PDA

View Full Version : MS/BS simulator



ekonomi
30-07-2003, 02:49 PM
Hello all,

maybe this is a topic that shouldn't be in this forum but i didn't know where else to post it. I was wondering if anyone knows how to create a base station simulator and a mobile simulator. I've seen companies selling such products (in very high prices) and i wondered if you've seen any schematics or something in the net. The idea is to test the on air communication between the MS and the BS in order to search for faults or something.

If any of you find this project usefull i could use every help i could get since i'm not an expert in the field.

ekonomi.

wumpus
31-07-2003, 10:23 AM
Are you talking about a GSM network simulator in hardware or software?

ekonomi
31-07-2003, 11:02 AM
hi,

At first I was thinking about software only, but i realized that you can't simulate the communication between the mobile and the base station just with software. So the project should involve hardware at least for doing the modulation/demodulation for the base station.
As more as I study the gsm specification I get more confused ;-)
so for now i just thought that i could create a device that acts like a sniffer for the mobile phones. It will just receive the radio signals and "decode" them (demodulate, channel decoding and speech decoding).
For now there is no need to simulate the authentication between MS and BS.

heheh As you can see the whole project is not yet cleared in my mind, but it seems like a radio sniffer for gsm networks.


ekonomi.

wumpus
31-07-2003, 11:43 AM
It sounds very interesting, although the "from the air" sniffing part requires extremely expensive equipment.

I do currently "sniff" MS to BS communication by trapping packets going to the TX interface of my MS. But although interesting it's far from a simulator.

<M457>
19-08-2003, 09:50 AM
I do currently "sniff" MS to BS communication by trapping packets going to the TX interface of my MS. But although interesting it's far from a simulator.

how do you do this? with a mod to phones?
can you tell more about this?

It sounds very interesting:D :D

thanks!

wumpus
19-08-2003, 11:40 AM
I should make a section of my site dedicated to this (it isn't really easy to describe how I did this)

The Nokia operating system has debug statements all over the place, some allow direct monitoring of communication with GSM network or SIM when enabled.
(it is even possible to inject packets)
I have altered gammu to hook into the debug interface and analyze L2(LAPd) packets going to the DSP and received from the DSP. It needs no more than a MBUS/FBUS cable..
I'm so happy those ETSI standards are free now and I can make some sense out of it :-)

It's all kind of primitive now though (I have so many things to do and so little time), no GUI or even decent commandline interface..

<M457>
19-08-2003, 06:36 PM
wooow it's fantasic!:D :D
can you give us the link of your site?

10000000000000000000000 thx:)

capotixplus
20-08-2003, 04:25 AM
I try your site (blacksphere) but ask for user/pass... I'm working the same with TDMA phones.... (5120/25)

PicPa
20-08-2003, 05:59 AM
Hey all,

wumpus i am of course interesting too in this packet trapping, if you finish that section in your site inform as ;-) or you can send (if there is no prob of course) the altered gammu of yours so that we can play with it too.

ekonomi
20-08-2003, 06:04 AM
wumpus,

I'm interested too, so if you'd like we can help you finish gammu's interface faster.

wumpus
20-08-2003, 12:27 PM
I've put a proof of concept (gammu patch) online and will now give out some accounts to my site (which is not yet publicly open)

The patch to gammu is in the Software section under "Debug Tracing". If you have any questions, ask..

economi - I cannot send you a PM message or mail as you've disabled that on this site

sk3done
25-08-2003, 03:32 AM
please can i have a pass user please mate that would be greatfully recived to say the least