capturing the full band of GSM1800 (wideband) needs more bandwidth than USRP2 can handle at baseband . its impossible to capture all the band and send it up to PC . so maybe parts of the work needs to be done on FPGA . USRP2's FPGA us Spartan3 and it has enough room for this ,i suppose . anybody here can confirm this ?
> > ---------- Forwarded message ---------- > From: sascha <[email protected]> > Date: Wed, Dec 9, 2009 at 2:07 PM > Subject: Re: [A51] USRP2 > To: [email protected] > > > On Wed, Dec 09, 2009 at 04:24:27AM -0500, Gregory Maxwell wrote: > > On Wed, Dec 9, 2009 at 4:03 AM, p q <[email protected]> wrote: > > > even USRP2 is not good for capturing GSM1800 traffic so we are stuck > with > > > GSM900 only . is this correct ? > > > > I have no clue why you couldn't capture up and downlink with two separate > > RX daughter boards on USRP1. > > > > The USRP2 ADC does complex sampling at 100mhz, so it can capture a 100mhz > > bandpass. It can't cram that much over the ethernet but someone could > > create a FPGA image that grabs two 10mhz windows separated by the 90mhz > offset. > > I don't know if any of the existing daughter boards have a bandpass that > wide. > > people at airprobe.org can give better answers to those questions than we > can. > With the proper programming of the USRP hardware you should be able to > capture up and downlink of a conversation with ease with a single DB since > even the cheapest handset can do it. > The disadvantage of the attacker is that after encryption is enabled and > before the key is found, the channel allocation and frequency hopping > sequence is renegotiated between BTS and handset. So you end up having to > record the whole band (and also both up and downlink), so that you can > later extract from that the bursts at the correct time offset and > frequency. > The whole band is shared between all the networks though, but whether that > sharing means that ARFCNs belonging to one network are adjacent is unclear > belonging to one network are adjacent is unclear (to me). > The people at airprobe.org can give a more detailed answer to that. > The proper solution would be to have a single USRP with 2 daughterboards > and do the demodulation on the FPGA, but i doubt the FPGA is beefy enough > for that. > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
