So... why not also Neo Freerunner or 1973?! http://wiki.openmoko.org/wiki/Main_Page
http://wiki.openmoko.org/wiki/Neo_FreeRunner Regards Red On 04/gen/2010, 20.47, Maxim wrote: > What about OpenTSM project? It is about turning a TSM30 phone into a sniffer. > Did anyone has a success with it? It has a public firmware source code. > > http://www.google.com/search?hl=mo&q=cache:wiki.thc.org/gsm/opentsm&btnG=C%C4%83utare > > > --- On Mon, 1/4/10, Clemens Gruber <[email protected]> wrote: > >> From: Clemens Gruber <[email protected]> >> Subject: Re: [A51] Truth about this work >> To: [email protected] >> Date: Monday, January 4, 2010, 5:01 AM >> I thought not of building a phone >> itself but we could use some of the >> parts which have been used in the nokia 3210. >> Same approach as airprobe with usrp just another >> specialised radio >> peripheral with a fast and huge fpga and a logic to downmix >> just the GSM >> bands. We have fixed frequency bands , the downmixing >> should be >> implemented the same way as the nokia 3210 does it, maybe >> we can reuse >> the technology / copy the layout until the point where we >> got the >> IF-signal. >> All further tasks can be done via the FPGA, just as it was >> planned with >> the USRP2, or via software. >> What do you think? >> >> On Mon, 2010-01-04 at 15:50 +0330, p q wrote: >>> you can not just build a phone . it needs a dozen of >> legal steps to >>> take , huge investment and very huge production line . >> i dont even go >>> far to explain how complicated and expensive this is . >> to use a phone >>> as a GSM receiver you need to hack into the baseband >> processor to be >>> able to control the L1 IC . its usually a DSP >> implementing the layer-1 >>> Radio interface . you can not own such chip . there >> are a few >>> producers offering it only to huge vendors , NDA , >> Legal subjects . >>> etc . your only chance is to hack into baseband . >>> that'd be a very difficult job i must confess but not >> impossible . if >>> somebody can hack into a baseband processor and >> control the L1 DSP >>> that's only the start of this work because you need to >> put a phone >>> into a scanner , learn about active channels , then >> tune the other >>> phones to follow that channel . still , this is not >> going to be cheap >>> and most certainly not going to be easy . if you do >> that and put the >>> hacked firmware on the internet if the phone is old >> you have low >>> chances to be able to buy it , if its new the vendor >> will make a >>> little change and present the newly built ones get >> hacked . after >>> all , this is a billion dollars business and people >> who design and >>> build phones know what they are doing >>> >>> >>> >>> ---------- >> Forwarded message ---------- >>> From: Evgeniy >> Shelepov <[email protected]> >>> Date: Mon, Jan >> 4, 2010 at 3:43 PM >>> Subject: Re: >> [A51] Truth about this work >>> >>> To: a51 <[email protected]> >>> >>> >>> Hello, >>> >>> >>> Yes, it looks a >> good idea to make a phone. BTW, why isn't it >>> possible >>> to make a >> sniffer from a cell phone, it has all the components >>> that >>> are needed. >> Probably it is possible to write a firmware and to >>> simulate some >> tricky simcard to make it do what we need. >>> >>> 2010/1/4 Clemens >> Gruber <[email protected]>: >>> >>> > see this >> listing of the nokia 3210 hardware: >>> > https://www.pqgruber.com/other/Portable.pdf >>> > Maybe we >> can use similar parts and build our own peripheral >>> perfectly >>> > fitting our >> needs.. it should be much cheaper than 2 usrp2s >>> with >>> > >> daughterboards etc. >>> > if there >> are enough interested people, it will be possible. >>> > >>> > on the >> other hand, the idea of combining a usrp1 with a new >>> fpga-card >>> > (spartan, >> virtex, ...) sounds very good because the fpga >>> seems to be the >>> > >> bottleneck. >>> > does >> anybody know if it's possible to create a fast >>> > >> data-transfer-connection between these 2 devices? >>> > >>> > On Mon, >> 2010-01-04 at 14:16 +0330, p q wrote: >>> >>> >>> >> thanks >> for the last two questions >>> >> this >> was also the important facts that nobody mentioned >>> them . to do >>> >> a >> successful attack to A5/1 enabled GSM you need to capture >>> signal on >>> >> a >> wide-band style meaning you need to capture all the bands >>> that may >>> >> have >> carrier on them . this is highly depended on the >>> network >>> >> >> configuration specially the design on BTS . >>> >> >>> >> >>> >> real >> world BTSs are offering services on different bands >>> and calls are >>> >> always >> get handover between the bands due to radio resource >>> >> >> management . for a sucsessful GSM interception you at least >>> need to >>> >> capture >> Downlink . considering the current opensource and >>> cheap >>> >> >> hardware you can simple forget to capture both uplink and >>> downlink , >>> >> that's >> just not possible . >>> >> >>> >> >>> >> to >> capture Downlink of a BTS that offers GSM1800 you need >>> to capture >>> >> at >> least 75 MB of the spectrum space . this is far more >>> than USRP and >>> >> also >> beyond USRP2 >>> >> yes its >> possible to do this on GSM900 but you have to first >>> find a BTS >>> >> that >> only offers downlink on GSM900 and this is not going >>> to be easy >>> >> >>> >> >>> >> the >> idea of being able to build the RF part of a GSM >>> interceptor >> that >>> >> works >> on real world BTSs across the world using cheap stuff >>> like USRP >>> >> is just >> delusional . never gonna happen . this is another >>> truth about >>> >> this >> work . giving ourselves promises that's just not >>> technically >>> >> >> possible is not going to go far >>> >> >>> >> >>> >> what is >> possible to do ? it is possible to build a >>> GSM900-only >> capture >>> >> system >> using at least two USRP2 and still it depends on the >>> number of >>> >> TRXs >> that's installed on the BTS . if we want to go out >>> there and >>> >> really >> capture data from a real BTS we need to consider >>> these things >>> >> before >> getting ahead of ourselves . a two-unit USRP2 system >>> might be >>> >> able to >> fully capture the downlink of a real BTS operating >>> in GSM900 >>> >> only in >> a not so crowded area >>> >> >>> >> >>> >> i saw >> people are fantasizing this work to put it on some >>> hacker CD >>> >> like >> Wifi and WEP stuff . i'm going to go out and say it : >>> people , >>> >> this is >> far more complicated and more expensive than that . >>> this is >>> >> all >> just because of the expensive and close nature of >>> cellular >> network >>> >> >> business and RF problems , not just because of the >>> cryptography >> like i >>> >> said >> before A5/1 is just a part of the problem . even if we >>> can prove >>> >> we can >> crack A5/1 which is not happened yet next step is >>> the real pain >>> >> in the >> ass >>> >> >>> >> >>> >> >> regards >>> >> >>> >> >>> >> >>> >> >>> >> On Mon, >> Jan 4, 2010 at 1:58 PM, Gregory Maxwell >>> <[email protected]> >>> >> wrote: >>> >> >> [Please don't send HTML mail >> to mailing lists] >>> >> >> On Mon, Jan 4, 2010 at 4:31 >> AM, p q >>> <[email protected]> >>> >> >> wrote: >>> >> >> > >>> >> >> > USRP even in a two-unit >> configuration is no good >>> since it >>> >> >> can not handle GSM1800 >>> >> >>> >> >>> >> >> I was under the impression >> that provider >>> allocations are >> still >>> >> >> no more >>> >> >> than 10mhz wide in the >> 1800mhz band, are they not? >>> >> >>> >> >>> >>> >> >> ______________________________________________ >>> >>> >>> >>> _______________________________________________ >>> A51 mailing list >>> [email protected] >>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
