FreeCalypso still alive in 2022

Mychaela Falconia mychaela.falconia at gmail.com
Mon Apr 11 07:31:03 UTC 2022


Hello dear FC community,

I got my first pirate BTS fired up and running earlier today!  I got a
minimal setup of Osmocom CNI up and running on a Slackware server, and
I got this Osmo-CNI software stack to drive an ip.access nanoBTS,
specifically a PCS1900 band unit, model 165BU.  Operating at its
maximum Tx power of 23 dBm and using small antennas (I haven't got
nanoBTS "official" antennas with this unit, but I used the same 5 cm
kind which I supply with GSM MS development boards), I got a "medium"
distance range: not powerful enough to reach across town, but
definitely more than "just a few steps away from the house" - I would
say about a block of reach.  ("Block" is a term in American city/town
planning: if you have streets like "1st St.", "2nd St.", "3rd St." and
so forth, the distance between them is called a block - and this
distance is approximately how far my BTS can reach currently.)

The main factor limiting the reach of this pirate BTS appears to be
not so much "pure" distance in meters, but the loss of going through
buildings that stand in between.  Installing a mast that would stick
out from the roof of my apartment building and rise above the
surrounding buildings is not a practical idea: it would attract
immediate attention and disapproval from the building landlord, and
then the attention would likely turn to me operating this thing on a
squatted frequency without a license.  Thus my pirate BTS is located
*inside* my apartment where no landlord or tower police can see it,
and the signal it puts out has to penetrate through the walls of my
own apartment building plus a bunch of surrounding buildings before it
can reach a phone located in the hand of a person walking down Main
Street.  I can only reason that all this building penetration must be
incurring a lot of loss, and this building penetration loss must be
the main factor limiting the usable range of reach.

I have heard that lower GSM frequencies (850 MHz in North America or
900 MHz in EU and EU-following lands) propagate farther and penetrate
buildings more effectively than DCS/PCS - for this reason, if and when
my pirate BTS setup advances from lab to production operation, I plan
on switching from PCS1900 to GSM850 band as the first step, before
advancing to a more powerful amplifier and/or fancy antenna design.
But for the present life phase in which the commercial GSM network of
T-Mobile USA is still up at the moment, my pirate BTS is only for lab
testing - and in this lab-use phase, PCS1900 band is preferable
because it works with older phones that don't support GSM850.

Moving up from RF propagation to higher-level Osmocom CNI setup, the
complexity is quite mind-boggling, and I haven't got everything ironed
out yet.  So far I am able to exercise *#100# and *#101# USSD services
provided by OsmoHLR, and I am able to send SMS from one connected phone
to another - but I haven't got voice calls working yet.  I need to do
more debugging on codec configuration, RTP and OsmoMGW, most likely.
But the good news is that my PLMN setup with FCSIM1 cards works
exactly as I was hoping: my squatted PLMN code is 310-222, the MNC is
3 digits as expected for all GSM networks in USA, but both phones I
tested so far (Pirelli DP-L10 and Nokia C3-00) seem content with the
arrangement, despite EF.AD on the SIM being only 3 bytes.

I haven't fired up my other nanoBTS (the GSM850 one) yet - while I do
need to gather the data point of how far it will reach with small
antennas and its meager 23 dBm output (before adding any external PA),
I am deferring that experiment for now - I would rather iron out
higher-level Osmo-CNI issues first.

Hasta la Victoria, Siempre,
Mychaela aka The Mother


More information about the Community mailing list