OsmocomGMR: Lecture on cryptoanalysis of GMR-1 and GMR-2 ciphers

Added by tnt almost 9 years ago

On February 2nd 2012, researchers Be­ne­dikt Dries­sen und Ralf Hund of the University of Bochum will report on their analysis of the GMR-1 and GMR-2 ciphers.

According to the abstract ​, the cipher used in GMR-1 and thus Thuraya is more or less the same than GSM's A5/2, and can be broken at similar complexity (i.e. almost none).

OsmocomBB: OsmocomBB RSSI monitor firmware

Added by laforge almost 9 years ago

OsmocomBB team member Andreas Eversberg has been working on a new RSSI monitor firmware application within OsmocomBB.

Using this firmware, it is possible to monitor the RSSI of individual ARFCNs or even the entire spectrum.

Depending on the hardware capabilities (e.g. Hardware/FilterReplacement), it is also possible to measure the uplink RSSI.

More details are available at rssi.bin.

The current status of this firmware is available from the laforge/monitor branch in git, but is expected to be merged soon into master.

OsmoSDR: OsmoSDR hardware verification at 28C3

Added by laforge about 9 years ago

At ​28c3, the OsmoSDR team was busy verifying the hardware design on the first prototypes.

The result can be summarized as:

  • SAM3U is working, enumerates on USB and can be programmed via SAM-BA
  • E4K tuner driver is working
  • Si570 driver is working
  • FPGA can be flashed via JTAG bit-banging from SAM3U
  • FPGA and SAM3U can speak via SPI

However, there are at least two bugs:

  • USB socket footprint pin-out was mirrored
  • clock output level of Si570 doesn't match FPGA clock input specs (amplitude too low)

The issues have been worked around, and firmware + FPGA development has made progress.

OsmocomGMR: Video and Slides of Sylvain's 28C3 GMR talk

Added by tnt about 9 years ago

OsmocomGMR main author Sylvain Munaut has given a presentation about the GMR-1 standard and the OsmocomGMR software at the 2011 annual CCC conference (28C3).

It is a great introduction into the topic, and a recommended read/view for everyone wanting to experiment with our OsmocomGMR software.

The slides are available from ​

The video is available from ​

OsmocomGMR: First Osmocom GMR code release

Added by laforge over 9 years ago

As some of the readers may already know, a couple of Osmocom developers have been working on a new sub-project: ​OsmocomGMR.

The primary goal of this project is to provide a reusable and clean implementation of the various layers of GMR-1.

What is GMR-1 ? Well, it stands for "GEO Mobile Radio" and it's a set of specifications describing a satellite based mobile phone network heavily inspired from GSM. One of the major commercial operators of GMR-1 technology is "Thuraya", providing coverage over Europe/Africa/Asia/Australia?.

So far the implementation focused on the lowest layers:

  • Physical layer with FCCH sync and demodulation support for pi4-CBPSK and pi4-CQPSK bursts.
  • Channel coding layer (scrambling/puncturing/convolutional coding/crc/interleaving/...)

And some ancillary tools to exploit those:

  • A good capture tool to listen to particular ARFCN and channelize them properly
  • Wireshark support (BCCH only so far)

The first 'demo application' using all of the above provides functionalities similar to what airprobe is for GSM: An air interface protocol analyzer that goes all the way from capturing data off-the-air to sending packets to wireshark for analysis. Limited to BCCH only currently but this will evolve with time.

Development was mainly done by Sylvain Munaut, with help from Dimitri Stolnikov (early signal captures and his great capture tool), Harald Welte (initiating the project) and Steve Markgraf (testing different setup and antenna ideas).

If you'd like to know more, you are encourated to read the ​wiki and join the ​mailing list

OpenBSC: Introducing the osmo-bts project

Added by laforge over 9 years ago

For quite some time we've been hacking away on a project called osmo-bts.

You can find it source code as usual on, for occasional web browsing we offer ​cgit access.

osmo-bts is a BTS-side Layer3 and Layer2 protocol implementation, including Abis/IP, TS 08.58 RSL, TS 12.21 OML, TS 04.06 LAPDm and various other bits and pieces required to run a BTS.

Specifcally, it does not include a GSM Um Layer1. Rather, the idea is to port osmo-bts to a variety of L1 implementations.

So far, hardware support only exists for an upcoming BTS product which is not available yet, the sysmocom femtobts. However, there is active work being done un hacking some OsmocomBB phones into using them as a BTS, as well as support for other L1/hardware, too.

We are also planning to implement a 'virtual layer1', that can be used to run a BTS without any radio layer, interfacing the OsmocomBB stack via TCP/IP for netwokr simulation and software testing.

OsmocomTETRA: Chaosradio podcast about TETRA and OsmocomTETRA

Added by laforge over 9 years ago

Today, a ​Chaosradio Express (CRE) about TETRA has been released at ​

OsmocomTETRA founder ​Harald Welte was interviewed by ​Tim Pritlove, maker of the popular German language technology podcast Chaosradio Express.

The 2 hours and 20 minutes long interview covers the historic evolution from analog radio, trunked radio to digital trunked radion and TETRA. It also covers users, security issues and the OsmocomTETRA project.

Please note: CRE is a German language publication.

OsmocomTETRA: Starting to analyze the Dimetra BTS

Added by laforge over 9 years ago

We have recently started to analyze some old Motorola Dimetra equipment, the progress can be found at Dimetra_EBTS and the follow-up pages.

Any hints on how to configure/setup/use this hardware are appreciated, especailly regarding the Ethernet protocol between BR and TSC, as well as the E1 protocol from TSC to SwMI.

OpenBSC: New commit log mailing list for all git repos

Added by laforge almost 10 years ago

We haven't had a functioning commit log mailinglist since mid-2009, when the revision control system of openbsc was converted from svn to git.

Especially today, with the large number of separate git repositories on, it is very easy to loose track of what other developers are doing.

The new mailing list 'osmocom-commitlog' (renamed from openbsc-commits) will receive updates from all repositories on

Feel free to subscribe at


Also available in: Atom

Add picture from clipboard (Maximum size: 48.8 MB)