[srslte-users] Trying to pickup broadcast messages 
ismael.gomez at softwareradiosystems.com
Thu Feb 18 12:46:06 UTC 2016
I think the best way to sniff PDCCH packets is modifying the pdsch_ue
example, just like the authors of the paper did. Actually it's really easy.
First thing to do is to instruct the pdsch_ue example to look for paging
messages in PDSCH, just past the paging RNTI (0xFFFE) with the option "-r"
to the program.
Then you need to modify the pdsch_ue example to print or save the decoded
messages. If you look at file srslte/examples/pdsch_ue.c, line 499, when
the program gets there it means it has successfully decoded a packet in
PDSCH. The packet should be in the "data" pointer. You can use the
function srslte_vec_fprint_byte() to print the hex string to stdout. Then
you can use your ASN decoder to decode the message. This site is also
Just copy & paste the hex string there and you'll get the decoded message.
On Thu, 18 Feb 2016 at 08:04 Ronning, Anthony <AnthonyRonning at my.unt.edu>
> Sending again because there were problems sending the first time and it
> seems to be working again..
> I'm an undergraduate researcher entering grad school next fall and I've
> picked up an interest in LTE networks and this srsLTE library. I have a
> USRP B200 and what I'm trying to do is pickup broadcast messages from LTE
> networks around me.
> I've used "cell_search" to find a couple frequencies I want to test on and
> then used pdsch_ue and cell_measurement on those frequencies. There's a
> couple things I have been trying to do but the end goal is all the same.
> Goal: Grab the GUTI/IMSI from broadcast messages that are being sent from
> the eNodeB.
> Possible solutions:
> 1) I'd like to view all of these messages in wireshark, but nothing
> shows up when I scan the localhost in wireshark. I tried using the '-s'
> option with pdsch_ue/cell_measurement to send UDP packets somewhere on the
> localhost, in an attempt for the data to go through wireshark, but nothing
> shows up. This might be out of the scope of srslte, but if anyone has any
> clue on doing so, that'd be great.
> 2) Alternatively, if I could extract them from within the program
> itself to a file, that'd be great. I have C knowledge and was looking
> through the header files from ue_dl.h, but I had trouble finding anything,
> and not sure if that's even the right place to look.
> 3)If there's a way to get the binary of the messages instead, I've
> seen some library's used to decode ASN.1 LTE messages so maybe I could use
> I'm tasked with some research based on a research paper a couple months
> ago (http://arxiv.org/pdf/1510.07563v1.pdf) where it says on page 4:
> "In order to sniff LTE broadcast channels, we utilized parts of srsLTE.
> It is a free library for software-defined radio mobile terminals
> and base stations. Currently, the project is developing a UE-side LTE
> baseband implementation.srsLTEuses Universal Hardware Device library to
> communicate with the USRP B210. Since all the passive sniffing is done in
> real-time, it is recommended to have a high-speed host (laptop) in order to
> handle the high (30.72 MHz) sampling rates with out data loss and also
> to maintain constant sync with eNodeBs.In particular, we used the
> pdsch-ue application to scan a specified frequency and detect
> surrounding eNodeBs. * It can listen and decode SIB messages
> broadcast by eNodeB.Further, we modified pdsch-ue to decode paging
> messages which are identified over-the-air with a Paging-Radio Network
> Temporary Identifier (P-RNTI). Upon its detection, GUTI(s)and/or
> IMSI(s) can be extracted out of paging messages*"
> Any insight as to how to go about this, or places to look within the code,
> would be greatly appreciated. I have researched out to one of those
> researchers just in case, but no response back (which is fine and to be
> expected). I've been at it for a couple weeks now, also researching other
> software, but no luck so far. I'm assuming it's the 65534 RNTI value I
> should be looking for here, but don't know how I would get any data from it
> when I use the pdsch-ue application.
> Thanks in advance,
> srslte-users mailing list
> srslte-users at lists.softwareradiosystems.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the srslte-users