OsmocomBB Quick Start

来自Jack's Lab
跳转到: 导航, 搜索

目录

1 硬件

  • Motorola C118(淘宝现在的价格 25 左右)
  • 串口连接线, C118 正面左侧下面的2.5mm的耳机孔,同时也是串口插座,定义如下:

C118.serial.connector.jpg


  • USB转串口板用了一块 FT232L 的成品板 (Foca),FT232L的稳定性不错,价格可以接受



2 编译

取源码: 

$ git clone git://git.osmocom.org/osmocom-bb.git
$ cd osmocom-bb
$ git pull --rebase


准备工具链: 

 参考这个页面: http://bb.osmocom.org/trac/wiki/GnuArmToolchain


工具链编译完成后: 

comcat@Jackslab:/work/toolchain$ ls
build  gnu-arm-build.2.sh  install  src

comcat@Jackslab:/work/toolchain$ ls install/bin/
arm-elf-addr2line  arm-elf-c++      arm-elf-elfedit  arm-elf-gcc-4.5.2  arm-elf-gprof   arm-elf-nm       arm-elf-ranlib   arm-elf-strings
arm-elf-ar         arm-elf-c++filt  arm-elf-g++      arm-elf-gccbug     arm-elf-ld      arm-elf-objcopy  arm-elf-readelf  arm-elf-strip
arm-elf-as         arm-elf-cpp      arm-elf-gcc      arm-elf-gcov       arm-elf-ld.bfd  arm-elf-objdump  arm-elf-size

comcat@Jackslab:/work/toolchain$ ls src
binutils-2.21.1  binutils-2.21.1a.tar.bz2  gcc-4.5.2  gcc-4.5.2.tar.bz2  newlib-1.19.0  newlib-1.19.0.tar.gz

comcat@Jackslab:/work/toolchain$ export PATH=$PATH:/work/toolchain/install/bin


编译 osmocom-bb: 

comcat@Jackslab:/work/toolchain$ cd /path/to/osmocom-bb/src

comcat@Jackslab:/work/osmocom-bb/src$ make



3 运行

连接好手机串口和PC USB 口,手机不开机,运行: 

$ cd /path/to/osmocom-bb/src/host/osmocon
$ ./osmocon  -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/layer1.compalram.bin
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> osmocon HANG住,等待手机响应,此时应短按电源键,则layer1的固件就从串口下载到手机RAM中
got 2 bytes from modem, data looks like: 04 81  ..
got 5 bytes from modem, data looks like: 1b f6 02 00 41  ....A
got 1 bytes from modem, data looks like: 01  .
got 1 bytes from modem, data looks like: 40  @
Received PROMPT1 from phone, responding with CMD
read_file(../../target/firmware/board/compal_e88/layer1.compalram.bin): file_size=63140, hdr_len=4, dnload_len=63147
got 1 bytes from modem, data looks like: 1b  .
got 1 bytes from modem, data looks like: f6  .
got 1 bytes from modem, data looks like: 02  .
got 1 bytes from modem, data looks like: 00  .
got 1 bytes from modem, data looks like: 41  A
got 1 bytes from modem, data looks like: 02  .
got 1 bytes from modem, data looks like: 43  C
Received PROMPT2 from phone, starting download
handle_write(): 4096 bytes (4096/63147)
handle_write(): 4096 bytes (8192/63147)
handle_write(): 4096 bytes (12288/63147)
handle_write(): 4096 bytes (16384/63147)
handle_write(): 4096 bytes (20480/63147)
handle_write(): 4096 bytes (24576/63147)
handle_write(): 4096 bytes (28672/63147)
handle_write(): 4096 bytes (32768/63147)
handle_write(): 4096 bytes (36864/63147)
handle_write(): 4096 bytes (40960/63147)
handle_write(): 4096 bytes (45056/63147)
handle_write(): 4096 bytes (49152/63147)
handle_write(): 4096 bytes (53248/63147)
handle_write(): 4096 bytes (57344/63147)
handle_write(): 4096 bytes (61440/63147)
handle_write(): 1707 bytes (63147/63147)
handle_write(): finished
got 1 bytes from modem, data looks like: 1b  .
got 1 bytes from modem, data looks like: f6  .
got 1 bytes from modem, data looks like: 02  .
got 1 bytes from modem, data looks like: 00  .
got 1 bytes from modem, data looks like: 41  A
got 1 bytes from modem, data looks like: 03  .
got 1 bytes from modem, data looks like: 42  B
Received DOWNLOAD ACK from phone, your code is running now!
battery_compal_e88_init: starting up


OsmocomBB Layer 1 (revision osmocon_v0.0.0-1749-g1b8f488-modified)
======================================================================
Device ID code: 0xb4fb
Device Version code: 0x0000
ARM ID code: 0xfff3
cDSP ID code: 0x0128
Die ID code: ebc90e05ef00d7a1
======================================================================
REG_DPLL=0x2413
CNTL_ARM_CLK=0xf0a1
CNTL_CLK=0xff91
CNTL_RST=0xfff3
CNTL_ARM_DIV=0xfff9
======================================================================
Power up simcard:
Assert DSP into Reset
Releasing DSP from Reset
Installing DSP extensions patch
Setting some dsp_api.ndb values
Setting API NDB parameters
Finishing download phase
DSP Download Status: 0x0002
DSP API Version: 0x3606 0x0000
LOST 630!
BAT-ADC: 586   6   0   0 1023 366 339 223  
	Charger at 51 mV.
	Battery at 4006 mV.
	Charging at 0 mA.
	Battery capacity is 100%.
	Battery range is 3199..3999 mV.
	Battery full at 468 LSB .. full at 585 LSB
	Charging at 239 LSB (204 mA).
	BCICTL2=0x3ff
	battery-info.flags=0x00000000
	bat_compal_e88_chg_state=0
......
......


另起一个终端运行: 

$ cd /path/to/osmocom-bb/src/host/layer23/src/mobile
$  sudo ./mobile -i 127.0.0.1
Copyright (C) 2008-2010 ...
Contributions by ...

License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

VTY available on port 4247.
No Mobile Station defined, creating: MS '1'
<000f> sim.c:1223 init SIM client
<0006> gsm48_cc.c:63 init Call Control
<0007> gsm480_ss.c:231 init SS
<0019> gsm411_sms.c:63 init SMS
<0001> gsm48_rr.c:5500 init Radio Ressource process
<0005> gsm48_mm.c:1324 init Mobility Management process
<0005> gsm48_mm.c:1037 Selecting PLMN SEARCH state, because no SIM.
<0002> gsm322.c:5037 init PLMN process
<0003> gsm322.c:5038 init Cell Selection process
***
Warning: Mobile '1' has default IMEI: 000000000000000
This could relate your identitiy to other users with default IMEI.
***
Mobile '1' initialized, please start phone now!
<0005> subscriber.c:610 Requesting SIM file 0x2fe2
<000f> sim.c:209 got new job: SIM_JOB_READ_BINARY (handle=00000004)
<000f> sim.c:697 go MF
<000f> sim.c:241 SELECT (file=0x3f00)
<000f> sim.c:187 sending APDU (class 0xa0, ins 0xa4)
<000f> sim.c:876 received APDU (len=0 sw1=0x00 sw2=0x00)
<000f> sim.c:952 command failed
<000f> sim.c:151 sending result to callback function (type=1)
<0005> subscriber.c:666 SIM reading failed
<0005> gsm48_mm.c:4388 (ms 1) Received 'MMR_NREG_REQ' event
<0005> gsm48_mm.c:4320 (ms 1) Received 'MM_EVENT_IMSI_DETACH' event in state MM IDLE, PLMN search
<0005> gsm48_mm.c:1848 IMSI has been detached.
<0005> gsm48_mm.c:1089 Not camping, wait for CS process to camp, it sends us CELL_SELECTED then.
<0002> gsm322.c:3818 (ms 1) Event 'EVENT_SIM_REMOVE' for automatic PLMN selection in state 'A0 null'
<000e> gsm322.c:1362 SIM is removed
<0002> gsm322.c:1363 SIM is removed
<0002> gsm322.c:806 new state 'A0 null' -> 'A6 no SIM inserted'
<0003> gsm322.c:4049 (ms 1) Event 'EVENT_SIM_REMOVE' for Cell selection in state 'C0 null'
<0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection'
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (0..124)
<0003> gsm322.c:2910 Found signal (ARFCN 1 rxlev -88 (22))
<0003> gsm322.c:2910 Found signal (ARFCN 2 rxlev -89 (21))
<0003> gsm322.c:2910 Found signal (ARFCN 3 rxlev -86 (24))
<0003> gsm322.c:2910 Found signal (ARFCN 4 rxlev -99 (11))
<0003> gsm322.c:2910 Found signal (ARFCN 5 rxlev -91 (19))
<0003> gsm322.c:2910 Found signal (ARFCN 6 rxlev -93 (17))
<0003> gsm322.c:2910 Found signal (ARFCN 7 rxlev -83 (27))
<0003> gsm322.c:2910 Found signal (ARFCN 8 rxlev -77 (33))
<0003> gsm322.c:2910 Found signal (ARFCN 9 rxlev -86 (24))
<0003> gsm322.c:2910 Found signal (ARFCN 10 rxlev -100 (10))
......
......
......
<0003> gsm322.c:2910 Found signal (ARFCN 123 rxlev -80 (30))
<0003> gsm322.c:2910 Found signal (ARFCN 124 rxlev -72 (38))
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (512(DCS)..885(DCS))
<0003> gsm322.c:2910 Found signal (ARFCN 512(DCS) rxlev -90 (20))
<0003> gsm322.c:2910 Found signal (ARFCN 513(DCS) rxlev -95 (15))
<0003> gsm322.c:2910 Found signal (ARFCN 514(DCS) rxlev -85 (25))
......
......
......
<0003> gsm322.c:2910 Found signal (ARFCN 844(DCS) rxlev -106 (4))
<0003> gsm322.c:2910 Found signal (ARFCN 861(DCS) rxlev -104 (6))
<0003> gsm322.c:2910 Found signal (ARFCN 862(DCS) rxlev -104 (6))
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (955..1023)
<0003> gsm322.c:2910 Found signal (ARFCN 956 rxlev -106 (4))
<0003> gsm322.c:2910 Found signal (ARFCN 969 rxlev -106 (4))
<0003> gsm322.c:2910 Found signal (ARFCN 985 rxlev -106 (4))
......
......
......
<0003> gsm322.c:2910 Found signal (ARFCN 1018 rxlev -106 (4))
<0003> gsm322.c:2910 Found signal (ARFCN 1021 rxlev -104 (6))
<0003> gsm322.c:2910 Found signal (ARFCN 1023 rxlev -106 (4))
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2836 Found 451 frequencies.
<0003> gsm322.c:2255 Scanning frequency 113 (rxlev -56).
<0003> gsm322.c:474 Sync to ARFCN=113 rxlev=-56 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 30 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=113
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 529(DCS) (rxlev -60).
<0003> gsm322.c:474 Sync to ARFCN=529(DCS) rxlev=-60 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 40 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=529(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 526(DCS) (rxlev -61).
<0003> gsm322.c:474 Sync to ARFCN=526(DCS) rxlev=-61 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 39 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=526(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 517(DCS) (rxlev -61).
<0003> gsm322.c:474 Sync to ARFCN=517(DCS) rxlev=-61 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 38 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=517(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 26 (rxlev -61).
<0003> gsm322.c:474 Sync to ARFCN=26 rxlev=-61 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 29 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=26
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 626(DCS) (rxlev -63).
<0003> gsm322.c:474 Sync to ARFCN=626(DCS) rxlev=-63 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 37 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=626(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 28 (rxlev -63).
<0003> gsm322.c:474 Sync to ARFCN=28 rxlev=-63 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 28 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=28
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 608(DCS) (rxlev -64).
<0003> gsm322.c:474 Sync to ARFCN=608(DCS) rxlev=-64 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 36 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=608(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 597(DCS) (rxlev -65).
<0003> gsm322.c:474 Sync to ARFCN=597(DCS) rxlev=-65 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 35 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=597(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 521(DCS) (rxlev -65).
<0003> gsm322.c:474 Sync to ARFCN=521(DCS) rxlev=-65 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 34 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=521(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 60 (rxlev -65).
<0003> gsm322.c:474 Sync to ARFCN=60 rxlev=-65 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 27 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=60
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 681(DCS) (rxlev -66).
<0003> gsm322.c:474 Sync to ARFCN=681(DCS) rxlev=-66 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 33 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=681(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 102 (rxlev -66).
<0003> gsm322.c:474 Sync to ARFCN=102 rxlev=-66 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 26 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=102
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 619(DCS) (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=619(DCS) rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 32 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=619(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 539(DCS) (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=539(DCS) rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 31 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=539(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 117 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=117 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 25 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=117
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 94 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=94 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 24 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=94
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 91 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=91 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 23 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=91
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 85 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=85 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 22 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=85
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 67 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=67 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 21 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=67
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 36 (rxlev -67).
<0003> gsm322.c:474 Sync to ARFCN=36 rxlev=-67 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 20 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=36
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 584(DCS) (rxlev -68).
<0003> gsm322.c:474 Sync to ARFCN=584(DCS) rxlev=-68 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 30 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=584(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 544(DCS) (rxlev -68).
<0003> gsm322.c:474 Sync to ARFCN=544(DCS) rxlev=-68 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 29 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=544(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 121 (rxlev -68).
<0003> gsm322.c:474 Sync to ARFCN=121 rxlev=-68 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 19 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=121
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 675(DCS) (rxlev -69).
<0003> gsm322.c:474 Sync to ARFCN=675(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 28 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=675(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 650(DCS) (rxlev -69).
<0003> gsm322.c:474 Sync to ARFCN=650(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 27 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=650(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 592(DCS) (rxlev -69).
<0003> gsm322.c:474 Sync to ARFCN=592(DCS) rxlev=-69 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 26 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=592(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 23 (rxlev -69).
<0003> gsm322.c:474 Sync to ARFCN=23 rxlev=-69 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 18 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=23
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 621(DCS) (rxlev -70).
<0003> gsm322.c:474 Sync to ARFCN=621(DCS) rxlev=-70 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 25 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=621(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 120 (rxlev -70).
<0003> gsm322.c:474 Sync to ARFCN=120 rxlev=-70 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 17 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=120
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 118 (rxlev -70).
<0003> gsm322.c:474 Sync to ARFCN=118 rxlev=-70 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 16 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=118
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 546(DCS) (rxlev -71).
<0003> gsm322.c:474 Sync to ARFCN=546(DCS) rxlev=-71 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 24 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=546(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 114 (rxlev -71).
<0003> gsm322.c:474 Sync to ARFCN=114 rxlev=-71 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 15 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=114
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 110 (rxlev -71).
<0003> gsm322.c:474 Sync to ARFCN=110 rxlev=-71 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 14 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=110
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 53 (rxlev -71).
<0003> gsm322.c:474 Sync to ARFCN=53 rxlev=-71 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 13 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=53
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 687(DCS) (rxlev -72).
<0003> gsm322.c:474 Sync to ARFCN=687(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 23 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=687(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 657(DCS) (rxlev -72).
<0003> gsm322.c:474 Sync to ARFCN=657(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 22 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=657(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 656(DCS) (rxlev -72).
<0003> gsm322.c:474 Sync to ARFCN=656(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 21 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=656(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 655(DCS) (rxlev -72).
<0003> gsm322.c:474 Sync to ARFCN=655(DCS) rxlev=-72 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 20 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=655(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 124 (rxlev -72).
<0003> gsm322.c:474 Sync to ARFCN=124 rxlev=-72 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 12 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=124
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 663(DCS) (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=663(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 19 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=663(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 654(DCS) (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=654(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 18 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=654(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 646(DCS) (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=646(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 17 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=646(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 542(DCS) (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=542(DCS) rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 16 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=542(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 119 (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=119 rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 11 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=119
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 92 (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=92 rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 10 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=92
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 63 (rxlev -73).
<0003> gsm322.c:474 Sync to ARFCN=63 rxlev=-73 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 9 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=63
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 660(DCS) (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=660(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 15 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=660(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 652(DCS) (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=652(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 14 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=652(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 640(DCS) (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=640(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 13 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=640(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 613(DCS) (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=613(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 12 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=613(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 518(DCS) (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=518(DCS) rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 11 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=518(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 83 (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=83 rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 8 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=83
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 42 (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=42 rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 7 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=42
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 38 (rxlev -74).
<0003> gsm322.c:474 Sync to ARFCN=38 rxlev=-74 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 6 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=38
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 633(DCS) (rxlev -75).
<0003> gsm322.c:474 Sync to ARFCN=633(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 10 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=633(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 614(DCS) (rxlev -75).
<0003> gsm322.c:474 Sync to ARFCN=614(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 9 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=614(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 527(DCS) (rxlev -75).
<0003> gsm322.c:474 Sync to ARFCN=527(DCS) rxlev=-75 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 8 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=527(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 666(DCS) (rxlev -76).
<0003> gsm322.c:474 Sync to ARFCN=666(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 7 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=666(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 574(DCS) (rxlev -76).
<0003> gsm322.c:474 Sync to ARFCN=574(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 6 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=574(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 535(DCS) (rxlev -76).
<0003> gsm322.c:474 Sync to ARFCN=535(DCS) rxlev=-76 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 5 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=535(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 112 (rxlev -76).
<0003> gsm322.c:474 Sync to ARFCN=112 rxlev=-76 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 5 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=112
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 27 (rxlev -76).
<0003> gsm322.c:474 Sync to ARFCN=27 rxlev=-76 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 4 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=27
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 648(DCS) (rxlev -77).
<0003> gsm322.c:474 Sync to ARFCN=648(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 4 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=648(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 639(DCS) (rxlev -77).
<0003> gsm322.c:474 Sync to ARFCN=639(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 3 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=639(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 602(DCS) (rxlev -77).
<0003> gsm322.c:474 Sync to ARFCN=602(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 2 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=602(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 530(DCS) (rxlev -77).
<0003> gsm322.c:474 Sync to ARFCN=530(DCS) rxlev=-77 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 1 frequencies left in band 512..885
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=530(DCS)
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 8 (rxlev -77).
<0003> gsm322.c:474 Sync to ARFCN=8 rxlev=-77 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 3 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=8
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 122 (rxlev -78).
<0003> gsm322.c:474 Sync to ARFCN=122 rxlev=-78 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 2 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=122
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:2255 Scanning frequency 116 (rxlev -78).
<0003> gsm322.c:474 Sync to ARFCN=116 rxlev=-78 (No sysinfo yet, ccch mode NONE)
<0003> gsm322.c:2275 1 frequencies left in band 955..124
<0003> gsm322.c:3003 Channel sync error.
<0003> gsm322.c:3008 free sysinfo ARFCN=116
<0003> gsm322.c:2741 Cell selection failed, sync timeout.
<0003> gsm322.c:527 ARFCN  |MCC    |MNC    |LAC    |cell ID|forb.LA|prio   |min-db |max-pwr|rx-lev
<0003> gsm322.c:527 -------+-------+-------+-------+-------+-------+-------+-------+-------+-------
<0003> gsm322.c:527 
<0003> gsm322.c:2131 Cell search finished without result.
<0003> gsm322.c:829 new state 'C6 any cell selection' -> 'C0 null'
<0002> gsm322.c:3818 (ms 1) Event 'EVENT_NO_CELL_FOUND' for automatic PLMN selection in state 'A6 no SIM inserted'
<0003> gsm322.c:4049 (ms 1) Event 'EVENT_NO_CELL_FOUND' for Cell selection in state 'C0 null'
<0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection'
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (0..124)
<0005> gsm48_mm.c:4320 (ms 1) Received 'MM_EVENT_NO_CELL_FOUND' event in state MM IDLE, PLMN search
<0005> gsm48_mm.c:909 new MM IDLE state PLMN search -> no cell available
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (512(DCS)..885(DCS))
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (955..1023)
<0003> gsm322.c:2922 Done with power scanning range.
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2820 Found no frequency.
<0003> gsm322.c:2131 Cell search finished without result.
<0003> gsm322.c:829 new state 'C6 any cell selection' -> 'C0 null'
<0002> gsm322.c:3818 (ms 1) Event 'EVENT_NO_CELL_FOUND' for automatic PLMN selection in state 'A6 no SIM inserted'
<0003> gsm322.c:4049 (ms 1) Event 'EVENT_NO_CELL_FOUND' for Cell selection in state 'C0 null'
<0003> gsm322.c:829 new state 'C0 null' -> 'C6 any cell selection'
<0003> gsm322.c:2798 Scanning power for all frequencies.
<0003> gsm322.c:2861 Scanning frequencies. (0..124)


再开启一个终端,就能 telnet 到 4247 端口,获取一个 OpenBSC 控制接口: 

comcat@Jackslab:/$ telnet localhost 4247
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Welcome to the OsmocomBB control interface

OsmocomBB> enable
OsmocomBB# help
This VTY provides advanced help features.  When you need help,
anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup
 until entering a '?' shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
   and you want to know what arguments match the input
   (e.g. 'show me?'.)

OsmocomBB# 
  help       Description of the interactive help system
  list       Print command list
  write      Write running configuration to memory, network, or terminal
  show       Show running system information
  exit       Exit current mode and down to previous mode
  disable    Turn off privileged mode command
  configure  Configuration from vty interface
  copy       Copy configuration
  terminal   Set terminal line parameters
  who        Display who is on vty
  monitor    Monitor...
  no         Negate a command or set its defaults
  off        Turn mobiles off (shutdown) and exit
  sim        SIM actions
  network    Network ...
  call       Make a call
  sms        Send an SMS
  service    Send a Supplementary Service request
  test       Manually trigger cell re-selection
  delete     Delete

OsmocomBB# sim reader 1
OsmocomBB# 
% (MS 1)
% SIM failed, replace SIM!

OsmocomBB#



4 Sniffer GSM SMS

国内的GSM短消息,基本都是明文传输 

# 查找基站的channel,即ARFCN= 后面的值
$ cd /path/to/osmocom-bb/src/host/layer23/src/misc/

# 记下Log出来的 ARFCN 值
$ ./cell_log 2>&1 | grep China
cell_log.c:220 Cell: ARFCN=23 PWR=-61dB MCC=460 MNC=01 (China, China Unicom)    

# 扫描对应的channel 23
$ /path/to/osmocom-bb/src/host/layer23/src/misc/ccch_scan -a 23 -i 127.0.0.1

# 捕捉包,图像界面的 'Filter' 里写 'gsm_sms'
$ sudo wireshark -k -i lo -f 'port 4729'


保存日志: 

 $ dumpcap -i lo -w /tmp/a.log


wireshark 分析日志,过滤SMS协议字段: 

 $ tshark -G fields | grep gsm_sms



5 BCCH 扫描 

comcat@jackslab:/work/gsm/baseband/osmocombb/osmocom-bb/src/host/layer23/src/misc$ sudo ./bcch_scan -s /tmp/osmocom_l2
Copyright (C) 2010 Harald Welte <laforge@gnumonks.org>
Contributions by Holger Hans Peter Freyther

License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
arfcn=526 rxlev=50
arfcn=41 rxlev=48
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=113 rxlev=48
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=28 rxlev=47
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=518 rxlev=47
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=529 rxlev=47
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=44 rxlev=46
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=120 rxlev=46
<000c> l1ctl.c:118 FBSB RESP: result=255
arfcn=527 rxlev=46
...
...















来自“http://wiki.jackslab.org/index.php?title=OsmocomBB_Quick_Start&oldid=1664
个人工具
名字空间

变换
操作
导航
工具箱