Changes between Version 9 and Version 10 of WikiStart


Ignore:
Timestamp:
05/30/11 15:35:40 (2 years ago)
Author:
laforge
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • WikiStart

    v9 v10  
    11[[PageOutline]] 
    2 = Osmocom TETRA MAC/PHY layer experimentation code = 
     2= The Osmocom TETRA project = 
    33 
    4 This code aims to implement the sending and receiving part of the 
    5 TETRA MAC/PHY layer. 
     4This project aims at practical research and experimentation with the [wiki:TETRA] 
     5trunked radio system. 
    66 
    7 If you read the ETSI EN 300 392-2 (TETRA V+D Air Interface), you will 
    8 find this code implementing the parts between the MAC-blocks (called 
    9 type-1 bits) and the bits that go to the DQPSK-modulator (type-5 bits). 
     7It is part of the bigger family of [http://osmocom.org/ Osmocom] projects, 
     8all aiming to create Free Software (Open Source Software) for mobile communications. 
    109 
    11 It is most useful to look at Figure 8.5, 8.6, 9.3 and 19.12 of the 
    12 abovementioned specification in conjunction with this program. 
     10== Software Defined Radio TETRA Air interface sniffer == 
    1311 
    14 == Big picture == 
     12The [wiki:osmo-tetra] project aims at implementing the sending and 
     13receiving part of the TETRA MAC/PHY layer. 
    1514 
    16 {{{ 
    17 #!graphviz 
    18 digraph G { 
    19   graph [ rankdir = LR ]; 
     15Currently, it can 
     16 * receive, demodulate and decode TETRA downlink signals of real-world TETRA networks 
     17 * display information about SYNC, SYSINFO, MM and CMCE PDUs 
     18 * forward those TETRA downlink signals to the [http://wireshark.org/ wireshark] protocol analyzer 
     19 * forward IP packets contained in TETRA SNDCP to a local {{{tun/tap}}} device 
    2020 
    21   bits_file2 -> tetra_rx [ label = "read" ]; 
    22   tetra_rx -> console [ label = "stdout" ]; 
    23   tetra_rx -> wireshark [ label = "GSMTAP" ]; 
     21== Research on Motorola Dimetra EBTS == 
    2422 
    25   float_file2 -> float_to_bits [ label = "read" ]; 
    26   float_to_bits -> bits_file1 [ label = "write" ]; 
     23We are currently investigating the hardware and software architecture of the [wiki:Dimetra_EBTS Motorola Dimetra EBTS], 
     24including its components like Base Radio, Site Controller, etc. 
    2725 
    28   USRP -> tetra_demod [ label = "USB" ]; 
    29   tetra_demod -> float_file1 [ label = "write" ]; 
     26The goal here is to run this equipment without a Motorla SwMI and thus have an inexpensive platform for running 
     27your own TETRA network for research purpose. 
    3028 
    31   bits_file1 [ shape=box label="file.bits" ]; 
    32   bits_file2 [ shape=box label="file.bits" ]; 
    33   float_file1 [ shape=box label="file.float" ]; 
    34   float_file2 [ shape=box label="file.float" ]; 
    35   tetra_rx [ label="tetra-rx" ]; 
    36   tetra_demod [ label="tetra-demod.py" ]; 
    37 } 
    38 }}} 
     29== Applied Research on security of real-world TETRA networks == 
    3930 
    40 == Source Code == 
    41 The source code is available via read-only git access at 
    42 {{{ 
    43         git clone git://git.osmocom.org/osmo-tetra.git 
    44 }}} 
     31Using the tools we develop, we are analyzing the security of real-world TETRA networks. 
    4532 
    46 You can also browse the source code at http://cgit.osmocom.org/ 
     33Our experience so far is quite shocking: All the non-government TETRA networks that we 
     34have encountered use no TETRA encryption at all, i.e. they are subject to very easy 
     35eavesdropping attacks. 
    4736 
    48 You will need [http://bb.osmocom.org/trac/wiki/libosmocore libosmocore] to link. 
     37More information will follow soon. 
    4938 
    50 == Mailing List == 
    51 There is a public mailing list regarding development of this project, you can 
    52 visit the subscription page at https://lists.osmocom.org/mailman/listinfo/tetra 
    53  
    54 This list is '''for discussion between software developers''' who intend to improve the 
    55 Osmocom TETRA software.  It is not a forum for individuals asking how they can tap 
    56 into police radio (which is encrypted anyway). 
    57  
    58 == FAQ == 
    59 We now have a [wiki:FAQ] (Frequently asked Questions) page! 
    60  
    61 == Demodulator == 
    62  
    63 {{{src/demod/python/cpsk.py}}} 
    64         * contains a gnuradio based pi4/DQPSK demodulator, courtesy of KA1RBI 
    65 {{{src/demod/python/tetra-demod.py}}} 
    66         * call demodulator on a 'cfile' containing complex baseband samples 
    67 {{{src/demod/python/usrp1-tetra_demod.py}}} 
    68         * use demodulator in realtime with a USRP1 SDR 
    69 {{{src/demod/python/usrp2-tetra_demod.py}}} 
    70         * use demodulator in realtime with a USRP2 SDR 
    71 {{{src/demod/python/fcdp-tetra_demod.py}}} 
    72         * use demodulator in realtime with a [wiki:Funcube_Dongle]. This may also be used with other Softrock-type receivers by downconverting the intermediate frequency of a radio scanner to the complex baseband. 
    73  
    74 The output of the demodulator is a file containing one float value for each symbol, 
    75 containing the phase shift (in units of pi/4) relative to the previous symbol. 
    76  
    77 You can use the "float_to_bits" program to convert the float values to unpacked 
    78 bits, i.e. 1-bit-per-byte 
    79  
    80  
    81 == PHY/MAC layer == 
    82  
    83 === library code === 
    84  
    85 Specifically, it implements: 
    86  
    87 {{{lower_mac/crc_simple.[ch]}}} 
    88         * CRC16-CCITT (currently defunct/broken as we need it for 
    89           non-octet-aligned bitfields) 
    90 {{{lower_mac/tetra_conv_enc.[ch]}}} 
    91         * 16-state Rate-Compatible Punctured Convolutional (RCPC) coder 
    92 {{{lower_mac/tetra_interleave.[ch]}}} 
    93         * Block interleaving (over a single block only) 
    94 {{{lower_mac/tetra_rm3014.[ch]}}} 
    95         * (30, 14) Reed-Muller code for the ACCH (broadcast block of 
    96           each downlink burst) 
    97 {{{lower_mac/tetra_scramb.[ch]}}} 
    98         * Scrambling 
    99 {{{lower_mac/viterbi*.[ch]}}} 
    100         * Convolutional decoder for signalling and voice channels 
    101 {{{phy/tetra_burst.[ch]}}} 
    102         * Routines to encode continuous normal and sync bursts 
    103 {{{phy/tetra_burst_sync.[ch]}}} 
    104  
    105  
    106 === Receiver Program === 
    107  
    108 The main receiver program {{{tetra-rx}}} expects an input file containing a 
    109 stream of unpacked bits, i.e. 1-bit-per-byte. 
    110  
    111  
    112 === Transmitter Program === 
    113  
    114 The main program {{{conv_enc_test.c}}} generates a single continuous downlink sync 
    115 burst (SB), contining: 
    116         * a SYNC-PDU as block 1 
    117         * a ACCESS-ASSIGN PDU as broadcast block 
    118         * a SYSINFO-PDU as block 2 
    119  
    120 Scrambling is set to 0 (no scrambling) for all elements of the burst. 
    121  
    122 It does not actually modulate and/or transmit yet. 
    123  
    124  
    125 == Quick example == 
    126  
    127 assuming you have generated a file samples.cfile at a sample rate of 195.312kHz (100MHz/512 == USRP2 at decimation 512) 
    128  
    129 {{{ 
    130 ./src/demod/python/tetra-demod.py -i /tmp/samples.cfile -o /tmp/out.float -s 195312 -c 0 
    131 ./src/float_to_bits /tmp/out.float /tmp/out.bits 
    132 ./src/tetra-rx /tmp/out.bits 
    133 }}} 
    134  
    135 For a complete list of local wiki pages, see TitleIndex. 
     39= Further Reading = 
     40 * [wiki:FAQ] - Our Frequently Asked Questions 
     41 * [wiki:Funcube_Dongle] - A small receiver that can be used with [wiki:osmo-tetra] 
     42 * [wiki:Dimetra_EBTS] - Information on the Motorola Dimetra EBTS