____________________________________________________ o \__ \_ _ \_________ \_ O . _/ \_/ _/ __________/ | __/ +-------\ | \ | \ | \--------+ þ \_______l_______/\________________/\_______________/ þ | M +----------------------+ M | : e 28/1/96 | /\____ /\ /\ | 28/1/96 e : : D : / \/ /: \ \ : D : +--------------------+ | / /~~~\/ \ /\ / \ | +--------------------+ þ \ \____/\ / \ / þ þ :\ _____/ /\ /: þ | . \/ \_/ \_/ . | +--> cHEMICAL wASTE <--+ : -+- pRESENTS -+- : . GuiDE Ta mOBilE . . nETwORkS . . Technical Call Setup . +----------------------+ O.k i'm sure that y'all familar with cell phones, and what good use they can be put ta ;) . Anyways this phile explains how the mobile services networks work. Sum details have been left out of this phile, such as the Location Register Updating process, amongst other stuff. Contents:- ---------- 1. Jargon Notes 2. Net. Architecture Of The Mobile Services 3. Outgoing Call Set-Up 4. What The Fuck's A MIN/ESN Pair? 5. Incoming Call Set-Up Jargon Notes :- --------------- HLR : Home location registar VLR : Visitor location registar MS : Mobile station (fone) BS : Base station MSC : Mobile switching centre PSTN : Public switched telephone network MAP : Moblie application part TCAP : Are C7BT transaction capabilites, there's no need to explain them now. C7BT : CCITT No. 7 signalling (BT) Net. Architecture Of The Mobile Services :- ------------------------------------------- A public land mobile network consists of 4 functional entities. HLR- - - - - - - - - -VLR2 | | | | | - - - - - - - - - - | - - - - - - - - - - VLR1- - - MSC MSC / / / / / / / / / / BS - - - MS - - - - - - - - - - - - - - - - - - - - | | | | | | TO PSTN/ISDN TO PSTN/ISDN Information about the mobile customer is held in a HLR. The VLR holds the information necessary ta support the services required by an MS when roaming in the domain covered by that VLR. Whenever an MS roams into a MSC area covered by a new VLR domain, the infomation required to support that MS is copied from the HLR to the VLR. When a call is made from a PSTN to a MS, the local exchange (or transit exchange) analyses the mobile service national destination code dialled. If the number dialled has an international prefix, then the call is routed directly to an international switching centre, otherwise the HLR of the MS is interogated. The HLR returns the roaming number of the called MS, to enable the local exchange to route the call to the MSC covering the area in which the MS is situated. The MSC, in turn interogates it's associated VLR to determine the correct base station and frequency channel for the call. For calls made by the mobile customer, the signalling info. is detected by the base station and passed to the nearest MSC. The MSC interrogates the VLR before routing the call. The VLR, HLR and MSC each contain a MAP, which holds all the operations and associated parameters needed to support the procedures required by that entity. These operations and parameters are packaged and conveyed by TCAP. Outgoing Call Set-Up :- ----------------------- When an MSC receives an indication from a MS requesting call set-up, the MSC transmits a 'send information for outgoing call set-up' operation to it's associated VLR requesting all the parameters needed for call set-up. The operation is sent in a 'begin' message and the TCAP procedure is the same as that for location registar updating (see below). Part of the info needed to make an outgoing call, is the MIN/ESN pair. Once again i'm sure that y'all familiar with these ;) . But for those who aren't see the section on MIN/ESN pairs below. MSC VLR | | Begin-invoke | - - - - - - - - - - - - - - - - - - - - - - - > | Send info for outgoing call set-up | | End-return result | < - - - - - - - - - - - - - - - - - - - - - - - | Info acknowledge for outgoing call set-up | | What The Fuck's A MIN/ESN Pair? :- ---------------------------------- The ESN is the Electronic Serial Number. Each fone has it's own individual ESN. The MIN stands for Mobile Identification Number. This is similar to a normal fone no. e.g 0831 175036, 'cept the 'area code' is replaced with a mobile system id. 2344 is the system id for 0831, so the MIN is 2344 175036. Each 'n every fone has is supposed ta have it's own unique ESN. Part of the process for outgoing call setup is comparing the MS's to national database that holds details of everyones ESN/MIN pairs. If the fone's ESN/MIN match that in the database the call can go through. Now to phreak cell fonez all ya need is someone else's MIN/ESN pairs, preferably that of a fone belonging to a big biz . Then simply reprogram ya fone with that pair and voila phree calls all over the planet! There are plenty of philes around explaining how ta do this. Incoming Call Set-Up :- ----------------------- For a mobile terminating call, the MSC receives, via the fixed network, a connection request giving the roaming number of the MS. The MSC fowards a 'begin' message containing a 'send information for incoming call set-up' operation with the MS roaming number parameter to it's asscoiated VLR. MSC VLR | | Begin-invoke | - - - - - - - - - - - - - - - - - - - - - - - > | Send info. for incoming call set-up | | End-return result | < - - - - - - - - - - - - - - - - - - - - - - - | Info acknowledge for incoming call set-up | | The VLR responds with an 'end' message containing an 'information acknowledge for incoming call set-up' result having thoses parameters needed for call set-up. The MSC then forwards the connection request to the MS via the base station by using info acquired from the VLR. cHEMICAL_wASTE/MED