Author Topic: Device auto-registration  (Read 10359 times)

sertys

  • Newbie
  • *
  • Posts: 5
    • View Profile
Device auto-registration
« on: August 24, 2016, 05:24:18 PM »
Hi, guys, thank you for the wonderful job u did on the yate-bts first.
I've setup my testbed and finally wanted to try it out. Am able to locate the TEST-PLMN network manually and register to it with SMS and calls to it.
But decided to go one step further and since i have some foreign SIMs laying around the office wanted to test auto-registration and be my own microoperator(i'm using 2-4 dBi antennae so range is rather miniscule).
The issue is that the phones do not want to register to the network despite setting the MCC/MNC to their home network values. All i'm getting in the console is :
<mbts:NOTE> RadioResource.cpp:242:AccessGrantResponder: RACH burst for unsupported service RA=108 (while RA=X differs often)

I have been asked what kind of SIMs i have and they are Ukrainian possibly 3G sims, am i under the false impression that they should be connecting to my BS without trying to authenticate it just based on the MCC/MNC?


sertys

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Device auto-registration
« Reply #1 on: August 24, 2016, 07:21:58 PM »
Since i was rushing to finish the post, forgot many of the details.
Am running a bladerf-x40 with the builtin FPGA and firmware version 2.0.0 on usb3.
Yate and YateBTS are both SVN(or SVN 503 as suggested by a forum post, but that didn't change anything)

A more helpful log slice is :
mbts config
Control.GSMTAP.GPRS no     [default]
Control.GSMTAP.GSM no     [default]
Control.GSMTAP.TargetIP 127.0.0.1     [default]
Control.LUR.AttachDetach yes     [default]
Control.Reporting.PhysStatusTable (disabled)     [default]
Control.Reporting.StatsTable (disabled)     [default]
Control.SMSCB.Table (disabled)     [default]
Control.VEA yes     [default]
GGSN.DNS (disabled)     [default]
GGSN.Firewall.Enable 1     [default]
GGSN.IP.TossDuplicatePackets no     [default]
GGSN.MS.IP.Base 192.168.99.1     [default]
GGSN.MS.IP.MaxCount 254     [default]
GGSN.MS.IP.Route (disabled)     [default]
GGSN.ShellScript (disabled)     [default]
GPRS.CellOptions.T3168Code 5     [default]
GPRS.CellOptions.T3192Code 0     [default]
GPRS.Channels.Min.C0 3     [default]
GPRS.Channels.Min.CN 0     [default]
GPRS.Enable no
GPRS.LocalTLLI.Enable yes     [default]
GPRS.MS.Power.RSSIInterval 3     [default]
GPRS.MS.Power.RSSITarget -25     [default]
GPRS.Multislot.Max.Downlink 3     [default]
GPRS.Multislot.Max.Uplink 2     [default]
GPRS.NMO 2     [default]
GPRS.Reassign.Enable yes     [default]
GPRS.TBF.EST yes     [default]
GPRS.TBF.Retry 1     [default]
GSM.CCCH.AGCH.QMax 5     [default]
GSM.CCCH.CCCH-CONF 1     [default]
GSM.CellOptions.RADIO-LINK-TIMEOUT 15     [default]
GSM.CellSelection.CELL-RESELECT-HYSTERESIS 3     [default]
GSM.CellSelection.NCCsPermitted -1     [default]
GSM.CellSelection.NECI 1     [default]
GSM.Channels.C1sFirst no     [default]
GSM.Channels.NumC1s 7     [default]
GSM.Channels.NumC7s 0     [default]
GSM.Channels.SDCCHReserve 0     [default]
GSM.Cipher.CCHBER 0.0
GSM.Cipher.Encrypt no     [default]
GSM.Cipher.RandomNeighbor 0.0
GSM.Cipher.ScrambleFiller no     [default]
GSM.Handover.InitialHoldoff 5000     [default]
GSM.Handover.LocalRSSIMin -80     [default]
GSM.Handover.RepeatHoldoff 3000     [default]
GSM.Handover.ThresholdDelta 10     [default]
GSM.Identity.BSIC.BCC 2     [default]
GSM.Identity.BSIC.NCC 0     [default]
GSM.Identity.CI 421
GSM.Identity.LAC 1337
GSM.Identity.MCC 255
GSM.Identity.MNC 06   
GSM.MS.Power.Damping 50     [default]
GSM.MS.Power.Max 99
GSM.MS.Power.Min 66
GSM.MS.TA.Damping 50     [default]
GSM.MS.TA.Max 62     [default]
GSM.MaxSpeechLatency 2     [default]
GSM.Neighbors.NumToSend 8     [default]
GSM.Ny1 5     [default]
GSM.RACH.AC 65535
GSM.RACH.MaxRetrans 1     [default]
GSM.RACH.TxInteger 15
GSM.Radio.ARFCNs 1     [default]
GSM.Radio.Band 900     [default]
GSM.Radio.C0 80
GSM.Radio.MaxExpectedDelaySpread 2     [default]
GSM.Radio.PowerManager.MaxAttenDB 35
GSM.Radio.PowerManager.MinAttenDB 35
GSM.Radio.RSSITarget -60
Log.Alarms.Max 20     [default]
Log.Level NOTICE     [default]
TRX.IP 127.0.0.1     [default]
version
Tell me more...

mbts version
release 5.0.1 built Aug 24 2016 rev591
ybts version
Tell me more...
mbts noise
2016-08-25_01:15:50.638349 <gsmtrx:NOTE> ARFCN: 0: noise: -60 ; ARFCN: 1: noise: 0 ; ARFCN: 2: noise: 0 ; ARFCN: 3: noise: 0 ;
noise RSSI is -60 dB wrt full scale
MS RSSI target is -60 dB wrt full scale
mbts rxgain 15
2016-08-25_01:16:13.173708 <bladerf/4:INFO> RX VGA2 set to 15dB 0x5 (from 15) [0x7f409c027500]
current RX gain is 4 dB
new RX gain is 15 dB
2016-08-25_01:16:16.195652 <gsmtrx:MILD> Transmit underrun by 2 timeslots [0x7f409c012470]
mbts noise                                 
2016-08-25_01:16:30.489793 <gsmtrx:NOTE> ARFCN: 0: noise: -50 ; ARFCN: 1: noise: 0 ; ARFCN: 2: noise: 0 ; ARFCN: 3: noise: 0 ;
noise RSSI is -50 dB wrt full scale
MS RSSI target is -60 dB wrt full scale
2016-08-25_01:16:51.531001 <mbts:INFO> RadioResource.cpp:168:AccessGrantResponder: **Incoming Burst** lur=0 gprs=0 when=0:199374 age=3 TE=0 RSSI=-47 RA=0xc7
2016-08-25_01:16:51.531098 <mbts:NOTE> RadioResource.cpp:243:AccessGrantResponder: RACH burst for unsupported service RA=199
2016-08-25_01:16:51.531344 <mbts:INFO> RadioResource.cpp:282:AccessGrantResponder: sending L3ImmediateAssignment PageMode=(0) DedicatedModeOrTBF=(TMA=0 Downlink=0 DMOrTBF=0) ChannelDescription=(typeAndOffset=SDCCH/4-0 TN=0 TSC=2 ARFCN=80) RequestReference=(RA=0xc7 T=29646 T1'=22 T2=6 T3=15) TimingAdvance=0
2016-08-25_01:16:51.702429 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061e01a582f41005392f01)
2016-08-25_01:16:51.702653 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061d8e280000000000000000000000000000)
2016-08-25_01:16:51.887355 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061e01a582f41005392f01)
2016-08-25_01:16:52.358306 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061d8e280000000000000000000000000000)
2016-08-25_01:16:52.829255 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061e01a582f41005392f01)
2016-08-25_01:16:53.300185 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061d8e280000000000000000000000000000)
2016-08-25_01:16:53.771131 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061e01a582f41005392f01)
2016-08-25_01:16:54.242150 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061d8e280000000000000000000000000000)
2016-08-25_01:16:54.713049 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061e01a582f41005392f01)
2016-08-25_01:16:55.184043 <mbts:INFO> GSML2LAPDm.cpp:909:sendUFrameUI: obj: 0x1252f50 state=LinkReleased payload=primitive=UNIT_DATA raw=(061d8e280000000000000000000000000000)


As i see it, i get incoming bursts but don't do anything with them.

andrew77

  • Newbie
  • *
  • Posts: 30
    • View Profile
Re: Device auto-registration
« Reply #2 on: August 31, 2016, 05:40:20 AM »
Hello,
I've already posted that in this post: please read

http://forum.yate.ro/index.php?topic=1211.msg4328#msg4328

anyway I succeeded in doing that, I can help you,
you need to do a snapshot of the spectrum downlink of your operator you are intended to activate.
Remember that, once the procedure is up and working this is illegal since some UE (user equipment) around you could connect to your fake operator!
Before I want to ask you: what os are you using? because FW2.0 usb 3 doesn't work for yate bts:  http://www.nuand.com/fx3.php, new VID/PID are not recognized to yatebts, what version are you using?
Bye
Andrea

sertys

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Device auto-registration
« Reply #3 on: August 31, 2016, 08:07:52 AM »
Hey, Andrew, thank you for the response, will be messaging you. I'm using Yate from the SVN with ubuntu and it recognizes it fine. I will be messaging you privately for a further explanation.