HackRF and gsm

[bytedeez]

New to SDR. Was wondering if the hackRF one would be suitable for gsm basestation implementations? And what are the Pros and cons compared to the usrp b200?

[Guest spazi]

I believe osman said that you need two hackrf to do gsm stuff, one for rx and one for tx.

[WindyCitySDR]

New to SDR.

1. Was wondering if the hackRF one would be suitable for gsm basestation implementations?

2. And what are the Pros and cons compared to the usrp b200?

2. Answer to your 2nd question first because it is important:

Re: [Openbts-discuss] Problem with OpenBTS 5.0.0 and B210

From: Robert Light <robert.light@gm...> - 2014-08-04 19:57:08

B200/B210 is a piece of !$&§"%& when used with OpenBTS. (sorry for !$&§"%&) I had about 20 of them and none of them worked out of the box with OpenBTS. USRP1 was more reliable. The first thing- 10MHz external reference is a MUST and not "optional" or "recommended" like some websites say.  B2x0 has poorly designed reference clock circuitry and many other mistakes in the RF shared with already ancient USRP1 design.  (Balint I did notice your ettus.com email, and please really, really donot take this email personally. Ettus.com made me angry in the past withthis "commercial policy", that I designed my own hardware for OpenBTS.)

But Damavox, Robert Light, who is no idiot, noted the below as well:

Re: [Openbts-discuss] Problem with OpenBTS 5.0.0 and B210

From: Robert Light <robert.light@gm...> - 2014-08-05 07:11:36

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div><div>Hi Balint,</div><div>Thanks for the patch. I will have a look at it later.</div><div>Let me explain the issue with the clock. Ettus designed the clock with a VCXO and a PLL. VCXO is, I think 0.5ppm, which would be good enough even for OpenBTS. But Ettus wants people to buy also a very expensive GPSDO, so to break the things for more demanding applications, like OpenBTS, they decided to put bias resistors on the control voltage pin of the VCXO, which will deliberately de-tune a good quality clock. http://sourceforge.net/p/openbts/mailman/message/32682873/

Answer to your 1st question:

[Hackrf-dev] IMSI Catcher or SMS Advert

Michael Ossmann mike at ossmann.com

Tue Jul 15 17:48:32 EDT 2014

• Previous message: [Hackrf-dev] IMSI Catcher or SMS Advert
• Next message: [Hackrf-dev] Open Sourece IMSI Catcher ---> Re: IMSI Catcher or SMS Advert
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is theoretically possible to implement a GSM basestation functionwith a pair of HackRFs (for full-duplex operation), but nobody hasworked on this yet that I know of.On Sun, Jul 13, 2014 at 12:31:05AM +0400, Venkatesh S wrote:>> Hello all,> > > As part of my GSM Security research I am supposed to implement SMS> Advertiser by doing MITM over GSM and send mass SMS by catching IMSI of> registered mobile.> > For this I initially selected B200 Ettus and with WBX daughter and while> exploring other cost effective options I reached HackRF. But HackRF seems> to be half duplex will I be able to manage my requirement with this ?> > Please suggest me thank you.> > > Regards,> Venky> _______________________________________________> HackRF-dev mailing list> HackRF-dev at greatscottgadgets.com> http://nine.pairlist.net/mailman/listinfo/hackrf-devDamavox, there is a movement AWAY from using Ettus Research products because of:

Re: [Discuss-gnuradio] USRP design is [NOT] free

From: Moeller Subject: Re: [Discuss-gnuradio] USRP design is free

Date: Sat, 22 Jan 2011 13:15:17 +0100

I got no answer to the question if USRP is open hardware or not.On the website they declared it as open hardware, but from the copyright,the missing EDA files I doubt it. It seems to be more a commercialhardware with schematics published (as many other commercial hardware).> on the list at the time of the National Instruments acquisition, inI think Gnuradio should not depend too much on such a big company.That's why I would prefer open and public-domain hardware.

http://lists.gnu.org/archive/html/discuss-gnuradio/2011-01/msg00533.html

Damavox, Matt Ettus got the " Open Source Community " to believe if they created Open Source applications around his hardware, he too would be " Open Source ".

Matt Ettus has profited from this deception, as it is amply documented from the 2011 post above

while being able to talk to HIS paying customers just like this:

Re: [Openbts-discuss] Problem with OpenBTS 5.0.0 and B210

From: Matt Ettus <matt@et...> - 2014-08-05 15:55:09

Attachments: Message as HTML

Robert,You are making some very strong accusations which have absolutely no basisin fact.  My specific responses are below.On Tue, Aug 5, 2014 at 12:11 AM, Robert Light <robert.light@...> wrote:>  Hi Balint,> Thanks for the patch. I will have a look at it later.> Let me explain the issue with the clock. Ettus designed the clock with a> VCXO and a PLL. VCXO is, I think 0.5ppm, which would be good enough even> for OpenBTS.>No.  The VCXO on the board has a +/- 2.0 ppm specification.> But Ettus wants people to buy also a very expensive GPSDO, so to break the> things for more demanding applications, like OpenBTS, they decided to put> bias resistors on the control voltage pin of the VCXO, which will> deliberately de-tune a good quality clock.>We would never intentionally degrade performance, for any reason.  I findyour accusation offensive.Secondly, the purpose of the resistors is to bias the control voltage tothe midpoint when it is not being controlled by the PLL chip, which wouldminimize frequency error.> You can figure out the hardware fix now.> I do use kalibrate in order estimate the clock offset and believe me, I> had about twenty B2x0 and none of them had an offset below 1kHz. And it> drifts badly with temperature and power supply variations.>At 900 MHz, a 1 kHz offset is 1.1 ppm, well within the spec of the VCXO.>  For everyone who has a problems getting phones to work with B2x0, do> what Balint says. Run kalibrate. You wanna see an offset below 100Hz, 200Hz> is still ok, most phones will work if offset is below 500Hz, above that you> will start having problems even with very "forgiving" phones, above 1kHz> you need to take action on your hardware.>> (Balint I did notice your ettus.com email, and please really, really do> not take this email personally. Ettus.com made me angry in the past with> this "commercial policy", that I designed my own hardware for OpenBTS.)>>I don't know what "commercial policy" you are talking about, but as theperson whose name goes on all these products, I do take this personally. You are making unfounded accusations about our motives.http://sourceforge.net/p/openbts/mailman/message/32684517/

I'm going to be uploading a screencase of the Windows GSM Base Station interface in the other thread shortly due to the growing demand of the HandHeldSDR.

Edited August 8, 2014 by WindyCitySDR

[bytedeez]

Thanks to the both of you.

I checked out your windows handheld sdr and would love to purchase.

[bobjones]

damavox,

I happened to stumble across this, and I wanted to caution you. "WindyCitySDR" is an ex-con named Martin O'Shield. He has spent a good part of the last couple years aggressively attacking Ettus Research, Range Networks, and the RTLSDR, OpenBTS and GNU Radio Communities, etc for unknown reasons.

He has been particularly aggressive toward Ettus employees for some reason; so I would certainly take anything he says about that company with a large grain of salt... for example, the post he listed above is from the OpenBTS mailing list; and was addressed by multiple Ettus employees and stemmed from the original author being confused about the frequency accuracy of the included oscillator. B2xx work just fine for OpenBTS provided you deal with the frequency offset (not hard). Just about the entire community is very pleased with Ettus products - the only real downside is the cost.

I don't know why he has chosen the software radio community to pollute, but we all wish he would go away! Nobody in the community takes him seriously but he does present a very poor image for us. Of course, it's up to you but I felt compelled to give you a heads up.

- GNU Radio Community Member

[bytedeez]

damavox,

I happened to stumble across this, and I wanted to caution you. "WindyCitySDR" is an ex-con named Martin O'Shield. He has spent a good part of the last couple years aggressively attacking Ettus Research, Range Networks, and the RTLSDR, OpenBTS and GNU Radio Communities, etc for unknown reasons.

He has been particularly aggressive toward Ettus employees for some reason; so I would certainly take anything he says about that company with a large grain of salt... for example, the post he listed above is from the OpenBTS mailing list; and was addressed by multiple Ettus employees and stemmed from the original author being confused about the frequency accuracy of the included oscillator. B2xx work just fine for OpenBTS provided you deal with the frequency offset (not hard). Just about the entire community is very pleased with Ettus products - the only real downside is the cost.

I don't know why he has chosen the software radio community to pollute, but we all wish he would go away! Nobody in the community takes him seriously but he does present a very poor image for us. Of course, it's up to you but I felt compelled to give you a heads up.

- GNU Radio Community Member

Thanks Bobjones for a heads up. Ettus is a favorite among Pros. Can Someone who isn't new to this forum back up this claim?

[bobjones]

While you are waiting, here is some background reading - you don't need to take my word :)

Very odd twitter posts mocking organizations/companies/conferences he doesn't like: https://twitter.com/WindyCitySDR

Last week's banning (again) on OpenBTS forum: http://sourceforge.net/p/openbts/mailman/message/32682120/

One of his several Reddit accounts, announcing the same product he is pitching here. The comments on this one are particularly entertaining: http://www.reddit.com/r/GNURadio/comments/23vm9p/gnuradio_compatible_handheld_wideband_33mhz/

Other strange comments on Reddit: http://www.reddit.com/r/GNURadio/comments/2433lu/fyi_further_discussion_of_nontechnical_matters/

GNU Radio posts where he is again called out for his antics (this time by Tom Rondeau, GNU Radio's maintainer): http://lists.gnu.org/archive/html/discuss-gnuradio/2014-04/msg00423.html

A very bizarre international IP battle he gets into with some Indians on the GR Message board: http://lists.gnu.org/archive/html/discuss-gnuradio/2013-07/msg00049.html The product under discussion is a USRP1 ripoff.

That's just to name a few...

For the record, his new one might be an awesome SDR and I'm not saying stay away (though I will be...), I just want you and everyone else to be careful and know what you are getting into.

Bob.

[bytedeez]

Without a doubt he has a vendetta against ettus. What I'm concerned about is if he is actually offering a genuine gsm capable sdr transceiver and does his advertising match the quality of the product.

[bobjones]

I suspect his product does work, though I doubt the release date - this has been 'available very soon' for about a year and a half now.

It's almost entirely based off the USRP1, and I'm pretty sure it uses USRP1 code for the FX2 and FPGA given that it uses the long-since deprecated Ettus libusrp driver. The hardware isn't terribly complex and the Ettus firmware/software has been extensively used so I would guess it would work at near USRP1 performance levels.

Good luck.

[bytedeez]

Well honestly for $300 if it comes close I would still buy. I mean to do the same with the hackRF it would require me to purchase 2 of them.

As far as his attack on Ettus, he is the uunderdog, so it's expected.

[bobjones]

I would certainly hope nobody would _expect_ a professional to conduct themselves in that way, nor condone it; against their competition (Ettus), perceived competition (Range), potential customers or anyone on the internet.

Anyhow; best of luck to you, I hope your research goes well.

[bytedeez]

Thanks Bobjones!I am just playing the middle on it. If this is real, I personally don't mind his actions. It's kinda charismatic.

[KD6W]

Thanks Bobjones for a heads up. Ettus is a favorite among Pros. Can Someone who isn't new to this forum back up this claim?

I own both, USRP and now HackRF1. I have been using the USRP B200 for my work in DTV testing/simulation for months and also playing around with ham radio. I'm more of a blue hat tester, iow - nothing to do with pen testing. I'll have more input on the HackRF later, as I'm busy on other fronts.