On Fri, Jan 15, 2010 at 1:38 PM, Alvin Liebe <[email protected]> wrote: > I see.. > so the problem is not only on the pc but even on the fpga for the frequency > hopping.. > on the pc side is known how to follow the hopping sequence on an unencrypted > call ?
I'm unsure if any open-source implementation exists to follow the hopping sequences. Because of the encryption we do not know the hopping sequence and thus such code would seem irrelevant for most. > I mean the list of the frequencies can be easily decoded at the start of the > call ? When unencrypted they can be decoded. Whether this is easy or fast enough, I do not know. I assume you will have to write some code that interprets the list of frequencies and the hopping sequence number, and gives the correct frequency value, where to expect the following burst. > as far I know for encrypted a5\1 calls there is a signal burst on the the > next channel that is going to be used.. I do not understand what you mean. As far as I know, you get a HSN (hopping sequence number) and a list of frequencies and this leads to a precise sequence of the frequencies in that list. > so the stream can be rebuild after capture of the entire frequency band. If you capture the entire freq. band, then you could take your time and either decode and interpret the hopping sequence or guess between all possible flows until you find the correct one. > > And another very important question.. > let's say we have an FPGA on USRP that can follow the hopping sequence.. > an usrp1 or usrp2 board could capture both side of the conversation, or > there are other hardware limitations on USRP boards > that prevent from this ? Whether you are using the USRP1 or 2, you will always need two devices to capture the up and down link. And thats for gsm900, for gsm1800 you're out of luck all together. From the top of my head the USRP1 can capture 35 MHz at once and the USRP2 50, which just isn't enough to capture both up and downlink of gsm900. > > Alvin > > ________________________________ > Da: Fabian van den Broek <[email protected]> > A: Alvin Liebe <[email protected]> > Cc: [email protected] > Inviato: Ven 15 gennaio 2010, 10:01:04 > Oggetto: Re: [A51] just a simple question > > A USRP1 *could* be enough to fully decode one side of the conversation > (either up or down link). > The problem of frequency hopping kicks in if a BTS has too many > frequencies. Even if everything is in the clear, then you would still > need to interpret the hopping sequence and follow it fast enough. That > seems hard. Either that or capture the entire frequency band, which > will probably be too much data for the USB throughput. To get past the > data-bandwidth trouble you'd need to implement some kind of > pre-selection (like following the hopping sequence) on the USRP1's > FPGA and I don't think the FPGA will manage. > > But if you're listening in on BTSs that transmit on only very few > frequencies, then you could listen in on one side of the conversation. > > Fabian > > On Fri, Jan 15, 2010 at 12:41 AM, Alvin Liebe <[email protected]> wrote: >> Hi all >> according your experience an Usrp1 board would be enough to fully decode >> a call with only a5\0 encryption (not encrypted) ? >> or there are bandwidth issues ? >> >> >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> >> > > _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
