OsmocomBB Firmware » History » Version 8
- Table of contents
- Baseband firmware
- Firmware management software
- GSM Layer 2/3 applications
Background¶The OsmocomBB source code comes with several applications for various purposes.
Those applications can be devided into two separate classes, applications:
- running on the baseband chip of the phone
- running on a PC, communicating with the baseband firmware over serial
- Firmware management software (loading, flashing, ...)
- GSM Layer 2/3 applications
The following will provide you a rough overview of the most commonly used software pieces.
Binary location: src/target/firmware/board/*/*.bin
Source locations: src/target/firmware/, particularly apps and layer1
This allows you to run a full-blown GSM implementation on your host machine, communicating through the phones radio interface.
loaderbin is our flash loader, dumper and second stage bootloader
Layer 1 development application.
This application does what layer1 does, but automatically tunes to the strongest ARFCN it can find.
It can be used for stand-alone-testing of the phones radio.
Our Bootloader, available in various build configurations.
Application for dumping the contents of the DSP in the Calypso chip.
The old compal device dumper. Use Bootloader instead once it is available.
The initial obligatory "Hello, world!" application.
Currently, this does more than say hello. Intended as a template for new applications.
Boot menu application to select and load apps that are stored in flash memory. See flashing_new.
The [blog:rssi-firmware] can be used to monitor the received signal indication (RSSI) of ARFCNs or the entire spectrum.
The EMI (electro magnetic interference) simulator application can be used to generate RF interference caused by GSM networks an mobile station. See emi-firmware.
Firmware management software¶
Location (source and binary): src/host/osmocon
osmocon is a console tool for interfacing our baseband firmware on the phone with applications on the host PC.
It is responsible for downloading a baseband firmware or bootloader into the phone and relay communication between Layer 3 applications and baseband firmwares over serial.
osmoload is used to write, dump and examine flash memory of supported phones.
You will need this program for example if you intent flashing an application to the phone (the software is usually loaded into RAM).
The calypso_pll tool can be used to calculate Calypso DPLL multiplier+divider.
The rita_pll tool can be used to calculate the Rita PLL multiplier/divider.
GSM Layer 2/3 applications¶
Location (source and binary): src/host/layer23/*
Layer 3 applications implement various functionality based on GSM Layer 3 in combination with Layer 2 (LAPDm).
It implements most of the behavior of a regular GSM telephone, but is extended in many ways with features interesting to researchers.
The cell_log application scans through valid available carrier frequencies, attempts to sync to them and dumps information gathered from the BCCH.
It is usually used to create a list of used ARFCNs and information such as their reception levels, MNC, MCC, and System Information.
The ccch_scan application can sync to a carrier ARFCN and logs power measurement and CCCH information (paging requests and Immediate Assignments).
bcch_scan is basically a predecessor of cell_log and logs information as observed on the BCCH (System Information).
cbch_sniff dumps cell broadcast channel information such as, e.g., GPS location of the cell.