Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!

======================================================================

So. For the next talk for this evening, this is a talk that is personally interesting to me and I hope to you as well. I'm very much looking forward to it. Our next two speakers will be talking to us about how we can deploy GSM base stations over a software defined radio hardware. So very interesting things that we'll hear from them. So please welcome Vladimir Nijinsky and Pyotr Chrissake. A big round of applause to them. Introduction, so everyone, this is, however, the first talk over at the Congress, so thanks for having us here. Let's start. My name is what do you mean? It's care? I'm a researcher from Positifs Technologies Company to the communication department. At the same time, I'm a smart home contributor. I had some background in web development, but this time is gone and now I am in telecommunications. Now I prefer to use C and Python. And this is Peter. Hello, everyone. I'm Chris. I'm, uh, working at Warsaw University of Technology. I'm generally a person that thinks that free software using free software is a good idea and the right thing is even better. So I created some small pieces of free software myself, and the one of them is GSM. I will introduce you to, uh, later. Another one is multi AI until it's software for synchronizing all of the devices in order to make, uh, from them multi-channel receivers. So this is OK. So we are going to introduce our work. We have been doing for some long time, and in a few words, we will show you how to run the GSM mobile phone on software defined radio. And as you probably already know, our project is based on mostly based on a smartphone project. So we will introduce it in a few words, and we will tell you what's wrong with the currently supported hardware and the way our work makes sense. And finally, we will show you some demonstration. So let me ask how many people here used to play. We so smart can be be Horacio, hence pleasing and not so much. But anyway, thanks. And so from my experience, when people hear ab
out the smartphone TV, they basically amazing and of Motorola phone, a Motorola phone which is always hanging somewhere. So let's what is it? And it's not a secret for everyone that your phone actually has separate baseband processor that takes care about the network operation. No matter which operating system do you prefer to use when you're sending a short message for a call into your friend? Your operating system currently asks the second baseman processor to do that. So Baseband Processor is typically running some proprietary firmware and has many other people. We don't trust these firmware, so that's the main idea of us. My TV project is to provide the open source implementation of phone side stick of GSM and to the higher levels of this thicker they'd be represented by software running on your host side PC and to the lower layer is layer. One is firmware, which is running on some calypso based form and to the implementation is more or less complete so you can make some voice call and receive for some assistance and so on. But at the same time, this project is not actively maintained at the moment. So you might ask me, why do I need this project for food? What for is it since? Well, it depends on who you are if you are a student or just a beginner, here to me, became your best friend in practical learning of GSM Stick. If you are some kind of security researcher or doing something related in GSM networks, you probably already know about this project and I don't need to explain you. And of course, it mostly helps to debunk existing cosmic projects. So. Yeah, and, uh, a few years ago, there were a few weeks leaks of to eclipse source code and documentation, and these allowed some researchers to reverse engineer the firmware of some old Motorola phones. And uh, yeah. So the primary hardware for us going to be mostly Motorola Moto Calypso based phones, mostly Motorola C1, something like that. And such phones run custom firmware, which represents layer one of GSM st
ick, and these firmware interacts with the whole software via a serial link. And mostly the problem is that this phone were not doesn't do much of things. It mostly drives a proprietary DSP and. What, what was the problem, what is the problem is that such hardware is not manufactured anymore, mostly and to the DSP, which is digital signaling processor is not a fully researched. So you still rely on the black box running open source software. And finally, this is not fully open source implementation. And so the hardware at these limits you in some ways, for example, you cannot operate in superior small despite the hardware is capable to do that. So what happens if we try to replace some of the calypso based fuel? We use something else. For example, what about software defined radio and what is software defined radio? It is a general purpose radio hardware. It's not limited to any particular technology or software stack. And so this means that it could be used for different technologies and protocols like LTE, Bluetooth, GSM and of course, this system. So, you know, the good news here is that this is open source friendly. Many open source projects do support the smoke. Sorry is there and to many, as there are vendors who do support to open source, actually. And of course, software defined Storage A is popular in scope of mobile communications, so you can around your own LTE network, for example, or run your own GSM network. You can even run LTE mobile, said Stack. But what about GSM? Can we run a mobile phone on GSM actually and host? Yes. This is actually when our work comes to play. So to remember, this is general purpose hardware. So there is no screen, there is no keyboards, there's no scenery. Would your subsystem? But in general, we are not going to create another Open-Source user targeted form. So then you ask me, what is it for? And mostly this inherits some of the items from Michael Colombie project, and as mentioned before, it's mostly for education and rese
arch and development. And this allows you to implement absolutely open source layer one implementation. And this allows you to get another hardware platform for us, Michael MBB. And yeah, this let's turn back time and imagine that we are developing that software defined radio platform for us. More can be built from scratch. And from what did we start this here on the top of this picture? You can see the full smartphone application, which was previously used to connect to the higher level applications and to a lower level represented by firmware together. And so the higher applications you use to communicate, we are serial link. But in our case, we don't have firmware anymore. We don't have one and we need to communicate with software defined radios somehow. So. Yeah, after a quick look at the source code of a smoking baby, we found that the easy to do use layer one control protocol, which is a custom but pretty simple protocol. And the good news is that this protocol was already implemented in software of higher levels and in silver too. And so the problem is that smoking baby host applications do understand that layer two friends, but not the layer one bursts, so you need to implement some kind of burst coding from here. And so another problem is that her host applications don't care about time division multiple access. And this is one of some basic technology in GSM, so we need to implement some kind of TDMA scheduler here. And also why beauty has became so our source of inspiration because most Phenix already implemented here. So we separated the common part of What's My Beats, which is actually also my that base station project. And we created a separate shared library called Holebas my coding clean up and to clean up, and documented some parts of code and extent that we use accelerated Twitter. We decoder. And also we took some basic, simple structures like multi-frame structure or clock synchronization routines from OsmAnd betas as these. And finally, now we h
ave to call an application and now we can communicate with quite level applications. But still, we cannot communicate with software defined radio each other. We can receive words transcode, perform, encoding and decoding for them, but we cannot directly communicate. It's off to a different event. There is two or six protocol, which was first introduced in Open Beta Project, and it's still used by us one betas to communicate with transceiver. And basically, it assumes three UDP sockets, one for resource management and other for full frame clock indications, and the other four have actually four beers. And so, okay, we implemented these two into applications and now a smart compose for Be Bibbins also ambitious projects to support your interface, so we will connect them together to for early development and testing without actual hardware. And yes, of course, we can do that. And so we will come fix your X toolkit to assist a set of tools written in Python and mostly used for debugging series interface. And the most interesting application here is fake Zurich's. It works. It allows you to connect to rescan directly to Cosmo and Beats application. It acts like a proxy on the level one, so you don't need any hardware to interact. To use your open source network from open source stack mobile sites stack and to what is the purpose of these tools. For example, you can learn whole juice and stack without hardware. You can perform simulation tests and stress testing without hardware hands. Of course, you can test and debug other projects. And yeah, so we need the last part which you should directly communicate with transceiver and see what these applications should do is to perform downlink, build detection and the modulation. It should be able to appear for uplink burst modulation. And uh, yeah, it should follow the TDMA today, many times system of GSM. And of course, finally, you should talk to Eric's interface, which is currently supported by Terex called application. So. 
Yeah, there are two programs, which my feet are requirements, and one of them is source materials, and he's still used in the smartkom project. Basically, it's designed, designed to act as a witness and it could be used. But the source code is having a mix of C and C++ and C. You need to understand the whole infrastructure to make some little modifications here, and probably we will take care about those maturities in the future. So also there is D.R. JSM, and so this is a new radio out of three model to play with GSM. So it's modular, easy to modify everything 'cause you need. So why not to try this too? And yeah, this is why I contacted my friend Peter to continue work on that direction together. So, yeah, and my, uh, the part of my work was, uh, implementing the birth transceiver for the GSM. And it is both, as Vadim said on GSM, which is relying on the radio. The Georgeson project was, uh, started from the part of April project that years ago in 2009. Other two April project it was called GSM receiver, but it is now much more from just a software from, uh, for passive receiving birth. It's also it also does the multiplexing the thing, uh, birth it because radio works for recording different logical channels for deterring birth and the there are also out of box applications and demonstrating how to compose these, uh, these blocks into working applications. There is application for life monitoring, uh, the GSM broadcast on the, uh, decoding different digital channels and analyzing them in Wireshark and also for searching bits is active, uh, in the area. So what was the initial project status? It was, uh, that we had the phone receiver, but what was missing was, of course, for trans transceiver training. And what was, uh to do was to implement GSM based modulator. Uh, then figure out how to synchronize the transmit the signal, uh, coming out from this modulator, uh, weave signal received from the base and base station. And then we actually had some constant the nam
e of said that needed to be corrected. And in the end, we had to verify leave. If the signal transmitted to the, uh, radio, uh, radio output is is the right point. So we don't interfere with anyone's, uh, license, but. So very short introduction of a GSM signal, the uh um, interface, the radio interface of GSM. It uses the time division multiple access, uh, with frames containing eight time slots. Each time slot carries one GSM burst its kind of GSM packet and these packets are usually modulated. We've got on the minimum shift keying modulation and the the uh, position of each burst is precisely defined by the frame number and time slot number in which they should be transmitted. So the first task was to implement the modulator and uh, it was actually quite simple because all of the building blocks were, uh, already in the can radio. So I just had to figure out how to connect them together to make, uh, working GSM modulator. There is already GMA's came on later in the radio and then some with some blocks of cocaine, some blocks together. Uh, you can perform differential encoding, connecting together and hope that it would work. And uh, yeah, it's it should work, actually. And the other task was to synchronize the transmitter and receiver, it received signal. And this wasn't as easy. Uh, but in the end, the implementation isn't very large for this. So, uh, we have following task, we have, uh, burst, uh, coming from the upper layer, the cuff, uh, frame number and times and number. And then we have to somehow transmit them in precisely, uh, defined moment in the 40 day structure. So for this, very helpful is the father clock that is in the, uh, inside of the software defined radios that we use is you SRP. It allows for transmitting at precisely defined moment, and to receive signal is also talked with for the current time. So you have the time attached to a sample and then the receiver based on this metadata can track current time. And if it receives a signal coming fr
om from a base station, it can synchronize with this signal and to associate with reception time to frame and time slot number. So this pair of information is then used for, uh, for performing the conversion of frame numbers and types of numbers into, uh, transmit, uh, time box that are other to, uh, to the burst data for the, uh, for the transmitting. And based on this information, after the modulator, the bursts are transmitted by us p at precisely different moments. So after this, uh, finishing this task, we still get some unknown, but the constant delay caused mainly by signal processing algorithms like, for example, low pass filtering and also by as the hardware. So we needed to take it into account. And so we did. This is here. So we have a signal coming from the base station to the U.S.A., uh, the output of receive chain. We have birth, uh, this birth, we connect back to the transmitting, but we've added some non, uh, delay of some known number of frames. And then we transmit this signal at some frequency close to the received signal frequency. We then record both signals the received signal, which contains both signals to analyze, uh, to analyze the received and the right signal, remove, uh, no number of frames and the delay from the delayed signal and what is left is, uh, the, uh, unknown but constant delay between the, uh, the both signals the receiver then transmitted by, uh, by us. And this we can measure with the use of cross-correlation, uh, it's just, uh, yeah, uh, you can measure it through issues of cross correlation, which will give us the shift from the, uh, zero and this uh, this shift, this shift of the peak of the correlation from the zero position is actually our, uh, delay that we have to put into, uh, take into account, uh, in producing the transmitter tax. So then we had to verify and transmit the signal amplitude and the, uh, normally programs like all small bits or small to really excite the transmitting constant stream of samples. But th
e four mobile stations, it will be kind of lame to do that because we have to transmit the constant, uh, stream of samples when and mobile station has to transmit something on the from time to time. Uh, so uh, we actually used the usurps burst interface to transmit the burst for each, uh, for each GSM berth. And it's because many advantages like you transmit one minute and it's easier to re synchronize the, uh, the transmission. You can solve the transmission problems. But there are some drawbacks, and here is the how it signal amplitude should look like for the GSM. There are some, uh, guard periods when the signal amplitude goes down, but then it's kind of, uh, constant. But this is what we got. Where the hell? Three hundred microseconds of our best, we're gonna. So after some looking for the answer, it appeared that this problem appears on the on the US surface with 210, and it can be admitted into this that it only it appears only when we are transmitting and receiving on the same side of the device. Uh. And it also appears only when there is no connection between active pen of the transmit part and the signal grant. So we fully avoid this. We can have much better, uh, much better signal amplitude. But then what is the thing in front of my birth? So what is this? After some looking, it appears that this is the end of the previous birth. Uh, that appears at the beginning of the, uh, next birth, and it is probably the result of growth delays of the piece. Uh, FPGA processing chain. And uh, yeah, and it can be avoided by just having zero said then. So if I to know at the beginning I would just do that. It's not lost some time on this and in the end to what had to be done was, uh, uh, verifying transmit the signal spectrum with Spectrum Analyzer. And uh, when you are connecting the antenna to the of the device, you should, uh, take into account always the fact that it might, uh, not produce the ideal signal. And for example, here for SRP 210, its there is, uh, signa
l relief amplitude of minus 13 DBS from from the main signal on the third, uh, harmonic. So you should always put, uh, on our troposphere instead, especially in case you are using wideband antenna. So after applying the filter, you get something like this. So at this moment, my part was, uh, uh, was working, I think. But uh, to, uh, to check that we we have to wait for the demo done by Vadim. Yeah, thank you. So when we finished more or less work and implementation of that transceiver, we get something like that. So finally, we can now communicate with software defined radio through the application called dual gsm tier. So we can not only communicate with our open source stick represented by source materials and also bits, but also these different base stations. So, yeah, let's try to show some demo, but we have some limited time and I need to put this here. Yeah. So first thing we need to run is actually our transfer. Yeah, it will start and then we need to run our theater school, which actually acts like a bridge between a transparent or smoking B applications. And finally, we need to run some assessment on baby application, for example, mobile application. Yeah. And what's happening now that it's started to just synchronize to his base station of these now these local network? And now we can try to register here, for example. Yeah. This is classical things we need to put our beautiful SIM card, because at the moment we don't have any direct SIM card interface, so let's try and what's happening now. We just perform on location of data request in GSM network. And let's see. Yes, and we just got just registered on that network, and what we can do here is to perform some basic operations like we can request for our number. It was. It's simple. So, yes. The implementation is not so stable, so feel free to contribute our project, and to us this is our are extension so we can try to send a mixed message to ourself. It should be like we should receive it back for. For ex
ample, this way. So, yeah, we got a channel. Then. Oops! Let's try one more time. OK. Yeah. And they go to the back. Thank you. And finally, let's try to call somewhere because we have some basic sound integration. And I hope it shouldn't. Yes. Let's write this to call some testing. No, actually. Yeah, finally. So we need to switch back to our presentation. And yes, the current project status is here, and it's not so perfect as I would like to see. So what we what have we achieved is to know we have a full open source do a similar one implementation. And so you don't need to hunt for calypso phones anymore. You feel free to use software defined radio. You can use any frequency you want. For example, you can run your networking wife event and call in this network. We are close to the future Jupiter as implementation. And so, for example, we can do something like try to integrate non GSM Ojo codecs like Speakes or Corpus here. And of course, this is the wind of change for a on Bebe. This is in use for the hardware platform for the project. So, yeah, thanks for your attention and feel free to ask your questions. So thank you very much. Vadim, and the other unfortunately, we're out of time, so we don't have time to do a Q&A. Hopefully we can stick around and people can maybe approach you if they have any questions. So again, a big round of applause, too, but the on field of a great topic. Thank you very much. The.