Welcome to the OsmocomBB project

OsmocomBB is an Free Software / Open Source GSM Baseband software implementation.

It intends to completely replace the need for a proprietary GSM baseband software, such as

• drivers for the GSM analog and digital baseband (integrated and external) peripherals
• the GSM phone-side protocol stack, from layer 1 up to layer 3

In short: By using OsmocomBB on a compatible phone, you are able to make and receive phone calls, send and receive SMS, etc. based on Free Software only.

Over the past 12 months, we've been making very good progress. Most of the hardware drivers have been written, and a relatively complete layer1, layer2 and layer3 exist.

No work has yet been done on any sort of UI on the phone. The only user interface is a telnet-based command line.

To get started, checkout the PreliminaryRequirements and then GettingStarted

Directory

Osmocom TETRA project goes public

Today, we publicly disclose the current development version of a TETRA (Terrestrial Trunked Radio) demodulator + PHY + MAC code.

The project home page, including links to source code and mailing list is http://tetra.osmocom.org/

After GSM and DECT, finally yet another popular wireless commu ...

(Read more)

• Posted: 2011-01-22 13:53
• Author: laforge
• Categories: tetra
• Comments (0)

Slides of sideband GSM sniffing talk at 27c3

Sylvain Munaut was presenting on Wideband GSM Sniffing at the 27th annual Chaos Communication Congress, where he was using a series of four phones running OsmocomBB as a GSM packet sniffer.

The slides are available from http://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html.

A preliminary video recording (simple dump of the str ...

(Read more)

• Posted: 2011-01-01 16:38
• Author: laforge
• Categories: (none)
• Comments (0)

Slides of OsmocomBB talk at 27C3

At the 27th Chaos Communication Congress, Harald Welte and Steve Markgraf have presented on OsmocomBB.

You can find the slides linked from http://events.ccc.de/congress/2010/Fahrplan/events/3952.en.html and a preliminary video recording at [http://mirror.informatik.uni-mannheim.de/pub/ccc/27c3-streamdump/mkv/%5B3952%5D%20Running%20your%20own%2 ...

(Read more)

• Posted: 2011-01-01 16:33 (Updated: 2011-01-01 17:26)
• Author: laforge
• Categories: presentation osmocombb
• Comments (0)

This is not a real blog, just a RSS feed for updates

Like in the OpenBSC case, this OsmocomBB blog is merely intended as a news feed.

• Posted: 2011-01-01 16:25
• Author: laforge
• Categories: (none)
• Comments (0)

This is the project page about our experiments (so far) only with phones based on the Ti Calypso/Iota/Rita GSM baseband chipset. The main target is the MotorolaC123. For more supported phones, check below.

We originally intended to build an inexpensive GSM experimentation board built with/around that chipset, but right now are pursuing a slightly alternative course by using cheap off-the-shelf feature phones and write custom software for it.

• The ProjectRationale
• The big MasterPlan
  • AreasOfWork -- What needs to be done and who wants to do it
• Information about the TypicalCalypsoModemDesign
  • Calypso -- The HERCROM digital baseband chip (DSP+ARM7)
    • CalypsoDSP -- The DSP inside the Calypso DBB
  • Iota -- The TWL3025 analog baseband chip (ADC/DAC)
  • Rita -- The TRF6151C GSM transceiver (VCO, up/down-conversion)
• Information about the SciphoneDreamG2, a MT6235 based phone (not supported!!)
• Old/obsolete plan/spec of the GsmDevelBoard (note: This project is on hold right now!
• Description of our own GSM Stack
  • L1A_L23_Interface -- How the Layer1 interfaces with Layer2 and Layer3 of the stack
• Notes on the TSM30 Layer1 as it can be found in the TSM30 source
• Glossary -- The weird terms used in the phone baseband world
• LegalAspects -- Important legal aspects of this project
• People -- The people behind the project
• PressCoverage -- What the press is writing about us

Mailing List

The development discussions regarding this project happen on the baseband-devel@lists.osmocom.org mailing list.

General announcement of major steps and releases of the project are available on the osmocom-announce list.

You can subscribe to any of those mailing lists at http://lists.osmocom.org/mailman/listinfo

IRC (Internet Relay Chat)

We have an IRC channel where some developers and users hang out. You can find it at: irc.freenode.net/#osmocom

Software

Documentation about software developed by this project.

OsmocomBB source code is kept in the git repository at git://git.osmocom.org/osmocom-bb.git, which you can browse best from http://cgit.osmocom.org/

• GettingStarted -- Getting Started with the Software for the target and host.
• SoftwareOverview -- Overview how all the parts below fit together

Host programs (running on the PC)

General Purpose

• osmocon -- A tool for Compal phones; to load code into RAM and execute it
• mobile -- An application implementing a regular GSM mobile phone (and more)
• WiresharkIntegration -- How to use OsmocomBB with wireshark protocol analyzer
• libosmocore -- A library with utility functions

Advanced / special purpose tools

• osmoload -- A tool for flashing and examining phones
• calypso_pll -- A tool to calculate Calypso DPLL multiplier+divider
• rita_pll -- A tool to calculate the Rita PLL multiplier/divider
• layer23 -- An implementation of GSM Layer2 and upwards.

Target programs (running on the phone baseband chip)

• firmware -- The current staging/testing code base for our own software on the Calypso. From it we build a number of apps:
  • hello_world.bin -- An actual 'hello world' application for LCD and serial port
  • layer1.bin -- The actual Layer1 software as it is to be used with layer23
  • loader.bin -- Our flash loader, dumper and second stage bootloader
  • compal_dsp_dump.bin -- A program to dump the ROM of the DSP inside the Calypso

Supported Phone hardware

Information specific to certain Calypso based phones that we support

• Designed + Manufactured by Compal, OEM by Motorola
  • MotorolaC115/C117 (E87)
  • MotorolaC123/C121/C118 (E88) -- our primary target
  • MotorolaC140/C139 (E86)
  • MotorolaC155 (E99) -- our secondary target
  • MotorolaV171 (E68/E69)
  • SonyEricssonJ100i

• Designed by Pirelli/Foxconn, manufactured by Foxconn
  • Pirelli DP-L10

• Designed by Openmoko, manufactured by FIC
  • Neo 1973 (GTA01)
  • Neo Freerunner (GTA02)

Accessories

You will need a CalypsoSerialCable to connect the phone to a PC

Random bits and pieces

• SIM related
  • RebelSIM How the Rebel SIM card cand be used as SIM proxy
  • RebelSIM_Scanner to scan/trace communication between SIM and phone (rubbish)
  • SIMtrace -- our custom hardware / firmware / software to get SIM-ME traces into wireshark
  • SIMReader How to connect to network using provider SIM
• Notes on sniffing

References

Related projects

• airprobe -- Free Software GSM protocol analyzer
• OpenBSC -- Free Software BSC/MSC/HLR/SMSC
• OpenBTS -- Free Software Um-to-SIP gateway
• OsmocomTETRA -- Free Software TETRA related code

Recommended reading

• http://laforge.gnumonks.org/papers/gsm_phone-anatomy-latest.pdf -- Introduction to contemporary GSM cellphone hardware
• http://www2.informatik.hu-berlin.de/~goeller/ -- Homepage of Dr.-Ing. Joachim Goeller, lots of GSM tutorials
• http://sourceforge.net/projects/plabs/ -- Source code of the firmware of the Vitelcom TSM30 phone (dead link)
• OsmocomBB presentation at SSTIC 2010

For a complete list of local wiki pages, see TitleIndex.