The GSM Decode Project

This wiki is writeable for everyone. Add what you know. Delete what is wrong.

Contents

  1. About
  2. TODO
  3. WANTED
  4. Format
    1. Input Format
  5. List of Codecs
  6. De-Interleaving
  7. Example Data / Test Vectors
    1. Radio 4
  8. Links

1. About

This page contains information and source to decode the data from a Traffic CHannel (TCH). This pages defines the input format and output format for the conversion tool.

The output of the A5-Cracker is the pure 114 bit user data. This tools should interleave and convert the data to a readable format (to .wav, .pcm or .mp3 for voice and to .txt for SMS).

This page is not about decrypting GSM data. Please look at A5 Cracking Project.

2. TODO

  1. Define input format (xml?)

  2. Do we need FrameNumber information still? (no!).

  3. Split program in two parts: De-Interleaving and codec-decoding.

3. WANTED

  1. Examples and test vectors. Recorded GSM data without encryption. We can use the USRP to record a gsm converstaion if we manage to disable A5/1. One idea is to remove the SIM and do an emergency call (we failed doing this. Emergenyc call does not get connected. anyone?)
  2. Better understanding if we do de-interleaving and convolution-decoding here or if the input data is already decoded.

4. Format

4.1. Input Format

Input data is non-encrypted GSM burst data (114 bit per user data per burst). Start with human readable lines. If Line does not start with '#' interpret remaining data as binary content data. 

#Type: TCH
#Codec: FR
#ChunkSize: 33
#Other Meta Data: blah
#Data: 2007-10-17
#Time: 10:12:15
<binary data>

5. List of Codecs

  1. GSM-FR, also known as 'Regular Pulse Excitation-Long Term-Prediction-Liniear Predictive Coder (RPELTP). GSM-06.10.
  2. GSM Enhanced Full Rate (GSM-EFR) codec. GSM-06.90.
  3. GSM Half Rate (GSM-HR) codec.
  4. Adaptive Multi-Rate Narrowband (AMR-NB) GSM speech codec.
  5. Adaptive Multi-Rate Wideband (AMR-WB) GSM speech codec. ITU-T G.722.2 (3G)

6. De-Interleaving

For TCH the 456 bits is deconvoluted. Leaving 260 bits. For EFR a further 16 bits are removed (which are the CRC adn repeated bits) leaving 244 bits.

7. Example Data / Test Vectors

7.1. Radio 4

FR encoded BBC radio 4 news Each frame is 33 bytes long (264 bits, ignore the last 4 bits). The GSM 05.03 channel reorganisation has NOT been applied to the data (i.e. it's the 76 parameters output directly from the codec as a linear stream).

8. Links

Please add links to other codec libs here.

  1. Article by Richard Meston. Introduction to GSM vocoders. (must read!)

  2. Article by Richard Meston. GSM Codecs.

  3. http://kbs.cs.tu-berlin.de/~jutta/toast.html. Jutta's GSM decoding library. (Source).

  4. AMR source code library