Help required for hopping channel wideband capture and 'grgsm_hopping_example.grc'
140 views
Skip to first unread message
Rob VK8FOES
Jul 4, 2023, 6:18:09 AM7/4/23
to gr-gsm
Greetings group.
I am experiencing difficulty decoding GSM hopping channels using 'grgsm_channelize' and the 'grgsm_hopping_example.grc' flowchart. Specifically, there are no packets showing in wireshark after pressing the play button in gnu-radio companion. And also, there are no bursts being printed in the terminal output.
My linux distro is DragonOS FocalX 22.04 and my gr-gsm build is bkerler's 'maint-3.10' fork.
I recorded a 20 GB wideband cfile using a HackRF at 8 MSPS with a center frequency of 946.6 MHz. I was located at very close range to the cell (I could see the tower) at a high vantage point and the SNR was excellent, even at gain setting of 1. I was using a high-gain GSM omnidirectional base station antenna and high quality coaxial feedline:
grgsm_capture -f 946.6M -s 8e6 -g 1 hopping_f946.6M_s8e6.cfile
The BCCH is on ARFCN 44 (943.8 MHz), and the hopping channels are allocated as ARFCN 62 (947.4 MHz) and ARFCN 72 ( 949.4 MHz).
My 'grgsm_channelize' command created three 2.5 GB channelized output files:
grgsm_channelize -f 946.6M -s 8e6 -o 1e6 -d /home/username -i hopping_f946.6M_s8e6.cfile 44 62 72
The BCCH on ARFCN 44 decodes perfectly with this command:
grgsm_decode -p -v -f 943.8M -s 1e6 -c out_44.cfile
The Immediate assignment packet I am targeting says:
"Channel Description
0110 0... = SDCCH/8 + SACCH/C8 or CBCH (SDCCH/8): 12
Subchannel: 4
.... .001 = Timeslot: 1
110. .... = Training Sequence: 6
111. ...1 .... = Hopping Channel: Yes
112. Hopping channel MAIO: 0
113. HSN: 58"
And I have followed the hopping decoding tutorial at the bottom of this webpage:
https://harrisonsand.com/posts/gsm-security/
Here is a google drive folder containing both the "out_62.cfile" and "out_72.cfile" captures. My 'grgsm_hopping_example.grc' is also in there:
https://drive.google.com/drive/folders/1t46xQ7_B_917H1SdeSCPorHPRNeKp-Kn?usp=sharing
Things I have tried already are:
- Swapping the order of 'out_62.cfile' and 'out_72.cfile' in the flowchart.
- Connecting only 'CX' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Connecting only 'C0' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Connecting both 'CX' and 'C0' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Trying 2 MSPS output sample rate in 'grgsm_channelizer,' instead of 1 MSPS.
None of the above things have changed the outcome (still no decoded packets in wireshark, and no bursts are printed in the terminal output)
Any help with this issue will be greatly appreciated. Thanks!
I am experiencing difficulty decoding GSM hopping channels using 'grgsm_channelize' and the 'grgsm_hopping_example.grc' flowchart. Specifically, there are no packets showing in wireshark after pressing the play button in gnu-radio companion. And also, there are no bursts being printed in the terminal output.
My linux distro is DragonOS FocalX 22.04 and my gr-gsm build is bkerler's 'maint-3.10' fork.
I recorded a 20 GB wideband cfile using a HackRF at 8 MSPS with a center frequency of 946.6 MHz. I was located at very close range to the cell (I could see the tower) at a high vantage point and the SNR was excellent, even at gain setting of 1. I was using a high-gain GSM omnidirectional base station antenna and high quality coaxial feedline:
grgsm_capture -f 946.6M -s 8e6 -g 1 hopping_f946.6M_s8e6.cfile
The BCCH is on ARFCN 44 (943.8 MHz), and the hopping channels are allocated as ARFCN 62 (947.4 MHz) and ARFCN 72 ( 949.4 MHz).
My 'grgsm_channelize' command created three 2.5 GB channelized output files:
grgsm_channelize -f 946.6M -s 8e6 -o 1e6 -d /home/username -i hopping_f946.6M_s8e6.cfile 44 62 72
The BCCH on ARFCN 44 decodes perfectly with this command:
grgsm_decode -p -v -f 943.8M -s 1e6 -c out_44.cfile
The Immediate assignment packet I am targeting says:
"Channel Description
0110 0... = SDCCH/8 + SACCH/C8 or CBCH (SDCCH/8): 12
Subchannel: 4
.... .001 = Timeslot: 1
110. .... = Training Sequence: 6
111. ...1 .... = Hopping Channel: Yes
112. Hopping channel MAIO: 0
113. HSN: 58"
And I have followed the hopping decoding tutorial at the bottom of this webpage:
https://harrisonsand.com/posts/gsm-security/
Here is a google drive folder containing both the "out_62.cfile" and "out_72.cfile" captures. My 'grgsm_hopping_example.grc' is also in there:
https://drive.google.com/drive/folders/1t46xQ7_B_917H1SdeSCPorHPRNeKp-Kn?usp=sharing
Things I have tried already are:
- Swapping the order of 'out_62.cfile' and 'out_72.cfile' in the flowchart.
- Connecting only 'CX' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Connecting only 'C0' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Connecting both 'CX' and 'C0' from the 'GSM Receiver' block to the 'CX Channel Hopper' block.
- Trying 2 MSPS output sample rate in 'grgsm_channelizer,' instead of 1 MSPS.
None of the above things have changed the outcome (still no decoded packets in wireshark, and no bursts are printed in the terminal output)
Any help with this issue will be greatly appreciated. Thanks!
Reply all
Reply to author
Forward
0 new messages