Open source 4G radio

18
Open-source 4G radio: It's time to start WiMAX and LTE hacking Alexander Chemeris

Transcript of Open source 4G radio

Page 1: Open source 4G radio

Open-source 4G radio:It's time to start WiMAX and LTE hacking

Alexander Chemeris

Page 2: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Disclaimer

I'm not an expert,I'm a hacker.

Page 3: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

I'm hacking WiMAX.

You should too.

Page 4: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Mobile WiMAX● Standardized by WiMAX Forum● Air interface - a profile of IEEE 802.16-

2009 OFDMA mode.● IEEE 802.16 — http://goo.gl/SUpqE● WiMAX profies — http://goo.gl/k1xjK

● Deployed release 1.5.● Core network - IETF protocols

Page 5: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Mobile WiMAX vs LTE

Mobile WiMAX ● developed by Internet Providers community● «evolution of WiFi»● appeared first

LTE● developed by telecom community● based on WiMAX ideas● but with other patents

Page 6: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Orthogonal frequency-division multiplexing (OFDM)

Refer to "Intuitive Guide to Principles of Communications"Tutorial 22 - Orthogonal Frequency Division Multiplex (OFDM, DMT):http://www.complextoreal.com/chapters/ofdm2.

Page 7: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

OFDMA (frequency)

user 1

combined

user 4

user 3

user 2

frequency

Page 8: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

OFDMA (time and frequency)

Page 9: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

TDD and FDD

DL

UL

DL UL DL UL

Frequency DivisionDuplexing (FDD)

Time DivisionDuplexing (FDD)

default

radioframe

radioframe

radioframe

DL

UL

radioframe

time

freq

uen c

y

Page 10: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

WiMAX frame

Page 11: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

WiMAX frame

Page 12: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

OFDMA frame

Page 13: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Mobile WiMAX● Many bands, mostly 2 GHz — 5 GHz● Scalable bandwidth: 1.5 MHz — 20 MHz● Usually TDD● Supports various MIMO and beam-forming

Page 14: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

LTE differences● Uplink uses SC-FDMA for power efficiency● Power efficient synchronization● More dynamic parameters at PHY level● Hierarchical telecom-like protocol

For details: http://goo.gl/HAAgm

Page 15: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

wimax-scanner ● Mobile WiMAX receiver● LGPL● Matlab code for broadcast decoding● Wireshark for MAC layer decoding

http://code.google.com/p/wimax-scanner

Page 16: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

wimax-scanner ToDo● Port to C(++)● Improve algorithms in Matlab● More WiMAX recordings● More WiMAX recordings in MIMO mode● Transmitter side

http://code.google.com/p/wimax-scanner

Page 17: Open source 4G radio

Alexander Chemeris @chemeris [email protected]

Other open-source 3G&4G

UMTS and LTE implementations in GPL

http://www.openairinterface.org

● Closed style development● Targets academia● Hackers should engage

Page 18: Open source 4G radio

Alexander Chemeris

[email protected]: @chemeris

Radio Villagelocal GSM: 901138


OpenAirInterface (OAI): A flexible open-source 4G/5G …andreatassi.uk/talks/oai.pdf · OpenAirInterface (OAI): A flexible open-source ... open-source 3GPP LTE implementation ...

OpenAirInterface (OAI): A flexible open-source 4G/5G …andreatassi.uk/talks/oai.pdf · OpenAirInterface (OAI): A flexible open-source ... open-source 3GPP LTE implementation ...

BROADBAND RADIO INTERFACES DESIGN FOR ”4G AND BEYOND ...eprints-phd.biblio.unitn.it/1619/1/PhD-Thesis.pdf · BROADBAND RADIO INTERFACES DESIGN FOR ”4G AND BEYOND” CELLULAR SYSTEMS

BROADBAND RADIO INTERFACES DESIGN FOR ”4G AND BEYOND ...eprints-phd.biblio.unitn.it/1619/1/PhD-Thesis.pdf · BROADBAND RADIO INTERFACES DESIGN FOR ”4G AND BEYOND” CELLULAR SYSTEMS

HGM6100N-4G SERIES HGM6110N-4G/6120N-4G /6110CAN-4G ...

HGM6100N-4G SERIES HGM6110N-4G/6120N-4G /6110CAN-4G ...

4G LTE Radio Access Network Dimensioning in Case of …

4G LTE Radio Access Network Dimensioning in Case of …

Open Source Software Defined Radio - FOSDEM · Open Source Software Defined Radio Philip Balister MPRG Wireless @ Virginia Tech Blacksburg, VA 24060 ... HP SDR GNU Radio OSSIE Questions.

Open Source Software Defined Radio - FOSDEM · Open Source Software Defined Radio Philip Balister MPRG Wireless @ Virginia Tech Blacksburg, VA 24060 ... HP SDR GNU Radio OSSIE Questions.

Seamless mobility in 4G systems · Abstract The proliferation of radio access technologies, wireless networking devices, and mobile ... a 4G system and collect real experiences ...

Seamless mobility in 4G systems · Abstract The proliferation of radio access technologies, wireless networking devices, and mobile ... a 4G system and collect real experiences ...

Radio `source’

Radio `source’

LTE Radio Planning - 5G Training Courses, 4G LTE WiFi 3G ...

LTE Radio Planning - 5G Training Courses, 4G LTE WiFi 3G ...

Future-Proof & Proven Reliable EverywhereSLE-GSM-3/4G Original 3G/4G GSM Model StarLink Radio on GSM Network SLE-GSM-FIRE StarLink Sole Path Fire Communicator (Red) on 3G/4G GSM Network

Future-Proof & Proven Reliable EverywhereSLE-GSM-3/4G Original 3G/4G GSM Model StarLink Radio on GSM Network SLE-GSM-FIRE StarLink Sole Path Fire Communicator (Red) on 3G/4G GSM Network

Radio network planning for 4G LTE

Radio network planning for 4G LTE

Open Source Satellite Initiative Wikismallsats.cicese.mx › anexos › Anexo_20_ejemploLlenadoCoordIaru.… · 4g Power budget. Describe each power source, power consuming section,

Open Source Satellite Initiative Wikismallsats.cicese.mx › anexos › Anexo_20_ejemploLlenadoCoordIaru.… · 4g Power budget. Describe each power source, power consuming section,

Radio Resource Management in 4G Networks

Radio Resource Management in 4G Networks

4G 通信 LTE-Adv/WiMAX 2.0 SDR (s/w defined radio) 平台

4G 通信 LTE-Adv/WiMAX 2.0 SDR (s/w defined radio) 平台

Multi-Radio Infrastructure for 4G

Multi-Radio Infrastructure for 4G

4G LTE / DMR Mobile Radio

4G LTE / DMR Mobile Radio

Rugged IP68 4G LTE Radio - eteraptt.com

Rugged IP68 4G LTE Radio - eteraptt.com

Source Localization and Tracking for Dynamic Radio ...

Source Localization and Tracking for Dynamic Radio ...

PureFlow AirDog® Raptor-4G RP-4G-100 & RP-4G-150 1989-1993 ... · 13-4. Plug the spade connector into the previously found hot, key on, power source. 13-5. Run the Raptor-4G power

PureFlow AirDog® Raptor-4G RP-4G-100 & RP-4G-150 1989-1993 ... · 13-4. Plug the spade connector into the previously found hot, key on, power source. 13-5. Run the Raptor-4G power

4G LANGUAGE : An Introduction… Dr. Mohammad Iqbal Source : .

4G LANGUAGE : An Introduction… Dr. Mohammad Iqbal Source : .

3G/4G Mobile Communications Systems & 4G Mobile... · Radio Resource Management in UMTS Cell Breathing Capacity ... e.g. data rate, delay and BER Minimise interference, ... (propagation)

3G/4G Mobile Communications Systems & 4G Mobile... · Radio Resource Management in UMTS Cell Breathing Capacity ... e.g. data rate, delay and BER Minimise interference, ... (propagation)