From f4b09b312a27fccfa4d4f2ea138aca5484ee40cc Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 30 May 2013 17:50:39 +0200 Subject: [PATCH] Add some notes and examples on the protocol --- doc/PROTOCOL | 216 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 doc/PROTOCOL diff --git a/doc/PROTOCOL b/doc/PROTOCOL new file mode 100644 index 0000000..34efebb --- /dev/null +++ b/doc/PROTOCOL @@ -0,0 +1,216 @@ +The basic protocol is described in the slides of a 28C3 talk + + +0x7E CMD Variable-length data CRC-CCITT 0x7E + +Data is escaped to not class with the 0x7E. The ModemManager +has also some routines for QCDM handling (but not the commands +we want right now). + +== Types == +0x00 == Version Information Request/Response +0x1D == Timestamp Request/Response +0x4B == SUBSYS (Call Manager/State Info, UMTS/Version, GSM/Version, GSM/Status, WC..) +0x60 == Diag Event Report +0x73 == Logging Config Request +0x7C == Extended Build ID Request/Response +0x7D == Extended Message Report Config +0x79 == MSG + + +== Diag == + +Event Report Control 0x60 0x00 +Event Report Control Resp 0x60 0x00 0x00 + +Logging Config Request 0x73 .... + + +=== Logging === + +Request1: +73 00 00 00 03 00 00 00 01 00 00 00 69 01 00 00 s...........i... +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 01 00 00 .............. + +Request2: +73 00 00 00 03 00 00 00 04 00 00 00 7D 07 00 00 s...........}... +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + +Request3: +73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(... +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 ..... + +Request4: +73 00 00 00 03 00 00 00 07 00 00 00 07 03 00 00 s............... +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 . + +Extended Message Report Request1: +7D 04 00 00 00 00 00 00 00 00 00 00 }........... + +Event Report: +60 01 `. + +Extended Message Report Config: +7D 04 00 00 00 00 00 00 02 00 00 00 }........... + + +Opening the RX QUAL view: + +Logging Config Request: +73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(... +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 0F 02 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 ..... + +Response: + + +73 00 00 00 03 00 00 00 00 00 00 00 05 00 00 00 s............... +20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 0F 02 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +00 00 00 00 00 00 00 00 00 ......... + + +== Log Reset when disabling the service == +Event Report Control Request 60 00 +0x00 == off, 0x01 == on + + +Logging Config Request +73 00 00 00 00 00 00 00 s....... + +Logging Config Response +73 00 00 00 00 00 00 00 00 00 00 00 s........... + +Extended Message Report Config +7D 05 00 00 00 00 00 00 }....... + +Response.. +7D 05 01 00 00 00 00 00 }....... + + +== Log Messages == + + +Legacy/Medim 20:54:56.260 +79 00 03 00 0E 00 D0 D4 B5 07 00 00 CB 06 00 00 y.....ÐÔµ...Ë... +02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +52 65 70 6F 72 74 69 6E 67 20 55 49 4D 20 41 63 Reporting.UIM.Ac +63 65 73 73 00 75 69 6D 67 65 6E 2E 63 00 cess.uimgen.c. + +Legacy/Medium 20:55:43.481 +79 00 03 00 06 00 61 68 B6 07 00 00 E0 01 00 00 y.....ah¶...à... +02 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 ................ +67 73 6D 5F 6C 31 5F 77 61 69 74 20 63 61 6C 6C gsm_l1_wait.call +65 64 20 73 69 67 73 3D 25 64 2C 20 6D 61 73 6B ed.sigs=%d,.mask +3D 25 64 00 6C 31 5F 74 61 73 6B 2E 63 00 =%d.l1_task.c. + +Legacy/Medium 20:55:48.035 +79 00 03 00 06 00 9C 76 B6 07 00 00 D4 00 00 00 y......v¶...Ô... +02 00 00 00 39 00 00 00 63 F9 FF FF 00 00 00 00 ....9...cùÿÿ.... +41 43 51 20 53 74 61 72 74 65 64 2C 20 41 52 46 ACQ.Started,.ARF +43 4E 3D 25 64 2C 20 52 78 50 57 52 78 31 36 3D CN=%d,.RxPWRx16= +25 64 00 6C 31 5F 61 63 71 2E 63 00 %d.l1_acq.c. + +0x79 == Log Message +0x00 0x3 0x06 0x00 == ??? +0x9c 0x76 0xB6 0x07 could be the timestamp.. +0x00 0x00 ??? +0xD4 0x00 0x00 0x00 == Line Number == 212 + + +0x02 0x00 0x00 is starting the parameters.. (signed) +0x39 0x00 0x00 0x00 == 57 +0x63 0xF9 0xFF 0xFF == -1693 +0x00 0x00 0x00 0x00 == 0 +Null Terminated String with the log message +Null Terminated String with the filename + + + + +== Events == + +EVENT GSM SELECTION START Reason (Started due to RR_PLMNN_SELECT REQ from MM...) + +60 0E 00 BA 61 12 00 70 68 B6 07 00 00 03 00 01 `..ºa..ph¶...... +00 . + + +EVENT GSM POWER SCAN STATUS Started +60 0B 00 BC 21 0F 00 79 68 B6 07 00 00 00 `..¼!..yh¶.... + +EVENT GSM POWER SCAN STATUS Completed +60 0B 00 BC 21 18 00 91 76 B6 07 00 00 01 `..¼!...v¶.... + +69 68 b6 07 == time? + +00 00 00 00 == Started +00 00 00 01 == Completed + + +EVENT GSM CAMP ATTEMPT START (BCCH ARFCN 57, BSIC 0x00 <0,0> +60 0E 00 B3 61 21 00 9A 79 B6 07 00 00 03 39 00 `..³a!..y¶....9. +00 . + +0x9A 0x79 0xB6 0x07 == time +0x39 == ARFCN +BASIC == 0x00 + +EVENT GSM CAMP ATTEMPT END (Sucess true, Failure reason 255) +60 0C 00 B7 41 03 00 F5 7D B6 07 00 00 01 FF `..·A..õ}¶....ÿ + + +EVENT GSM RR IN SERVICE (length 0013) +60 0A 00 B4 01 18 00 D9 79 B6 07 00 00 `..´...Ùy¶... + +0xD9 0x79 0xB6 0x07 == time + +struct qcdm_event { + uint8_t type; + uint16_t length; + +} +