import of old now defunct presentation slides svn repo

31 files changed, 560 insertions, 0 deletions

diff --git a/2009/gsm_network-har2009/1.jpg b/2009/gsm_network-har2009/1.jpg
new file mode 100644
index 0000000..b03b57b
--- /dev/null
+++ b/2009/gsm_network-har2009/1.jpg
diff --git a/2009/gsm_network-har2009/1_small.jpg b/2009/gsm_network-har2009/1_small.jpg
new file mode 100644
index 0000000..602b830
--- /dev/null
+++ b/2009/gsm_network-har2009/1_small.jpg
diff --git a/2009/gsm_network-har2009/2.jpg b/2009/gsm_network-har2009/2.jpg
new file mode 100644
index 0000000..8a3ac86
--- /dev/null
+++ b/2009/gsm_network-har2009/2.jpg
diff --git a/2009/gsm_network-har2009/2_small.jpg b/2009/gsm_network-har2009/2_small.jpg
new file mode 100644
index 0000000..5ea0930
--- /dev/null
+++ b/2009/gsm_network-har2009/2_small.jpg
diff --git a/2009/gsm_network-har2009/3.jpg b/2009/gsm_network-har2009/3.jpg
new file mode 100644
index 0000000..40569a6
--- /dev/null
+++ b/2009/gsm_network-har2009/3.jpg
diff --git a/2009/gsm_network-har2009/3_small.jpg b/2009/gsm_network-har2009/3_small.jpg
new file mode 100644
index 0000000..669719f
--- /dev/null
+++ b/2009/gsm_network-har2009/3_small.jpg
diff --git a/2009/gsm_network-har2009/4_small.jpg b/2009/gsm_network-har2009/4_small.jpg
new file mode 100644
index 0000000..b15d3aa
--- /dev/null
+++ b/2009/gsm_network-har2009/4_small.jpg
diff --git a/2009/gsm_network-har2009/800px-HAR2009-2xBTS-BS11-Installation.JPG b/2009/gsm_network-har2009/800px-HAR2009-2xBTS-BS11-Installation.JPG
new file mode 100644
index 0000000..7c579b1
--- /dev/null
+++ b/2009/gsm_network-har2009/800px-HAR2009-2xBTS-BS11-Installation.JPG
diff --git a/2009/gsm_network-har2009/800px-HAR2009-BS11-Antennas.JPG b/2009/gsm_network-har2009/800px-HAR2009-BS11-Antennas.JPG
new file mode 100644
index 0000000..440c611
--- /dev/null
+++ b/2009/gsm_network-har2009/800px-HAR2009-BS11-Antennas.JPG
diff --git a/2009/gsm_network-har2009/800px-HAR2009-GSM-Tent.JPG b/2009/gsm_network-har2009/800px-HAR2009-GSM-Tent.JPG
new file mode 100644
index 0000000..7d16d2d
--- /dev/null
+++ b/2009/gsm_network-har2009/800px-HAR2009-GSM-Tent.JPG
diff --git a/2009/gsm_network-har2009/800px-HAR2009-OpenBSC-Server.JPG b/2009/gsm_network-har2009/800px-HAR2009-OpenBSC-Server.JPG
new file mode 100644
index 0000000..dac085c
--- /dev/null
+++ b/2009/gsm_network-har2009/800px-HAR2009-OpenBSC-Server.JPG
diff --git a/2009/gsm_network-har2009/BS11_Init.GIF b/2009/gsm_network-har2009/BS11_Init.GIF
new file mode 100755
index 0000000..bca506e
--- /dev/null
+++ b/2009/gsm_network-har2009/BS11_Init.GIF
diff --git a/2009/gsm_network-har2009/P1010010-a.JPG b/2009/gsm_network-har2009/P1010010-a.JPG
new file mode 100755
index 0000000..ded8aee
--- /dev/null
+++ b/2009/gsm_network-har2009/P1010010-a.JPG
diff --git a/2009/gsm_network-har2009/calls.png b/2009/gsm_network-har2009/calls.png
new file mode 100644
index 0000000..205b991
--- /dev/null
+++ b/2009/gsm_network-har2009/calls.png
diff --git a/2009/gsm_network-har2009/default.mgp b/2009/gsm_network-har2009/default.mgp
new file mode 100644
index 0000000..a0fcfc2
--- /dev/null
+++ b/2009/gsm_network-har2009/default.mgp
@@ -0,0 +1,21 @@
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% This default.mgp is "Xft2" oriented.
+%deffont "standard"   xfont "serif"
+%deffont "thick"      xfont "sans-serif"
+%deffont "typewriter" xfont "monospace"
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Default settings per each line numbers.
+%%
+%default 1 area 90 90, leftfill, size 2, fore "white", back "black", font "thick"
+%default 2 size 7, vgap 10, prefix " "
+%default 3 size 2, bar "gray70", vgap 10
+%default 4 size 5, fore "white", vgap 30, prefix " ", font "standard"
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Default settings that are applied to TAB-indented lines.
+%%
+%tab 1 size 5, vgap 40, prefix "  ", icon box "green" 50
+%tab 2 size 4, vgap 40, prefix "      ", icon arc "yellow" 50
+%tab 3 size 3, vgap 40, prefix "            ", icon delta3 "white" 40
diff --git a/2009/gsm_network-har2009/gsm-har2009.mgp b/2009/gsm_network-har2009/gsm-har2009.mgp
new file mode 100644
index 0000000..7c01fb0
--- /dev/null
+++ b/2009/gsm_network-har2009/gsm-har2009.mgp
@@ -0,0 +1,539 @@
+%include "default.mgp"
+%default 1 bgrad
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page
+%nodefault
+%back "blue"
+
+%center
+%size 7
+
+OpenBSC 
+
+%size 5
+Running Your own
+GSM Network
+
+%center
+%size 4
+by
+
+Harald Welte <laforge@gnumonks.org>
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+Why?
+
+
+Why would you run your own GSM network?
+	For the same reason you might run other networks
+		To learn and experiment with technology
+		To boldly go where no [free] man has gone before ;)
+	Practical demonstration of known GSM security problems
+	Raise public awareness abut GSM [in]security
+		thus increase the incentive for the market to improve
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+Legal Disclaimer
+
+
+Legal Disclaimer
+	Don't try this at home!
+	GSM operates on LICENSED spectrum
+		Thus, you need approval from the regulatory authority
+		Only use BTS with dummy load!
+		Don't interfere with the operators!
+	Our software is strictly for research purpose only
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Network Architecture
+
+
+The Hitchhikers Guide to the GSM Network
+	unfortunately does not exist
+
+The GSM related literature
+	is typically too high-level
+
+The GSM protocol specifications
+	are publicly available but _very_ comprehensive (1,108 PDFs, 414MByte)
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Network Architecture
+
+GSM is a bit-synchronous network
+	it draws many analogies from ISDN and SDN
+	layer 2 modelled after Q.921 / LAPD
+	call signalling modelled Q.931
+	but: many more protocols for mobility management, radio resources, ...
+	like all traditional Telco protocols: Intelligence in the network, not in the end nodes.
+
+GSM is a TDMA "nightmare"
+	e.g. you never know from/for whom data is without the timing context
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Network Architecture
+
+MS
+	Mobile Station (your Phone)
+BTS
+	Base Transceiver Station
+BSC
+	Base Station Controller
+MSC
+	Mobile Switching Center
+HLR/VLR
+	Home/Visitor Location Register
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Base Transceiver Station
+
+
+BTS
+	As the name indicates "transceiver"
+	Handles 
+		Layer 1 and some parts of RF layer2 
+		Modulation/Demodulation
+		Time Multiplex, scheduling of frames
+	Is not a "Base Station", i.e. not self-contained
+		True 'slave' to the BSC
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Base Station Controller
+
+
+BSC
+	Base Station Controller
+	Handles
+		most of the actual decision making
+		really controls most aspects of BTSs
+		handles intra-BSC cell handover
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Mobile Switching Center
+
+
+MSC
+	Mobile Switching Center
+	Handles
+		Actual switching of the calls
+		Interworking with ISDN or POTS
+		Inter-BSC cell handover
+HLR/VLR
+	Home/Visitor Location Register
+	Handles
+		database of local / roaming subscribers
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Um interface
+
+
+MS <-> BTS Interface
+	is called Um
+	layer 2: LAPD derived; called LAPDm
+	layer 3: GSM 04.08 RR / MM / CC
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM A-bis interface
+
+
+BSC <-> BTS Interface
+	is called A-bis
+	has the following control layers on E1 TS1
+		L2ML (Layer 2 Management)
+			TEI management similar to ISDN
+		OML (Organization & Maintenance)
+			System parameters, events
+		RSL (Radio Subsystem Layer)
+	has encoded voice data (TRAU frames) on other E1 TS
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM A-bis interface
+
+%image "2_small.jpg"
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM A-bis interface
+
+%image "3_small.jpg"
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM A-bis interface
+
+
+Abis RSL
+	contains messages for 
+		Radio Link Layer (RLL)
+		Dedicated Channel (DCHAN)
+		Common Channel (CCHAN)
+		Transceiver (TRX)
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+GSM Mobile Switching Center
+
+
+Abis RSL Radio Link Layer
+	contains messages for
+		Call Control (CC)
+		Mobility Management (MM)
+		Radio Resource (RR)
+		Short Message Service (SMS)
+	mostly specified in GSM TS 04.08
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+
+Siemens BS-11 microBTS
+	plain old 2G (GSM voice calls, CSD)
+	one or two TRX, 30mW to 2W each, GSM900
+	two E1 interfaces (for daisy-chaining)
+	documentation under NDA, but
+		99.9% of the A-bis protocol available from GSM specs
+			See TS 04.08 (RLL), 12.21 (OML), 08.58 (RSL)
+	RS232 serial port for Local Maintenance Terminal
+		LMT software proprietary under NDA
+			not needed for operation of the BTS
+			bs11_config is a FOSS replacement
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+%image "1_small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+%image "p1010012_small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+%image "p1010013_small.jpg"
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+%image "p1010020_small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+
+First steps with the Siemens BS-11
+	Harald bought a BS-11 on e-Bay in 2006
+		Started to read some specs (08.5x) about A-bis
+		Started to build cables for E1 and power
+		Bought HFC-E1 PCI card
+		Bought Elmi EGM35 Abis analyzer (e-Bay once again)
+		Contacted with other people who also bought BS-11
+		Found somebody who could provide Abis traces
+		Never really had time due to Openmoko and other projects
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The Siemens BS-11 microBTS
+
+
+Further steps with the Siemens BS-11
+	Dieter bought a BS-11 09/2008
+		Bought HFC-E1 PCI card
+		Started development based on HFC-E1 reference driver code
+		Found somebody who could provide Abis traces
+		Made very quick progress
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+BS11-Init
+
+
+BS11-Init (09/2008)
+	Chip cologne HFC-E1 reference code for DOS
+		polling, no interrupts
+	ported to Windows and Linux (mmap of HFC registers to userspace)
+	proof-of-concept code based on challenge-response
+	handles TEI assignment, brings OML and RSL up
+	allows for location update and paging of single phone
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+BS11-Init
+
+%image "4_small.jpg"
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+From BS11-Init to OpenBSC
+
+
+From BS11-Init to OpenBSC (12/2008)
+	get L2ML to work with mISDN
+		mainline mISDN doesn't deal with multiple SAPIs and fixed TEI
+	learn how new sockets-based mISDN API works
+	come up with event-driven architecture, single sleect loop, no threads, ...
+	At 25C3:
+		add libdbi/sqlite database for "HLR"
+		get paging to work, support for configurable network ID
+		debugging + stabilization with > 1000 test users ;)
+		IMSI + IMEI skimming
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+OpenBSC takes off (2009)
+
+
+	implementation of more features
+		SMS store-and-forward switching
+		stable voice calls (FR and EFR codec)
+		support for more than one transceiver per BTS
+		support for multiple BTS
+		cisco-like console interface
+		support for more BTS models (ip.access nanoBTS)
+		interface to traditional E1 (using linux call router)
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+OpenBSC takes off (2009)
+
+
+	fixing tons of bugs and stability issues
+		don't rely on the phone behaving properly (e.g. timeouts)
+		fix plenty of resource leaks (RAM)
+		fix plenty of resource leaks like on-air channels
+		finally uncover the last bits of the Siemens a-bis extensions
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+OpenBSC status today
+
+
+	OpenBSC is a 'gsm network in a box'
+		no need for separate MSC/HLR/VLR/AUC/SMSC
+	Capabilities
+		operation of a network with > 400 users
+		multiple BTS with each multiple TRX
+		voice calls and SMS implementation fairly complete
+		no in-call handover (only in idle mode)
+		no GPRS (yet), no EDGE (yet)
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+OpenBSC future
+
+
+	Separation between BSC and MSC
+	Support actual A interface (over SCCP)
+		allows us to be used with real MSC
+	Support for GPRS + EDGE (with proper BTS)
+	Routing of calls between E1 and IP/RTP based BTS
+	Interfaces for external apps such as Scapy packet injection
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	License from Agentschap Telecom
+		Stichting Hxx applied for a GSM test license
+		license permits us to use 4 ARFCN's
+		Transmit power of 100mW on each ARFCN
+		antenna height restricted to 3m
+		in case operators get interference, we have to shut down
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	Two BS-11, each two TRX
+		BTS0 runs on ARFCN 121 and 123 (LAC 1)
+		BTS1 runs on ARFCN 124 and 122 (LAC 2)
+		Antennas mounted back-to-back to a tree on top of a hill
+		Two BTS share single E1 link in multi-drop mode
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM BTS's
+
+%image "har2009-bs11_at_tree.small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 BTS Antennas
+
+%image "har2009-bs11_antennas.small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 BTS Antennas
+
+%image "har2009-bs11_antennas2.small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	One Linux PC with OpenBSC
+		uses mISDN driver for HFC-E1 card
+		60m of CAT5 cable runs E1 to the 
+		Network ID: NCC 204 (NL), MNC 42
+		Typical CPU usage < 5%
+		Typical RAM usage < 3MB RSS
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 OpenBSC
+
+%image "har2009-gsm_tent.small.jpg"
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	Registration procedure
+		Your phone tries to use 204-42 or NL-42
+		When we first see a particular IMSI
+			we send a SMS with auth token and URL
+			we kick phone off the network
+		You go to the URL indicated and enter your token
+			we mark the IMSI as authorized in our HLR DB
+		You try to register to the network again
+			we let the phone on our network
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	How can I use the network
+		make and receive calls to/from other registered phones
+		send and receive SMS to/from other registered phones
+	How can I play with the network
+		use airprobe or other tools to eavesdrop on GSM protocol
+			we don't use any crypto nor frequency hopping
+		we don't do SMS filtering, i.e. you can send any RPDU to any other phone
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	Helps us to test OpenBSC under higher load
+		already fixed several important software bugs
+	Helps us to obtain real-world protocol traces
+	Helps us to explore [in]compabibilities with certain phones
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+The HAR2009 GSM Network
+
+
+	Statistics
+		More than 1100 phones tried to use our network
+		More than 450 phones completed registration
+		More than 1000 SMS sent (use more bandwidth!)
+		More than FIXME attempted voice calls
+		More than FIXME established voice calls
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+Links
+
+	OpenBSC
+		http://openbsc.gnumonks.org/
+	3GPP / ETSI GSM Specs
+		http://www.3gpp.org/
+	Priv-Doz. Dr.-Ing Joachim Goeller
+		http://www2.informatik.hu-berlin.de/~goeller
+	THC GSM Wiki 
+		http://wiki.thc.org/gsm
+	OpenBTS
+		http://gnuradio.org/trac/wiki/OpenBTS
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+Thanks
+
+
+Thanks to
+		zecke, alphaone, Stefan, Jan for their work on OpenBSC
+		W. for his extensive A-bis protocol traces and MA-10
+		Dieter Spaar for his most excellent input
+		Karsten Keil for mISDN
+		Andreas Eversberg for LCR interface and HFC-E1 driver
+		Stichting Hxx for getting the license
+		all the voluntary testers at HAR2009
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%page 
+Running Your Own GSM Network
+Thanks
+
+
+LIVE DEMO
diff --git a/2009/gsm_network-har2009/har2009-bs11_antennas.jpg b/2009/gsm_network-har2009/har2009-bs11_antennas.jpg
new file mode 100755
index 0000000..456d556
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_antennas.jpg
diff --git a/2009/gsm_network-har2009/har2009-bs11_antennas.small.jpg b/2009/gsm_network-har2009/har2009-bs11_antennas.small.jpg
new file mode 100644
index 0000000..bb5a5da
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_antennas.small.jpg
diff --git a/2009/gsm_network-har2009/har2009-bs11_antennas2.jpg b/2009/gsm_network-har2009/har2009-bs11_antennas2.jpg
new file mode 100755
index 0000000..2a1c0a0
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_antennas2.jpg
diff --git a/2009/gsm_network-har2009/har2009-bs11_antennas2.small.jpg b/2009/gsm_network-har2009/har2009-bs11_antennas2.small.jpg
new file mode 100644
index 0000000..944db02
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_antennas2.small.jpg
diff --git a/2009/gsm_network-har2009/har2009-bs11_at_tree.jpg b/2009/gsm_network-har2009/har2009-bs11_at_tree.jpg
new file mode 100755
index 0000000..abd99d6
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_at_tree.jpg
diff --git a/2009/gsm_network-har2009/har2009-bs11_at_tree.small.jpg b/2009/gsm_network-har2009/har2009-bs11_at_tree.small.jpg
new file mode 100644
index 0000000..92f6aef
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-bs11_at_tree.small.jpg
diff --git a/2009/gsm_network-har2009/har2009-gsm_tent.jpg b/2009/gsm_network-har2009/har2009-gsm_tent.jpg
new file mode 100755
index 0000000..22620f4
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-gsm_tent.jpg
diff --git a/2009/gsm_network-har2009/har2009-gsm_tent.small.jpg b/2009/gsm_network-har2009/har2009-gsm_tent.small.jpg
new file mode 100644
index 0000000..f161a8d
--- /dev/null
+++ b/2009/gsm_network-har2009/har2009-gsm_tent.small.jpg
diff --git a/2009/gsm_network-har2009/p1010012.jpg b/2009/gsm_network-har2009/p1010012.jpg
new file mode 100755
index 0000000..d5bb0a0
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010012.jpg
diff --git a/2009/gsm_network-har2009/p1010012_small.jpg b/2009/gsm_network-har2009/p1010012_small.jpg
new file mode 100644
index 0000000..84db0ce
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010012_small.jpg
diff --git a/2009/gsm_network-har2009/p1010013.jpg b/2009/gsm_network-har2009/p1010013.jpg
new file mode 100755
index 0000000..5f02c04
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010013.jpg
diff --git a/2009/gsm_network-har2009/p1010013_small.jpg b/2009/gsm_network-har2009/p1010013_small.jpg
new file mode 100644
index 0000000..2d0100d
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010013_small.jpg
diff --git a/2009/gsm_network-har2009/p1010020.jpg b/2009/gsm_network-har2009/p1010020.jpg
new file mode 100755
index 0000000..6054343
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010020.jpg
diff --git a/2009/gsm_network-har2009/p1010020_small.jpg b/2009/gsm_network-har2009/p1010020_small.jpg
new file mode 100644
index 0000000..241da98
--- /dev/null
+++ b/2009/gsm_network-har2009/p1010020_small.jpg
diff --git a/2009/gsm_network-har2009/sms-social-graph.png b/2009/gsm_network-har2009/sms-social-graph.png
new file mode 100644
index 0000000..1ea1f86
--- /dev/null
+++ b/2009/gsm_network-har2009/sms-social-graph.png