Author Topic: Help with GSM phones connecting  (Read 14224 times)

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Help with GSM phones connecting
« on: July 08, 2014, 02:17:05 PM »
Howdy,

I am having trouble with getting a phone to connect to the YateBTS. I was hoping someone might be able to help or at least point me in the right direction.
It seems like the network is rejecting my phone every time I try to connect. On the phone itself, I never see it connect to the YateBTS, but every now and then
I will connect just long enough for the phone to receive the "Your allocated phone no. is ..." SMS. in NIB GUI under "Online Subscribers" the phone will be listed,
but then the phone is immediately disconnected from the YateBTS.

My set-up:
Ubuntu 12.04 LTS
I am using GSM unlocked phones with test sims (IMSI begins with 00101). Same phones I have used for an OpenBTS set-up.
Ettus USRP N210 with the UHD drivers 003.007.000-1
I can successfully run commands such as uhd_find_device and uhd_usrp_probe before I start YateBTS
The USRP is connected directly to the laptop.

I have followed the guide provided at http://wiki.yatebts.com/index.php/Main_Page

In Ybts.conf I manually set
Radio.Band=900
Radio.C0=50

In javascript.conf I set
[general]
routing=welcome.js
[scripts]
nib=nib.js
eliza=eliza.js

extmodule.conf
gsm_auth.sh=

Through the NIB web Gui:
 I have set the RegExp to the following, at different times.
001
^001
/^001/
I have even manually entered in the IMSI/KI info to the individual sims.

transceiver is set to ./transceiver-uhd

Any help or guidance would be much apprenticed.
Thank you.

marian

  • Sr. Member
  • ****
  • Posts: 383
    • View Profile
Re: Help with GSM phones connecting
« Reply #1 on: July 09, 2014, 01:19:35 AM »
What version of YateBTS do you have?
A log would help also.

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #2 on: July 09, 2014, 08:26:00 AM »
Howdy,

/usr/local/bin/yate-config --version returns:
5.3.1
I am using the newest version of YateBTS 3

Attached are two different levels of logs. They are named appropriately.
I also have the DEBUG level, but it is too large to attach here.
To make each log, I cleared the old log, rebooted everything, and waited until I received the "Your allocated phone no is ...." text.
Once I received the welcome text, I copied the logs over and moved to the next level of log

Thank you very much for your help.

Monica Tepelus

  • Administrator
  • Full Member
  • *****
  • Posts: 159
    • View Profile
Re: Help with GSM phones connecting
« Reply #3 on: July 09, 2014, 09:04:35 AM »
Hi,

Did you install the last version of YateBTS from the svn or from the tar.gz/src.rpm from http://yatebts.com/download.php?
The NIB application doesn't currenlty work with the last svn version. To use it you need the tar.gz/src.rpm from the above link.

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #4 on: July 09, 2014, 10:20:34 AM »
Howdy,

I did install from SVN. If that was noted somewhere, I guess I overlooked it.
I will reinstall from the link and report back if it succeeds/fails.
Thank you very much.  :) :) :) :)

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #5 on: July 10, 2014, 02:37:46 PM »
Howdy,
I have successfully reinstalled YateBTS from the tar.gz.

NIB is working in the following:
I can connect phone with test sim using the Regexp ^001
I can make calls with the phone to each other using the phone number that is auto provided.
I can send SMS to the Eliza bot and she will text me back.
I can even Call Dave and join a conference room.

Things that don't work and I could use some guidance:
GPRS is not working.
SMS between phones does not work
If I set subscribers instead of Regexp, the phones will no longer connect.
The echo test when I call Dave does not work. (This is very low priority, but I thought it was worth mentioning)

For GPRS:
I have connected the USRP directly to the laptop and I have tried to connect through a router.
The laptop had internet access in both cases. I have let the DNS be default and set it to 8.8.8.8
Data/ data roaming is turned on all phones.
Details of an attempted GPRS connect are in the YateLog attached.

For SMS:
I am send a SMS to the number provided from the welcome message.
I called the one of the phones successfully, hung up after hearing my voice, and then set an text to the same number.
This interaction is also in the YateLog attached.

For Set subscribers:
I have 3 phones. All phone have valid test sims with know Ki.
The first phone I entered as a 2G
The second a 3G with leaving the OP blank
The 3rd a 3G with Op filled with 00000000000000000000000000000000
All were marked as active.
After entering all the information, I clear the logs and rebooted.
The attached YatelogAddSubscriber is the interaction of the phones trying to connect and getting rejected.

Any help is very welcomed. Thank Y'all already for the help already given.
All previous mentioned settings are still true.


Monica Tepelus

  • Administrator
  • Full Member
  • *****
  • Posts: 159
    • View Profile
Re: Help with GSM phones connecting
« Reply #6 on: July 14, 2014, 09:27:23 AM »
From the log I see that all registration attempts fail because authentication fails when you set subscribers.

Can you please set the subscribers again using the web interface?
Attach the resulted subscribers.conf and also make a new log with "sniffer on".
To enable sniffer:
http://docs.yate.ro/wiki/Debugging_and,_or_Investigation_of_messages#Enable_.2F_Disable_sniffer_in_telnet

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #7 on: July 14, 2014, 02:13:37 PM »
Howdy,

Thank you for the response. :)

Originally I tried to enable the sniffer via editing yate.conf.
I made the changes:
[general]
msgsniff=yes
modload=no
;Don't forget to load the sniffer module if modload parameter value is 'no'.

[modules]
;for debugging yate
rmanager.yate=yes
msgsniff.yate=yes

Then I would run yate with
sudo yate -sd -vvvvv -l /var/log/yate.log

This caused a port to lock up and the USRP could not communicate with YateBTS.
So, I reverted yate.conf and just enabled the sniffer through telnet via:

telnet 0 5038
sniffer on

Once the sniffer was enabled, I turned on the phones.
Attached is
my subsribers.conf that was generated via the web interface.

Two different log. One with sniffer using regexp. This one successfully had the phones attach.
The second using sniffer with Set Subscribers. This one did not have the phones attach.

I did a full reboot of the entire system between the two attached logs.
The test sims that I am using are ones that were purchased with known ki values and not ones created with pySim.

Thank you again.

Monica Tepelus

  • Administrator
  • Full Member
  • *****
  • Posts: 159
    • View Profile
Re: Help with GSM phones connecting
« Reply #8 on: July 15, 2014, 02:47:41 AM »
Hi,

The attach is successful for regexp authentication because in this case 2/3G authentication is not used. If the imsi matches the set regexp imsi is allowed to register.

When setting subscribers, authentication is used. And this fails for all 3 imsis for different reasons:

1) first imsi: 001012558545331. "Op" can't be empty for 3G SIM. Script that computes the auth vectors doesn't handle this and throws a: "Usage: ./do_milenage 0x<key> 0x<op> 0x<sqn/auts/autn> 0x<rand>"

2) second imsi: 001011257683100. The authentication process seems ok, 2g auth vector is computed but the phone return a different authentication response than the one computed.
We expect response to be:
  param['sres'] = '916EB4F8'
But phone sends:
   <Message type="AuthenticationResponse">
    <res enc="hex">8fb740ae</res>
  </Message>

I believe you don't have the right ki for that SIM.

3) third imsi: 001011749182128 the 3g vector is computed but the handset rejects the network: MAC-failure

<MM>
  <SkipIndicator>0</SkipIndicator>
  <NSD>1</NSD>
  <Message type="AuthenticationFailure">
    <RejectCause>MAC-failure</RejectCause>
  </Message>
</MM>
-----
<ybts:ALL> Auth ended conn=6 ok=0 error=MAC-failure rsp=(null) ext=(null)
<ybts:NOTE> Location updating IMSI=001011749182128: rejecting authentication [0x7fd6c00030b0]

In conclusion, are you sure you know the real KIs for those sims? Can you try with some other SIMs or some written with pysim from the interface.




 

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #9 on: July 15, 2014, 02:29:21 PM »
Howdy,

Thank you for the insight.
I will only mark the sims as 2G or 3G with Op filled in.
I have confirmed that I have the correct KI for my sims.
I have confirmed that YateBTS is calculating the correct SRES and KC for the given KI and Rand based on comp128-1.

It looks like my breakdown is in the Sim itself. The custom test Sims that I am using appears to have Milenage only and is not compatible with 128-1.
Next logical step, as you have said, is to make sims through the interface.
I have the SuperSIM 16 in Onereader with SuperSim Sim cards.

Since it cam with Windows software, I tried it on a Windows 7 machine. Even after setting the baud rates properly, I could not get the Sim card read.
I went back to my Ubuntu 12.04 machine and followed the instructions at: http://wiki.yatebts.com/index.php/PySIM

#Download pyscard from source
#http://sourceforge.net/projects/pyscard/
Untar the source distribution.
From a terminal with root privileges, type the following:
/usr/bin/python setup.py build_ext install
cd /usr/src
git clone git://git.osmocom.org/pysim pysim

In the NIB web interface I see the following in the "Manage Sims" section:
Error!! Please install pySIM and create file config.php to set the location for pySIM after instalation. E.g. $pysim_path = "/usr/bin";

I am not sure where I am suppose to create config.php.
I assume it is referring to config.php at:
/usr/local/share/yate/nib_web/config.php

I have put in various version of the example $pysim_path = "/usr/bin"; into that file and did a full reboot, but it still gives me the error.
some variation are:
$pysim_path = "/usr/bin";
$pysim_path = "/usr/bin/pysim";
$pysim_path = "/usr/src";
$pysim_path = "/usr/src/pysim";

So, as of right now, I can not create a Sim with SuperSim or pySim.
Once again Thank you for any help/guidance.


dana_g

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Help with GSM phones connecting
« Reply #10 on: July 16, 2014, 06:54:01 AM »

To detect where pySIM was installed the interface uses this command:  "which pySim-prog.py".  Setting the path in the configuration file will not help because first we have to detect that pySim was installed and in your case it doesn't seem to be detected.

Please run the command by hand to see the output and post it back.



ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #11 on: July 16, 2014, 02:20:58 PM »
Howdy,

Initially, which pySim-prog.py, showed up black.
So after a little research I figured out that I didn’t have the proper path.
So solve this I made a symbolic link at /usr/local/bin

cd /usr/local/bin
ln -s /usr/src/pysim/pySim-prog.py pySim-prog.py

Now, which pySim-prog.py, shows:  /usr/local/bin/pySim-prog.py
Once the link was made, the web NIB interface now shows the "Write SIM" button.
I can click on the button and enter in all the information. Once I hit save, I get the following error message:

Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Traceback (most recent call last): File "/usr/bin/pysim/pySim-prog.py", line 504, in sl = PcscSimLink(opts.pcsc_dev) File "/usr/bin/pysim/pySim/transport/pcsc.py", line 38, in __init__ self._reader = r[reader_number] IndexError: list index out of range
Exception AttributeError: "'PcscSimLink' object has no attribute '_con'" in > ignored
Please connect you SIM card reader to your device.

After some more research I found that the card readers overall have a bad time on Ubuntu 12.04.
I did get the reader  working on another version of Ubuntu and that card is working great as far of connecting to YateBTS with setting subscriber.

I would like to get the reader to work through the NIB web interface and on Ubuntu 12.04 if possible.
I currently have installed pyscard-1.6.12 as advised by the yatebts wiki http://wiki.yatebts.com/index.php/PySIM
Research says that the error will be solved if I install pyscard-1.6.12-3. I found a download for it here:
https://packages.debian.org/source/stable/pyscard
I still do not understand how to actually install the -3 patch to the pyscard-1.6.12 from the tar ball. This is something that I will look into more tomorrow. 

If anyone has any suggestion or know a better course I should take, all is welcomed.
I will be sure to post results once it is figured out.
Everyone has bee very helpful. Thank you.



ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #12 on: July 17, 2014, 12:01:05 PM »
Howdy,

My current problem is not fully solved, but I  have a work around.

I fully removed the pyscard 1.6.12 from my computer. I could not get it to upgrade to 1.6.12-3.
Then through Synaptic I installed python-pyscard 1.6.12-4build1.
Also through Synaptic I installed all pcsc libraries.
I abandoned the Sim reader that came with SuperSim and I used a  Gemalto Sim reader.

To make sure that the reader/programs worked, I ran the following:
cd /usr/src/pysim
pcsc_scan
#This will constantly scan the sims in the reader.  The program will run until terminated.
I received expected results. The Sims were identified as SuperSim

To read what's on the SIM (Note this will fail if the sim is blank)
./pySim-read.py -p 0

To manual write to the sim works with (#### replace the actual numbers)
./pySim-prog.py -p 0 -e -n YateBTS -c 1 -x 001 -y 01 -s 1546258756489513589 -i 00101########## -k ########1fde########1ff220##### -o e42044756175####################

This did successfully write as I could turn around and read the card.
This method is the workaround.

I would like to write the cards through the NIB web interface.
I go Manage SIMs/Write SIMS, I leave all settings to default except for card type.
If I set card type to SuperSim or FakeMagicSIM, I just get the message:
 Card was not found in SIM card reader... Terminating program...

If i leave it to the default Sysmocom I get:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Insert card now (or CTRL-C to cancel)
Formatting ...
Generated card parameters :
 > Name    : YateBTS
 > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
 > ICCID   : 8901001020584452252
 > MCC/MNC : 1/2
 > IMSI    : 001022411461655
 > Ki      : 36409d198a90941c89a147a6200ea64a
 > OPC     : 62c7eb3aaabb117fa1ab07c5edf2683b
 > ACC     : None

Programming ...
Traceback (most recent call last): File "/usr/bin/pysim/pySim-prog.py", line 546, in card.program(cp) File "/usr/bin/pysim/pySim/cards.py", line 361, in program self._scc.verify_chv(0x0b, h2b("3838383838383838")) File "/usr/bin/pysim/pySim/commands.py", line 95, in verify_chv return self._tp.send_apdu_checksw('a02000' + ('%02x' % chv_no) + '08' + fc) File "/usr/bin/pysim/pySim/transport/__init__.py", line 87, in send_apdu_checksw raise RuntimeError("SW match failed ! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed ! Expected 9000 and got 9804.

So, I can successfully use the sim reader with Ubuntu 12.04.
I can manually read/write with the pysim program.
I still cannot write Sims through the Nib Web interface.

Any help or suggestion would be very appreciated.
Thank you.


dana_g

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Help with GSM phones connecting
« Reply #13 on: July 18, 2014, 02:37:39 AM »
Hello,

The first error you've  described:  "Card was not found in SIM card reader... Terminating program..."  happens when the card is not inserted in the card writer.
The program waits for a card to be inserted and if in an amount of time  the card is not inserted in the card writer, then the program will be ended. When you press "Save'" button from interface , the card has to be in the writer.

The second error "RuntimeError: SW match failed ! Expected 9000 and got 9804." also happened to me when I've tried to write with the default settings,  but physically in the card writer I had another type of card. So i guess you have a different card than the default.

Insert your card in the card writer, then from interface set the proper type of card(above you are saying that pscs_scan detected a SuperSIM) from the dropdown and then press "Save" button.

If this doesn't work properly please make another manually test, but this time add  parameter "-t supersim" (or the type of card you have in the card writer) to your command  and post  the results.

Regards,
Dana

ThePit

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Help with GSM phones connecting
« Reply #14 on: July 18, 2014, 08:24:10 AM »
Howdy,

Thank you for the response.
Sorry I should of been more descriptive, I am getting the error "Card was not found in SIM card reader... Terminating program..." when a card is inserted and I choose the proper card type form the drop down menu.
What is frustrating is that even when I get that error, it appear to still access the card to at least erase it.
I have done the following:
I connect the Gemalto card reader and place a SuperSim inside.
To make sure the device is connected properly, I run the command:
pcsc_scan

The output:
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto GemPC Twin 00 00

Fri Jul 18 08:58:21 2014
Reader 0: Gemalto GemPC Twin 00 00
  Card state: Card inserted,
  ATR: 3B 9A 94 00 92 02 75 93 11 00 01 02 02 21

ATR: 3B 9A 94 00 92 02 75 93 11 00 01 02 02 21
+ TS = 3B --> Direct Convention
+ T0 = 9A, Y(1): 1001, K: 10 (historical bytes)
  TA(1) = 94 --> Fi=512, Di=8, 64 cycles/ETU
    62500 bits/s at 4 MHz, fMax for Fi = 5 MHz => 78125 bits/s
  TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0
-----
+ Historical bytes: 92 02 75 93 11 00 01 02 02 21
  Category indicator byte: 92 (proprietary format)

Possibly identified card (using /home/user/.smartcard_list.txt):
3B 9A 94 00 92 02 75 93 11 00 01 02 02 21
3B 9A 94 00 92 02 75 93 11 00 01 02 02 ..
   SuperSIM

Then I will do a write from command line like I have previously with command:
./pySim-prog.py -p 0 -e -n YateBTS -c 1 -x 001 -y 01 -s 1546258756489513589 -i 001011146783289 -k eef88cc11fdeabb472911ff22009944b -o e420447561751ce9be34272c9e0c4d45

With this command the type of card is set to auto.
The output is:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Insert card now (or CTRL-C to cancel)
Autodetected card type fakemagicsim
Formatting ...
Generated card parameters :
 > Name    : YateBTS
 > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
 > ICCID   : 1546258756489513589
 > MCC/MNC : 1/1
 > IMSI    : 001011146783289
 > Ki      : eef88cc11fdeabb472911ff22009944b
 > OPC     : e420447561751ce9be34272c9e0c4d45
 > ACC     : None

Programming ...
Done !

According to what I've read online the, "Failed to load symbol..." message is just a warning and can be ignored.
To confirm the write. I run ./pySim-read.py -p 0
The output:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Reading ...
ICCID: 1546258756489513589
IMSI: 001011146783289
SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
ACC: ffff
MSISDN: Not available
Done !

I reran the same write command as before, but this time I just put all 1's as the imsi. This is to just confirm change. I read the card to confirm that all1's was written as the imsi.
Now I ran the write command while declaring the type:
./pySim-prog.py -p 0 -e -n YateBTS -c 1 -x 001 -y 01 -s 1546258756489513589 -i 001011146783289 -k eef88cc11fdeabb472911ff22009944b -o e420447561751ce9be34272c9e0c4d45 -t supersim

This write takes longer than the previous write. The output:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Insert card now (or CTRL-C to cancel)
Formatting ...
Generated card parameters :
 > Name    : YateBTS
 > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
 > ICCID   : 1546258756489513589
 > MCC/MNC : 1/1
 > IMSI    : 001011146783289
 > Ki      : eef88cc11fdeabb472911ff22009944b
 > OPC     : e420447561751ce9be34272c9e0c4d45
 > ACC     : None

Programming ...
Done !

The read is as expected:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Reading ...
ICCID: 1546258756489513589
IMSI: 001011146783289
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ACC: ffff
MSISDN: Not available
Done !

Now if I go to the Nib web interface. I leave everything to default except that I choose Supersim from the card type drop down menu.
I click save and I get the error message:  Card was not found in SIM card reader... Terminating program...

The kicker is that now if I try to read the sim , I get the output:
Failed to load symbol for: SCardCancelTransaction, /lib/x86_64-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
Reading ...
Traceback (most recent call last):
  File "./pySim-read.py", line 90, in <module>
    (res, sw) = scc.read_binary(['3f00', '2fe2'])
  File "/usr/src/pysim/pySim/commands.py", line 42, in read_binary
    r = self.select_file(ef)
  File "/usr/src/pysim/pySim/commands.py", line 35, in select_file
    data, sw = self._tp.send_apdu_checksw("a0a4000002" + i)
  File "/usr/src/pysim/pySim/transport/__init__.py", line 87, in send_apdu_checksw
    raise RuntimeError("SW match failed ! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed ! Expected 9000 and got 6700.

So, NIB is at least accessing the sim long enough to erase/corrupt it in some way.
I have also tried to write to the sim through NIB, with turning off "Generate random IMSI" and "Insert subscribers"
I then put in the IMSI info manually. It was the same info I used for the command line write that worked.
I have iterated through all the sim type option in NIB just to see any of them would write.
They all give me the "Card was not found..." error or something close to "RuntimeError: SW match failed ! Expected 9000 and got 9804."
Sometimes the "Expected/got" numbers are different, but its the same error.
Through out the experiments, I kept the card in and reader plugged in the whole time.
After any errors/failures to write, I would go back to the manual command line read/write to make sure the device/card is working properly.
I only see the errors through NIB.
Cards that I write manually and insert manually into NIB will connect properly and make call/SMS correctly but both Msisdn and short number.

I really would like to be able to write Sims through the NIB though.
Does anyone know of a particular sim that they have had success on with NIB.
I was going to try to find the brand of sim that is included in the YateBTS LabKit.

Any help/guidance is much appropriated.
Thank you Again.