OsmocomBB Quick Start
来自Jack's Lab
目录 |
1 硬件
- Motorola C118(淘宝现在的价格 25 左右)
- 串口连接线, C118 正面左侧下面的2.5mm的耳机孔,同时也是串口插座,定义如下:
- USB转串口板用了一块 FT232L 的成品板 (Foca),FT232L的稳定性不错,价格可以接受
2 编译
取源码:
$ git clone git://git.osmocom.org/osmocom-bb.git $ cd osmocom-bb $ git pull --rebase
准备工具链:
参考这个页面: http://bb.osmocom.org/trac/wiki/GnuArmToolchain
工具链编译完成后:
comcat@Jackslab:/work/toolchain$ ls build gnu-arm-build.2.sh install src comcat@Jackslab:/work/toolchain$ ls install/bin/ arm-elf-addr2line arm-elf-c++ arm-elf-elfedit arm-elf-gcc-4.5.2 arm-elf-gprof arm-elf-nm arm-elf-ranlib arm-elf-strings arm-elf-ar arm-elf-c++filt arm-elf-g++ arm-elf-gccbug arm-elf-ld arm-elf-objcopy arm-elf-readelf arm-elf-strip arm-elf-as arm-elf-cpp arm-elf-gcc arm-elf-gcov arm-elf-ld.bfd arm-elf-objdump arm-elf-size comcat@Jackslab:/work/toolchain$ ls src binutils-2.21.1 binutils-2.21.1a.tar.bz2 gcc-4.5.2 gcc-4.5.2.tar.bz2 newlib-1.19.0 newlib-1.19.0.tar.gz comcat@Jackslab:/work/toolchain$ export PATH=$PATH:/work/toolchain/install/bin
编译 osmocom-bb:
comcat@Jackslab:/work/toolchain$ cd /path/to/osmocom-bb/src comcat@Jackslab:/work/osmocom-bb/src$ make
3 运行
连接好手机串口和PC USB 口,手机不开机,运行:
$ cd /path/to/osmocom-bb/src/host/osmocon $ ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bin >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> osmocon HANG住,等待手机响应,此时应短按电源键,则layer1的固件就从串口下载到手机RAM中 got 2 bytes from modem, data looks like: 04 81 .. got 5 bytes from modem, data looks like: 1b f6 02 00 41 ....A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/layer1.compalram.bin): file_size=63140, hdr_len=4, dnload_len=63147 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/63147) handle_write(): 4096 bytes (8192/63147) handle_write(): 4096 bytes (12288/63147) handle_write(): 4096 bytes (16384/63147) handle_write(): 4096 bytes (20480/63147) handle_write(): 4096 bytes (24576/63147) handle_write(): 4096 bytes (28672/63147) handle_write(): 4096 bytes (32768/63147) handle_write(): 4096 bytes (36864/63147) handle_write(): 4096 bytes (40960/63147) handle_write(): 4096 bytes (45056/63147) handle_write(): 4096 bytes (49152/63147) handle_write(): 4096 bytes (53248/63147) handle_write(): 4096 bytes (57344/63147) handle_write(): 4096 bytes (61440/63147) handle_write(): 1707 bytes (63147/63147) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up OsmocomBB Layer 1 (revision osmocon_v0.0.0-1749-g1b8f488-modified) ====================================================================== Device ID code: 0xb4fb Device Version code: 0x0000 ARM ID code: 0xfff3 cDSP ID code: 0x0128 Die ID code: ebc90e05ef00d7a1 ====================================================================== REG_DPLL=0x2413 CNTL_ARM_CLK=0xf0a1 CNTL_CLK=0xff91 CNTL_RST=0xfff3 CNTL_ARM_DIV=0xfff9 ====================================================================== Power up simcard: Assert DSP into Reset Releasing DSP from Reset Installing DSP extensions patch Setting some dsp_api.ndb values Setting API NDB parameters Finishing download phase DSP Download Status: 0x0002 DSP API Version: 0x3606 0x0000 LOST 630! BAT-ADC: 586 6 0 0 1023 366 339 223 Charger at 51 mV. Battery at 4006 mV. Charging at 0 mA. Battery capacity is 100%. Battery range is 3199..3999 mV. Battery full at 468 LSB .. full at 585 LSB Charging at 239 LSB (204 mA). BCICTL2=0x3ff battery-info.flags=0x00000000 bat_compal_e88_chg_state=0 ...... ......
另起一个终端运行:
$ cd /path/to/osmocom-bb/src/host/layer23/src/mobile $ sudo ./mobile -i 127.0.0.1 Copyright (C) 2008-2010 ... Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. VTY available on port 4247. No Mobile Station defined, creating: MS '1' <000f> sim.c:1223 init SIM client <0006> gsm48_cc.c:63 init Call Control <0007> gsm480_ss.c:231 init SS <0019> gsm411_sms.c:63 init SMS <0001> gsm48_rr.c:5500 init Radio Ressource process <0005> gsm48_mm.c:1324 init Mobility Management process <0005> gsm48_mm.c:1037 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:5037 init PLMN process <0003> gsm322.c:5038 init Cell Selection process *** Warning: Mobile '1' has default IMEI: 000000000000000 This could relate your identitiy to other users with default IMEI. *** Mobile '1' initialized, please start phone now! <0005> subscriber.c:610 Requesting SIM file 0x2fe2 <000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004) <000f> sim.c:697 go MF <000f> sim.c:241 SELECT (file=0x3f00) <000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4) <000f> sim.c:876 received APDU (len=0 sw1=0x00 sw2=0x00) <000f> sim.c:952 command failed <000f> sim.c:151 sending result to callback function (type=1) <0005> subscriber.c:666 SIM reading failed <0005> gsm48_mm.c:4388 (ms 1) Received 'MMR_NREG_REQ' event <0005> gsm48_mm.c:4320 (ms 1) Received 'MM_EVENT_IMSI_DETACH' event in state MM IDLE, PLMN search <0005> gsm48_mm.c:1848 IMSI has been detached. <0005> gsm48_mm.c:1089 Not camping, wait for CS process to camp, it sends us CELL_SELECTED then. <0002> gsm322.c:3818 (ms 1) Event 'EVENT_SIM_REMOVE' for automatic PLMN selection in state 'A0 null' <000e> gsm322.c:1362 SIM is removed <0002> gsm322.c:1363 SIM is removed <0002> gsm322.c:806 new state 'A0 null' -> 'A6 no SIM inserted' <0003> gsm322.c:4049 (ms 1) Event 'EVENT_SIM_REMOVE' for Cell selection in state 'C0 null' <0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection' <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (0..124) <0003> gsm322.c:2910 Found signal (ARFCN 1 rxlev -88 (22)) <0003> gsm322.c:2910 Found signal (ARFCN 2 rxlev -89 (21)) <0003> gsm322.c:2910 Found signal (ARFCN 3 rxlev -86 (24)) <0003> gsm322.c:2910 Found signal (ARFCN 4 rxlev -99 (11)) <0003> gsm322.c:2910 Found signal (ARFCN 5 rxlev -91 (19)) <0003> gsm322.c:2910 Found signal (ARFCN 6 rxlev -93 (17)) <0003> gsm322.c:2910 Found signal (ARFCN 7 rxlev -83 (27)) <0003> gsm322.c:2910 Found signal (ARFCN 8 rxlev -77 (33)) <0003> gsm322.c:2910 Found signal (ARFCN 9 rxlev -86 (24)) <0003> gsm322.c:2910 Found signal (ARFCN 10 rxlev -100 (10)) ...... ...... ...... <0003> gsm322.c:2910 Found signal (ARFCN 123 rxlev -80 (30)) <0003> gsm322.c:2910 Found signal (ARFCN 124 rxlev -72 (38)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (512(DCS)..885(DCS)) <0003> gsm322.c:2910 Found signal (ARFCN 512(DCS) rxlev -90 (20)) <0003> gsm322.c:2910 Found signal (ARFCN 513(DCS) rxlev -95 (15)) <0003> gsm322.c:2910 Found signal (ARFCN 514(DCS) rxlev -85 (25)) ...... ...... ...... <0003> gsm322.c:2910 Found signal (ARFCN 844(DCS) rxlev -106 (4)) <0003> gsm322.c:2910 Found signal (ARFCN 861(DCS) rxlev -104 (6)) <0003> gsm322.c:2910 Found signal (ARFCN 862(DCS) rxlev -104 (6)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (955..1023) <0003> gsm322.c:2910 Found signal (ARFCN 956 rxlev -106 (4)) <0003> gsm322.c:2910 Found signal (ARFCN 969 rxlev -106 (4)) <0003> gsm322.c:2910 Found signal (ARFCN 985 rxlev -106 (4)) ...... ...... ...... <0003> gsm322.c:2910 Found signal (ARFCN 1018 rxlev -106 (4)) <0003> gsm322.c:2910 Found signal (ARFCN 1021 rxlev -104 (6)) <0003> gsm322.c:2910 Found signal (ARFCN 1023 rxlev -106 (4)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2836 Found 451 frequencies. <0003> gsm322.c:2255 Scanning frequency 113 (rxlev -56). <0003> gsm322.c:474 Sync to ARFCN=113 rxlev=-56 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 30 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=113 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 529(DCS) (rxlev -60). <0003> gsm322.c:474 Sync to ARFCN=529(DCS) rxlev=-60 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 40 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=529(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 526(DCS) (rxlev -61). <0003> gsm322.c:474 Sync to ARFCN=526(DCS) rxlev=-61 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 39 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=526(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 517(DCS) (rxlev -61). <0003> gsm322.c:474 Sync to ARFCN=517(DCS) rxlev=-61 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 38 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=517(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 26 (rxlev -61). <0003> gsm322.c:474 Sync to ARFCN=26 rxlev=-61 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 29 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=26 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 626(DCS) (rxlev -63). <0003> gsm322.c:474 Sync to ARFCN=626(DCS) rxlev=-63 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 37 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=626(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 28 (rxlev -63). <0003> gsm322.c:474 Sync to ARFCN=28 rxlev=-63 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 28 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=28 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 608(DCS) (rxlev -64). <0003> gsm322.c:474 Sync to ARFCN=608(DCS) rxlev=-64 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 36 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=608(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 597(DCS) (rxlev -65). <0003> gsm322.c:474 Sync to ARFCN=597(DCS) rxlev=-65 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 35 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=597(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 521(DCS) (rxlev -65). <0003> gsm322.c:474 Sync to ARFCN=521(DCS) rxlev=-65 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 34 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=521(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 60 (rxlev -65). <0003> gsm322.c:474 Sync to ARFCN=60 rxlev=-65 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 27 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=60 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 681(DCS) (rxlev -66). <0003> gsm322.c:474 Sync to ARFCN=681(DCS) rxlev=-66 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 33 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=681(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 102 (rxlev -66). <0003> gsm322.c:474 Sync to ARFCN=102 rxlev=-66 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 26 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=102 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 619(DCS) (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=619(DCS) rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 32 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=619(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 539(DCS) (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=539(DCS) rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 31 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=539(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 117 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=117 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 25 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=117 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 94 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=94 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 24 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=94 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 91 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=91 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 23 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=91 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 85 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=85 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 22 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=85 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 67 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=67 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 21 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=67 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 36 (rxlev -67). <0003> gsm322.c:474 Sync to ARFCN=36 rxlev=-67 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 20 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=36 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 584(DCS) (rxlev -68). <0003> gsm322.c:474 Sync to ARFCN=584(DCS) rxlev=-68 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 30 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=584(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 544(DCS) (rxlev -68). <0003> gsm322.c:474 Sync to ARFCN=544(DCS) rxlev=-68 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 29 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=544(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 121 (rxlev -68). <0003> gsm322.c:474 Sync to ARFCN=121 rxlev=-68 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 19 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=121 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 675(DCS) (rxlev -69). <0003> gsm322.c:474 Sync to ARFCN=675(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 28 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=675(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 650(DCS) (rxlev -69). <0003> gsm322.c:474 Sync to ARFCN=650(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 27 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=650(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 592(DCS) (rxlev -69). <0003> gsm322.c:474 Sync to ARFCN=592(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 26 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=592(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 23 (rxlev -69). <0003> gsm322.c:474 Sync to ARFCN=23 rxlev=-69 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 18 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=23 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 621(DCS) (rxlev -70). <0003> gsm322.c:474 Sync to ARFCN=621(DCS) rxlev=-70 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 25 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=621(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 120 (rxlev -70). <0003> gsm322.c:474 Sync to ARFCN=120 rxlev=-70 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 17 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=120 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 118 (rxlev -70). <0003> gsm322.c:474 Sync to ARFCN=118 rxlev=-70 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 16 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=118 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 546(DCS) (rxlev -71). <0003> gsm322.c:474 Sync to ARFCN=546(DCS) rxlev=-71 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 24 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=546(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 114 (rxlev -71). <0003> gsm322.c:474 Sync to ARFCN=114 rxlev=-71 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 15 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=114 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 110 (rxlev -71). <0003> gsm322.c:474 Sync to ARFCN=110 rxlev=-71 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 14 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=110 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 53 (rxlev -71). <0003> gsm322.c:474 Sync to ARFCN=53 rxlev=-71 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 13 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=53 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 687(DCS) (rxlev -72). <0003> gsm322.c:474 Sync to ARFCN=687(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 23 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=687(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 657(DCS) (rxlev -72). <0003> gsm322.c:474 Sync to ARFCN=657(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 22 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=657(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 656(DCS) (rxlev -72). <0003> gsm322.c:474 Sync to ARFCN=656(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 21 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=656(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 655(DCS) (rxlev -72). <0003> gsm322.c:474 Sync to ARFCN=655(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 20 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=655(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 124 (rxlev -72). <0003> gsm322.c:474 Sync to ARFCN=124 rxlev=-72 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 12 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=124 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 663(DCS) (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=663(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 19 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=663(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 654(DCS) (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=654(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 18 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=654(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 646(DCS) (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=646(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 17 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=646(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 542(DCS) (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=542(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 16 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=542(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 119 (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=119 rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 11 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=119 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 92 (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=92 rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 10 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=92 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 63 (rxlev -73). <0003> gsm322.c:474 Sync to ARFCN=63 rxlev=-73 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 9 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=63 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 660(DCS) (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=660(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 15 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=660(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 652(DCS) (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=652(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 14 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=652(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 640(DCS) (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=640(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 13 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=640(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 613(DCS) (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=613(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 12 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=613(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 518(DCS) (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=518(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 11 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=518(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 83 (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=83 rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 8 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=83 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 42 (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=42 rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 7 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=42 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 38 (rxlev -74). <0003> gsm322.c:474 Sync to ARFCN=38 rxlev=-74 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 6 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=38 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 633(DCS) (rxlev -75). <0003> gsm322.c:474 Sync to ARFCN=633(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 10 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=633(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 614(DCS) (rxlev -75). <0003> gsm322.c:474 Sync to ARFCN=614(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 9 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=614(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 527(DCS) (rxlev -75). <0003> gsm322.c:474 Sync to ARFCN=527(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 8 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=527(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 666(DCS) (rxlev -76). <0003> gsm322.c:474 Sync to ARFCN=666(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 7 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=666(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 574(DCS) (rxlev -76). <0003> gsm322.c:474 Sync to ARFCN=574(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 6 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=574(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 535(DCS) (rxlev -76). <0003> gsm322.c:474 Sync to ARFCN=535(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 5 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=535(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 112 (rxlev -76). <0003> gsm322.c:474 Sync to ARFCN=112 rxlev=-76 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 5 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=112 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 27 (rxlev -76). <0003> gsm322.c:474 Sync to ARFCN=27 rxlev=-76 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 4 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=27 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 648(DCS) (rxlev -77). <0003> gsm322.c:474 Sync to ARFCN=648(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 4 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=648(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 639(DCS) (rxlev -77). <0003> gsm322.c:474 Sync to ARFCN=639(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 3 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=639(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 602(DCS) (rxlev -77). <0003> gsm322.c:474 Sync to ARFCN=602(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 2 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=602(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 530(DCS) (rxlev -77). <0003> gsm322.c:474 Sync to ARFCN=530(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 1 frequencies left in band 512..885 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=530(DCS) <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 8 (rxlev -77). <0003> gsm322.c:474 Sync to ARFCN=8 rxlev=-77 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 3 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=8 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 122 (rxlev -78). <0003> gsm322.c:474 Sync to ARFCN=122 rxlev=-78 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 2 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=122 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:2255 Scanning frequency 116 (rxlev -78). <0003> gsm322.c:474 Sync to ARFCN=116 rxlev=-78 (No sysinfo yet, ccch mode NONE) <0003> gsm322.c:2275 1 frequencies left in band 955..124 <0003> gsm322.c:3003 Channel sync error. <0003> gsm322.c:3008 free sysinfo ARFCN=116 <0003> gsm322.c:2741 Cell selection failed, sync timeout. <0003> gsm322.c:527 ARFCN |MCC |MNC |LAC |cell ID|forb.LA|prio |min-db |max-pwr|rx-lev <0003> gsm322.c:527 -------+-------+-------+-------+-------+-------+-------+-------+-------+------- <0003> gsm322.c:527 <0003> gsm322.c:2131 Cell search finished without result. <0003> gsm322.c:829 new state 'C6 any cell selection' -> 'C0 null' <0002> gsm322.c:3818 (ms 1) Event 'EVENT_NO_CELL_FOUND' for automatic PLMN selection in state 'A6 no SIM inserted' <0003> gsm322.c:4049 (ms 1) Event 'EVENT_NO_CELL_FOUND' for Cell selection in state 'C0 null' <0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection' <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (0..124) <0005> gsm48_mm.c:4320 (ms 1) Received 'MM_EVENT_NO_CELL_FOUND' event in state MM IDLE, PLMN search <0005> gsm48_mm.c:909 new MM IDLE state PLMN search -> no cell available <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (512(DCS)..885(DCS)) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (955..1023) <0003> gsm322.c:2922 Done with power scanning range. <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2820 Found no frequency. <0003> gsm322.c:2131 Cell search finished without result. <0003> gsm322.c:829 new state 'C6 any cell selection' -> 'C0 null' <0002> gsm322.c:3818 (ms 1) Event 'EVENT_NO_CELL_FOUND' for automatic PLMN selection in state 'A6 no SIM inserted' <0003> gsm322.c:4049 (ms 1) Event 'EVENT_NO_CELL_FOUND' for Cell selection in state 'C0 null' <0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection' <0003> gsm322.c:2798 Scanning power for all frequencies. <0003> gsm322.c:2861 Scanning frequencies. (0..124)
再开启一个终端,就能 telnet 到 4247 端口,获取一个 OpenBSC 控制接口:
comcat@Jackslab:/$ telnet localhost 4247 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Welcome to the OsmocomBB control interface OsmocomBB> enable OsmocomBB# help This VTY provides advanced help features. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show me?'.) OsmocomBB# help Description of the interactive help system list Print command list write Write running configuration to memory, network, or terminal show Show running system information exit Exit current mode and down to previous mode disable Turn off privileged mode command configure Configuration from vty interface copy Copy configuration terminal Set terminal line parameters who Display who is on vty monitor Monitor... no Negate a command or set its defaults off Turn mobiles off (shutdown) and exit sim SIM actions network Network ... call Make a call sms Send an SMS service Send a Supplementary Service request test Manually trigger cell re-selection delete Delete OsmocomBB# sim reader 1 OsmocomBB# % (MS 1) % SIM failed, replace SIM! OsmocomBB#
4 Sniffer GSM SMS
国内的GSM短消息,基本都是明文传输
# 查找基站的channel,即ARFCN= 后面的值 $ cd /path/to/osmocom-bb/src/host/layer23/src/misc/ # 记下Log出来的 ARFCN 值 $ ./cell_log 2>&1 | grep China cell_log.c:220 Cell: ARFCN=23 PWR=-61dB MCC=460 MNC=01 (China, China Unicom) # 扫描对应的channel 23 $ /path/to/osmocom-bb/src/host/layer23/src/misc/ccch_scan -a 23 -i 127.0.0.1 # 捕捉包,图像界面的 'Filter' 里写 'gsm_sms' $ sudo wireshark -k -i lo -f 'port 4729'
保存日志:
$ dumpcap -i lo -w /tmp/a.log
wireshark 分析日志,过滤SMS协议字段:
$ tshark -G fields | grep gsm_sms
5 BCCH 扫描
comcat@jackslab:/work/gsm/baseband/osmocombb/osmocom-bb/src/host/layer23/src/misc$ sudo ./bcch_scan -s /tmp/osmocom_l2 Copyright (C) 2010 Harald Welte <laforge@gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader arfcn=526 rxlev=50 arfcn=41 rxlev=48 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=113 rxlev=48 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=28 rxlev=47 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=518 rxlev=47 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=529 rxlev=47 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=44 rxlev=46 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=120 rxlev=46 <000c> l1ctl.c:118 FBSB RESP: result=255 arfcn=527 rxlev=46 ... ...