0
Opensource GSM baseband        firmware
Why ?●   Free kernels, free OSes, free WiFi drivers, free    GPU drivers, free RFID readers, free software    radio, why n...
Roadblocks●   The cellphone chipset industry is very closed    (even phone manufacturers dont get chipset    programming i...
Why GSM ?Source: http://en.wikipedia.org/wiki/Comparison_of_mobile_phone_standards● Simple but usable● Deployed worldwide●...
GSM Radio interface (3)           Logical channels●   BCCH, SCH, FCCH●   RACH, PCH, AGCH●   SACCH, FACCH●   SDCCH●   TCH/F...
Osmocom project                         openBSC                         BB (baseband) http://osmocom.org/     DECT        ...
GSM Network                            OpenBSC                             OpenBTS                           OsmocomBB    ...
The BTS                          OpenBTS            Source: http://openbts.sourceforge.net/                             20...
The core network                          OpenBSC1995                            2008
The phone            OsmocomBB             ?
GSM radio Interface (1)Frames & physical channels  Source: http://www.tele-servizi.com/janus/engfield2.html
GSM Radio Interface (2)                      BurstsSource: http://www.scholarpedia.org/article/Global_system_for_mobile_co...
Anatomy of a cellphone (1)Motorola C118 aka Compal E88 aka GTA0x                            RFFE         Rita (TRF6151)   ...
Anatomy of a cellphone (2)RFCLK == 26 MHz                 APC – Automatic Power CorrectionTSP – Time Serial Port          ...
Anatomy of a cellphone (3)Source: http://bb.osmocom.org/trac/wiki/TypicalCalypsoModemDesign
OsmocomBB features●   Supports Calypso chipset, found inside:    Motorola C115/C117 (Compal E87)    Motorola C123/C121/C11...
Osmocom-bb code structure                                           osmocom-bb/src/                                       ...
Demo !Plan:0. Downloading and building thecodeStart the osmocom-bb on thecellphone1. Login to a network2. Make a call, rec...
Where do we go from here ?●   Handover support●   GPRS support●   Multi-SIM capability●   More Calypso phones (http://www....
Backup slides
GSM sux, lets try WCDMA●   What about Reverse engineering WCDMA    baseband firmware ?    http://events.ccc.de/congress/20...
Other opensource radiocomm               projects●   OpenBSC●   OpenDECT●   OpenTETRA●   OpenGMR●   OpenOP25●   Put your p...
Upcoming SlideShare
Loading in...5
×

Osmocom

2,893

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,893
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
67
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Osmocom"

  1. 1. Opensource GSM baseband firmware
  2. 2. Why ?● Free kernels, free OSes, free WiFi drivers, free GPU drivers, free RFID readers, free software radio, why not free cellphone firmware ?● Challenge the „secret sauce” vendor attitude● Cellphone network security research● Disruptive competition● Knowledge is power
  3. 3. Roadblocks● The cellphone chipset industry is very closed (even phone manufacturers dont get chipset programming information)● The cellphone network equipment industry is dominated by 4 major players (and even more closed)● There is no „padawan” learning path● GSM protocol stacks are not shipped in the mainline kernel● The government creeps in everywhere in the telco world
  4. 4. Why GSM ?Source: http://en.wikipedia.org/wiki/Comparison_of_mobile_phone_standards● Simple but usable● Deployed worldwide● Hackable & abundant hardware● GSM bands propagate very nicely
  5. 5. GSM Radio interface (3) Logical channels● BCCH, SCH, FCCH● RACH, PCH, AGCH● SACCH, FACCH● SDCCH● TCH/F, TCH/H● AAARGHCH, WTFCH
  6. 6. Osmocom project openBSC BB (baseband) http://osmocom.org/ DECT TETRA GMROpen OP25 Source MObile COMmunications
  7. 7. GSM Network OpenBSC OpenBTS OsmocomBB BTS – Base Transciever Station (the tower) BSC – Base Station Controller (the brain) MSC – Mobile Switching Controller (the router) HLR – Home Location Register (/etc/passwd) MS – Mobile Station POTS – Plain Old Phone System
  8. 8. The BTS OpenBTS Source: http://openbts.sourceforge.net/ 20091998
  9. 9. The core network OpenBSC1995 2008
  10. 10. The phone OsmocomBB ?
  11. 11. GSM radio Interface (1)Frames & physical channels Source: http://www.tele-servizi.com/janus/engfield2.html
  12. 12. GSM Radio Interface (2) BurstsSource: http://www.scholarpedia.org/article/Global_system_for_mobile_communications_%28GSM%29
  13. 13. Anatomy of a cellphone (1)Motorola C118 aka Compal E88 aka GTA0x RFFE Rita (TRF6151) ABB (ADC + DAC) Iota (TWL3025) DBB (DSP + MCU) Calypso (G2 C035) RFFE – RF Frontend ABB – Analog Baseband LCD, KBD, etc. DBB – Digital Baseband MCU – Microcontroller Unit
  14. 14. Anatomy of a cellphone (2)RFCLK == 26 MHz APC – Automatic Power CorrectionTSP – Time Serial Port AFC – Automatic Frequency CorrectionBSP – Baseband Serial Port I/Q – modulation stuff you dont need to know ;-)USP – uController Serial Port VCO – Voltage Controlled Oscillator GSM/DCS/PCS – these are frequency bands
  15. 15. Anatomy of a cellphone (3)Source: http://bb.osmocom.org/trac/wiki/TypicalCalypsoModemDesign
  16. 16. OsmocomBB features● Supports Calypso chipset, found inside: Motorola C115/C117 (Compal E87) Motorola C123/C121/C118 (Compal E88) Motorola C139/C140 (Compal E86) Motorola C155 (Compal E99) Openmoko GTA01/GTA02● Low-level RF drivers & synchronous TDMA● GSM Layer 2 (LAPDm) and Layer 3 (RR/MM/CC)● RS232-HDLC connection to PC for debugging● RX-only by default
  17. 17. Osmocom-bb code structure osmocom-bb/src/ target/firmware/ rf/ RFFE abb/ calypso/ ABB dsp.c tsp.c tpu.c DSP TSP TPU clock.c sim.c uart.cAPI RAM flash/ osmocom-bb/host/ osmoload Flash DPLL layer23 ARM SIMSRAM HDLC over RS232 ULPD GEA UART Calypso SoC
  18. 18. Demo !Plan:0. Downloading and building thecodeStart the osmocom-bb on thecellphone1. Login to a network2. Make a call, receive a call3. Send and receive SMS.
  19. 19. Where do we go from here ?● Handover support● GPRS support● Multi-SIM capability● More Calypso phones (http://www.myphone.pl ?)● Mediatek MTK6235 support – GSM L1 stack in the kernel possible● Compliance testing & certification
  20. 20. Backup slides
  21. 21. GSM sux, lets try WCDMA● What about Reverse engineering WCDMA baseband firmware ? http://events.ccc.de/congress/2011/Fahrplan/ev ents/4735.en.html● Maybe a SDR LTE base station ? http://bellard.org/lte/ (not public yet)
  22. 22. Other opensource radiocomm projects● OpenBSC● OpenDECT● OpenTETRA● OpenGMR● OpenOP25● Put your pet radio interface here
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×