Harald Welte's blog

Categories

Root (922)
- ccc (25)
- dect (1)
- electronics (12)
- gsm (61)
  - osmocom-bb (2)
- knf (4)
- linux (644)
  - a780 (39)
  - ath-driver (1)
  - conferences (111)
  - cyberjack (4)
  - gnuradio (5)
  - gpl-violations (120)
  - gspc (6)
  - mobile (21)
    - palm webos (1)
  - mrtd (34)
  - netfilter (115)
    - ct sync (6)
  - openmoko (51)
  - opentom (7)
  - samsung (1)
  - via (22)
- misc (13)
- personal (106)
  - bollywood (17)
  - taiwan (2)
- photography (9)
- politics (24)
  - swpat (3)

Archives

2010 (11)
- March (3)
- February (4)
- January (4)
2009 (146)
- December (8)
- November (9)
- October (21)
- September (9)
- August (8)
- July (12)
- June (18)
- May (9)
- April (14)
- March (9)
- February (12)
- January (17)
2008 (106)
- December (17)
- November (14)
- October (14)
- September (11)
- August (6)
- July (9)
- June (3)
- May (8)
- April (6)
- March (6)
- February (7)
- January (5)
2007 (53)
- December (9)
- November (5)
- October (3)
- September (6)
- August (3)
- July (3)
- June (3)
- April (3)
- March (6)
- February (7)
- January (5)
2006 (154)
- December (12)
- November (9)
- October (8)
- September (12)
- August (10)
- July (13)
- June (21)
- May (13)
- April (23)
- March (6)
- February (14)
- January (13)
2005 (248)
- December (8)
- November (25)
- October (33)
- September (22)
- August (17)
- July (30)
- June (27)
- May (21)
- April (14)
- March (22)
- February (13)
- January (16)
2004 (198)
- December (8)
- November (18)
- October (18)
- September (15)
- August (19)
- July (17)
- June (11)
- May (5)
- April (22)
- March (13)
- February (24)
- January (28)
2003 (5)
- December (3)
- November (1)
- September (1)
2002 (1)
- February (1)

Harald's Web
gnumonks.org
hmw-consulting.com

Projects
OpenBSC
gnufiish
deDECTed.org
OpenMoko
gpl-violations.org
gpl-devices.org
OpenEZX
OpenBeacon
OpenPCD
librfid
openmrtd
opentom.org
netfilter/iptables

Other Bloggers
Rusty Russell
David Miller
Martin Pool
Lawrence Lessig
Sirtaj Singh Kang
Jeremy Kerr
Atul Chitnis
Tim Pritlove
fukami
Michael Lauer
Stefan Schmidt
Kalyan Varma
David Burgess
Bradley M. Kuhn

Aggregators
kernelplanet.org
planet.netfilter.org
planet.openezx.org
planet.openmoko.org
planet.foss.in

Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.

Wed, 27 Jan 2010

Sorry for new blog updates

I've been busy day and night, hacking away on my latest pet project in the GSM field. In fact, it's been a long time since I've been able to dedicate so much time and energy into one particular project, without many distractions at all. The project is now finally looking quite promising and making nice progress throughout the last three weeks.

If progress continues, I hope in another week I'll be able to reveal what this is all about. I haven't felt this level of excitement since the early days of Openmoko :)

[ /gsm | permanent link ]

Fri, 08 Jan 2010

Illusions about MagicJack at CES

Many people have pointed out the MagicJack Femtocell product that has been announced at CES. I cannot really understand the big hype and news about it. Why? read further...

On the technical side, there is hardly anything new. Using projects like OpenBTS or OpenBSC, you can run your own GSM network and connect it to VoIP. Sure, the retail price of the MagicJack is much lower, but that's the economics of scale. As soon as OpenBSC support for one of the recent femtocells is done, we also have a much lower cost solution to the same problem.

On the legal and business side, I can see many problems for MagicJack:

To operate equipment in the GSM or 3G spectrum, you need a license. Since a nationwide GSM operator license is very expensive in about any country of the world, it is economically not an option. Selling the MagicJack devices without a license and leaving the spectrum license to the user will not work, or at least not long, since regulatory authorities and commercial operators are not going to let anyone deploy systems that interfere with their networks.
If you keep the Operator's SIM in the phone, and use that SIM on your own network you might at least violate the terms of services of the operator. The SIM card normally belongs to the operator, and it is part of the users business relationship with that operator. As such, you can not really use it with other networks. Sure, if you do this at home with your OpenBTS/OpenBSC installation, nobody will care. But if somebody is doing this commercially, and in a way that affects the sale of talk time of the regular operators, again it will not take long until the commercial operator will sue you.
Security. If you run your phone with a "foreign" SIM, you do not know the Ki on the SIM and thus cannot do cryptographic authentication and/or encryption. This is a big security issue. It is once again not an issue in your personal testbed setup, but it is going to be one if you do this at large scale as a mass market product.

So, as you can see: It's neither technically something exceptionally new, nor is it something that has a very promising business or legal outlook. The only way how a product like this would work is if it is authorized by the respective operator. But why would the operator authorize something that will take talk time away from his network and thus his revenue stream?

[ /gsm | permanent link ]

Thu, 07 Jan 2010

Planning for a GSM development board

I've finally found enough spare time to work on detailed plans for a GSM development board. The idea here is to have a 100% open hardware design with 100% free software that provides an inexpensive platform for GSM related R&D.

Initially the focus is on having a board that can behave like a GSM cellphone, next steps would be to have a multi-channel frequency-hopping receiver, and finally the option of using it as a BTS.

The idea is fairly simple: Take a commercial off-the-shelf analog baseband and RF circuit for GSM and attach it to a general purpose DSP, add some glue logic and go ahead. But the devil is in the details:

You want something where you can still find the parts on the market, but which still has sufficient leaked documentation that you can write an open source driver for it.
The requirements for a MS and a BTS are quite different. A phone never needs to continuously receive and transmit in all timeslots, e.g.
The requirement for a multi-channel frequency-hopping receiver is mainly a high number of receiver circuits, so the solution needs to scale to a larger number of receivers.
The analog baseband circuits often have quite obscure control interfaces which need to be driven. Custom peripherals in programmable logic (CPLD/FPGA) are required.
The TDMA nature has strict timing requirements. Normal processors and software-based mechanisms are not sufficient to trigger the required events and their sequencing at a high enough precision.

Anyway, there is sort of a first plan now, and the next weeks and months will be spent with refining the plans and building a first proof-of-concept prototype. Once that has proven to work, we want to go ahead with finishing the design for a real board, to be manufactured in sufficient quantities for interested parties.

Unless you have worked in GSM phone or base station hardware design or have a similar level of EE and DSP skills, please refrain from contacting me right now about how to join the project. We want to focus on getting things going first, then make a public release at a point where there is something that works sufficiently well that we can support a larger community of developers.

[ /gsm | permanent link ]

Sat, 02 Jan 2010

2010-01-02 / 2pm CET: Radio Interview at Deutschlandradio

The German radio station Deutschlandradio Kultur has invited Constanze Kurz (46halbe) and myself for interviews during today's Breitband radio show. We'll be talking about the 26C3, the Chaos Computer Club and - of course - GSM [in]security.

[ /gsm | permanent link ]

Harald Welte's blog

	RSS Categories Root (922) ccc (25) dect (1) electronics (12) gsm (61) osmocom-bb (2) knf (4) linux (644) a780 (39) ath-driver (1) conferences (111) cyberjack (4) gnuradio (5) gpl-violations (120) gspc (6) mobile (21) palm webos (1) mrtd (34) netfilter (115) ct sync (6) openmoko (51) opentom (7) samsung (1) via (22) misc (13) personal (106) bollywood (17) taiwan (2) photography (9) politics (24) swpat (3) Archives 2010 (11) March (3) February (4) January (4) 2009 (146) December (8) November (9) October (21) September (9) August (8) July (12) June (18) May (9) April (14) March (9) February (12) January (17) 2008 (106) December (17) November (14) October (14) September (11) August (6) July (9) June (3) May (8) April (6) March (6) February (7) January (5) 2007 (53) December (9) November (5) October (3) September (6) August (3) July (3) June (3) April (3) March (6) February (7) January (5) 2006 (154) December (12) November (9) October (8) September (12) August (10) July (13) June (21) May (13) April (23) March (6) February (14) January (13) 2005 (248) December (8) November (25) October (33) September (22) August (17) July (30) June (27) May (21) April (14) March (22) February (13) January (16) 2004 (198) December (8) November (18) October (18) September (15) August (19) July (17) June (11) May (5) April (22) March (13) February (24) January (28) 2003 (5) December (3) November (1) September (1) 2002 (1) February (1) Harald's Web gnumonks.org hmw-consulting.com Projects OpenBSC gnufiish deDECTed.org OpenMoko gpl-violations.org gpl-devices.org OpenEZX OpenBeacon OpenPCD librfid openmrtd opentom.org netfilter/iptables Other Bloggers Rusty Russell David Miller Martin Pool Lawrence Lessig Sirtaj Singh Kang Jeremy Kerr Atul Chitnis Tim Pritlove fukami Michael Lauer Stefan Schmidt Kalyan Varma David Burgess Bradley M. Kuhn Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.openmoko.org planet.foss.in Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.	Wed, 27 Jan 2010 Sorry for new blog updates I've been busy day and night, hacking away on my latest pet project in the GSM field. In fact, it's been a long time since I've been able to dedicate so much time and energy into one particular project, without many distractions at all. The project is now finally looking quite promising and making nice progress throughout the last three weeks. If progress continues, I hope in another week I'll be able to reveal what this is all about. I haven't felt this level of excitement since the early days of Openmoko :) [ /gsm \| permanent link ] Fri, 08 Jan 2010 Illusions about MagicJack at CES Many people have pointed out the MagicJack Femtocell product that has been announced at CES. I cannot really understand the big hype and news about it. Why? read further... On the technical side, there is hardly anything new. Using projects like OpenBTS or OpenBSC, you can run your own GSM network and connect it to VoIP. Sure, the retail price of the MagicJack is much lower, but that's the economics of scale. As soon as OpenBSC support for one of the recent femtocells is done, we also have a much lower cost solution to the same problem. On the legal and business side, I can see many problems for MagicJack: To operate equipment in the GSM or 3G spectrum, you need a license. Since a nationwide GSM operator license is very expensive in about any country of the world, it is economically not an option. Selling the MagicJack devices without a license and leaving the spectrum license to the user will not work, or at least not long, since regulatory authorities and commercial operators are not going to let anyone deploy systems that interfere with their networks. If you keep the Operator's SIM in the phone, and use that SIM on your own network you might at least violate the terms of services of the operator. The SIM card normally belongs to the operator, and it is part of the users business relationship with that operator. As such, you can not really use it with other networks. Sure, if you do this at home with your OpenBTS/OpenBSC installation, nobody will care. But if somebody is doing this commercially, and in a way that affects the sale of talk time of the regular operators, again it will not take long until the commercial operator will sue you. Security. If you run your phone with a "foreign" SIM, you do not know the Ki on the SIM and thus cannot do cryptographic authentication and/or encryption. This is a big security issue. It is once again not an issue in your personal testbed setup, but it is going to be one if you do this at large scale as a mass market product. So, as you can see: It's neither technically something exceptionally new, nor is it something that has a very promising business or legal outlook. The only way how a product like this would work is if it is authorized by the respective operator. But why would the operator authorize something that will take talk time away from his network and thus his revenue stream? [ /gsm \| permanent link ] Thu, 07 Jan 2010 Planning for a GSM development board I've finally found enough spare time to work on detailed plans for a GSM development board. The idea here is to have a 100% open hardware design with 100% free software that provides an inexpensive platform for GSM related R&D. Initially the focus is on having a board that can behave like a GSM cellphone, next steps would be to have a multi-channel frequency-hopping receiver, and finally the option of using it as a BTS. The idea is fairly simple: Take a commercial off-the-shelf analog baseband and RF circuit for GSM and attach it to a general purpose DSP, add some glue logic and go ahead. But the devil is in the details: You want something where you can still find the parts on the market, but which still has sufficient leaked documentation that you can write an open source driver for it. The requirements for a MS and a BTS are quite different. A phone never needs to continuously receive and transmit in all timeslots, e.g. The requirement for a multi-channel frequency-hopping receiver is mainly a high number of receiver circuits, so the solution needs to scale to a larger number of receivers. The analog baseband circuits often have quite obscure control interfaces which need to be driven. Custom peripherals in programmable logic (CPLD/FPGA) are required. The TDMA nature has strict timing requirements. Normal processors and software-based mechanisms are not sufficient to trigger the required events and their sequencing at a high enough precision. Anyway, there is sort of a first plan now, and the next weeks and months will be spent with refining the plans and building a first proof-of-concept prototype. Once that has proven to work, we want to go ahead with finishing the design for a real board, to be manufactured in sufficient quantities for interested parties. Unless you have worked in GSM phone or base station hardware design or have a similar level of EE and DSP skills, please refrain from contacting me right now about how to join the project. We want to focus on getting things going first, then make a public release at a point where there is something that works sufficiently well that we can support a larger community of developers. [ /gsm \| permanent link ] Sat, 02 Jan 2010 2010-01-02 / 2pm CET: Radio Interview at Deutschlandradio The German radio station Deutschlandradio Kultur has invited Constanze Kurz (46halbe) and myself for interviews during today's Breitband radio show. We'll be talking about the 26C3, the Chaos Computer Club and - of course - GSM [in]security. [ /gsm \| permanent link ]