Monday, December 18, 2006



International frequency allocation changes are causing NRC to seek suggestions and/or support for the impending changes to CHU 7335 kHz transmissions, and maybe even CHU's future. If you are a user of those time signals, have a look at the website:

CHU Time
Service Time accuracy superior to telephone time accuracy is available throughout Canada and in many other parts of the world by means of NRC's radio time signals broadcast continuously from short wave radio station CHU. If corrections are made for the propagation delay from CHU to the user, and for delays in the user's receiver, an accuracy of better than 1 ms can be obtained. Signal availability at a user's location depends on ionospheric conditions. CHU also broadcasts a time code which can be decoded with common computers and modems.

Saturday, December 16, 2006

XDA OSImageTool

XDA OSImageTool

One of the common mistakes that can be made with mobile telephones is that it is possible to image the operating system. This is not correct as mobile telephone operating systems are not OSs that can be imaged from hard disc drives (HDD) and copying the chip containing the mobile telephone operating system would be a breach of the intellectual property rights belonging to the mobile telephone manufacturers.

However, with the introduction of smartphones it is posible to configure the ROM and upload a new configuration for ROM. The XDA OSImageTool is a very useful tool to obtain the OS in the ROM. This is just one tool in a collection of tools required to complete the overall job.

This tool requires two additional DLLs - Rapi and Ceutil. I have added these as well to provide some help.


Thursday, December 14, 2006

NORAD-SANTA: a bit of Christmas fun

NORAD-SANTA: a bit of Christmas fun

On the 17th November 2006 North American Aerospace Defense Command activated the "NORAD Tracks Santa" Web site for 2006. The U.S.-Canadian command's program began in 1955 when an errant phone call was made to NORAD's predecessor, the Continental Air Defense Command Operations Center in Colorado Springs, Colo. The call was from a local child who dialed a misprinted telephone number in a local newspaper advertisement.

The commander who answered the phone that night gave the youngster the information he requested - the whereabouts of Santa Claus - and thus the tradition of NORAD tracking Santa began. The program has grown since it was first presented on the Internet in 1998. In 2005, the Web site received 912 million "hits" from 204 countries and territories.

On December 24th, beginning at 2 a.m. Mountain Time (US), the Web site will feature a minute-by-minute update on Santa's travels around the world. All of this information is available English, French, German, Italian, Japanese and Spanish.

This is great fun for the children and adults, too. Anyone interested go to NORAD-SANTA website: < >

Monday, December 11, 2006

Wireless future

Wireless future

There is to be more spectrum auctions for UK third-generation (3G) mobile technology in the frequency band of 2.6-gigahertz, further suggesting network operators desire to use the wireless medium instead of fixed-landline communications - computer internet access and standard telephones (PSTN) - for communications.

3G operators, apart from (3), only started marketing back end of 2005 for 3G devices and services. It has been said that many adults and youth do not understand what 3G is all about and why they need it over GSM. So the operators work is still cut out, unless of course like TACS analogue mobile telephones are phased out, users either used the new GSM digital technology, or used nothing at all.

I can only go on my own experience having been around wireless technologies and wireless evidence for 20 years and I have to say had I not been exposed to TACS (Total Access Communications Systems) and GSM (2G)/GPRS (2.5G) from their inceptions, I would be in the same position as those adults and youth today wondering why 3G could make my iPod or mini-nintendo game player potentially obsolete.

However, 3G has a competitor in 4G local wireless access (WiFi, WLAN etc). 4G has been making its presence felt, as it has gained alot of ground in parallel with 3G, and should add a further dimension to competition in the wireless access marketplace. For example, there is more flexibility with 4G, because it localises well for highspeed broadband. This can mean in the future, to protect against video, film, music and software piracy, devices will use DRM keys to allow devices to firstly obtain (virtual) live programs etc from the net, supplied over wireless broadband connection, and DRM keys to activate the programs etc once connected with the server, on a use-by-use basis . This is all well and good, but there is a potential for countries to lose sovereignty controls regarding virtual imports, as organisations that are off-shore or in third countries supplying services through a combination of backbone landlines and output through wireless access could dictate what a country (thus the citizen) may or may not use and where the veto of provision of service lies. As payment would be credit based (prepay), disputes or crime may make local legislation virtually redundant to combat them.

Interesting times ahead.....

Thursday, December 07, 2006

Cell Site Analysis - Call Analysis

Cell Site Analysis - Call Analysis

An element of Cell Site Analysis is Call Analysis. Evidence seen at court is often on the basis that the call records show a call which is implied that the call was started and end in the normal way - that being the user is assumed to have pressed the end key to terminate the call.

I have mentioned before in other threads how reading the GSM Standards requires consideration before undertaking work in mobile telephone evidence.

The list below is to illustrate some of the causes for output that need to be considered regarding cessation or loss of a mobile communication. It is not exhautive as can be noted by reading the Standard.

GSM Standard GSM04.08
Digital cellular telecommunications system;
Mobile radio interface;
Layer 3 specification
(GSM 04.08)

Causes for the cessation or loss of mobile communication

Annex F (informative): GSM specific cause values for radio resource management
This annex is informative.
Cause value = 0 Normal event;
indicates that the channel is released because of a normal event or that an assignment or handover is successfully, and normally, completed.

Cause value = 1 Abnormal release, unspecified;
indicates that the channel is released because of an abnormal event without specifying further reasons.

Cause value = 2 Abnormal release, channel unacceptable;
indicates that the channel type or channel characteristics are not acceptable.

Cause value = 3 Abnormal release, timer expired;
indicates that the release is caused by a timer expiry.

Cause value = 4 Abnormal release, no activity on the radio path;
indicates that some supervisory function has detected that the channel is not active.

Cause value = 5 Pre-emptive release;
indicates that the channel is released in order to be allocated to a call with priority (e.g. an emergency call).

Cause value = 8 Handover impossible, timing advance out of range;
indicates that a handover is unsuccessful because the target BTS is beyond the normal range and the target BTS would not accept an out of range timing advance.

Cause value = 10 Frequency not implemented
indicates that the MS does not have the capability to operate on (at least one of) the requested frequency(ies).

Cause value = 65 Call already cleared;
indicates that a handover is unsuccessful because the connection has been released by the network or the remote user.

Cause value = 101 No cell allocation available;
indicates that an assignment or handover is unsuccessful because the MS has no current CA.

Annex G (informative): GSM specific cause values for mobility management
This annex is informative.
G.1 Causes related to MS identification
Cause value = 4 IMSI unknown in VLR
This cause is sent to the MS when the given IMSI is not known at the VLR.

G.2 Cause related to subscription options
Cause value = 13 Roaming not allowed in this location area
This cause is sent to an MS which requests location updating in a location area of a PLMN which does not offers roaming to that MS in that Location Area.

G.3 Causes related to PLMN specific network failures and congestion
Cause value = 17 Network failure
This cause is sent to the MS if the MSC cannot service an MS generated request because of PLMN failures, e.g. problems in MAP.

Cause value = 22 Congestion
This cause is sent if the service request cannot be actioned because of congestion (e.g. no channel, facility busy/congested etc.)

The purpose of identifying issues like this is to show that Cell Site Analysis is not about going to specific geographical locations, taking radio test measurements and then making a conclusion about a mobile telephone's location.

For instance, fairly recently evidence before a criminal court dealt with a mobile call that started on a cell site (Mast) and although the general location for the mobile 'phone had at least another seven (7) Masts within 1Km to 7Km of each other and the mobile 'phone in which to handover for a mobile call, the call was in fact handled and ended (dropped after a short period of time) on a Mast some 25Km away. This could generate an impression that the mobile telephone was travelling at impossible speeds in a vehicle between two locations in order to use each Mast for the start and end of the mobile call.

In reality, the fact that closer Masts to the mobile telephone were not used, does present the conundrum why were these Masts were excluded from use for a Mast much, much further away? Were these seven Masts all out of action at the same time, or did something else occur? This is the job of the investigator to find out when conducting Cell Site Analysis.

What a credit though to the GSM mobile telephone network displaying its amazing versatility in endeavouring to hold onto and maintain a mobile call.

More on Cell Site Analysis:

Wednesday, December 06, 2006



As more and more apps need to be used for mobile telephone examination, there is an increase for the number of OCX files to be installed. Many of those OCX files do not accompany the installed app.

OcxCtrl is one of those smashing little tools that allows preloaded OCX files in the OCX sub-directory to be automatically installed or uninstalled dependent on which active control you select in the OcxCtrl. This makes alot of sense, having downloaded say 7 OCX files and each one needs to be installed...OcxCtrl does the installation of them all, all at the same time. Wonderful.

Tuesday, December 05, 2006

CDMA Support Studio

CDMA Support Studio

It is very easy having been involved with GSM for 14 years to overlook other wireless technologies. I have been making a conscious effort for the last four years to collect tools for mobile telephone examination of digital wireless systems such as CDMA (Code Division Multiple Access). In fact it is most helpful to have an understanding of CDMA when considering 3G (wcdma), where there are a number of similarities in wireless processing and functionality. CDMA Support Studio is a Windows based application and provides an "intuitive and efficient way to program and transfer data" to and from Motorola CDMA mobile telephones.

Friday, December 01, 2006

Smelter V7.70

Smelter V7.70

Multiple purpose tool for Siemens mobile telephones:


- Language

- Menu

- Pictures

- Ringtones

- Files

- Dump (Memory)

- Addresses

Plus many more features, making it a really useful tool.