Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - herman1199

Pages: [1]
1
YateBTS / SIM write/pySIM error
« on: January 11, 2017, 05:07:34 AM »
Hi, I'm trying to write SIMs through NIB GUI uaing pySIM. I have SuperSIM cards and a ACR38 writer. I have Ubuntu 14.04 and BladeRFx40. Voice/SMS/GPRS all working with old SIMs and handsets but I now need control of ISMIs for my test lab so I need fresh SIMs.

I can read the blank cards and pcsc_scan gives:
---------------------------------------------------
PC/SC device scanner
V 1.4.22 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.10
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Wed Jan 11 10:43:27 2017
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 9A 94 00 92 02 75 93 11 00 01 02 02 21

ATR: 3B 9A 94 00 92 02 75 93 11 00 01 02 02 21
+ TS = 3B --> Direct Convention
+ T0 = 9A, Y(1): 1001, K: 10 (historical bytes)
  TA(1) = 94 --> Fi=512, Di=8, 64 cycles/ETU
    62500 bits/s at 4 MHz, fMax for Fi = 5 MHz => 78125 bits/s
  TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0
-----
+ Historical bytes: 92 02 75 93 11 00 01 02 02 21
  Category indicator byte: 92 (proprietary format)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9A 94 00 92 02 75 93 11 00 01 02 02 21
3B 9A 94 00 92 02 75 93 11 00 01 02 02 ..
        SuperSIM
--------------------------------------------------


When I run the NIB Write SIM I get:
--------------------------------------------------
Insert card now (or CTRL-C to cancel)
Formatting ...
Generated card parameters :
 > Name    : testBTS
 > SMSP    : e1ffffffffffffffffffffffff058100445555ffffffffffff000000
 > ICCID   : 8944104104721218879
 > MCC/MNC : 104/10
 > IMSI    : 104102143012656
 > Ki      : 4267f67d8cd41a1cb1801a14bd37a962
 > OPC     : 27e2829db8a5bb8500d3f13ac8f18c19
 > ACC     : None

Programming ...
Traceback (most recent call last):
  File "/usr/src/pysim/pySim-prog.py", line 626, in
    card.program(cp)
  File "/usr/src/pysim/pySim/cards.py", line 362, in program
    r = self._scc.select_file(['3f00'])
  File "/usr/src/pysim/pySim/commands.py", line 44, in select_file
    data, sw = self._tp.send_apdu_checksw(self.cla_byte + "a4000C02" + i)
  File "/usr/src/pysim/pySim/transport/__init__.py", line 87, in send_apdu_checksw
    raise RuntimeError("SW match failed ! Expected %s and got %s." % (sw.lower(), rv[1]))

RuntimeError: SW match failed ! Expected 9000 and got 6b00.
----------------------------------------------------

Google-hunt hasn't helped much other than to identify that APDU error 6b00 is "Wrong parameter(s) P1-P2" !!

Card reader/writer compatibility with Yate/pySIM ?

Any help or guidance much appreciated.

2
YateBTS / Trouble with subscribers expiring
« on: December 19, 2016, 05:53:29 AM »
I'm struggling with a YateBTS/BladeRF problem and looking for some help.

I have a BladeRFx40, Ubuntu 14.04, Yate 5.5.1-devel1 r6155
I have 2 phones that can establish a connection with the Yate network but I cannot get the system to retain the connection. They will consistently disconnect with a few seconds. I'm happy that the various pieces are all in place and I can send a sms to Eliza in the short window where I have connection.

The handsets still claim to be registered but NIB on web and through Telnet do not list them.
If I leave them idle with Yate running they will periodically re-register and another welcome sms is received. This is roughly every 30 mins.

I have these 2 SIM configured with a regexp and I have tried changing Tmsi expire but I only ever get pretty much instant disconnect.
I have also tried calling david but that just hangs up right away.

Apart from Radio band/C0 all other configs are default.

I've added a log of start up, registration of 1 phone and that subscriber expiring but I can't see any errors or messages that look dodgy.

Any help appreciated

3
YateBTS / Problem running YateBTS with baldeRFx40
« on: December 14, 2016, 09:58:14 AM »
Looking for suggestions for a problem I'm having running YateBTS with bladeRFx40.
Installed yate and yateBTS from here:  http://wiki.yatebts.com/index.php/Main_Page and the prerequisite and installation guide. All seemed to run clean.

I can see the bladerf and interrogate the f/w through: bladeRF-cli -i info & version
    (note: fpga version was 0.6.0 from the factory, yate downgraded it to 0.1.2, I upgraded it again - neither worked)
I can run yate with: yate -vvvvv -l /var/log/yate
I can run the mbts/nib command line tool with: telnet localhost 5038

I have 2 phones with sims of which I am confident certainly 1 is unlocked, however I do not see a yate or any other non-commercial network when I search on either phone or sim. I see all the standard UK networks so I know the phones are good.

In the log I see failures on set rx frequency, setpower, but they seem to be marked as WARN not critical????
I have a missing /usr/local/etc/yate/jabberentitycaps.xml but again that is marked as NOTE not critical failure

I'm on a fresh ubuntu 14.04 install, bladerf is on a usb2 port.
Outputs below, log attached
I've set Band/C0 = 900/50 (and I've tried 1800 too)
I've set Country code

Any help with next steps really appreciated.

=============
bladeRF> info
  Serial #:                 90df889f48fc37290a54722b22f2e06a
  VCTCXO DAC calibration:   0x9322
  FPGA size:                40 KLE
  FPGA loaded:              yes
  USB bus:                  1
  USB address:              13
  USB speed:                Hi-Speed
  Backend:                  libusb
  Instance:                 0
bladeRF> version
  bladeRF-cli version:        1.4.0-2016.06-1-ppatrusty
  libbladeRF version:         1.7.2-2016.06-1-ppatrusty
  Firmware version:           1.9.1
  FPGA version:               0.6.0
------------------------------------------

$ telnet localhost 5038
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
YATE 5.5.1-devel1 r6155 (http://YATE.null.ro) ready on test-pro-sys-tst.
mbts version
release 5.0.1 built Dec 14 2016 rev598

mbts sysinfo
RR System Information Type 1 cellChannelDescription=() RACHControlParameters=(maxRetrans=1 txInteger=14 cellBarAccess=0 RE=1 AC=0x400)
RR System Information Type 2 BCCHFrequencyList=(EXT-IND=0 BA-IND=0  ARFCNs=(50 )) NCCPermitted=(0x1) RACHControlParameters=(maxRetrans=1 txInteger=14 cellBarAccess=0 RE=1 AC=0x400)
RR System Information Type 3 LAI=(MCC=044 MNC=01 LAC=0x3e8) CI=10 controlChannelDescription=(ATT=1 BS_AG_BLKS_RES=2 CCCH_CONF=1 BS_PA_MFRMS=0 T3212=4) cellOptions=(PWRC=0 DTX=2 RADIO_LINK_TIMEOUT=15) cellSelectionParameters=(CELL-RESELECT-HYSTERESIS=3 MS-TXPWR-MAX-CCH=0 ACS=0 NECI=1 RXLEV-ACCESS-MIN=0) RACHControlParameters=(maxRetrans=1 txInteger=14 cellBarAccess=0 RE=1 AC=0x400) SI3RO=( RA_COLOUR=0)
RR System Information Type 4 LAI=(MCC=044 MNC=01 LAC=0x3e8) cellSelectionParameters=(CELL-RESELECT-HYSTERESIS=3 MS-TXPWR-MAX-CCH=0 ACS=0 NECI=1 RXLEV-ACCESS-MIN=0) RACHControlParameters=(maxRetrans=1 txInteger=14 cellBarAccess=0 RE=1 AC=0x400)GPRS enabled; RA_COLOUR=(0)
RR System Information Type 5 BCCHFrequencyList=(EXT-IND=0 BA-IND=0  ARFCNs=(50 ))
RR System Information Type 6 CI=10 LAI=(MCC=044 MNC=01 LAC=0x3e8) cellOptions=(PWRC=0 DTX=2 RADIO_LINK_TIMEOUT=15) NCCPermitted=(0x1)

Pages: [1]