Decoding A5-0 Non-hopping using RTL-SDR
179 views
Skip to first unread message
test singh
May 16, 2020, 10:42:24 AM5/16/20
to gr-gsm
Hi Everyone!!
I shall be grateful for any help with respect to the issues listed below:-
1. I am trying to decode voice on a A5/0 non-hopping network. The Immediate assignment packet shows me the following information:-
Channel Description
0100 1... = SDCCH/8 + SACCH/C8 or CBCH (SDCCH/8): 9
Subchannel: 1
.... .010 = Timeslot: 2
111. .... = Training Sequence: 7
...0 .... = Hopping Channel: No
..10 .... = Spare: 0x02
Single channel ARFCN: 88
Question1 : In the same immediate assignment packet, sometimes i see Channel description (which lists SDCCH details) and sometimes i see Packet Channel Description instead (which doesn't have SDCCH info). Why is that so?
2. The Ciphering mode Command Packet shows me following information:
Cipering Mode Command
GSM A-I/F DTAP - Ciphering Mode Command
Protocol Discriminator: Radio Resources Management messages (6)
DTAP Radio Resources Management Message Type: Ciphering Mode Command (0x35)
Cipher Mode Setting
.... ...0 = SC: No ciphering (0)
Cipher Mode Response
Question 2: I am unable to get voice when i use the gsgsm-livemon.grc after adding a TCH/F demapper followed by a TCH/F Decoder. the error is listed below:
linux; GNU C++ version 5.3.1 20151219; Boost_105800; UHD_003.009.002-0-unknown
gr-osmosdr 0.1.4 (0.1.4) gnuradio 3.7.9
built-in source types: file osmosdr fcd rtl rtl_tcp uhd miri hackrf bladerf rfspace airspy redpitaya
Using device #0 Realtek RTL2838UHIDIR SN: 1
Found Rafael Micro R820T tuner
[R82XX] PLL not locked!
Exact sample rate is: 2000000,052982 Hz
[R82XX] PLL not locked!
Using Volk machine: avx2_64_mmx_orc
Traceback (most recent call last):
File "/home/sigintos/Desktop/A5-0_Voice_Proj/GSM Halfrate/Gsm_Listener.py", line 377, in <module>
main()
File "/home/sigintos/Desktop/A5-0_Voice_Proj/GSM Halfrate/Gsm_Listener.py", line 365, in main
tb = top_block_cls(args=options.args, collector=options.collector, collectorport=options.collectorport, fc=options.fc, gain=options.gain, osr=options.osr, ppm=options.ppm, samp_rate=options.samp_rate, serverport=options.serverport, shiftoff=options.shiftoff)
File "/home/sigintos/Desktop/A5-0_Voice_Proj/GSM Halfrate/Gsm_Listener.py", line 155, in __init__
self.gsm_tch_h_decoder_0 = grgsm.tch_h_decoder(0, grgsm.TCH_HS, False)
File "/usr/local/lib/python2.7/dist-packages/grgsm/grgsm_swig.py", line 2077, in make
return _grgsm_swig.tch_h_decoder_make(sub_channel, multi_rate, boundary_check)
TypeError: in method 'tch_h_decoder_make', argument 2 of type 'std::string'
Kindly help!!
Nikos Balkanas
May 17, 2020, 12:08:54 AM5/17/20
to test singh, gr-gsm
Hi,
1) Are you referring to different traffic, or the same traffic? If it
is different traffic, from a different bts, you can expect some packet
randomness...
2) is your gnuradio 3.7.9 compiled from sources?
HTH
Nikos
> --
> You received this message because you are subscribed to the Google Groups "gr-gsm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr-gsm+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/8b37e606-95e5-4963-8c7a-451c480cf7d2%40googlegroups.com.
1) Are you referring to different traffic, or the same traffic? If it
is different traffic, from a different bts, you can expect some packet
randomness...
2) is your gnuradio 3.7.9 compiled from sources?
HTH
Nikos
> You received this message because you are subscribed to the Google Groups "gr-gsm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr-gsm+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/8b37e606-95e5-4963-8c7a-451c480cf7d2%40googlegroups.com.
Nikos Balkanas
May 17, 2020, 1:23:40 AM5/17/20
to test singh, gr-...@googlegroups.com
Hi,
It is normal to experience some randomness to the order of packets
even with the same BTS. The protocol is lax about that.
I would suggest compiling gnuradio from sources (not an easy task).
You don't know what precompiled versions have used for it:(
I have no problems with gnuradio 3.7.9.2 sources.
HTH
Nikos
On Sun, May 17, 2020 at 8:06 AM test singh <test...@gmail.com> wrote:
>
> Hi Nikos!
> I am referring to the traffic from same BTS. I have recorded a 30 sec cfile and I see the difference there.
>
> Also I am using sigintos which has precompiled gnuradio.
>
> Best wishes
It is normal to experience some randomness to the order of packets
even with the same BTS. The protocol is lax about that.
I would suggest compiling gnuradio from sources (not an easy task).
You don't know what precompiled versions have used for it:(
I have no problems with gnuradio 3.7.9.2 sources.
HTH
Nikos
On Sun, May 17, 2020 at 8:06 AM test singh <test...@gmail.com> wrote:
>
> Hi Nikos!
> I am referring to the traffic from same BTS. I have recorded a 30 sec cfile and I see the difference there.
>
> Also I am using sigintos which has precompiled gnuradio.
>
> Best wishes
test singh
May 17, 2020, 3:07:27 AM5/17/20
to gr-gsm
In the same analysis, the assignment command packet provides me the following information in one packet :
GSM A-I/F DTAP - Assignment Command
Protocol Discriminator: Radio Resources Management messages (6)
DTAP Radio Resources Management Message Type: Assignment Command (0x2e)
Channel Description 2 - Description of the First Channel, after time
0000 1... = TCH/F + FACCH/F and SACCH/F: 1
.... .110 = Timeslot: 6
000. .... = Training Sequence: 0
...0 .... = Hopping Channel: No
..00 .... = Spare: 0x00
Single channel ARFCN: 68
Power Command
Channel Mode - Mode of the First Channel(Channel Set 1)
MultiRate configuration
and the undermentioned information second
Protocol Discriminator: Radio Resources Management messages (6)
DTAP Radio Resources Management Message Type: Assignment Command (0x2e)
Channel Description 2 - Description of the First Channel, after time
0000 1... = TCH/F + FACCH/F and SACCH/F: 1
.... .111 = Timeslot: 7
000. .... = Training Sequence: 0
...1 .... = Hopping Channel: Yes
Hopping channel MAIO: 8
HSN: 23
Power Command
Cell Channel Description
Element ID: 0x62
00.. 111. = Format Identifier: Unknown (0x07)
List of ARFCNs = 124 123 122 120 119 118 117 116 115 71 70 64 63 62 61 60 59 58 57 56 55 54
Channel Mode - Mode of the First Channel(Channel Set 1)
Element ID: 0x63
Channel Mode: speech full rate or half rate version 3(FR AMR or HR AMR) (65)
I see that the Hopping is set to YES in second packet while it was set to NO in the first packet. I am confused whether it is a hopping channel or not?
Also, when i run the .grc file (screenshot attached), i see the following output but no audio.
built-in source types: file osmosdr fcd rtl rtl_tcp uhd miri hackrf bladerf rfspace airspy redpitaya
Using device #0 Realtek RTL2838UHIDIR SN: 1
Found Rafael Micro R820T tuner
[R82XX] PLL not locked!
Exact sample rate is: 2000000,052982 Hz
[R82XX] PLL not locked!
Using Volk machine: avx2_64_mmx_orc
gr::log :INFO: audio source - Audio sink arch: alsa
gr::buffer::allocate_buffer: warning: tried to allocate
1985 items of size 33. Due to alignment requirements
4096 were allocated. If this isn't OK, consider padding
your structure to a power-of-two bytes.
i get series of OOOOOOOO with intermittent aUaU. I am using a guest SIGINTOS in VMWARE with 6 GB RAM allotted to the VM.
i have tried to follow all advice by @piotr Krysik but to somwhoe i am not able to get voice out of this A5/0 channel. Kindly help!!
Reply all
Reply to author
Forward
0 new messages