Russian adventures OpenBTS

In the midst of the next festival Burning Man , and the third time link at the festival is provided by OpenBTS. NetworkWorld published an article on this subject with a good overview of the current status of the project. This article is based on interviews with one of the founders of the project - Glenn Edens . Some interesting facts from the article:

1. Communication for 50 000 participants of the festival will be provided with 2 sectors (antennas) to 3 frequency channels in each. Also this year the opportunity to place calls to "out".
2. Instead USRP this year using specialized hardware.
3. Commercial part of the project will be announced at the DEMO Conference 13-15 September.
4. A complete base station based on OpenBTS will cost about $ 10K, not $ 50-100K as a traditional base station.
5. OpenBTS used for communication in the main hospital in Port-au-Prince (Haiti) after an earthquake disrupted all existing communication. Installation took only two hours.
6. Since January, has sold nearly 150 kits ready for deployment OpenBTS .
7. The source code was downloaded 4,000 times - mostly those who can gather all the necessary with his own hands.
8. Test-based network OpenBTS launched in India, Africa, the Pacific and some other countries. Several installations OpenBTS serve private ownership - oil fields, farms and ships. Work on installation OpenBTS on the Australian station in Antarctica. Also interested OpenBTS often military and law enforcement agencies and DARPA. System of interests mobile provider Telefonica and T-Mobile.

The project is on its feet, and I think that already, no one raises the question "why is everything you want?". There remains only one question - would it be a push to radically change the world or the world will be better than "just a little. And the answer to it depends on all of us, on our part in changing the world. :)

He told me to CC'10 about Open-Source Hardware. I hope that was present was interesting and useful:) Slides from the presentation available on SlideShare . Video is soon to appear on the site SS .

At the same time became acquainted with the guys who make oshw.ru and oshec.org . Unfortunately, the sites themselves much running, but the projects are still alive. In early October are going to make a joint conference on micro-Open-Source Hardware - invite other projects, meet, share experiences, discuss common problems and personal achievements, plans, or simply chat. The exact time, place and plan will be announced later. We will try to arrange for remote participation. All who are interested - write in comments.

Announced the release of OpenBTS 2.6. The new version should be fully compatible with the installations OpenBTS 2.5 and upgrade should work without problems. In connection with this OpenBTS 2.5 update will no longer have all the fixes are only in the 2.6 series.
Major changes:

1. License changed to GPLv3 at AGPLv3 with additional conditions. If you intend to apply OpenBTS in real life - it is strongly recommended to read carefully.
2. Admins GnuRadio soon as a year can not create OpenBTS git-repository pozhtomu code published in the GIT at SourceForge. See it can be here , download the source code in the archive here .
3. For write access to repository OpenBTS enough to sign a contributors' license agreement (CLA) c Kestrel SP.

Separately, I note that my patch to OpenBTS in general and in particular USSD can download it from GitHub .

Also released a new version of the utility Kalibrator 0.4.1. This utility allows you to scan through USRP broadcast to find the frequency at which the work surrounding base stations and power of the signal and determine the difference frequency generator at the USRP and the generator at the base station. The new version significantly improved the sensitivity of native and introduced the scanning mode. Learn more and download the source code here: http://thre.at/kalibrate .

The following weekend I will be spread the Open Source Hardware at the festival komyuternom Chaos Constructions 1910 in St. Petersburg on 28-29 August.

There was a plan to demonstrate at the festival OpenBTS in action, but my laptop was in repair. If there is an enthusiastic, ready to sacrifice for the demonstration laptop with Ubuntu, the idea can be revived.

Disclaimer: I have never been on Chaos Constructions, and hope that it will be similar in spirit to the Berlin Chaos Communication Congress. If the readers are habitues of the SS - write in comments.

Due to a bug in the plugin reCaptcha all comments marked as spam regardless of the answer to a capture. In the end, I only found a folder with all the spam comments left by you in recent months. I will try to answer them as they become available free time.

I apologize to all readers of the blog for so long bugs.

Almost complete implementation of GSM-USSD in OpenBTS and it's time to start implementing the external API. At the moment, to fulfill external requests are considered variants of SMPP or HTTP. The first version of a standard - a protocol originally designed to send SMS and USSD. The second option is not so standard, but personally I think more interesting.

Using HTTP, you can bring to writing USSD-application vast army of web-developers and provide access to a variety of Internet resources directly from USSD. However, HTTP is easy to use only a simple request-response mode. It is best used to create a menu in which requests are sent several times during one session, we are still not clear. Well, not web-developers we. :) If you know how it is better (and easier) to implement all - write to us, please.

Another option, which may be of interest - using the same Jabber or SIP / SIMPLE for the treatment of USSD-requests and USSD-menu. But if this is too much overhead for a rather simple function?

I invite all to this discussion - here in the comments (in Russian) or in the mailing OpenBTS (in English). Let's make the API convenient and beautiful.

Somehow unnoticed flew two months since the last blog entry. No, we're not on vacation and did not abandon the project, we are just too much work. :)

Unfortunately, due to the different pads we were unable to travel to Germany for OpenBTS Workshop. Yesterday, he had already ended, but the organizers and participants until no news ... let's hope they all good.

But there is some good news:

• Released Kalibrator-0.3 with some functionality and a script to scan the spectrum to detect the carrier frequencies of base stations (FCCH). (link)
• In the March issue of Open Source Business Resource published an article by David Burgess " Low Cost Cellular Networks with OpenBTS ". The article tells about the history of OpenBTS and the current status of the project.
• For commercialization OpenBTS registered a separate company - Range Networks . The official announcement has not yet heard, but the performances by David Burgess has signed this company. Hopefully the aggressive commercialization will not cause too much damage to the community.
• The project is open-configurable reference generator ClockTamer gradually approaching a stable release hardware. I hope that soon we will get from the factory first hundred of the generators and be able to finally secure their all comers.
• Sylvaine Myunaut (Sylvain Munaut) are not without our participation has finally finished the wiring for the USRP frontend frontends and will soon be available for order. Front end includes a ceramic duplexer and low noise amplifier and a filter on the receiving channel. Works frontend in the range of GSM1800.

In the first article appeared Habrahabr tagged OpenBTS : Your personal mobile communication standard GSM

Despite minor errors (for example, photos are not David, but Harvind) and horrible grammar, we want to say thanks to the author of this article. We hope it will attract more attention to the project, more developers, more support.

PS One of the questions - where to look at OpenBTS in action? Answer: If you agree with us, you can see right here in Moscow! :)
If you're interested - write in comments. It collected a five-man, agree and arrange a presentation-demonstration. You can, for example, make a presentation after our return from the workshop. Then we can together to share fresh impressions, ideas and drive, but at the same time to show clips from there.

June 23-27 in Germany, near Munich creators OpenBTS will conduct workshop "with dipping". For more information about the workshop can be obtained here .

We will present workshops on the Russian part of the developers:) as well as represent developed by us for the implementation of USSD OpenBTS.

We will try to arrange a video recording of events and workshops to make it available to all interested.

Harald Welt (Harald Welte, the leader of the project OpenBSC, OsmocomBB, etc) published the first draft of the introduction of the internal structure of GSM-phones . It briefly discusses some of the hardware blocks are modern GSM-phones, looks like software architecture of GSM-part, are answers to frequently asked questions, etc. In the final part Harald traditionally complains of closed industries and the unavailability of source code. :)

PS Additions, corrections and translations of the text is very welcome.

Came out with a minor update OpenBTS ispravleniyamioshibok compilation on the latest Fedora and git-version GnuRadio.
The guys from GnuRadio second month can not create OpenBTS git-repository at their servers, so the release is only available as source code archives on the SourceForge download page .

So, that's the first real answer to those who do not understand how and why to use OpenBTS in real applications. David Burgess (David Burgess), Harvind Samra (Harvind Samra) and Tim Panton (Tim Panton) commissioned by Telecom Niue »(Telecom Niue) have launched a closed test operation of a tower with OpenBTS on the island of Niue .
Without adventure, of course, has not done, and this can be read in blogs , David and Tim .

I still have never seen the phone to show the lack of encryption in the network. Even when testing OpenBTS, which does not yet support encryption. In fact, until recently I did not even know what the specification numbers recommended. I learned about this I 26C3 from the sensational report Carsten Nola (Kartsen Nohl) and Chris Paige (Chris Paget) and follow this discussion. It is said that some phones do not know how to show icon lack of encryption, and the rest did not show, because this opportunity is blocked by an overwhelming majority of operators by setting a special bit on SIM-card. Here's how it is described in the specification GSM 02.07 Normative Annex B.1.26:

Ciphering Indicator

The ciphering indicator feature allows the ME to detect that ciphering is not switched on and to indicate this to the user, as defined in GSM 02.09.

The ciphering indicator feature may be disabled by the home network operator setting data in the «administrative data» field (EF _AD) in the SIM, as defined in GSM 11.11.

If this feature is not disabled by the SIM, then whenever a connection is in place, which is, or becomes unenciphered, an indication shall be given to the user.

Ciphering itself is unaffected by this feature, and the user can choose how to proceed.

In my free translation:

Indicator Encryption

Indicator encryption allows ME (Mobile Equipment, mobile equipment, ie mobile phone) to determine that encryption is not enabled and report it to the user, as defined in the specification GSM 02.09.

Inlikator encryption can be blocked by a home service provider (ie operator, which produces a SIM-card) by setting the field "administrative data» (EF _AD) on the SIM-card, as defined by the specification GSM 11.11.

If the light is not SIM-locked, then the connection that already, or just will not be encrypted, must be accompanied by an indicator of the lack of encryption.

Of course encryption is not affected by this

The indicator does not affect the encryption itself, and the user decides for itself how to operate.

Also, this "feature" is mentioned in GSM 02.09 Section 3.3.3:

Functional requirements

...

The ME has to check if the user data confidentiality is switched on using one of the seven algorithms as defined in GSM 02.07. In the event that the ME detects that this is not the case, or ceases to be the case (eg during handover), then an indication is given to the user.

This ciphering indicator feature may be disabled by the SIM (see GSM 11.11).

In case the SIM does not support the feature that disables the ciphering indicator, then the ciphering indicator feature in the ME shall be enabled by default.

The nature of the indicator and the trigger points for its activation are for the ME manufacturer to decide.

During the establishment of a call the trigger point shall be at call initiation at the latest. In the case of handover the trigger point shall be the completion of handover at the latest.

The manufacturer may provide the means to enable the user to temporarily disable the feature. This should be done in such a way that the user can protect it from misuse.

In my free translation:

Functional Requirements

...

ME has to check, whether incorporated protect user privacy by one of the seven algorithms defined in the specification GSM 02.07. If it is not, or has ceased to be so (for example, in the case of transfer of connection (handover'a)), the user is shown an indicator.

Ability to display an indicator fishrovaniya may be banned SIM-card (see spetsifikatsaiyu GSM 11.11).

If the SIM-card does not support the ban indicator encryption, the ability to display the indicator encryption must be enabled by default.

The essence of the indicator and the point of its inclusion are determined by the manufacturer ME.

During installation, the connection point of the inclusion of indication should be no later than the initialization call. In the case of a transfer sodineniya point inclusion indication should be no later than the completion of the transfer connection.

The manufacturer may provide oplzovatelyu possible to temporarily disable this feature is to be in such a way that the user can protect her from the wrong (not authorized?) Use.

Well, in the specification GSM 11.11 Section 10.3.18 describes the actual format for storing the flag to the SIM-card. He called the OFM and stored in the low bit of the third byte of the field EF _AD (Administrative data). The specifications for GSM its value for some reason not rashifrovyvaetsya, and more postural specifications such as 3GPP TS 31.103 Section 4.2.5 of its value clearly articulated:

The OFM bit is used to control the Ciphering Indicator as specified in TS 22.101 [21].

Ie

Beat OFM is used to control the Indicator of encryption, as described in the specification TS 22.101.

So, with adapter for reading SIM-cards or smart cards should be possible to check this bit, and if programmed SIM-cards - remove it and check whether the phone shows a lack of encryption when connecting to OpenBTS. What I'm going to do soon.

If you have a SIM-card, try to read this bit on your SIM-card. Let's see whether all the operators hide the indicator encryption?

PS Thanks Sylvain Munaut for something that gave a clear reference to the place in the standard, where this "feature" is described.

Some time ago the bug-fix release OpenBTS 2.5.3. All users of previous versions is strongly recommended to upgrade. Archives of the source is traditionally available on the SourceForge download page .

All good communication:)

(Again, not about 26S3)

It seems our cellular operators have seriously decided to expand into emerging markets.

With a theatrical delay of 5 minutes consortium VimpelCom (Beeline brand) and Alfa Group have applied to bid on the privatization of Zamtel (Cell-Z) - the third largest mobile operator, Zambia with 200 thousand subscribers against 700 thousand in MTN and 3 million from Zain.

In this case the total population of almost 12 million people, the literacy rate is even decent - 80% (estimated 2003), but the average income of all US $ 1,150 per year, although the majority of the population lives on less than US $ 360 per year. Since electricity is traditionally the problem - many base stations powered by diesel generators, and Huawei is very proud of the fact that he was able to halve the consumption of diesel in the base stations of its production in Zambia.

It turns out almost perfect picture for the implementation of solutions to OpenBTS. With such a small scope of the existing network of docking with the SIP should not cause big problems. Using the correct equipment c OpenBTS will dispense diesel generators at all, solely by solar panels and wind turbines. But the use of open products and modular architecture gives superior flexibility.

PS Yes, now OpenBTS not yet ready for mass deployment. But a year later, when he obrastet all the necessary capabilities and when arrive through the "proper equipment", the best solution for such implementations will not be found. "Proper equipment is already being developed by several teams (including this), but the possibilities are added with enviable speed. So wait, soon on your screens ...

PS Internet domain Zambia - ZM.

Remember, until recently, even in Moscow, to connect to the internet could only through the home network, which were created by enthusiasts? And the first time, only enthusiasts and their use, and ordinary people before the Internet was not the case. Apparently this is the natural course of history, when available internet access appears at first in local communities, "for friends".

Here are a couple examples from the distant (from us) places where the Internet - it is still a luxury, not a "conveyance". Marcelo Balisteri mailing list Village Telco presented his video about Parque On Line - a small "provider" that provides the Internet in the slums of Brazil:

Parque On Line

The second example - from a fresh blog entries by David Rowe: Baboons, Mesh Networks, and Community . It tells the story of mesh-network in Scarborough (near Cape Town, South Africa), through which the people of this small town have an opportunity to gain access to the Internet. Even for free, if you are willing to have a lower priority than paying subscribers.

Interestingly, in both cases it is a business, but business is not greedy, thinking not only about money but about people. Socio-oriented business.

PS In the next recording his impressions about our very interesting visit to the CCC.

C 27 to 30 December we Berlin - to 26-m Chaos Communication Congress (26C3) . The event promises to be interesting and entertaining. It will be there to talk about GSM in general and in particular OpenBTS - Harald Welte (project leader OpenBSC ) promises to run for the congress local GSM network , for fans of GSM will be allocated a special place for dialogue, experimentation and collaboration, and the list of lectures is such lectures:

1. Playing with the GSM RF Interface
2. Using OpenBSC for fuzzing of GSM handsets
3. GSM: SRSLY?

I have also come out there with a Lightning Talk and introduce our timebase before the public.

Everyone who stays at home at this time we can safely envy. ;)

PS However, all performances will be available in the online video of the Congress, and a couple of months - in a good quality are available for download on the site.

Published in the network video presentation by Steve Song (Steve Song) on TEDx, in which he tells about the Village Telco and Mesh Potato , innovation in the modern world, telecommunication operators and why it is now possible to radically change the situation with a link on the African continent. His analysis of modern trends in the development of communications, he brings to four phrases:

1) Tinkering is the new Inventing
2) Emergence is the new Order
3) Quantity is the new Quality
4) Atoms are the new Bits

http://www.vimeo.com/7924369 (video, English)

http://www.slideshare.net/ssong/village-telco-tedx-newtown (slides, English)

About the Village Telco

Village Telco - a non-profit open source project, funded by the Shuttleworth Foundation , and aimed at radically reducing the cost of communication for the inhabitants of the African continent. Here it competes with OpenBTS, or having similar objectives, but in my opinion, these projects rather complementary. And this is confirmed by the warm relations between the representatives of both projects.

This is not exactly news, but let it be. :)

With the gracious permission of the author (Joshua Lackey), I reliznul kal-0.2 . Kalibrator, popularly known as 'kal', - a tool for verifying the accuracy and stability of the reference generator your USRP. As a reference frequency used by the next sync with your base station. But the frequency of the base station you have to pick your own. ;) You can use any phone with the included NetMonitor, or USRP in spectrum analyzer mode (usrp_fft.py).

The difference between the kal-0.2 of the kal-0.1 the ability to choose a side USRP (A or B) and antenna (RX / TX and RX2).

New release OpenBTS 2.5.1. Archives of the source is traditionally available on the SourceForge download page . Release 2.5 contains several bugs and was almost immediately replaced by 2.5.1, so do not be surprised. :)

In addition to correcting many problems in this release, there OpenBTS SMS-server smqueue, written by John Gilmore (John Gilmore) , co-founder of EFF. The server implements the RFC3428 store-and-forward SIP-server.

Note that when upgrading from 2.4 you must update the registration data Asterisk. Now SIP-names which are registered mobile phones, starting with the letters «IMSI». Ie phone IMSI 310410186585295 would be recorded under the SIP-name «IMSI310410186585295».

The release includes a transceiver to work with standard USRP with 64MGts reference clock, and to work with the reference clock 52MGts. All are encouraged to use it 52MGts reference clock, as the transceiver for 64MGts develop further and will not be filed just to make easier for people to start experimenting.

(Russian version of the post here)

Some time ago at OpenBTS and gnuradio Mailing lists We announced a new Universal clocking Board for usrp. One of it's ample features is an ability to drive USRP at 52MHz with enough stability to run OpenBTS smoothly. This week we finally received manufactured PCBs and are in process of preparing testing samples. Main batch of PCB will be passed to population soon and we hope to make them available for shipping in the beginning of December.

Here are some PCB pictures for now:

Universal Clocking Unit for USRP - PCB

Universal Clocking Unit for USRP is so tiny with all its features!

Universal Clocking Unit for USRP - positioning

(Native English version is here)

Some time ago on the mailing lists and OpenBTS GnuRadio we announced a universal reference (clock) generator for the USRP, which can be used, including, and to clock the USRP to 52MGts - recommended mode for OpenBTS. This week we finally received payment from the factory and will soon start assembling the first test specimens. Willing to pay, I hope we will be able to invite all wishing somewhere in early December. :)

And yet - a few photos:

The reference generator for the USRP - PCB

The reference generator for the USRP has turned out quite tiny

The reference generator for the USRP - about how he will be placed on USRP.

After announcing to all his friends collecting old phones, we began to collect his clothing collection. And behold, they brought us a miracle. Car GSM-phone from Motorola, judging by the internet are staged in the old BMW. And maybe in other cars. But looks impressive: solid metal casing, the abundance of discrete components, power components. Power seems to have had a maksmalnaya - 8W. SIM-card is used more full-size, the size of a standard smart card (receiver for him is a picture to the right, under the board, poukrugly prominence in the case - this cavity to the fingers, the better to get it).

It is a pity that we got it without the tube. Since the buttons and display located on it, then without handset completely functional. Friends, if someone has lying around the tube to such a call - we invite her to visit us! :)

And now this photo:

Motorola SUF1321A car-phone inside

Motorola SUF1321A car-phone bottom

Released bug-fix release OpenBTS 2.4.1, which includes a pack of my bug fixes, memory access and a patch from Christian Meier to fix a bug in the formation of SMS.

Version available for download archive or via SourceForge svn.

And we turn to catching bugs in the upcoming 2.5, to accelerate its release in open access.

It should be noted that despite the fact that all GPL-projects are equal, some of them even. In other words, GPL-projects can be more open and less open. And OpenBTS is just less open-source project. How can this be, because the license says that all source code should be available? Yes, it is available, but only when you start to distribute the product based on these sources. Ie while you are working to develop, you can keep your change with you and no one to show. Or show, but limited. And it will be under the license. Such conditions are logical, but sometimes can lead to strange consequences.

If you look at the downloads page OpenBTS , you'll find there version 1.6 (New Iberia) - a version that Kestrel SP released in April this year, nearly six months ago. From the official blog of the project can learn that at Burning Man 2009, they used version 2.5, which they have worked well and they had during the festival well debugged. Moreover, the official wiki of the project is a compatibility list of phones for version 2.4.

Where are these versions 2.4 and 2.5? And they are only "active developers" from the community and commercial customers Kestrel SP. Why? David explains - the company needs funds to exist, and customers are willing to pay for something, to first gain access to some functionality. Active developers also can be equated to customers because it saves time and money the company. In addition, - David does not say, but it is obvious - thus somewhat difficult life for those who want to take the software for free and sell under its own brand. Basically, everything looks quite logical, if not a few "buts". Suppose a person begins to develop in the draft, making the first test and then finds the first bug in the draft. He's got options - (1) ignore the bug, if it is not a serious obstacle, (2) to report it to the list or in the tracker of the project, and (3) to fix it and send the patch to the project. To project the most beneficial option (3) - Draft for free gets a correction, to which of the main developers did not get hands or that is rare. From the options (1) and (2) project in the long run neither cold nor hot. But remember that the person running the old version and knows it. And in this case he has a very weak motivation to fix a bug found - once developers write that they all works great, then they probably have it fixed and you can just wait until they lay out a general access the new version. Do not do the same, indeed, double the work, which will then nobody wants - the developers certainly prefer their bug fix than some party. As a result, many errors, which could be corrected by the community, developers are forced to correct themselves, spending their time (and money).

There's another aspect of the problem. It turns out that the community give the release to which you obviously worse than working, and while they say that everything works fine (but the new version!). People have questioned this version, try to make it work, and they are not very good, they spend a lot of time and effort in trying to understand what is wrong - in fact wrote that everything works. Then they say: "Here you have newer version, we'll upload it soon to open access, it may be better to work. They are trying - and everything really starts to work better. How then feel these people? It was as though they threw. Not the most useful sense, when you work with open-source project.

PS Yes, we have received from David on a test version 2.4 and 2.5. Early results are encouraging - now all of our test Siemens'y calmly connected and working. More details about the new test results - in the following positions.