search

P1sec / QCSuper

QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.
GNU General Public License v3.0
1.37k stars 243 forks source link

Quectel BG96 NB-Iot Module: wireshark RRC decoding not working #49

Closed fasferraz closed 4 years ago

fasferraz commented 4 years ago

Hi, I was trying to use QCSuper with this Quectel module, but it did no show any RRC messages in wireshark. I found there are new channel_types specific for NB-IOT (--verbose). After looking at the code, i did some experiments and solve the issue, at least for the channel_types the module is sending at the moment.

The changes i did were the following:

File log_types.py:

LTE_UL_CCCH_NB = 50
LTE_DL_CCCH_NB = 48
LTE_UL_DCCH_NB = 52
LTE_DL_DCCH_NB = 49
LTE_PCCH_NB = 47
LTE_BCCH_DL_SCH_NB = 46

File gsmtap.py (i just updated according to most recent taps):

GSMTAP_LTE_RRC_SUB_BCCH_BCH_Message_MBMS = 8 GSMTAP_LTE_RRC_SUB_BCCH_DL_SCH_Message_BR = 9 GSMTAP_LTE_RRC_SUB_BCCH_DL_SCH_Message_MBMS = 10 GSMTAP_LTE_RRC_SUB_SC_MCCH_Message = 11 GSMTAP_LTE_RRC_SUB_SBCCH_SL_BCH_Message = 12 GSMTAP_LTE_RRC_SUB_SBCCH_SL_BCH_Message_V2X = 13 GSMTAP_LTE_RRC_SUB_DL_CCCH_Message_NB = 14 GSMTAP_LTE_RRC_SUB_DL_DCCH_Message_NB = 15 GSMTAP_LTE_RRC_SUB_UL_CCCH_Message_NB = 16 GSMTAP_LTE_RRC_SUB_UL_DCCH_Message_NB = 17 GSMTAP_LTE_RRC_SUB_BCCH_BCH_Message_NB = 18 GSMTAP_LTE_RRC_SUB_BCCH_BCH_Message_TDD_NB = 19 GSMTAP_LTE_RRC_SUB_BCCH_DL_SCH_Message_NB = 20 GSMTAP_LTE_RRC_SUB_PCCH_Message_NB = 21 GSMTAP_LTE_RRC_SUB_SC_MCCH_Message_NB = 22

File pcap_dump.py:

I added the last 6 lines:

        gsmtap_channel_type = {
            LTE_BCCH_DL_SCH: GSMTAP_LTE_RRC_SUB_BCCH_DL_SCH_Message,
            LTE_PCCH: GSMTAP_LTE_RRC_SUB_PCCH_Message,
            LTE_DL_CCCH: GSMTAP_LTE_RRC_SUB_DL_CCCH_Message,
            LTE_DL_DCCH: GSMTAP_LTE_RRC_SUB_DL_DCCH_Message,
            LTE_UL_CCCH: GSMTAP_LTE_RRC_SUB_UL_CCCH_Message,
            LTE_UL_DCCH: GSMTAP_LTE_RRC_SUB_UL_DCCH_Message,
            LTE_UL_CCCH_NB: GSMTAP_LTE_RRC_SUB_UL_CCCH_Message_NB,
            LTE_DL_CCCH_NB: GSMTAP_LTE_RRC_SUB_DL_CCCH_Message_NB,
            LTE_UL_DCCH_NB: GSMTAP_LTE_RRC_SUB_UL_DCCH_Message_NB,
            LTE_DL_DCCH_NB: GSMTAP_LTE_RRC_SUB_DL_DCCH_Message_NB,
            LTE_PCCH_NB: GSMTAP_LTE_RRC_SUB_PCCH_Message_NB,
            LTE_BCCH_DL_SCH_NB: GSMTAP_LTE_RRC_SUB_BCCH_DL_SCH_Message_NB
        }.get(channel_type)

I commented this part (because it was just reducing channel_type by 7):

        #if channel_type > LTE_UL_DCCH:
        #    channel_type -= 7

if you want to keep this part of the code, you need to decrease by 7 the new log_types added in log_types.py file.

If you find new channel_types please inform. Thanks.

p1-mmr commented 4 years ago

Thank you! This change was implemented in commit 0371131.

fasferraz commented 4 years ago

Sorry, you need to change also this part in pcap_dump.py to include the new Uplink NB channels:

        is_uplink = channel_type in (
            LTE_UL_CCCH,
            LTE_UL_DCCH
        )

to:

        is_uplink = channel_type in (
            LTE_UL_CCCH,
            LTE_UL_DCCH,
            LTE_UL_CCCH_NB,
            LTE_UL_DCCH_NB
        )
p1-mmr commented 4 years ago

Thanks again, fixed in commit 15e7a4e