[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss-gnuradio] software implementation of GSM

From: Joshua Lackey
Subject: [Discuss-gnuradio] software implementation of GSM
Date: Sun, 3 Jun 2007 20:23:06 -0400
User-agent: Mutt/


Groupe Special (Software) Mobile


The Global Software System for Mobile communications



Okay, calling gssm "The Global Software System for Mobile
communications" is a bit of a stretch as all it does is monitor GSM
control channels.

What this package does is use the USRP and various daughterboards to
capture live data, GNU Radio and custom modules to demodulate and decode
the GSM packets, and then Wireshark to display the data.

        Get it here:            http://thre.at/gsm
        Install instructions:   http://thre.at/gsm/index.html#install.
        Talk about it here:     address@hidden
        More here:              http://wiki.thc.org/gsm.



This package monitors GSM base station control channels. It uses the
USRP and various daughterboards to capture live data, GNU Radio and
custom modules to demodulate and decode the GSM packets, and then
Wireshark to display the data.

This version of gssm decodes most of the control channels. The control
channels contain the information necessary for a mobile to communicate
with a base station. The control channels gssm currently decodes are:

        FCCH    The frequency correction channel.
        SCH     The synchronization channel.
        BCCH    The broadcast control channel.
        PCH     The paging channel. Downlink only, used to page mobiles.
        AGCH    The access grant channel. Downlink only, used to
                allocate an SDCCH or directly a TCH.
        SACCH   Slow associated control channel.
        SDCCH   Stand-alone dedicated control channel.

gssm displays the decoded data using Wireshark. Not only does this give
us a very nice graphical front end to examine the dissected packets, but
Wireshark already has quite a bit of code to dissect GSM data.
Unfortunately, the current implementation of Wireshark does not dissect
packets unique to the wireless interface. Up to now, there was no reason
to include code to dissect these packets. I include a patch for
wireshark-0.99.5 which adds partial Um packet dissection capability
and a new custom ethertype to interface with the USRP.

While gssm has basic functionality now, it really is alpha-quality
software and there are a number of enhancements which must be made
before it becomes truly useful.

        1. The Mueller and Muller clock recovery method doesn't always
        handle the quarter-bits present in a GSM burst. A more reliable
        method must be implemented. Until then, this software will
        suffer from a large number of receive errors even with a high
        signal-to-noise ratio.

        2. Wireshark dissects most GSM packets except those specific to
        the Um interface, the wireless interface between the mobile and
        the BTS, the Base Transciever Station.

                a. I've only implemented a small portion of the Um
                interface. Much more work must be done to complete this.

                b. Only the Bbis frame type is implemented. When packets
                arrive in Wireshark which are "malformed" or with
                strange protocol descriptors, it is because they were
                sent using some other frame type.

                c. The interface between gssm and Wireshark is extremely
                hacky, to say the least. It would be nice to eventually
                standardize a GNU Radio interface for Wireshark. I also
                want to clean up my Um interface and submit that there
                as well.

        3. You need to find your local GSM tower by hand. Once you've
        found it, you need to edit the python script and enter the
        information by hand. It would be very nice if this information
        were automatically generated.

        4. The code is designed to support all frequency bands but I
        haven't implemented anything but U.S. support.

        5. This code is receive-only and currently can only monitor
        tower to mobile transmissions.

        6. Lots more.



This code is being adopted by the GSM Scanner Project and any updates to
this code will be found there. Questions and suggestions can certainly
be sent to me, but they also should be directed to the mailing list --
address@hidden Also, check out the wiki at

The current version of this code can be found here:
http://thre.at/gsm/gsm-v0.1.tar.bz2. Updates and bug-fixes will be
located at the GSM Scanner Project, http://wiki.thc.org.

Joshua Lackey, Ph.D.  (address@hidden)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]