GSM Scanning
-
I was wondering, is it possible to scan for GSM activity with one of the PyCom boards?
What we basically want to achieve is scan for the presence of cell-phone activity within a range of 1-2 km. We have created a prototype with the a LoRa devboard and use the LoRa radio to scan on the uplink of the GSM900 band or LTE band 20. We are using this board https://www.st.com/en/evaluation-tools/b-l072z-lrwan1.htmlWe can successfully see phone activity up to 1km.
I was wondering if we could do the same with either the LoPy or the GPy. I took a look at the firmware documentation but I could not find any methods related to scanning.
-
@Thijs-Suijten said in GSM Scanning:
Ok, so for the LoPy it's not possible because I can't use the C api? Or is there a work around for that?
No. You would have to add an API call to modlora.c, which calls Radio.Rssi(), which returns the activity in the selected channel. No rocket science, you can use one of the existing API calls as template, but some work.
I looked into the list of Sequans Proprietary commands, which you can run with (watch out for the different string quotes):
lte.send_at_cmd('AT!="<command>"')
Start with:
lte.send_at_cmd('AT!="help"')
Once attached, you could for instance call:
print(ltetest.lte.send_at_cmd('AT!="showPhyStats"'))A while ago I collected the short help for all of these commands. List below:
WARNING: output of the function are limited by display buffer size. Please specify which part of HELP output is needed by parameters startIdx and qty. COMMAND HELP ============ CMD help Get help on commands CBE setThreadedMode Next CBE commands will (not) be executed on a newly spawned thread DBG infoOie Dump OIE Event LOG logOutput Configure log output LOG logLevel Configure log level STATS show Show current stats STATS reset Reset current stats DC dcWakeLock Dump DC WakeLock ATF channels show config ATF psm show psm ctx EVT showEvent Show a registered event EVT resetEvent Reset events statistics EVT disableAllEvent Disable all events EVT setEventEnable Enable or disable an event EVT setEventInternalEnable Enable or disable an event(internal buffer) EVT flushEvent Flush events that are saved in the reserved buffer UCI show Show UCI options UCI get Get UCI option UCI set Set UCI option UCI delete Delete UCI option RRC showStat Display overall statistics RRC resetStat Reset the overall statistics RRC showInitCellSelConfig Display the initial cell selection configuration RRC showIc Display RRC ICs RRC showItf Display some info about the RRC interface RRC showSiConfig Display the System Information config of the current serving cell RRC showRlfConfig Display info about PLMNs RRC showPlmn Display info about PLMNs RRC showCsg Display info about CSGs RRC showReselInfo Display info about the cell reselection RRC showDetectedCell Display info about the detected cells dedicated to reselection RRC showRequiredCells Display info about the required cells configured by the user RRC showCellBanishment Display info about the carriers and cells banished from reselection RRC showMeasCfgObject Display the 'reporting' dedicated objects config RRC showMeasCfgReport Display the measurement reports config RRC showMeasCfg Display the measurement config RRC showMeas Display the 'reporting' dedicated measurements RRC showMeasReports Display info about the measurement reports RRC showReportFilter Display info about the meas filters used to trigger report tx RRC showSearchContext Display info about the SEARCH FSM context RRC showActiveContext Display info about the ACTIVE FSM context RRC showSrb Display the Signalling Radio Bearers configuration RRC showDrb Display the Data Radio Bearers configuration RRC showScells Display Secondary cells config RRC showMaxTxPower Display the max Tx Power RRC showCaps Display some param related to the UE capabilities RRC showMbmsUnicastSessionList show the list of unicast MBMS sessions RRC showMbmsTmgiBroadcastedList show the list of broadcasted MBMS sessions RRC showMbmsAreaConfig Display the MBMS Area config of the current serving cell RRC showMbmsUserSessionList show the list of user MBMS sessions RRC showUeAssist Display the UE Assistacne info RRC showChannelTable ... RRC showKvs Display a group of permanent stored info RRC setIc Set some RRC ICs RRC setCaps Set some parameters used while transmitting UE capabilities to the network RRC forceReestab Force a reestablishment (UE must be in a proper state) RRC forceSibRenewal Force the whole SIBx renewal (UE must be in a proper state) RRC forceCell Force the cell identity used for cell selection RRC forceConnectionRelease Force the release of the current RRC connection (use with caution) RRC forceAllCellsBarred ... RRC forceRegFailure Force a registration failure (must be called in CONNECTED state) RRC forceResel Force a blind cell reselection RRC askNasMeasReport ... RRC addScanBand Add a band dedicated to the initial cell selection RRC addScanFreq Add a carrier dedicated to the initial cell selection RRC addScanFreqRange Add a carrier range dedicated to the initial cell selection RRC addCmdScanBand Add a band scan command dedicated to the initial cell selection RRC addCmdScanDelay Add a delay scan command dedicated to the initial cell selection RRC setPlmnSelectParam Set some parameters used while searching for an initial cell to camp on RRC removeScanFreq Remove a carrier dedicated to the initial cell selection RRC clearScanConfig Reset the config dedicated to the initial cell selection RRC clearPersist Clear the MRU used in 'init & drop scan' RRC setDbgPerm Set access to the debug commands RRC scanCell Start/stop the detection an report of visible cells RRC setRequiredCells Set a bunch of cells the UE is expected to camp on RRC setAdminBands Define the set of supported bands RRC setAdminCarriers Define the set of supported carriers RRC setStoredCellParam Set some parameters dedicated to the management of the cells' stored info RRC setIotMode Set a customer dedicated mode RRC setBandDesc Change a band description RRC resetKvs Reset a group of permanent stored info RRC setMbmsService Set the MBMS service RRC setMbmsContinuityService Set the continuity mode of the MBMS service (MBMS interest proc, SIB15) RRC setMbmsSessionActivation activate/deactivate a MBMS session to receive RRC setMbmsSessionUnicastIndication indicate the state of a MBMS unicast session RRC setLogPch Allows to display PCH messages RRC forceMeasReportFilter take into account SRV cell CINR to change the TimeToTrigger for meas reports RRC blockCellResel No Cell reselection RRC blockMeasReport No Meas reporting RRC suspend ... RRC restore ... RRC clearPStorage Clear the persistent storage USIM efShow Show EF info USIM efOverwrite OverWrite the flash usim content USIM usim USIM var USIM set Set usim parameters USIM openChannel Send OPEN CHANNEL proactive command USIM setupMenuGsm Send SETUP MENU proactive command USIM setupMenuGsmSpecialChar Send SETUP MENU proactive command USIM selectItem Send SELECT ITEM proactive command USIM setupMenuUcs2 Send SETUP MENU proactive command USIM receiveData Send RECEIVE DATA proactive command USIM refresh Send REFRESH (USIM application reset) proactive command USIM refreshUiccReset Send REFRESH (USIM application reset) proactive command USIM runAtCommand Send RUN AT COMMAND proactive command USIM sendProactiveCommand Send SAT A-PDU USIM SendSms Send SEND SMS EMM ClearPersistentTimers Clear persistent timers. To be called before power on EMM SetVzRoamingMode Disables/enables Verizon specific roaming requirements EMM ShowVzRoamingMode Show the current Verizon roaming mode EMM Show Show the current Verizon roaming mode EMM SetRoamingSupport Disables/enables roaming EMM ShowRoamingSupport Show the current roaming support EMM ShowVz Show EMM specific Vz context EMM ShowT3412 Show T3412 ESM showEpsBearers Show EPS bearers PDCP showStats Show pdcp statistics PDCP setPduLogLevel Set the PDU dump level PDCP setBatchValue Set PDCP DL PDU Batch Value PDCP getBatchValue read PDCP DL PDU Batch Value RLC setBatchValue Set RLC DL PDU Batch Value RLC getBatchValue read RLC DL PDU Batch Value PDCP ignoreDiscardTimer Set discard timer to infinity for subsequent DRB establishment MAC showStats Show mac statistics MAC setPduLogLevel Set the PDU dump level RLC showStats Show rlc statistics RLC setPduLogLevel Set the PDU dump level RLC listInfo Show SLE/RLE lists info RLC listStats Show RLC lists usage statistics RLC maxRetrans Trigger or not RRC re-establishment procedure in case of max retransmission counter reached MBMS showMbmsThroughputStats Show the last computed MBMS throughput statistics MBMS configureThroughputPeriodReport set the MBMS throughput period LPP NotifyAswLppMsg Send the notification LppRxMessage to ASW QKI poolsStats Show pools statistics QKI timersStats Show timers statistics QKI checkPoolCorrupt check pool corruption CBE zspFftMeas Quick FFT measurement (spectrum analayzer) CBE zspFftProb FFT dump CBE zspProb Probe dump CBE rsSymbDump Dump of symboles with RS zsp0 log Enables / Disables a log zsp0 fatal Enables / Disables a fatal error zsp0 getTpc Returns the trapped Program counter zsp0 logCache Enables / Disables the log cache dump feature zsp0 memCpy Copy data around using DMA. Returns 666 if the command is invalid zsp0 fftDump Dumps the FFT data into an SDRAM circular buffer starting at a given address. Returns 666 if the command is invalid zsp0 dbgMode Enables/Disable the ZSP0 debug mode : warnings are turned into fatal errors. zsp0 powSavMode Enables/Disable the ZSP0 power saving mode zsp0 npeSetWindowLength Change window length for averaging zsp0 profEnable Enable tasks profiling log zsp0 setDlTimOffset LTE Timing offset update zsp0 probe Probes a buffer into memory. Returns 666 if the command is invalid zsp0 getWbSinr last computed WB SINR zsp0 getWbNpe last computed WB NPE zsp0 cteSetAlpha CTE alpha settings zsp0 excludeSymb0 Exclude symbol 0 zsp0 setMpdcchLimitations Set MPDCCH limitations zsp0 setTdcConfig Set TDC configuration zsp0 reportHPower Report H power zsp0 nscsMemcopy Use memcopy for SCS samples fetch and NPSS contextes store/load in psram zsp0 nscsDumpSamples Dump SCS buffer samples to PSRAM. zsp0 nscsControl Control NSCS zsp1 log Enables / Disables a log zsp1 fatal Enables / Disables a fatal error zsp1 getTpc Returns the trapped Program counter zsp1 logCache Enables / Disables the log cache dump feature zsp1 memCpy Copy data around using DMA. Returns 666 if the command is invalid zsp1 dbgMode Enables/Disable the ZSP1 debug mode : warnings are turned into fatal errors. zsp1 powSavMode Enables/Disable the ZSP1 power saving mode zsp1 profEnable Enable tasks profiling log zsp1 pssThres Configure pss Threshold zsp1 halfFrame Configure pss Threshold zsp1 probe Probes a buffer into memory. Returns 666 if the command is invalid ETM show Show details ETM dhcp4 Show DHCPv4 proxy details ETM dhcp6 Show DHCPv6 proxy details ETM icmp6 Show ICMPv6 proxy details ETM showRb Show Radio Bearer ETM showTft Show Traffic Flow Template ETM showPdn Show PDN Info ETM config Network configuration ETM pdnConfig PDN configuration ETM multiPdnConfig Multi PDN configuration ETM filter PDN traffic filter ETM addDlRouteRule Add a DL routing rule to a PDN ETM clearDlRouteRule Remove all the DL routing rules dedicate to a PDN ETM reqRouterAdv Start/stop soliciting the Network to send a new 'Router Advert' ETM nsiPrintMiiStats Print Mii driver stats ETM nsiResetAllocStats Reset Mii alloc stats ETM nsiPrintAllocStats Print Mii alloc stats ETM injectDlPkt ... ETM dbgEstPdn (debug) Establish a PDN ETM dbgRelPdn (debug) Release a PDN ETM sniffPackets (debug) Sniff and dump packets HP nvramOverwrite OverWrite the flash HP content HP setPeriodOnOff set LED periods HP ledLog get logs for LED HP setT3324 configure T3324 HP setExtendedT3412 configure extended T3412 HP setPlcMode set plc mode HP getPlcMode get plc mode HP setPlcProfile set plc profile HP getPlcProfile get plc profile HP resetPlcProfile reset plc profile HP StoreFs store FS HP GetFs get FS HP ShowHpFs show FS HP ShowEmmFs show FS HP ShowEsmFs show FS HP ShowFsLen show FS length HP ShowVz show vzw THSP DumpGroup Displays THP groups THSP Debug Displays stats THSP MsgStats Displays messages stats THSP NtfOnList Displays enabled notification list THSP setRxDropRate Set debug THP RX drop rate THSP setTxDropRate Set debug THP TX drop rate THSP showDropRates Displays drop rates THSP setRxDropCount Set debug THP RX drop count THSP setTxDropCount Set debug THP TX drop count THSP showDropCounts Displays drop counts THSP setPayloadDump Enable dump of THP command payload THSP showPayloadDump Displays current state of THP command payload dump THSP setLogEnabled Enable log of THP commands THSP showLogState Displays current state of THP commands log CBE showVersion Show the system version CBE showResetReason Show the reason of the SoC CBE showApiVersion Shows version of SIDLs CBE filterLog filter logging. Syntax is '(+/-)MOD[/SUB]'. '*' is supported at the end. CBE showLogs Show the system logs CBE showTime Display internal state CBE forceDebug force system to switch in debug/release mode CBE getAssert create an assert CBE showBootRegisterVersion Shows revision of bootloader registers configuration CBE getCrystalCount get 32kHz counter CBE showPacketFlow Show the packet flow statistics CBE resetPacketFlow Reset the packet flow statistics CBE closeLoopB Activate test mode and close the mode B test loop CBE fsmShow Display internal state CBE resetPersistentData Reset NAS persistent data CBE msgFromPsp Show tasks messages stats CBE showTestList Show test list CBE startTest Start test execution CBE epsAttach Request to attach EPS service CBE epsDetach Request to detach EPS service CBE powerOn Request to power on CBE powerOff Request to power off CBE sendAt Send a transparent AT command CBE activateRb Activate a default or dedicated radio bearer CBE deactivateRb Deactivate a default or dedicated radio bearer CBE configureDefaultRb Configure PDN type and APN for a default radio bearer CBE configureDedicatedRb Configure linked default bearer cid CBE configureQos Configure Qos CBE configureTft Configure TFT CBE enterAirPlaneMode Request to start air plane mode CBE sendSmsPdu Send SMS in PDU mode CBE writeSmsPdu Write and store SMS CBE setIotMode set IOT mode CBE setUeUlCat Set a customer dedicated mode CBE showIotMode show the current IOT mode CBE setConformanceTestsMode set conformance tests mode CBE showConformanceTestsMode show the conformance tests status CBE setUsimMode set USIM mode CBE showUsimMode show the current USIM mode CBE efReadFromPath Read USIM EF given the path CBE efReadFromIndex Read USIM EF given the EF index (see efListIndex) CBE efListIndex Give the internal index related to an EF L1P showPhyStats Retrieve DL synchronization statistics L1P getDlDrvStatistics Retrieve DL driver statistics L1P resetDlDrvStatistics Reset DL DRV statistics L1P getLpmStatistics Retrieve LPM statistics on L1 side L1P resetLpmStatistics Reset LPM statistics L1P resetPhyProcessTimers Reset physical Process timers fifo L1P dumpPhyProcessTimers Return physical Process timers L1P getMacDrvStatistics Retrieve MAC driver statistics L1P resetPhyStatistics Reset L1 statistics L1P getUlDrvStatistics Retrieve UL driver statistics L1P getDebug Retrieve debug informations L1P getUlSchedulerStatistics Retrieve UL scheduler statistics L1P getFc Retrieve frame configuration L1P getPerMcs Retrieve PER statistics per MCS index L1P setSpkParams Change spur killer default params L1P resetPer Reset PER statistics L1P getProfiling Retrieve profiling statistics L1P resetProfiling Reset profiling statistics L1P setUlParams Set UL parameters L1P setDlParams Set DL parameters L1P setCheSwitchConfig Set CHE switch configuration L1P setAnrConfig Set Anr configuration L1P setMpuState Start Mpu (only for Mtool) L1P setRlmParam Set RLM parameters L1P setFastscanCfg Set fastscan config L1P setL1IotParams Set PHY IOT secret parameters L1P setLpm Enable/disable LPM L1P getDlHarqStats Get DL HARQ statistics L1P resetDlHarq Reset DL HARQ statistics L1P resetUlHarq Reset UL HARQ statistics L1P getCqiParams Get CQI reporting parameters L1P getCqiStats Get CQI statistics L1P resetCqiStats Reset CQI statistics L1P getDrxConfig Get DRX config and state L1P getRepetStats Get repetition statistics for BL/CE UE L1P getMacMbmsStats Get MBMS statistics at MAC level MBMS getPhyMbmsStats Get MBMS PMCH statistics at PHY level CBE lpuFifos Show lpu fifos stats L1P setMbmsMeasReport Set MBMS RSSI meas report parameters L1P setMbmsRsrpMeasReport Set MBMS RSRP meas report parameters L1P disableScanPattern Disable scanning pattern L1P forceDlFilters Force CS and UE specific filters L1P setCustomBandPower Custom parameters for TxPower and MPR L1P setNBSynchroParam Custom parameters for NB synchro IP ifconfig displays network configuration IP ping send ICMP ECHO_REQUEST to network hosts IP netstat print network connections ARC SendCommand Sends an ARC command hps getLogs show logs configuration hps setLog set log level, '*' for all logs hps printLogs print hps logs on the console mcu cli Debug Cli NCAT sldomain Show prefered domain type(ipv4 or ipv6) for listening sockets. eapps setDnsTimeout Set timeout between requests to primary/secondary DNS servers. eapps resolve Resolve host name using general/alternate DNS resolver. eapps scanJson scan json config files lwm2m setCustomDeviceValue Set a custom value to one of the resources in Device (/3/0) instance lwm2m setCustomCapMgmtValue Set a custom value to one of the resources in CapMgmt (/15/0) instance APP startapp Start app ELF. HWID hwid Display hardware ID. FS find Display file tree. FS ls List directory content. FS sync Synchronize file system on disk. FS format Format file system. FS mount Mount file system. FS umount Unmount file system. FS gc Force fs garbage collecting. FS mv Rename file. FS stat Stats on filesystem. FS rm Delete file FS mkdir Create a directory FS cat Print file contents FS hexdump Print file contents in hexadecimal FS echo Display a word [redirected to 'path'] FS tree List contents of directories in a tree-like format FS lsof List open files FS cp Copy files and directories FS factoryreset Factory reset FS users Print the current user name FS su Become superuser for newly created threads only FS chmod List directory content. PSI saveCurrentConfig Save current PSI configuration PSI restoreConfig Save previously saved PSI configuration, system should berestarted to take the action into account CRASHDUMP l1Exception Raise Exception on LPU CRASHDUMP l1Assert Assert on LPU USIM setT0LogsMode Activate T0 logs DBG display Display memory DBG modify Modify memory DBG infoAllTask Dump eCos tasks DBG infoIrq Dump eCos IRQ informations DBG dumpStack Dump a given eCos task stack trace DBG dumpAllStack Dump eCos tasks stack trace switchBoot switchBoot Select boot mode: FFF, FFH, UPDATER, RECOVERY, ECOPAGING PERFC addCounter Add and start performance counter PERFC deleteCounter Stop and delete performance counter PERFC showCounters Show performance counters PERFC addL1pCounter Add and start l1p performance counter PERFC delL1pCounter delete l1p performance counter PERFC getL1pCounter delete l1p performance counter TRACE showTrace Show Trace TRACE addTrace add Trace CBE dumpCoop Display internal state CBE resetCoop Display internal state EE resetStats Reset EE stats EE state Displays current state EE wakeLocks Displays active wakelocks EE quartz Displays information related to quartz calibration EE disable Prevents the system from sleeping forevermore EE setLock configure lock on platform side EE disableLog disable lpm log EE setExtWake configure external wake EE setExtPolarity configure external wake polarity EE setPspmThresh configure pspm threshold (in min) EE getTimer Get Timers Listed in TLA EE ptime Show all POSIX time debug API EE tuTimer test unit Timers Listed in TLA EE expTimer Get next Timer expires remaining EE wakeUpEvent Send WakeUp Event to shift WDT show Displays monitor statistics WDT disable Disable modem wdg WMALLOC stats Displays statistics DCP mem displays memory status DCP stats displays uart stats EVT evtClientFs Store events into filesystem. CPU cpuinfo Print cpu information SW get_sw_version Displays software versions CBE showSpurs Show configured spurs CBE clearSpurs Clear configured spurs CBE SpursResetdisable Disable spurs estimator reset on timing update. For DEBUG CBE addSpurLockedToLo Add spur locked to LO CBE addSpurNotLockedToLo Add spur not locked to LO THSP SetMc Set media connection state
-
@robert-hh Ok, so for the LoPy it's not possible because I can't use the C api? Or is there a work around for that?
Looking at the GPy it has a
lte.send_at_cmd(cmd, [delay=10000])function, so I could communicate with the modem in that way. Then I have to figure out how to "scan" on a frequency using the AT commands.Edit: I took a look at this document: https://docs.pycom.io/gitbook/assets/Monarch-LR5110-ATCmdRefMan-rev6_noConfidential.pdf I don't see a way to scan on the uplink frequency there.
-
@Thijs-Suijten You cannot directly call these internal functions. The way is through the MicroPython API.
esp32/mods/modlora.c(API) uses a call table in:
esp32/lora/sx1276_board.c(oresp32/lora/sx1272_board.c) with the functions located in:
drivers/sx127x/sx1276/sx1276.c(or drivers/sx127x/sx1276/sx1272.c`)For GPY all calls go through an API to the GSM modem using AT commands. So if the modem supports that, you can issue these AT commands directly.
-
@robert-hh ok, and can I access these internal calls? Once I have an idea this might be possible I can order a board and just try it out.
Additionally I would like to know if something similar is also possible with the GPy, because that might allow me to also scan bands that are in the higher frequency ranges.
-
@Thijs-Suijten ischannel_free() calls internal ReadRssi() and checks the value against the supplied threshold and time. So the approach is pretty similar.
-
@jcaron thanks for the suggestion! What we do right now on the LoRa board is basically loop through all the frequencies we want to scan and request the RSSI per frequency and then analyse the data. So we do a sweeping scan. We are aware of the fact we are "missing" data then, but as long as we see activity its fine.
Would something like that be possible with the LoPy? It seems
lora.ischannel_freealmost does what I want, only I want to get the raw RSSi value instead of getting a boolean.
-
@Thijs-Suijten That's an interesting concept...
On the LoPy, you could probably look into
lora.ischannel_free(after configuring the board for raw LoRa and selecting a channel).Note of course that there are many different bands, and not all phones/networks use the same bands, so you may be missing on quite a bit of activity if it falls outside the range supported by the LoRa modem.
No idea if the GPy could do anything like that.
