Emi-firmware » History » Version 12
jolly, 02/19/2016 10:49 PM
| 1 | 1 | jolly | = OsmocomBB EMI Firmware = |
|---|---|---|---|
| 2 | |||
| 3 | 2 | jolly | [[Image(emi-firmware:emi_main.jpg)]] |
| 4 | |||
| 5 | 1 | jolly | == Introduction == |
| 6 | |||
| 7 | 9 | jolly | OsmocomBB EMI is a tool to generate GSM RF interferences. It can be used to test how GSM radiation affects other equipment, e.g. amplifiers, radios and wireless devices. It is capable of transmitting in all regular GSM bands (1800, 1900, 850, 900), up-link and down-link. Because it only transmits, no filter rework is required. There are several test patterns, from SDCCH on a single time slot to PDCH on 5 time lots. |
| 8 | 1 | jolly | |
| 9 | 6 | jolly | == Branch == |
| 10 | 4 | jolly | |
| 11 | 9 | jolly | Check out jolly/emi branch of OsmocomBB GIT. It contains the EMI app and Sylvain's TRX hack, which is required to transmit multiple bursts per frame. |
| 12 | 4 | jolly | |
| 13 | 1 | jolly | == Settings == |
| 14 | |||
| 15 | 9 | jolly | Use left function key (left button below display) to toggle between DCS1800 and PCS1900 band. This is only required for ARFCN rage from 512 to 810. |
| 16 | 1 | jolly | |
| 17 | 9 | jolly | Use right function key to toggle between up-link (interference of a mobile station) and down-link (interference of a base station). |
| 18 | 1 | jolly | |
| 19 | 9 | jolly | To change ARFCN, enter digits and acknowledge with right function key. Press or hold right or left cursor buttons to adjust current selected ARFCN. |
| 20 | 1 | jolly | |
| 21 | 11 | jolly | Press the menu button (black center button) to select a test pattern (scroll up and down) and acknowledge with the right function key. Test patterns are: |
| 22 | |||
| 23 | * SDCCH |
||
| 24 | * TCH/F (1-5 time slots) |
||
| 25 | * TCH/H |
||
| 26 | * TCH/F (TCH/H) using DTX |
||
| 27 | * PDCH download (sending acknowledgments) |
||
| 28 | * PDCH upload (1-5 time slots) |
||
| 29 | * RACH (single Access Burst) |
||
| 30 | 1 | jolly | |
| 31 | == Operation == |
||
| 32 | 2 | jolly | |
| 33 | '''Note: This device transmits on frequencies that require a license in most countries. Only use this device, if you have a license for the selected ARFCN or if you use it inside a Faraday cage''' |
||
| 34 | 1 | jolly | |
| 35 | Press the green button (off-hook) to start transmitter. The transmit power is shown. |
||
| 36 | |||
| 37 | Turn off transmitter by pressing green button again or by pressing red button (on-hook). |
||
| 38 | |||
| 39 | To increase or decrease TX power, press or hold up and down cursor buttons. |
||
| 40 | 8 | jolly | |
| 41 | ==== RACH Burst ==== |
||
| 42 | |||
| 43 | 9 | jolly | In case of test pattern "RACH", real Access Bursts can be transmitted. Access bursts are shorter than Normal Burst. When this test pattern is selected, transmit power is always shown on the display, but nothing is transmitted. To transmit a single Access Burst, press the green button (off-hook). Whenever the green button is pressed again, an Access Burst is transmitted. |
| 44 | 1 | jolly | |
| 45 | == Simulation == |
||
| 46 | |||
| 47 | When transmitter is on, the transmitted bursts can be made audible on the phone's buzzer. To increase volume, press or hold # key. To decrease, press or hold * key. |
||
| 48 | 4 | jolly | |
| 49 | == Restrictions == |
||
| 50 | |||
| 51 | 5 | jolly | * GSM 850 and 900 will not allow to go down lower than 4 dBm, even if displayed so. |
| 52 | 10 | jolly | * TX power of patters with multiple times lots will always be 30 dBm (about 1 Watts). |
| 53 | * Access Bursts are always sent on up-link bands. |
||
| 54 | 12 | jolly | * The bursts, except for Access Bursts do not carry valid data, they are just Dummy Bursts. |
| 55 | |||
| 56 | == Burst Templates (informative) == |
||
| 57 | |||
| 58 | Note: '*' represents transmission, '-' represents no transmission. Each character represents one frame. |
||
| 59 | |||
| 60 | When SDCCH is selected, two alternating 51 multiframes are transmitted in a loop: |
||
| 61 | |||
| 62 | {{{ |
||
| 63 | ---------------****----------------------------**** |
||
| 64 | ---------------****-------------------------------- |
||
| 65 | }}} |
||
| 66 | |||
| 67 | |||
| 68 | When TCH/F is selected, a 26 multiframe is transmitted in a loop: |
||
| 69 | |||
| 70 | {{{ |
||
| 71 | *************************- |
||
| 72 | }}} |
||
| 73 | |||
| 74 | |||
| 75 | When TCH/H is selected, a 26 multiframe is transmitted in a loop: |
||
| 76 | |||
| 77 | {{{ |
||
| 78 | *-*-*-*-*-*-**-*-*-*-*-*-- |
||
| 79 | }}} |
||
| 80 | |||
| 81 | |||
| 82 | When TCH/F / TCH/H DTX is selected, a 26 multiframe is transmitted in a loop: |
||
| 83 | |||
| 84 | {{{ |
||
| 85 | ------------*------------- |
||
| 86 | }}} |
||
| 87 | |||
| 88 | |||
| 89 | When PDCH (ack) is selected, the following 52 multiframes are transmitted in a loop: (This a download scenario, where only acknowledgement packets are transmitted. Each block of 12 bursts represent 3 MAC blocks, the single bursts represent the PTCCH/U.) |
||
| 90 | |||
| 91 | {{{ |
||
| 92 | ************ * ****-------- - ****----**** - ------------ - |
||
| 93 | ------------ - ----****---- - ------------ - ----****---- - |
||
| 94 | ----******** - ************ - ****-------- - ****----**** - |
||
| 95 | ------------ - ------------ - ----****---- - ------------ - |
||
| 96 | ----****---- - ----******** - ************ - ****-------- - |
||
| 97 | ****----**** - ------------ - ------------ - ----****---- - |
||
| 98 | ------------ - ------------ - ------------ - ------------ - |
||
| 99 | ****-------- - ------------ - ****-------- - ----******** - |
||
| 100 | ************ * ****-------- - ****-------- - ****-------- - |
||
| 101 | ------------ - --------**** - ------------ - ------------ - |
||
| 102 | ----****---- - ------------ - ----****---- - ----******** - |
||
| 103 | ************ - ****-------- - ****----**** - ------------ - |
||
| 104 | ------------ - ----****---- - ------------ - ------------ - |
||
| 105 | ****-------- - ------------ - ****-------- - ************ - |
||
| 106 | ************ - ****-------- - ********---- - ------------ - |
||
| 107 | ------------ - ****-------- - ------------ - ****-------- - |
||
| 108 | ************ * ********---- - ------------ - ********---- - |
||
| 109 | ------------ - ------------ - ****-------- - ------------ - |
||
| 110 | ****-------- - ************ - ************ - ****-------- - |
||
| 111 | ********---- - ------------ - ------------ - ****-------- - |
||
| 112 | ------------ - --------**** - ------------ - ------------ - |
||
| 113 | ----****---- - ------------ - ----****---- - ----******** - |
||
| 114 | ************ - ****-------- - ****----**** - ------------ - |
||
| 115 | ------------ - ----****---- - ------------ - ----****---- - |
||
| 116 | ----******** * ************ - ****-------- - ****----**** - |
||
| 117 | ------------ - ------------ - ----****---- - ------------ - |
||
| 118 | ------------ - ****-------- - ------------ - ****-------- - |
||
| 119 | ************ - ********---- - ------------ - ********---- - |
||
| 120 | ------------ - ------------ - ****-------- - ------------ - |
||
| 121 | --------**** - ------------ - ----****---- - --------**** - |
||
| 122 | ************ - ********---- - --------**** - ****-------- - |
||
| 123 | ------------ - --------**** - ------------ - ----****---- - |
||
| 124 | }}} |
||
| 125 | |||
| 126 | |||
| 127 | When PDCH is selected, the following 52 multiframes are transmitted in a loop: (This an upload scenario, where packets are transmitted. Each block of 12 bursts represent 3 MAC blocks, the single bursts represent the PTCCH/U.) |
||
| 128 | |||
| 129 | {{{ |
||
| 130 | ************ * ************ - ************ - ************ - |
||
| 131 | ************ - ************ - ************ - ************ - |
||
| 132 | ************ - ************ - ************ - ************ - |
||
| 133 | ************ - ************ - ************ - ************ - |
||
| 134 | ************ - ************ - ************ - ************ - |
||
| 135 | ************ - ************ - ************ - ************ - |
||
| 136 | ************ - ************ - ************ - ************ - |
||
| 137 | ************ - ************ - ************ - ************ - |
||
| 138 | }}} |
