the decoded data using Wireshark. Not only does this give us a very nice graphical front end to examine the dissected packets, but Wireshark already has quite a bit of code to dissect GSM data. Unfortunately, the current implementation of Wireshark does not dissect packets unique to the wireless interface. Up to now, there was no reason to include code to dissect these packets. I include a patch for wireshark-0.99.5 which adds partial Um packet dissection capability and a new custom ethertype to interface with the USRP. While gssm has basic functionality now, it really is alpha-quality software and there are a number of enhancements which must be made before it becomes truly useful. 1. The Mueller and Muller clock recovery method doesn't always handle the quarter-bits present in a GSM burst. A more reliable method must be implemented. Until then, this software will suffer from a large number of receive errors even with a high signal-to-noise ratio. 2. Wireshark dissects most GSM packets except those specific to the Um interface, the wireless interface between the mobile and the BTS, the Base Transciever Station. a. I've only implemented a small portion of the Um interface. Much more work must be done to complete this. b. Only the Bbis frame type is implemented. When packets arrive in Wireshark which are "malformed" or with strange protocol descriptors, it is because they were sent using some other frame type. c. The interface between gssm and Wireshark is extremely hacky, to say the least. It would be nice to eventually standardize a GNU Radio interface for Wireshark. I also want to clean up my Um interface and submit that there as well. 3. You need to find your local GSM tower by hand. Once you've found it, you need to edit the python script and enter the information by hand. It would be very nice if this information were automatically generated. 4. The code is designed to support all frequency bands but I haven't implemented anything but U.S. support. 5. This code is receive-only and currently can only monitor tower to mobile transmissions. 6. Lots more. --- WHERE This code is being adopted by the GSM Scanner Project and any updates to this code will be found there. Questions and suggestions can certainly be sent to me, but they also should be directed to the mailing list -- firstname.lastname@example.org. Also, check out the wiki at http://wiki.thc.org/gsm. The current version of this code can be found here: http://thre.at/gsm/gsm-v0.1.tar.bz2. Updates and bug-fixes will be located at the GSM Scanner Project, http://wiki.thc.org. -- Joshua Lackey, Ph.D. (email@example.com)
on 2007-06-04 02:24
on 2007-06-06 21:39
Hi Joshua, I followed installation instruction with almost no errors. But, when running Wireshark, I get nothing displayed with the GSM interface. My BTS signal is very high, and I located the offset of the frequency correction burst (which is by the way almost the same as your default one). Any suggested checking point ? Firas, Joshua Lackey-2 wrote: > > > USRP and various daughterboards to capture live data, GNU Radio and > PCH The paging channel. Downlink only, used to page mobiles. > to include code to dissect these packets. I include a patch for > suffer from a large number of receive errors even with a high > arrive in Wireshark which are "malformed" or with > found it, you need to edit the python script and enter the > > The current version of this code can be found here: > Discussfirstname.lastname@example.org > http://lists.gnu.org/mailman/listinfo/discuss-gnuradio > > -- View this message in context: http://www.nabble.com/software-implementation-of-G... Sent from the GnuRadio mailing list archive at Nabble.com.
on 2007-06-07 02:51
(Moving discuss-gnuradio to bcc.) You can tell when it's working because of all the error messages you get. jl@hackphoo:~/src/gsm/gssm-v0.1/src/python$ ./file_gssm.py ~/src/gsm/signal/signal.data >>> gr_fir_fff: using SSE error: PCH, AGCH (0, 36) error: SACCH8 (0, 36) error: PCH, AGCH (0, 36) error: SACCH8 (0, 36) error: PCH, AGCH (0, 36) error: SACCH8 (0, 36) error: PCH, AGCH (0, 12) error: SDCCH8 (0, 12) error: PCH, AGCH (0, 46) error: PCH, AGCH (0, 36) error: SACCH8 (0, 36) error: PCH, AGCH (0, 22) error: PCH, AGCH (0, 26) error: PCH, AGCH (0, 36) [...] So even if nothing is appearing in Wireshark, you should still be able to tell if the radio demod path is working. You can also add a few debug printf()'s in the code to see how far you're getting. Try adding a 'printf("fc found!\n");' at line 316 in gssm_sink.cc and a 'printf("sch found!\n");' at line 360. (It will be line 361 if you first add line 316.) Then you'll be able to see when you lock on the frequency correction channel and the synchronization channel. Quoting Eng. Firas (email@example.com):