The "Deutsche Bahn" experience
Given that I'm a person who constantly interfaces with a very international
crowd and travel a lot, I used to be quite positive about the great railway
system Germany had. The comfortable travel in high-speed trains, with power
outlets under your seat, from one city center to another city center faster
than you would ever be with an airplane. Just enter a train, sit down, hack
for something like five hours straight the entire trip.
Now I know that the railway company "Deutsche Bahn" has had its fair share
of trouble in recent months with technical problems and what not. But given
the fact that those problems (resulting in less trains/cars being available)
exist for some three months now, I would suppose that they deal with this
Having said that, the online ticketing and reservation system made a
reservation in a car that doesn't actually exist in the train that I'm using
today. So I was confident that I had a reserved seat for the five hour trip
back to my family in southern Germany. What a misconception :(
How difficult can it be to update the reservation system with those trains /
car numbers that actually operate? Or at least refuse to make reservations
at all, if you cannot guarantee them? It would probably be a couple of SQL
updates here and there in the database.
This is not the kind of quality that I expect from DB. And I won't even start
to complain about the complete lack of heating in this particular car. There
we are in hyper-modern, super-silent train cars at 200+ kph, in the middle of
winter, without heating. Yes, I can wear a jacket, sure. But my fingers are
freezing from typing at this temperature. And no, gloves + keyboard don't make
a good combination. Maybe I should start bringing an electrically powered
heater net time, given the fact there is a power outlet...
Some more progress with the BS11 Abis (BSC) implementation
Very infrequently I've been reporting about my humble attempts in talking
the A-bis protocol to the Siemens BS11 microBTS GSM base station.
Since Dieter Spaar and myself are going to have a talk about this at the 25C3 in a couple of days, I'm
currently working every minute of each day to get that Free Software BSC-side
A-bis implementation going.
While the actual code is getting more and more in shape, I'm now back to
fixing the underlying infrastructure: mISDN. The mISDN kernel code base is
_really_ hard to understand... if I have problems with it - despite about a
decade of experience with network protocols and Linux kernel development - then
that probably says quite a bit about it. It would definitely benefit from
quite a bit more documentation. Anyway, it's FOSS, so no reason to complain.
Use the source, Luke.
So just about one hour before I had to leave to travel to my parents (where I
could not take a 48kg GSM BTS with me) I finally had mISDN in shape to be
able to support multiple TEIs with different SAPIs on the D Channel of timeslot 1
of the E1 interface carrying A-bis. My userspace code was happily sending and
receiving OML (Organization and Maintenance Layer) and RSL (Radio Signalling
Link) frames, while the L2ML (Layer 2 Management Layer) is entirely handled by
the slightly patched TEI manager that mISDN has in the kernel.
Funny enough, after initializing OML and RSL, the first unsolicited message I
got was the error event report about the 'intrusion detection' at the BTS, since
I was operating it with open connector panel ;)
So now I've returned to the actual BSC/MSC subset implementation. I'm still
confident to finish something that can handle reliably handle voice calls
between two handsets registered to that BTS. All on one TRX, no frequency hopping,
not using any A5 encryption. POGS (Plain-Old-GSM-System).
I'm very excited about everything that I've learned about the various
higher-layer parts of GSM in the last weeks since FOSS.in.
Let's hope that our software plus the presentation at 25C3 can trigger other
people to show similar enthusiasm about this topic. There's an almost endless
number of opportunities for GSM related security research out there.