Newbie: C123 + layer1.compalram.bin + layer23

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Newbie: C123 + layer1.compalram.bin + layer23

Nicolas Bareil

Hello,


I try to use the 'host23/mobile' application on a C123 but without
success. I followed Steve's instructions[1] with today's git tree
(d95eddad):

 1. osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin

 2. ./host/layer23/src/mobile/mobile

 3. Power on the phone

 (output of theses commands is thereafter)

But I'm not sure it really works: the firmware seems to freeze (not
responding to the power button anymore) and the last output of 'mobile'
is:

<0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)

Based on the low rxlevel, I guess it is not acquiring any meaningful
signal?

In [2], Steve said the internal antenna was switched off when the cable
is plugged in, is it still true?

I tried to RTFM but I am stuck here.

Thanks for your patience,

Footnotes:
[1]  http://baseband-devel.722152.n3.nabble.com/Running-osmocombb-on-a-Motorol-C118-tp937345p937416.html

[2]  http://lists.osmocom.org/pipermail/baseband-devel/2010-May/000435.html


,----
| % osmocon -p /dev/ttyS0 -m c123xor layer1.compalram.bin
| ...
| Received DOWNLOAD ACK from phone, your code is running now!
|
| OSMOCOM Layer 1 (revision osmocon_v0.0.0-598-gd95edda)
| ======================================================================
| Device ID code: 0xb4fb
| Device Version code: 0x0000
| ARM ID code: 0xfff3
| cDSP ID code: 0x0128
| Die ID code: ebd8283cba021198
| ======================================================================
| REG_DPLL=0x2413
| CNTL_ARM_CLK=0xf0a1
| CNTL_CLK=0xff91
| CNTL_RST=0xfff3
| CNTL_ARM_DIV=0xfff9
| ======================================================================
|
| THIS FIRMWARE WAS COMPILED WITHOUT TX SUPPORT!!!
| Assert DSP into Reset
| Releasing DSP from Reset
| Setting some dsp_api.ndb values
| Setting API NDB parameters
| DSP Download Status: 0x0001
| DSP API Version: 0x0000 0x0000
| Finishing download phase
| DSP Download Status: 0x0002
| DSP API Version: 0x3606 0x0000
| LOST 7478!
| L1CTL_RESET_REQ: FULL!L1CTL_PM_REQ start=0 end=124
| PM MEAS: ARFCN=0, 27   dBm at baseband, -110 dBm at RF
| PM MEAS: ARFCN=0, 26   dBm at baseband, -112 dBm at RF
| PM MEAS: ARFCN=1, 30   dBm at baseband, -107 dBm at RF
| PM MEAS: ARFCN=2, 29   dBm at baseband, -108 dBm at RF
| PM MEAS: ARFCN=3, 43   dBm at baseband, -94  dBm at RF
| PM MEAS: ARFCN=4, 32   dBm at baseband, -105 dBm at RF
| ../..
| PM MEAS: ARFCN=1023, 33   dBm at baseband, -104 dBm at RF
| L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=104, flags=0x7)
| Starting FCCH RecognitionFB0 (1748:10): TOA=11712, Power=-106dBm, Angle=-22058Hz
| FB0 (1775:11): TOA=12528, Power= -65dBm, Angle=-3818Hz
| FB0 (1796:5): TOA= 5280, Power= -68dBm, Angle=-16117Hz
| FB0 (1799:1): TOA=   96, Power=-109dBm, Angle= 7082Hz
`----


,----
| % ./host/layer23/src/mobile/mobile
| ...
| Failed to connect to '/tmp/osmocom_sap'.
| Failed during sap_open(), no SIM reader
| <000e> sim.c:1206 init SIM client
| <0005> gsm48_cc.c:61 init Call Control
| <0001> gsm48_rr.c:5330 init Radio Ressource process
| <0004> gsm48_mm.c:1220 init Mobility Management process
| <0004> gsm48_mm.c:971 Selecting PLMN SEARCH state, because no SIM.
| <0002> gsm322.c:3466 init PLMN process
| <0003> gsm322.c:3467 init Cell Selection process
| <0003> gsm322.c:3521 No stored BA list
| VTY available on port 4247.
| Mobile initialized, please start phone now!
| <0002> gsm322.c:3093 (ms 1) Event 'EVENT_SWITCH_ON' for automatic PLMN selection in state 'A0 null'
| <000d> gsm322.c:1055 SIM is removed
| <0002> gsm322.c:1056 SIM is removed
| <0002> gsm322.c:511 new state 'A0 null' -> 'A6 no SIM inserted'
| <0003> gsm322.c:3313 (ms 1) Event 'EVENT_SWITCH_ON' for Cell selection in state 'C0 null'
| <0003> gsm322.c:2986 Switch on without SIM.
| <0003> gsm322.c:540 new state 'C0 null' -> 'C6 any cell selection'
| <0003> gsm322.c:2404 Getting PM for frequency 0 twice. Overwriting the first! Please fix prim_pm.c
| <0003> gsm322.c:2415 Found signal (frequency 3 rxlev -94 (16))
| <0003> gsm322.c:2415 Found signal (frequency 8 rxlev -86 (24))
| <0003> gsm322.c:2415 Found signal (frequency 16 rxlev -93 (17))
| ...
| <0003> gsm322.c:2415 Found signal (frequency 819 rxlev -97 (13))
| <0003> gsm322.c:2404 Getting PM for frequency 955 twice. Overwriting the first! Please fix prim_pm.c
| <0003> gsm322.c:2415 Found signal (frequency 982 rxlev -98 (12))
| ...
| <0003> gsm322.c:2415 Found signal (frequency 1004 rxlev -91 (19))
| <0003> gsm322.c:2415 Found signal (frequency 1007 rxlev -89 (21))
| <0003> gsm322.c:2415 Found signal (frequency 1009 rxlev -97 (13))
| <0003> gsm322.c:2415 Found signal (frequency 1010 rxlev -86 (24))
| <0003> gsm322.c:2415 Found signal (frequency 1011 rxlev -67 (43))
| <0003> gsm322.c:2415 Found signal (frequency 1012 rxlev -86 (24))
| <0003> gsm322.c:2415 Found signal (frequency 1013 rxlev -80 (30))
| <0003> gsm322.c:2415 Found signal (frequency 1014 rxlev -87 (23))
| <0003> gsm322.c:2415 Found signal (frequency 1021 rxlev -82 (28))
| <0003> gsm322.c:2415 Found signal (frequency 1022 rxlev -98 (12))
| <0003> gsm322.c:2348 Found 97 frequencies.
| <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)
`----


Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

Sylvain Munaut
> <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)
>
> Based on the low rxlevel, I guess it is not acquiring any meaningful
> signal?

-65 dBm is a pretty strong signal actually :)

It should be able to sync down to -105 dBm or so.

> In [2], Steve said the internal antenna was switched off when the cable
> is plugged in, is it still true?

It's true and won't ever change ... it's a hardware switch, when you
plug something in the antenna plug, it disconnects the built-in
antenna.



> | L1CTL_RESET_REQ: FULL!L1CTL_FBSB_REQ (arfcn=104, flags=0x7)
> | Starting FCCH RecognitionFB0 (1748:10): TOA=11712, Power=-106dBm, Angle=-22058Hz
> | FB0 (1775:11): TOA=12528, Power= -65dBm, Angle=-3818Hz
> | FB0 (1796:5): TOA= 5280, Power= -68dBm, Angle=-16117Hz
> | FB0 (1799:1): TOA=   96, Power=-109dBm, Angle= 7082Hz

It's weird that the power varies so much ... it's also weird that it
even _tried_ to sync with a 22kHz frequency error ..
It might try to sync to something that's not a C0 ...

Try to force the ARFCN to a known good cell (that you get from a phone
with netmonitor) using the stick option.

Cheers,

    Sylvain

Reply | Threaded
Open this post in threaded view
|

AW: Newbie: C123 + layer1.compalram.bin + layer23

Andreas.Eversberg
In reply to this post by Nicolas Bareil
> But I'm not sure it really works: the firmware seems to freeze (not
> responding to the power button anymore) and the last output of
'mobile'
> is:
>
> <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch
mode NONE)

hi nicolas,

be sure to use the branch of sylvain: sylvain/testing (i think you did)

the process freezes after many sync requests due to a memory leak that
has not been fixed. without the fix, the full network search process
should run several times without freeze. but in your case it looks like
freezing every first sync request.

can you watch the display of your c123? see if it gets a little darker
at the point it freezes (when trying to sync).

regards,

andreas



Reply | Threaded
Open this post in threaded view
|

Re: AW: Newbie: C123 + layer1.compalram.bin + layer23

Nicolas Bareil

Good morning,

First, thanks to both of you for your replies!

Sylvain Munaut <[hidden email]> writes:
> -65 dBm is a pretty strong signal actually :)

Ooops :)

> Try to force the ARFCN to a known good cell (that you get from a phone
> with netmonitor) using the stick option.

That's the hard part, I don't have such feature on any phones I own :-(
I thought I could find one at work today but... no.

"Andreas.Eversberg" <[hidden email]> writes:
>> <0003> gsm322.c:257 Sync to ARFCN=104 rxlev=-65 (No sysinfo yet, ccch mode NONE)
>
> be sure to use the branch of sylvain: sylvain/testing (i think you did)

I was using master, I changed that now. I'm currently at 7e25c8bd

> the process freezes after many sync requests due to a memory leak that
> has not been fixed. without the fix, the full network search process
> should run several times without freeze. but in your case it looks like
> freezing every first sync request.

In fact, the whole problem disappeared when I compiled the project with
the gnuarm.com toolchain instead of mine (built with crosstool-ng[1]).

So now, 'mobile' application seems to work but I still have an issue
with layer23: after a few seconds, it keeps dropping frames (like 90%
of packet loss):

,----
| % host/layer23/src/misc/layer23 -a 544 -i 1.2.3.4
| ..
| <000a> lapdm.c:1529 fmt=B
| <000a> lapdm.c:843 UI received
| <000a> lapdm.c:875 length=0 (discarding)
| <000b> l1ctl.c:155 SDCCH/8(0) on TS0 (0064/20/32) -102 dBm: 00 01 03 03 2d 06 1e e0 4c 02 f8 10 65 00 54 ff 2b 2b 2b 2b 2b 2b 2b
| <000a> lapdm.c:1520 fmt=B4
| <000a> lapdm.c:843 UI received
| <0000> rslms.c:66 RSLms UNIT DATA IND chan_nr=0x40 link_id=0x40
| <000b> l1ctl.c:155 SDCCH/8(0) on TS0 (0064/13/00) -105 dBm: 03 42 9d 3a 17 8e ba 17 fd a5 a3 87 35 56 2b 0f 09 a4 a3 c7 87 fc 98
| <000b> l1ctl.c:210 Dropping frame with 86 bit errors
| <000b> l1ctl.c:155 SDCCH/8(0) on TS0 (0064/12/00) -101 dBm: e6 2c f6 80 de 37 0c f9 29 10 7f e3 ed df 86 e5 2d 58 63 85 d7 5f 5c
| <000b> l1ctl.c:210 Dropping frame with 104 bit errors
| <000b> l1ctl.c:155 SDCCH/8(0) on TS0 (0064/18/32) -98 dBm: 1b 6e 07 1c 36 18 e1 40 c7 b6 49 d3 4a ea 58 63 6a 02 34 fd 0a 87 4f
| <000b> l1ctl.c:210 Dropping frame with 77 bit errors
| <000b> l1ctl.c:155 SDCCH/8(0) on TS0 (0064/11/00) -95 dBm: 96 85 20 62 92 7e 4a e4 47 ec 17 f7 bb 82 0d 78 10 a9 90 81 db f0 aa
| <000b> l1ctl.c:210 Dropping frame with 63 bit errors
`----

Full layer23 dump available at http://pastebin.org/167286
The osmocom dump is available at http://pastebin.org/167278

Could it be a bad serial cable?

Is there anything I can do to debug further?

Thanks,

Footnotes:
[1]  http://ymorin.is-a-geek.org/projects/crosstool



mki
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

mki
In reply to this post by Sylvain Munaut
same newbie prob here --

1. starting osmocon:
osmocon -m c123xor -p /dev/tty.usbserial firmware/board/compal_e88/layer1.compalram.bin

2. starting layer23 (the arfcn is from my "field test" (iPhone)):
layer23 -i 224.0.0.1 -a 46 -d

3. press the power button

like a minute I receive messages then layer23 is saying:

<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/15/00) -72 dBm: 4d 3b 42 69 1a db 34 d3 a4 0b 1d 0a 4d 98 ba 52 50 e8 d2 c2 42 8c 81
<000b> l1ctl.c:210 Dropping frame with 78 bit errors
<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/14/00) -71 dBm: 6d f2 0a db 05 54 70 cd a4 0b 1d 0a 94 99 ba 52 50 e8 d2 c2 c2 68 81
<000b> l1ctl.c:210 Dropping frame with 72 bit errors
<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/20/32) -72 dBm: 84 ea f1 c3 cd 4a dc da e4 51 1d 33 b6 29 29 98 c1 24 5d 2e 9a 3f 73
<000b> l1ctl.c:210 Dropping frame with 67 bit errors
<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/13/00) -72 dBm: e2 96 ef f8 8b dc 84 85 e2 29 d4 10 ff 6e 82 c0 17 1e f6 db 29 d9 9f
<000b> l1ctl.c:210 Dropping frame with 81 bit errors
<000b> l1ctl.c:155 SDCCH/8(0) on TS1 (0913/12/00) -72 dBm: 16 d6 61 e7 c2 4a 4c 2f 6c bd 8c 32 b6 29 29 6a 99 f2 ee 69 28 75 a5
<000b> l1ctl.c:210 Dropping frame with 76 bit errors

osmocon is saying:

L1CTL_RESET_REQ: FULL!LOST 1641!
EMPTY
L1CTL_FBSB_REQ (arfcn=46, flags=0x7)
Starting FCCH RecognitionFB0 (1523172:1): TOA=  768, Power= -73dBm, Angle= 2625Hz
FB1 (1523182:8): TOA= 9475, Power= -73dBm, Angle=  464Hz
  fn_offset=1523181 (fn=1523182 + attempt=8 + ntdma = 7)m  delay=9 (fn_offset=1523181 + 11 - fn=1523182 - 1
  scheduling next FB/SB detection task with delay 9
=>FB @ FNR 1523181 fn_offset=1523181 qbits=2716
Synchronize_TDMA
LOST 2921!
SB2 (330721:2): TOA=   29, Power= -73dBm, Angle=  324Hz
=> SB 0x0080c66d: BSIC=27 fn=1205386(909/ 0/ 1) qbits=24
Synchronize_TDMA
=>FB @ FNR 330719 fn_offset=1205385 qbits=4932
LOST 1912!
nb_cmd(0) and rxnb.msg != NULLL1CTL_DM_EST_REQ (arfcn=46, chan_nr=0x41, tsc=3)
L1CTL_DATA_REQ (link_id=0x00)
ul=00811d68, ul->payload=00811d6c, data_ind=00811d6c, data_ind->data=00811d6c l3h=00811d6c
LOST 2110!

what do i wrong here???
mki
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

mki
has nobody an Idea about my problem??
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

Holger Hans Peter Freyther
On 01/06/2011 12:54 PM, mki wrote:
>
> has nobody an Idea about my problem??

Hi,

you have not forumalated a question that can be answered in a very specific
way? You seem to have an expectation that the invocation of tools is doing
something, but they don't do what you think they should do.

Maybe as a start you should describe what you expect should happen and what
happens instead? Maybe people can then help you more.

mki
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

mki
sorry,
my question is, what is with the dropped frames in my submited output of layer23 is that ok? or not? and if not what must i do?
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

Sylvain Munaut
> sorry,
> my question is, what is with the dropped frames in my submited output of
> layer23 is that ok? or not? and if not what must i do?

layer23 is a debug tool that can only really be used on a network you
control, because it will follow any immediate assignement without  any
further check (refer to GSM 04.08 if you don't understand what that
means)

On a commercial network, it won't do anything good. The output you see
is normal if you run it on a real network and not a test network you
control.

Cheers,

    Sylvain

mki
Reply | Threaded
Open this post in threaded view
|

Re: Newbie: C123 + layer1.compalram.bin + layer23

mki
Hi,
sorry i misunderstand layer23,
i am searching for a possibility to log my traffic on the um interface,
to check out if my real phone traffic is encrypted and to what bts i am connected(is it the real network or a catcher).

PS: all that, i want to do it on a real network.