OsmocomBB

{{>toc}}

h1. Background

The [[OsmocomBB]] source code comes with several applications for various purposes.

Those applications can be devided into two separate classes, applications:

* running on the baseband chip of the phone

* running on a PC, communicating with the baseband firmware over serial

Applications running on the PC can further be partitioned into:

* Firmware management software (loading, flashing, ...)

* GSM Layer 2/3 applications

The following will provide you a rough overview of the most commonly used software pieces.

h1. Baseband firmware

Binary location: src/target/firmware/board/*/*.bin

Source locations: src/target/firmware/, particularly apps and layer1

h2. layer1

[[layer1bin]] is a simple GSM layer 1 proxy, communicating over the [[L1A_L23_Interface]].

This allows you to run a full-blown GSM implementation on your host machine, communicating through the phones radio interface.

h2. loader

[[loaderbin]] is our flash loader, dumper and second stage bootloader

h2. l1test

Layer 1 development application.

This application does what layer1 does, but automatically tunes to the strongest ARFCN it can find.

It can be used for stand-alone-testing of the phones radio.

h2. loader

Our [[Bootloader]], available in various build configurations.

h2. compal_dsp_dump

Application for dumping the contents of the DSP in the Calypso chip.

h2. compal_dumper

The old compal device dumper. Use [[Bootloader]] instead once it is available.

h2. hello_world

The initial obligatory "Hello, world!" application.

Currently, this does more than say hello. Intended as a template for new applications.

h2. menu

Boot menu application to select and load apps that are stored in flash memory. See [[flashing_new]].

h2. rssi

The [blog:rssi-firmware] can be used to monitor the received signal indication (RSSI) of ARFCNs or the entire spectrum.

h2. EMI

The EMI (electro magnetic interference) simulator application can be used to generate RF interference caused by GSM networks an mobile station. See [[emi-firmware]].

h1. Firmware management software

Location (source and binary): src/host/osmocon

h2. osmocon

[[osmocon]] is a console tool for interfacing our baseband firmware on the phone with applications on the host PC.

It is responsible for downloading a baseband firmware or bootloader into the phone and relay communication between Layer 3 applications and baseband firmwares over serial.

h2. osmoload

[[osmoload]] is used to write, dump and examine flash memory of supported phones.

You will need this program for example if you intent [[flashing]] an application to the phone (the software is usually loaded into RAM).

h2. calypso_pll

The [[calypso_pll]] tool can be used to calculate Calypso DPLL multiplier+divider.

h2. rita_pll

The [[rita_pll]] tool can be used to calculate the Rita PLL multiplier/divider.

h1. GSM Layer 2/3 applications

Location (source and binary): src/host/layer23/*

Layer 3 applications implement various functionality based on GSM Layer 3 in combination with Layer 2 (LAPDm).

h2. mobile

[[mobile]] is the most sophisticated [[OsmocomBB]] application so far.

It implements most of the behavior of a regular GSM telephone, but is extended in many ways with features interesting to researchers.

h2. cell_log

The cell_log application scans through valid available carrier frequencies, attempts to sync to them and dumps information gathered from the BCCH.

It is usually used to create a list of used ARFCNs and information such as their reception levels, MNC, MCC, and System Information.

h2. ccch_scan

The ccch_scan application can sync to a carrier ARFCN and logs power measurement and CCCH information (paging requests and Immediate Assignments).

h2. bcch_scan

bcch_scan is basically a predecessor of cell_log and logs information as observed on the BCCH (System Information).

h2. cbch_sniff

cbch_sniff dumps cell broadcast channel information such as, e.g., GPS location of the cell.