Detecting IMSI Catchers

I was wondering how and if IMSI Catchers can be detected and how much work it would be to support that in OsmocomBB. The only problem is that I have not seen any IMSI Catchers, have not written one and have read too little about it.

So how does an IMSI Catcher operate? Well, I have no idea and need to speculate. In contrast to a real network it is only meant to be used by a few Mobile Stations (MS), it is supposed to be the most attractive Cell, by nature it should have more SDCCH than TCH.

The next step in thinking is to figure out how to achieve some of the above goals. As it should only work with a few handsets the System Information might/should contain an Access Class allowing only certain IMSIs to attach, one should see a lot of Location Updating Reject messages or unanswered messages. To be the most attractive cell the signal strength should be higher than the others, the channel configuration might be guessable by looking at the RACH and see which kind of channels are requested and assigned (keeping track of them).

The next thing would be to use a database like OpenCellID, or some other database and check if the LAC/CI has been seen in this area, comparing the SI to the other SIs of the same operator...

I plan to start such a thing as it is mostly about statistic and stochastic and I have become too rosty on these topics. The question is how likely (t-test) is that this SIx is coming from the real network, how likely is that this RACH pattern is coming from the real network.

any ideas and comments?

Going from dummy to real data

I was writing about my current QML project earlier and now was the time to go from dummy data to real ones. For the prototyping phase we were using models created with ListModel and the attributes we need in the UI. For some JavaScript code that is called to execute actions we were using ListModel.get(index) to get the item and then execute code.

The QML Documentation was bringing me very far. I was using the rootContext of the QDeclarativeView to add a controler object and the models to the QML runtime. The controler is called when the models needs to be updated, e.g. I am calling them from ScriptAction on state transitions. For QML a model only needs to set the rolenames and then handle the different roles. This was working quite nicely, and the old modeltest can help to debug the model.

After the above a simple ListView { model: myModel } will work nicely. Now I was writing about that we are using ListModel.get and I assumed that it would just magically work for my model as well, e.g. using the rolenames as well. From what I have seen that is not the case. This means your model needs to implement a Q_INVOKABLE QVariant get(int index); and internally use a QMap and somehow duplicate code that is already there.

Another problem came from updating models. This is something that does not happen with static data, but happens in my case. I was using the big hammer with beginResetModel() and endResetModel() in the model and on the QML side one can use onCountChanged in the ListView to handle a massive update and execute JavaScript. In my case this was used to automatically select the first item and set the currentIndex of another ListView.

More on bad webservices

I am using postfix on my server and it has the nice feature that it can move mails with +something at the end into a folder I want. This allows me to see who is selling my email address to which company and such. Now the downside is that many forms of webapps claim that my email address is not valid.

So today I was over at finanzen.net to try to register a new account and instead of telling me that they do not like my valid email address, they say the user name was already taken. I tried with many usernames (coming from pwgen) and all the same, it just started to work when removing the '+' from the username...

Now I tried to use their contact form to tell them that I would like to use their service but they have hired a company that has no clue about web programming... well it is ofcourse broken too...

It is 2010, there are so many good web frameworks around, why are proprietary webapps still so bad? Who is writing all that crap?

Tips and Tricks for QML

I would like to share some more information about how I resolve my QML issues. In my last post I got a friendly reply of hiding states and such information of a Component inside an Item of that component. This was a very good hint.

My application is making heavy use of delegates for the ListView, PathView, Repeater and sometimes qmlviewer stops displaying content with a warning: "QDeclarativeComponent: Component is not ready". In contrast to the many other places this error message is not very helpful. In all of my cases this error came from a syntax error (unbalanced {}), using a duplicate property or having fun with lists. So check your model (if it is static) and your delegate file for syntax errors, e.g. load them in the qmlviewer and see if the error message is changing.

IIRC writing something like Rectangle { Item {} Item{} } is just a short form for writing Rectangle { data: [ Item {}, Item {} ] }. Now with the shortened way one does not need to use "," at all, with the real list way, one may not have a "," after the last item. It is good that the syntax checker is so strong, it just happens to conflict with my C99 usage.

The application requires some kind of table display and in general ListView/PathView do not allow such models. My not so unique idea was to have a ListModel and then another ListModel hanging off as an property. So the first approach might look like the one below.

import Qt 4.7

ListModel {

ListElement {

moreData: ListModel {}

}

}

But it is not supported by QML and you will get a nice error telling you that this is not possible. The workaround is to use the simple [] way to create a model that is working on the views.

import Qt 4.7

ListModel {

ListElement {

moreData: [

ListElement {}

]

}

}

With the above I can use a Repeater/ListView inside a Component/Delegate with a model of this row and I have a small table view. With my current approach I have to use a Flickable and two Repeaters increasing my memory usage but that is acceptable for now.

QML and dealing with states

In the last days I have resumed my QML work (I had a small break to work on the MGCP GW code of OpenBSC to fix some real world issues) and there is one kind of issue I tend to run in and I wonder how others are solving it. Let us imagine we have a QML Component for a Button. The Button itself can hold a text (property alias text: buttonLabel.text) and the button has three states (enabled, focused, pressed) that depend on the MouseArea that inside the button as well. Actually this approach is directly coming from the many nice examples and demos provided by Nokia.

Now the problem is... I'm using the Button in many places and depending on some other external state the label of the Button should change and I keep writing things like this:

UI.Button {

id: text_button

text: 'My Text'

MouseArea {

anchors.fill: parent

onClicked: { console.log('clicked'); }

}




states: [

State {

name: 'some-state'

PropertyChanges {

target: text_button;

text: 'Other text'; }

}

/* more states... */

]

}

And then I am going to wonder why things don't work. The first issue is that my own MouseArea will receive the mouse click and the button will not work... but that is easily fixed. Do not add a custom MouseArea and have a clicked signal inside the button component. The second issue is with the states.. the above code is breaking the focus/pressed logic.

The way I am dealing with this kind of problem is to move the state into a parent and control the text from there. What is the proper way of solving this problem? Creating multiple buttons and control the visibility/opacity from outside? Duplicate the component states inside the custom states (cross product of my states and the component states)?

I know that talking about errors is bad as this will make people remember the wrong solution but I hope that other people stepping into these kind of problems will remember this as a possible problem..

Coscup2010/GNOME.Asia with strong web focus

On the following weekend the Coscup 2010/GNOME.Asia is taking place in Taipei. The organizers have decided to have a strong focus on the Web as can be seen in the program.

On saturday there are is a keynote and various talks about HTML5, node.js. The Sunday will see three talks touching WebKit/GTK+. There is one about building a tablet OS with WebKit/GTK+, one by Xan Lopez on how to build hybrid applications (a topic I have devoted moiji-mobile.com to) and a talk by me using gdb to explain how WebKit/GTK+ is working and how the porting layer interacts with the rest of the code.

I hope the audience will enjoy the presentations and I am looking forward to attend the conference, there is also a strong presence of the ex-Openmoko Taiwan Engineering team. See you on Saturday/Sunday and drop me an email if you want to talk about WebKit or GSM...

MGCP Road to Stability

I have spend the last week differently than I had planned. I have been to Iceland, the Hotel still didn't restart their DVB-S receivers or renewed their smartcards. So 13/16 Channels are stuck in different set-top box messages and only RTLII of Switzerland, BBC and Eurosport are fully functional. The sad part is thet one could receive China's CCTV program here...

I have spend the last week working on the MGCP Gateway of OpenBSC to allocate the network and the BSC/BTS port separately, to add a feature to forward the RTP stream from the BTS IN/OUT, NET IN/OUT to another system. On this different system one can use something like GStreamer to decode the stream and listen to it. This can be useful to debug when the voice doesn't arrive where it should.

In a network simulation with Linux's netem we have tried to simulate a bad vsat link and wanted to see how big the latency/jitter can be to still have an acceptable voice call and now I will play a bit with RTP jitterbuffers... This allows me to look at GStreamer once again to see if their jitter buffer is finally working.

Progress in OpenBSC

This is just a small list of things that have happened in OpenBSC:

• Introduce a GSM 08.08 BSC API to separate channel management from the MSC Code. This has also killed reference counting of our logical channels and we release channels a lot faster.
• Toying with USSD. I started to play with ASN.1 and generate USSD messages, right now we can send a unstructuredSS-Notify down to the Cellphone and play with the alerting types, sending a notifySS as part of the Setup message is not liked by phones yet.
• Splitting out the SCCP code into a new libosmo-sccp library, I have also put my MTP-Level3 code in there, so maybe we should call that library libosmo-ss7.
• I was writing my first C Node in Erlang to parse SCCP messages in C and return the result to erlang to Erlang code.
• The mgcp code can now dynamically loop/unloop the stream, patching the SSRC, seqno and timestamp.

In the next couple of days/weeks I want to continue working on the BSC API and then completly nuke the current on-waves/bsc-master branch as everything is merged back to master in a way better structure than it was in the branch. But today I am trying to make my code and the nanoBTS crash.... and figure out why it is doing that.