Topics

1

YateBTS / band indicator = 1800 even though frequency set to 900

« on: March 29, 2019, 11:59:51 AM »

I'm having a problem with the phone connecting to the cell station. I have set the BladeRF station to broadcast on the 900MHz range and verified this with another SDR. My cellphone sees the station but can't connect.

Troubleshooting:
Attempted to connect to station then inspected for rejected IMSI numbers. none found.

Code: [Select]

nipc list rejected
IMSI            No attempts register
--------------- ---------------
Here is my configuration from ybts.conf

Code: [Select]

Radio.Band=900
Radio.C0=975
Identity.MCC=510
Identity.MNC=01
Here is the wired part. I performed a pcap for GMS traffic. I only see downlink traffic no uplink traffic. In the downlink traffic I see the band indicator field says 1800 even though I have set this to 900MHz. Please see attached pcap.

no. 426 > GSM CCCH > SI 6 Rest Octets > Band Indicator = 1800

I remember seeing a bug that was posted a few years ago about the wrong frequency being broadcast. I'm not sure if this is related.

Is this expected? It would of course help if I got a working pcap as well. I would like to review a pcap on a working configuration.

Here are the commands to get a pcap.

Code: [Select]

telnet localhost 5038
mbts config Control.GSMTAP.GSM on
quitconnect phone

Code: [Select]

sudo tcpdump -i any udp port 4729 -w GSMtraffic.pcap