OsmocomBB Firmware » History » Version 5

« Previous - Version 5/16 (diff) - Next » - Current version
nion, 02/19/2016 10:48 PM


= Background =
The OsmocomBB source code comes with several applications for various purposes.
Those applications can be devided into two separate classes, applications: * running on the baseband chip of the phone * running on a PC, communicating with the baseband firmware over serial

Applications running on the PC can further be partitioned into: * Firmware management software (loading, flashing, ...) * GSM Layer 2/3 applications

The following will provide you a rough overview of the most commonly used software pieces.

= Baseband firmware =

Binary location: src/target/firmware/board/*/*.bin
Source locations: src/target/firmware/, particularly apps and layer1

[wiki:layer1.bin] is a simple GSM layer 1 proxy, communicating over the [wiki:L1A_L23_Interface].

This allows you to run a full-blown GSM implementation on your host machine, communicating through the phones radio interface.

[wiki:loader.bin] is our flash loader, dumper and second stage bootloader


Layer 1 development application.

This application does what layer1 does, but automatically tunes to the strongest ARFCN it can find.

It can be used for stand-alone-testing of the phones radio.


Our [wiki:Bootloader], available in various build configurations.


Application for dumping the contents of the DSP in the Calypso chip.


The old compal device dumper. Use [wiki:Bootloader] instead once it is available.


The initial obligatory "Hello, world!" application.

Currently, this does more than say hello. Intended as a template for new applications.


The [blog:rssi-firmware] can be used to monitor the received signal indication (RSSI) of ARFCNs or the entire spectrum.

= Firmware management software =
Location (source and binary): src/host/osmocon

[wiki:osmocon] is a console tool for interfacing our baseband firmware on the phone with applications on the host PC.

It is responsible for downloading a baseband firmware or bootloader into the phone and relay communication between Layer 3 applications and baseband firmwares over serial.

[wiki:osmoload] is used to write, dump and examine flash memory of supported phones.

You will need this program for example if you intent [wiki:flashing] an application to the phone (the software is usually loaded into RAM).

The [wiki:calypso_pll] tool can be used to calculate Calypso DPLL multiplier+divider. rita_pll
The [wiki:rita_pll] tool can be used to calculate the Rita PLL multiplier/divider.

= GSM Layer 2/3 applications =
Location (source and binary): src/host/layer23/*

Layer 3 applications implement various functionality based on GSM Layer 3 in combination with Layer 2 (LAPDm).

[wiki:mobile] is the most sophisticated OsmocomBB application so far.

It implements most of the behavior of a regular GSM telephone, but is extended in many ways with features interesting to researchers.

The cell_log application scans through valid available carrier frequencies, attempts to sync to them and dumps information gathered from the BCCH.

It is usually used to create a list of used ARFCNs and information such as their reception levels, MNC, MCC, and System Information.

The ccch_scan application can sync to a carrier ARFCN and logs power measurement and CCCH information (paging requests and Immediate Assignments). bcch_scan
bcch_scan is basically a predecessor of cell_log and logs information as observed on the BCCH (System Information). cbch_sniff
cbch_sniff dumps cell broadcast channel information such as, e.g., GPS location of the cell.
Add picture from clipboard (Maximum size: 48.8 MB)