Difference between revisions of "GSM"

From Tmplab
(FAQ)
(More ?)
 
(28 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
Work in Progress
 
Work in Progress
  
This page is meant to understand how GSM network works by experiencing it. This wiki uses an USB 3G modem. Yet another help.
+
Yet another introduction to understand basically how GSM network works by experiencing them. This wiki uses an USB 3G modem.  
  
 
= Setup =
 
= Setup =
  
* Use a Huawei 1750
+
* Here a Huawei 1750 is used, many other should works.
 
* Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it  8n1 9600 bauds, DTR/RTS ON on startup
 
* Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it  8n1 9600 bauds, DTR/RTS ON on startup
* Terminal software
+
* Terminal software :
  
 
Linux : use picocom : picocom --echo /dev/ttyUSB2
 
Linux : use picocom : picocom --echo /dev/ttyUSB2
Line 15: Line 15:
 
= AT commands =
 
= AT commands =
  
 +
* Get sure it's working type :
  
* To enter a pin code (i.e 0000). If a pin authentication is required if needed to use other commands like network interactions.
+
ATI<br>
 +
 
 +
Manufacturer: huawei<br>
 +
Model: E1750<br>
 +
Revision: 11.XXXXXXXX<br>
 +
IMEI: XXXXXXXXXXXXXXXXX<br>
 +
+GCAP: +CGSM,+DS,+ES<br><br>
 +
 
 +
* To enter a pin code (i.e 0000). If a pin authentication is required do it, it's needed to use other commands like network interactions.
  
 
AT+CPIN=0000
 
AT+CPIN=0000
Line 35: Line 44:
 
AT+CREG=2 Asks for advanced informations
 
AT+CREG=2 Asks for advanced informations
  
+CREG: 5, 460055, 8BF06F
+
+CREG: 5, 55002A, 2ED3
 +
 
 +
552A = 21802 = Location area number
 +
 
 +
2ED3 = 11987 = network cell ID
  
4655 = 18005 = Location area number
+
Try also
  
8BF06F = 7516441 = network cell ID
+
AT+CREG?
 +
 
 +
+CREG: 2,5, 55002A,2ED3
 +
 
 +
2ED3 is the local network cell ID
  
  
Line 47: Line 64:
  
 
= FAQ =
 
= FAQ =
 
 
* You may ask what happend if your have no available network around you (or if you're jammed ?)  
 
* You may ask what happend if your have no available network around you (or if you're jammed ?)  
 
MODE Command will probably display no service 0 and no submode 0 : ^MODE:0,0  
 
MODE Command will probably display no service 0 and no submode 0 : ^MODE:0,0  
 
<br>
 
<br>
COPS may answer 0 : +COPS: 0
+
AT+COPS? may answer 0 : +COPS: 0<br>
 
A service state change indication can also be displayed : ^SRVST:0
 
A service state change indication can also be displayed : ^SRVST:0
 +
<br>
 +
* And when I got a network back online ?
 +
Pretty much the same, you'll have service change ^SRVST, a new mode and obviously a new operator recognized with COPS command
 +
<br>
 +
* Are all networks around me legit ?
 +
You may look at your GPS position, lookup for known networks at opencellid.org and compare. You can contribute to this project by exploring your environment.
  
* Are all networks around me legit ?
+
= More ? =
You may look at your GPS position, lookup for known networks at opencellid.org and compare.
+
* http://www.opencellid.org
 +
* https://blog.hqcodeshop.fi/archives/206-Running-AT-commands-on-your-B593.html
 +
* https://www.sba-research.org/wp-content/uploads/publications/DabrowskiEtAl-IMSI-Catcher-Catcher-ACSAC2014.pdf
 +
* http://niviuk.free.fr/index.html

Latest revision as of 10:27, 21 May 2015

Work in Progress

Yet another introduction to understand basically how GSM network works by experiencing them. This wiki uses an USB 3G modem.

Setup

  • Here a Huawei 1750 is used, many other should works.
  • Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it 8n1 9600 bauds, DTR/RTS ON on startup
  • Terminal software :

Linux : use picocom : picocom --echo /dev/ttyUSB2

OS X: i.e coolterm. Use tty.HUAWEIMobile-Pcui among the 3 serial ports tty.HUAWEIMobile-Diag, tty.HUAWEIMobile-Modem, tty.HUAWEIMobile-Pcui

AT commands

  • Get sure it's working type :

ATI

Manufacturer: huawei
Model: E1750
Revision: 11.XXXXXXXX
IMEI: XXXXXXXXXXXXXXXXX
+GCAP: +CGSM,+DS,+ES

  • To enter a pin code (i.e 0000). If a pin authentication is required do it, it's needed to use other commands like network interactions.

AT+CPIN=0000


  • AT+COPS? display the connected network, name and some infos

+COPS: 0,0,"F SFR",2


  • AT+COPS=? Displays all available networks

+COPS: (3,"F-Bouygues Telec","BYTEL","20820",2),(3,"Orange F","Orange","20801",2),(2,"F SFR","SFR","20810",2),(3,"","","20815",2),,(0,1,2,3,4),(0,1,2)


  • AT+CREG displays other informations on the connected network.

AT+CREG=2 Asks for advanced informations

+CREG: 5, 55002A, 2ED3

552A = 21802 = Location area number

2ED3 = 11987 = network cell ID

Try also

AT+CREG?

+CREG: 2,5, 55002A,2ED3

2ED3 is the local network cell ID


  • AT+CSQ Displays the radio quality

+CSQ: 10,99

FAQ

  • You may ask what happend if your have no available network around you (or if you're jammed ?)

MODE Command will probably display no service 0 and no submode 0 : ^MODE:0,0
AT+COPS? may answer 0 : +COPS: 0
A service state change indication can also be displayed : ^SRVST:0

  • And when I got a network back online ?

Pretty much the same, you'll have service change ^SRVST, a new mode and obviously a new operator recognized with COPS command

  • Are all networks around me legit ?

You may look at your GPS position, lookup for known networks at opencellid.org and compare. You can contribute to this project by exploring your environment.

More ?