Project

General

Profile

Emi-firmware » History » Version 17

zecke, 02/21/2016 09:57 AM

1 1 jolly
2 16 jolly
h1. [[OsmocomBB]] EMI Firmware
3
4
5 17 zecke
{{thumbnail(emi-firmware:emi_main.jpg)}}
6 1 jolly
7 9 jolly
8 16 jolly
h2. Introduction
9 1 jolly
10
11 16 jolly
[[OsmocomBB]] EMI is a tool to generate GSM RF interferences. It can be used to test how GSM radiation affects other equipment, e.g. amplifiers, radios and wireless devices. It is capable of transmitting in all regular GSM bands (1800, 1900, 850, 900), up-link and down-link. Because it only transmits, no filter rework is required. There are several test patterns, from SDCCH on a single time slot to PDCH on 5 time lots.
12 1 jolly
13
14 16 jolly
h2. Branch
15
16
17
Check out jolly/emi branch of [[OsmocomBB]] GIT. It contains the EMI app and Sylvain's TRX hack, which is required to transmit multiple bursts per frame.
18
19
20
h2. Settings
21
22
23 1 jolly
Use left function key (left button below display) to toggle between DCS1800 and PCS1900 band. This is only required for ARFCN rage from 512 to 810.
24
25
Use right function key to toggle between up-link (interference of a mobile station) and down-link (interference of a base station).
26
27
To change ARFCN, enter digits and acknowledge with right function key. Press or hold right or left cursor buttons to adjust current selected ARFCN.
28
29
Press the menu button (black center button) to select a test pattern (scroll up and down) and acknowledge with the right function key. Test patterns are:
30 11 jolly
31 16 jolly
* SDCCH
32
* TCH/F (1-5 time slots)
33
* TCH/H
34
* TCH/F (TCH/H) using DTX
35
* PDCH download (sending acknowledgments)
36
* PDCH upload (1-5 time slots)
37
* RACH (single Access Burst)
38 1 jolly
39
40 16 jolly
h2. Operation
41 1 jolly
42 16 jolly
43
*Note: This device transmits at frequencies that require a license in most countries. Only use this device, if you have a license for the selected ARFCN or if you use it inside a Faraday cage*
44
45 1 jolly
Press the green button (off-hook) to start transmitter. The transmit power is shown.
46
47
Turn off transmitter by pressing green button again or by pressing red button (on-hook).
48
49
To increase or decrease TX power, press or hold up and down cursor buttons.
50
51
52 16 jolly
h4. RACH Burst
53
54
55 1 jolly
In case of test pattern "RACH", real Access Bursts can be transmitted. Access bursts are shorter than Normal Burst. When this test pattern is selected, transmit power is always shown on the display, but nothing is transmitted. To transmit a single Access Burst, press the green button (off-hook). Whenever the green button is pressed again, an Access Burst is transmitted.
56
57
58 16 jolly
h2. Simulation
59
60
61 9 jolly
When transmitter is on, the transmitted bursts can be made audible on the phone's buzzer. To increase volume, press or hold # key. To decrease, press or hold * key.
62 1 jolly
63
64 16 jolly
h2. Remote Control
65
66
67 15 jolly
Remote control can be performed by using 'osmocli', a special command line tool or the echo command or own applications.
68
69
70 16 jolly
h4. Osmo-CLI
71
72
73 15 jolly
After running EMI-App on the phone, stop osmocon, if running, and run osmocli. Enter 'help' and 'template help' for a list of commands:
74
75 16 jolly
<pre>
76 15 jolly
src/host/osmocon/osmocli -p /dev/ttyUSB0
77
help
78
Available commands:
79
help                this text
80
arfcn <ARFCN>       Absolute radio frequency number
81
dcs                 Use DCS1800 for ARFCN 512..810
82
pcs                 Use PCS1900 for ARFCN 512..810
83
uplink              Use uplink bands
84
downlink            Use downlink bands
85 1 jolly
template <template> Select template, use 'template help' for a list.
86 15 jolly
power <dBm> | off   Set transmitter power 0..30
87 1 jolly
volume 0..10        Set buzzer volume
88
89
template help
90 15 jolly
Available templates:
91 1 jolly
template sdcch - SDCCH
92 15 jolly
template tchf - TCH/F
93 1 jolly
template tchf2 - TCH/F (2 TS)
94 15 jolly
template tchf3 - TCH/F (3 TS)
95
template tchf4 - TCH/F (4 TS)
96
template tchf5 - TCH/F (5 TS)
97 1 jolly
template tchh - TCH/H
98
template dtx - TCH/F(H) DTX
99
template pdchack - PDCH (ack)
100 15 jolly
template pdch - PDCH
101 1 jolly
template pdch2 - PDCH (2 TS)
102
template pdch3 - PDCH (3 TS)
103 15 jolly
template pdch4 - PDCH (4 TS)
104 1 jolly
template pdch5 - PDCH (5 TS)
105
template rach - RACH
106 16 jolly
</pre>
107 1 jolly
108
109 16 jolly
h4. echo
110
111
112 1 jolly
Alternatively the echo command can be used:
113
114 16 jolly
<pre>
115 15 jolly
stty -F /dev/ttyUSB0 115200
116
echo -ne "~\012\003power 0~" >/dev/ttyUSB0
117 16 jolly
</pre>
118 1 jolly
119 15 jolly
The phone should start transmitting with power level 0.
120 1 jolly
121 15 jolly
122 16 jolly
h4. Own application
123
124
125 1 jolly
The following sequence must be sent via serial at 115200 baud 8n1, to form a valid command:
126 15 jolly
127 16 jolly
<pre>
128 15 jolly
0x7e 0x0a 0x03 <command as ASCII code> 0x7e
129 16 jolly
</pre>
130 1 jolly
131 15 jolly
Example "power 0":
132
133 16 jolly
<pre>
134 1 jolly
0x7e 0x0a 0x03 0x70 0x6f 0x77 0x65 0x72 0x20 0x30 0x7e
135 16 jolly
</pre>
136 15 jolly
137
138 16 jolly
h2. Restrictions
139 1 jolly
140 4 jolly
141 16 jolly
* GSM 850 and 900 will not allow to go down lower than 4 dBm, even if displayed so.
142
* TX power of patters with multiple times lots will always be 30 dBm (about 1 Watts).
143
* Access Bursts are always sent on up-link bands.
144
* The bursts, except for Access Bursts do not carry valid data, they are just Dummy Bursts. 
145
146
147
h2. Burst Templates (informative)
148
149
150 12 jolly
Note: '*' represents transmission, '-' represents no transmission. Each character represents one frame.
151
152
When SDCCH is selected, two alternating 51-multiframes are transmitted in a loop: (The 4 bursts on the left represent SDCCH, the 4 bursts to the right represent SACCH.)
153
154 16 jolly
<pre>
155 12 jolly
---------------****----------------------------****
156
---------------****--------------------------------
157 16 jolly
</pre>
158 12 jolly
159 13 jolly
160 12 jolly
When TCH/F is selected, a 26-multiframe is transmitted in a loop: (Each block of 12 bursts represent 3 interleaved TCH frames, the first single burst represent SACCH, the second single burst represents IDLE burst.)
161
162 16 jolly
<pre>
163 13 jolly
************ * ************ -
164 16 jolly
</pre>
165 12 jolly
166 13 jolly
167 12 jolly
When TCH/H is selected, a 26-multiframe is transmitted in a loop: (Both blocks of 12 bursts represent 3 interleaved TCH frames, the first single burst represent SACCH, the second single burst represents IDLE burst.)
168
169 16 jolly
<pre>
170 13 jolly
*-*-*-*-*-*- * *-*-*-*-*-*- -
171 16 jolly
</pre>
172 12 jolly
173
174 13 jolly
When TCH/F / TCH/H DTX is selected, a 26-multiframe is transmitted in a loop: (Both blocks of 12 bursts are IDLE due to DTX, the first single burst represent SACCH, the second single burst represents IDLE burst.)
175 1 jolly
176 16 jolly
<pre>
177 12 jolly
------------ * ------------ -
178 16 jolly
</pre>
179 13 jolly
180 12 jolly
181
When PDCH (ack) is selected, the following 52-multiframes are transmitted in a loop: (This a download scenario, where only acknowledgement packets are transmitted. Each block of 12 bursts represent 3 MAC blocks, the single bursts represent the PTCCH/U.)
182
183 16 jolly
<pre>
184 12 jolly
************ * ****-------- - ****----**** - ------------ -
185
------------ - ----****---- - ------------ - ----****---- -
186
----******** - ************ - ****-------- - ****----**** -
187
------------ - ------------ - ----****---- - ------------ -
188
----****---- - ----******** - ************ - ****-------- -
189
****----**** - ------------ - ------------ - ----****---- -
190
------------ - ------------ - ------------ - ------------ -
191
****-------- - ------------ - ****-------- - ----******** -
192
************ * ****-------- - ****-------- - ****-------- -
193
------------ - --------**** - ------------ - ------------ -
194
----****---- - ------------ - ----****---- - ----******** -
195
************ - ****-------- - ****----**** - ------------ -
196
------------ - ----****---- - ------------ - ------------ -
197
****-------- - ------------ - ****-------- - ************ -
198
************ - ****-------- - ********---- - ------------ -
199
------------ - ****-------- - ------------ - ****-------- -
200
************ * ********---- - ------------ - ********---- -
201
------------ - ------------ - ****-------- - ------------ -
202
****-------- - ************ - ************ - ****-------- -
203
********---- - ------------ - ------------ - ****-------- -
204
------------ - --------**** - ------------ - ------------ -
205
----****---- - ------------ - ----****---- - ----******** -
206
************ - ****-------- - ****----**** - ------------ -
207
------------ - ----****---- - ------------ - ----****---- -
208
----******** * ************ - ****-------- - ****----**** -
209
------------ - ------------ - ----****---- - ------------ -
210
------------ - ****-------- - ------------ - ****-------- -
211
************ - ********---- - ------------ - ********---- -
212
------------ - ------------ - ****-------- - ------------ -
213
--------**** - ------------ - ----****---- - --------**** -
214
************ - ********---- - --------**** - ****-------- -
215
------------ - --------**** - ------------ - ----****---- -
216 16 jolly
</pre>
217 12 jolly
218 13 jolly
219 12 jolly
When PDCH is selected, the following 52-multiframes are transmitted in a loop: (This an upload scenario, where packets are transmitted. Each block of 12 bursts represent 3 MAC blocks, the single bursts represent the PTCCH/U.)
220
221 16 jolly
<pre>
222 12 jolly
************ * ************ - ************ - ************ -
223
************ - ************ - ************ - ************ -
224
************ - ************ - ************ - ************ -
225
************ - ************ - ************ - ************ -
226
************ - ************ - ************ - ************ -
227
************ - ************ - ************ - ************ -
228
************ - ************ - ************ - ************ -
229
************ - ************ - ************ - ************ -
230 16 jolly
</pre>
Add picture from clipboard (Maximum size: 48.8 MB)