OsmocomBB Firmware » History » Version 7

« Previous - Version 7/16 (diff) - Next » - Current version
jolly, 02/19/2016 10:48 PM
Add "menu" and "EMI" applications.


= Background =
The OsmocomBB source code comes with several applications for various purposes.
Those applications can be devided into two separate classes, applications: * running on the baseband chip of the phone * running on a PC, communicating with the baseband firmware over serial

Applications running on the PC can further be partitioned into: * Firmware management software (loading, flashing, ...) * GSM Layer 2/3 applications

The following will provide you a rough overview of the most commonly used software pieces.

= Baseband firmware =

Binary location: src/target/firmware/board/*/*.bin
Source locations: src/target/firmware/, particularly apps and layer1

[wiki:layer1.bin] is a simple GSM layer 1 proxy, communicating over the [wiki:L1A_L23_Interface].

This allows you to run a full-blown GSM implementation on your host machine, communicating through the phones radio interface.

[wiki:loader.bin] is our flash loader, dumper and second stage bootloader l1test

Layer 1 development application.

This application does what layer1 does, but automatically tunes to the strongest ARFCN it can find.

It can be used for stand-alone-testing of the phones radio.


Our [wiki:Bootloader], available in various build configurations.


Application for dumping the contents of the DSP in the Calypso chip.


The old compal device dumper. Use [wiki:Bootloader] instead once it is available.


The initial obligatory "Hello, world!" application.

Currently, this does more than say hello. Intended as a template for new applications.


Boot menu application to select and load apps that are stored in flash memory. See [wiki:flashing_new].


The [blog:rssi-firmware] can be used to monitor the received signal indication (RSSI) of ARFCNs or the entire spectrum.


The EMI (electro magnetic interference) simulator application can be used to generate RF interference caused by GSM networks an mobile station. See [wiki:emi-firmware].

= Firmware management software =
Location (source and binary): src/host/osmocon

[wiki:osmocon] is a console tool for interfacing our baseband firmware on the phone with applications on the host PC.

It is responsible for downloading a baseband firmware or bootloader into the phone and relay communication between Layer 3 applications and baseband firmwares over serial.

[wiki:osmoload] is used to write, dump and examine flash memory of supported phones.

You will need this program for example if you intent [wiki:flashing] an application to the phone (the software is usually loaded into RAM).

The [wiki:calypso_pll] tool can be used to calculate Calypso DPLL multiplier+divider. rita_pll
The [wiki:rita_pll] tool can be used to calculate the Rita PLL multiplier/divider.

= GSM Layer 2/3 applications =
Location (source and binary): src/host/layer23/*

Layer 3 applications implement various functionality based on GSM Layer 3 in combination with Layer 2 (LAPDm).

[wiki:mobile] is the most sophisticated OsmocomBB application so far.

It implements most of the behavior of a regular GSM telephone, but is extended in many ways with features interesting to researchers.

The cell_log application scans through valid available carrier frequencies, attempts to sync to them and dumps information gathered from the BCCH.

It is usually used to create a list of used ARFCNs and information such as their reception levels, MNC, MCC, and System Information.

The ccch_scan application can sync to a carrier ARFCN and logs power measurement and CCCH information (paging requests and Immediate Assignments). bcch_scan
bcch_scan is basically a predecessor of cell_log and logs information as observed on the BCCH (System Information). cbch_sniff
cbch_sniff dumps cell broadcast channel information such as, e.g., GPS location of the cell.
Add picture from clipboard (Maximum size: 48.8 MB)