Sending GSM Traffic and Channel Hopping

Contents

  1. About
  2. Channel Hopping
    1. Hopping
    2. Wideband
  3. Sending
    1. Brainstorming
    2. Links

1. About

This page contains various information for us to be able to receive channel hopping data and to transmit (tx) data.

2. Channel Hopping

The Channel Hopping Sequence is sent in cleartext to the phone. In practice all channel hopping frequencies are very close together and usually within the same 8Mhz range.

TODO:

  1. Need to decode the GSM message. Find channel hopping sequence (simple task).
  2. New frequency has to be sent from C space to python space (e.g. via block output to python space!). We can possibly use the Sagem trace mobile to find out if we decoded the channel hopping sequence correctly.
  3. Need to test if tune() is then fast enough. Does tune() discard bits or can we just count 156.25*7 bits after calling tune() to find the next GSM burst on the new frequency?

There are two different approaches: Either we really hop to the next frequency every 156.25*8 bit or we sample 8Mhz wideband and then extract the correct channel.

2.1. Hopping

Is tune() fast enough?

2.2. Wideband

Is this fast enough? Can we extract a single channel from a wideband sample? tvoid is working on this.

3. Sending

Most of the modulation, interleaving and encoding is already implemented in software. We need a way so that the USRP sends the packet with precision timing.

TODO:

  1. Link to other projects that use in-band signaling.

3.1. Brainstorming

  1. How can we verify that we are sending the correct data? Anyone who has GSM testing equipment (for rent?)

3.2. Links

  1. http://gnuradio.org/trac/wiki/InBandSignaling