Project

General

Profile

Actions

Emi-firmware » History » Revision 11

« Previous | Revision 11/18 (diff) | Next »
jolly, 02/19/2016 10:49 PM


= OsmocomBB EMI Firmware =

[[Image(emi-firmware:emi_main.jpg)]]

Introduction

OsmocomBB EMI is a tool to generate GSM RF interferences. It can be used to test how GSM radiation affects other equipment, e.g. amplifiers, radios and wireless devices. It is capable of transmitting in all regular GSM bands (1800, 1900, 850, 900), up-link and down-link. Because it only transmits, no filter rework is required. There are several test patterns, from SDCCH on a single time slot to PDCH on 5 time lots.

Branch

Check out jolly/emi branch of OsmocomBB GIT. It contains the EMI app and Sylvain's TRX hack, which is required to transmit multiple bursts per frame.

Settings

Use left function key (left button below display) to toggle between DCS1800 and PCS1900 band. This is only required for ARFCN rage from 512 to 810.

Use right function key to toggle between up-link (interference of a mobile station) and down-link (interference of a base station).

To change ARFCN, enter digits and acknowledge with right function key. Press or hold right or left cursor buttons to adjust current selected ARFCN.

Press the menu button (black center button) to select a test pattern (scroll up and down) and acknowledge with the right function key. Test patterns are:

  • SDCCH
  • TCH/F (1-5 time slots)
  • TCH/H
  • TCH/F (TCH/H) using DTX
  • PDCH download (sending acknowledgments)
  • PDCH upload (1-5 time slots)
  • RACH (single Access Burst)
Operation

'''Note: This device transmits on frequencies that require a license in most countries. Only use this device, if you have a license for the selected ARFCN or if you use it inside a Faraday cage'''

Press the green button (off-hook) to start transmitter. The transmit power is shown.

Turn off transmitter by pressing green button again or by pressing red button (on-hook).

To increase or decrease TX power, press or hold up and down cursor buttons.

==== RACH Burst ====

In case of test pattern "RACH", real Access Bursts can be transmitted. Access bursts are shorter than Normal Burst. When this test pattern is selected, transmit power is always shown on the display, but nothing is transmitted. To transmit a single Access Burst, press the green button (off-hook). Whenever the green button is pressed again, an Access Burst is transmitted.

Simulation

When transmitter is on, the transmitted bursts can be made audible on the phone's buzzer. To increase volume, press or hold # key. To decrease, press or hold * key.

Restrictions * GSM 850 and 900 will not allow to go down lower than 4 dBm, even if displayed so. * TX power of patters with multiple times lots will always be 30 dBm (about 1 Watts). * Access Bursts are always sent on up-link bands.
Files (1)
emi_main.jpg View emi_main.jpg 24.2 KB EMI main screen jolly, 09/30/2013 08:33 AM

Updated by jolly about 8 years ago · 11 revisions

Add picture from clipboard (Maximum size: 48.8 MB)