Difference between revisions of "GSM"
| Samneurohack (talk | contribs) |  (→More ?) | ||
| (32 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| Work in Progress | Work in Progress | ||
| − | + | Yet another introduction to understand basically how GSM network works by experiencing them. This wiki uses an USB 3G modem.   | |
| = Setup = | = Setup = | ||
| − | *  | + | * Here a Huawei 1750 is used, many other should works. | 
| * Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it  8n1 9600 bauds, DTR/RTS ON on startup | * Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it  8n1 9600 bauds, DTR/RTS ON on startup | ||
| − | * Terminal software | + | * Terminal software : | 
| Linux : use picocom : picocom --echo /dev/ttyUSB2 | Linux : use picocom : picocom --echo /dev/ttyUSB2 | ||
| Line 15: | Line 15: | ||
| = AT commands = | = AT commands = | ||
| + | * Get sure it's working type : | ||
| − | * To enter a pin code (i.e 0000). If a pin authentication is required  | + | ATI<br> | 
| + | |||
| + | Manufacturer: huawei<br> | ||
| + | Model: E1750<br> | ||
| + | Revision: 11.XXXXXXXX<br> | ||
| + | IMEI: XXXXXXXXXXXXXXXXX<br> | ||
| + | +GCAP: +CGSM,+DS,+ES<br><br> | ||
| + | |||
| + | * To enter a pin code (i.e 0000). If a pin authentication is required do it, it's needed to use other commands like network interactions. | ||
| AT+CPIN=0000 | AT+CPIN=0000 | ||
| Line 26: | Line 35: | ||
| − | * AT+COPS=? Displays all available  | + | * AT+COPS=? Displays all available networks | 
| +COPS: (3,"F-Bouygues Telec","BYTEL","20820",2),(3,"Orange F","Orange","20801",2),(2,"F SFR","SFR","20810",2),(3,"","","20815",2),,(0,1,2,3,4),(0,1,2) | +COPS: (3,"F-Bouygues Telec","BYTEL","20820",2),(3,"Orange F","Orange","20801",2),(2,"F SFR","SFR","20810",2),(3,"","","20815",2),,(0,1,2,3,4),(0,1,2) | ||
| Line 33: | Line 42: | ||
| * AT+CREG displays other informations on the connected network. | * AT+CREG displays other informations on the connected network. | ||
| − | AT+CREG=2 Asks for advanced  | + | AT+CREG=2 Asks for advanced informations | 
| − | +CREG: 5,  | + | +CREG: 5, 55002A, 2ED3 | 
| − | + | 552A = 21802 = Location area number | |
| − | + | 2ED3 = 11987 = network cell ID | |
| + | |||
| + | Try also | ||
| + | |||
| + | AT+CREG? | ||
| + | |||
| + | +CREG: 2,5, 55002A,2ED3 | ||
| + | |||
| + | 2ED3 is the local network cell ID | ||
| Line 47: | Line 64: | ||
| = FAQ = | = FAQ = | ||
| − | |||
| * You may ask what happend if your have no available network around you (or if you're jammed ?)   | * You may ask what happend if your have no available network around you (or if you're jammed ?)   | ||
| − | + | MODE Command will probably display no service 0 and no submode 0 : ^MODE:0,0  | |
| + | <br> | ||
| + | AT+COPS? may answer 0 : +COPS: 0<br> | ||
| + | A service state change indication can also be displayed : ^SRVST:0 | ||
| + | <br> | ||
| + | * And when I got a network back online ? | ||
| + | Pretty much the same, you'll have service change ^SRVST, a new mode and obviously a new operator recognized with COPS command | ||
| + | <br> | ||
| + | * Are all networks around me legit ? | ||
| + | You may look at your GPS position, lookup for known networks at opencellid.org and compare. You can contribute to this project by exploring your environment. | ||
| − | *  | + | = More ? = | 
| − | + | * http://www.opencellid.org | |
| + | * https://blog.hqcodeshop.fi/archives/206-Running-AT-commands-on-your-B593.html | ||
| + | * https://www.sba-research.org/wp-content/uploads/publications/DabrowskiEtAl-IMSI-Catcher-Catcher-ACSAC2014.pdf | ||
| + | * http://niviuk.free.fr/index.html | ||
Latest revision as of 10:27, 21 May 2015
Work in Progress
Yet another introduction to understand basically how GSM network works by experiencing them. This wiki uses an USB 3G modem.
Contents
Setup
- Here a Huawei 1750 is used, many other should works.
- Serial port connection. It should bring 3 things in /dev, like ttyUSB0, ttyUSB1 and ttyUSB2 in Linux. Use it 8n1 9600 bauds, DTR/RTS ON on startup
- Terminal software :
Linux : use picocom : picocom --echo /dev/ttyUSB2
OS X: i.e coolterm. Use tty.HUAWEIMobile-Pcui among the 3 serial ports tty.HUAWEIMobile-Diag, tty.HUAWEIMobile-Modem, tty.HUAWEIMobile-Pcui
AT commands
- Get sure it's working type :
ATI
Manufacturer: huawei
Model: E1750
Revision: 11.XXXXXXXX
IMEI: XXXXXXXXXXXXXXXXX
+GCAP: +CGSM,+DS,+ES
- To enter a pin code (i.e 0000). If a pin authentication is required do it, it's needed to use other commands like network interactions.
AT+CPIN=0000
- AT+COPS? display the connected network, name and some infos
+COPS: 0,0,"F SFR",2
- AT+COPS=? Displays all available networks
+COPS: (3,"F-Bouygues Telec","BYTEL","20820",2),(3,"Orange F","Orange","20801",2),(2,"F SFR","SFR","20810",2),(3,"","","20815",2),,(0,1,2,3,4),(0,1,2)
- AT+CREG displays other informations on the connected network.
AT+CREG=2 Asks for advanced informations
+CREG: 5, 55002A, 2ED3
552A = 21802 = Location area number
2ED3 = 11987 = network cell ID
Try also
AT+CREG?
+CREG: 2,5, 55002A,2ED3
2ED3 is the local network cell ID
- AT+CSQ Displays the radio quality
+CSQ: 10,99
FAQ
- You may ask what happend if your have no available network around you (or if you're jammed ?)
MODE Command will probably display no service 0 and no submode 0 : ^MODE:0,0 
AT+COPS? may answer 0 : +COPS: 0
A service state change indication can also be displayed : ^SRVST:0
- And when I got a network back online ?
Pretty much the same, you'll have service change ^SRVST, a new mode and obviously a new operator recognized with COPS command
- Are all networks around me legit ?
You may look at your GPS position, lookup for known networks at opencellid.org and compare. You can contribute to this project by exploring your environment.


