OsmocomTETRA » History » Revision 10
Revision 9 (laforge, 02/19/2016 10:52 PM) → Revision 10/23 (laforge, 02/19/2016 10:52 PM)
[[PageOutline]] = The Osmocom TETRA project MAC/PHY layer experimentation code = This project code aims at practical research to implement the sending and experimentation with receiving part of the [wiki:TETRA] trunked radio system. TETRA MAC/PHY layer. If you read the ETSI EN 300 392-2 (TETRA V+D Air Interface), you will find this code implementing the parts between the MAC-blocks (called type-1 bits) and the bits that go to the DQPSK-modulator (type-5 bits). It is part most useful to look at Figure 8.5, 8.6, 9.3 and 19.12 of the bigger family of [http://osmocom.org/ Osmocom] projects, all aiming to create Free Software (Open Source Software) for mobile communications. abovementioned specification in conjunction with this program. == Software Defined Radio TETRA Air interface sniffer Big picture == {{{ #!graphviz digraph G { graph [ rankdir = LR ]; bits_file2 -> tetra_rx [ label = "read" ]; tetra_rx -> console [ label = "stdout" ]; tetra_rx -> wireshark [ label = "GSMTAP" ]; float_file2 -> float_to_bits [ label = "read" ]; float_to_bits -> bits_file1 [ label = "write" ]; USRP -> tetra_demod [ label = "USB" ]; tetra_demod -> float_file1 [ label = "write" ]; bits_file1 [ shape=box label="file.bits" ]; bits_file2 [ shape=box label="file.bits" ]; float_file1 [ shape=box label="file.float" ]; float_file2 [ shape=box label="file.float" ]; tetra_rx [ label="tetra-rx" ]; tetra_demod [ label="tetra-demod.py" ]; } }}} == Source Code == The [wiki:osmo-tetra] project aims source code is available via read-only git access at implementing {{{ git clone git://git.osmocom.org/osmo-tetra.git }}} You can also browse the sending and source code at http://cgit.osmocom.org/ You will need [http://bb.osmocom.org/trac/wiki/libosmocore libosmocore] to link. == Mailing List == receiving part There is a public mailing list regarding development of this project, you can visit the subscription page at https://lists.osmocom.org/mailman/listinfo/tetra This list is '''for discussion between software developers''' who intend to improve the Osmocom TETRA MAC/PHY layer. software. It is not a forum for individuals asking how they can tap into police radio (which is encrypted anyway). Currently, it can == FAQ == We now have a [wiki:FAQ] (Frequently asked Questions) page! == Demodulator == {{{src/demod/python/cpsk.py}}} * receive, demodulate and decode TETRA downlink signals contains a gnuradio based pi4/DQPSK demodulator, courtesy of real-world TETRA networks KA1RBI {{{src/demod/python/tetra-demod.py}}} * display information about SYNC, SYSINFO, MM and CMCE PDUs call demodulator on a 'cfile' containing complex baseband samples {{{src/demod/python/usrp1-tetra_demod.py}}} * forward those TETRA downlink signals to the [http://wireshark.org/ wireshark] protocol analyzer use demodulator in realtime with a USRP1 SDR {{{src/demod/python/usrp2-tetra_demod.py}}} * forward IP packets contained use demodulator in TETRA SNDCP to realtime with a local {{{tun/tap}}} device == Research on Motorola Dimetra EBTS == We are currently investigating USRP2 SDR {{{src/demod/python/fcdp-tetra_demod.py}}} * use demodulator in realtime with a [wiki:Funcube_Dongle]. This may also be used with other Softrock-type receivers by downconverting the hardware and software architecture intermediate frequency of a radio scanner to the [wiki:Dimetra_EBTS Motorola Dimetra EBTS], including its components like Base Radio, Site Controller, etc. complex baseband. The goal here output of the demodulator is to run this equipment without a Motorla SwMI and thus have an inexpensive platform file containing one float value for running each symbol, your own TETRA network for research purpose. containing the phase shift (in units of pi/4) relative to the previous symbol. You can use the "float_to_bits" program to convert the float values to unpacked bits, i.e. 1-bit-per-byte == Applied Research on security of real-world TETRA networks PHY/MAC layer == Using the tools === library code === Specifically, it implements: {{{lower_mac/crc_simple.[ch]}}} * CRC16-CCITT (currently defunct/broken as we develop, we are analyzing need it for non-octet-aligned bitfields) {{{lower_mac/tetra_conv_enc.[ch]}}} * 16-state Rate-Compatible Punctured Convolutional (RCPC) coder {{{lower_mac/tetra_interleave.[ch]}}} * Block interleaving (over a single block only) {{{lower_mac/tetra_rm3014.[ch]}}} * (30, 14) Reed-Muller code for the security ACCH (broadcast block of real-world TETRA networks. Our experience so far is quite shocking: All the non-government TETRA networks that we each downlink burst) have encountered use no TETRA encryption at all, i.e. they are subject {{{lower_mac/tetra_scramb.[ch]}}} * Scrambling {{{lower_mac/viterbi*.[ch]}}} * Convolutional decoder for signalling and voice channels {{{phy/tetra_burst.[ch]}}} * Routines to very easy encode continuous normal and sync bursts eavesdropping attacks. {{{phy/tetra_burst_sync.[ch]}}} === Receiver Program === More information will follow soon. The main receiver program {{{tetra-rx}}} expects an input file containing a stream of unpacked bits, i.e. 1-bit-per-byte. === Transmitter Program === = Further Reading = The main program {{{conv_enc_test.c}}} generates a single continuous downlink sync burst (SB), contining: * [wiki:FAQ] - Our Frequently Asked Questions a SYNC-PDU as block 1 * [wiki:Funcube_Dongle] - A small receiver that can be used with [wiki:osmo-tetra] a ACCESS-ASSIGN PDU as broadcast block * [wiki:Dimetra_EBTS] - Information on a SYSINFO-PDU as block 2 Scrambling is set to 0 (no scrambling) for all elements of the Motorola Dimetra EBTS burst. It does not actually modulate and/or transmit yet. == Quick example == assuming you have generated a file samples.cfile at a sample rate of 195.312kHz (100MHz/512 == USRP2 at decimation 512) {{{ ./src/demod/python/tetra-demod.py -i /tmp/samples.cfile -o /tmp/out.float -s 195312 -c 0 ./src/float_to_bits /tmp/out.float /tmp/out.bits ./src/tetra-rx /tmp/out.bits }}} For a complete list of local wiki pages, see TitleIndex.
