aluminiumi / srsLTE-plus-sib12

Modification to srsLTE to enable wireless emergency alerts (WEA) via SIB-12 CMAS messages. CMU 14-829 Mobile & IoT Security project.
GNU Affero General Public License v3.0
25 stars 12 forks source link

I can not show any Emergency messages on my mobile. #7

Open stackprogramer opened 8 months ago

stackprogramer commented 8 months ago

I ran a srsenb (according to your source modification) with sib12 for an EU alert when I ran it my mobile wanted to auth it but my mobile did not show an EU alert I studied articles that EU alerts do not need to auth and registered...... But I can not show any Emergency messages on my mobile. Can you guide me or any offer for solving the problem.... Thanks in advance


Trying to open RF device 'UHD'
Opening USRP channels=1, args: type=x300,master_clock_rate=184.32e6
RF device 'UHD' successfully opened

==== eNodeB started ===
Type <t> to view trace
Setting frequency: DL=2160.0 Mhz, UL=1970.0 MHz for cc_idx=0 nof_prb=50
RACH:  tti=2401, cc=0, pci=9, preamble=29, offset=1, temp_crnti=0x46
RACH:  tti=2421, cc=0, pci=9, preamble=47, offset=0, temp_crnti=0x47
RACH:  tti=2441, cc=0, pci=9, preamble=30, offset=43, temp_crnti=0x48
RACH:  tti=2461, cc=0, pci=9, preamble=5, offset=7, temp_crnti=0x49
RACH:  tti=2461, cc=0, pci=9, preamble=11, offset=43, temp_crnti=0x4a
RACH:  tti=2461, cc=0, pci=9, preamble=16, offset=32, temp_crnti=0x4b
RACH:  tti=2481, cc=0, pci=9, preamble=5, offset=43, temp_crnti=0x4c
RACH:  tti=2481, cc=0, pci=9, preamble=10, offset=32, temp_crnti=0x4d
Disconnecting rnti=0x46.
Disconnecting rnti=0x47.
RACH:  tti=2501, cc=0, pci=9, preamble=1, offset=43, temp_crnti=0x4e
RACH:  tti=2501, cc=0, pci=9, preamble=6, offset=32, temp_crnti=0x4f
RACH:  tti=2501, cc=0, pci=9, preamble=28, offset=42, temp_crnti=0x50
SCHED: Could not transmit RAR within the window (RA=2501, Window=[2504, 2514), RAR=2521
Disconnecting rnti=0x48.
Disconnecting rnti=0x49.
Disconnecting rnti=0x4b.
Disconnecting rnti=0x4a.
Disconnecting rnti=0x4c.
Disconnecting rnti=0x4d.
Disconnecting rnti=0x50.
Disconnecting rnti=0x4f.
Disconnecting rnti=0x4e.
hiviah commented 4 months ago

I tried this fork with SIB12 on many phones, but none show alert.

I've tried also programming and using Sysmocom and Gialersim SIM cards to test if it works when RCC connect, attach, setup, security mode ... is complete (and doesn't fail on SecurityMode command) and it's connected to IP network.

Using QCSuper I am able to dump what packet the phone receives to check if the SIB12 is received succesfully. It seems based on generated PCAP (attached) and short screenshot of how phone receives SIB12 correctly:

image

Though it seems something is still missing, I think there is some Paging missing (or maybe other packet?) when the modified ENB blasts it with the SIB1 and then SIB2+SIB12 blocks.

Attaching PCAP for ENB and also PCAP from the phone:

SIB12_enb_and_phone_sysmocom_sim_pcaps.zip

stackprogramer commented 4 months ago

@hiviah Hi, Thanks for sharing logs, Another strange point that I saw in pcap file for mobile lte packets capture there is not any coding scheme field in sib12, although in this source code is resize to 48

hiviah commented 4 months ago

@stackprogramer I've looked over other issues, it seems it's also missing proper PCCH paging (see issue #4), which should be present if I remember the paper correctly.