Add some notes and examples on the protocol

This commit is contained in:
Holger Hans Peter Freyther 2013-05-30 17:50:39 +02:00
commit f4b09b312a
1 changed files with 216 additions and 0 deletions

216
doc/PROTOCOL Normal file
View File

@ -0,0 +1,216 @@
The basic protocol is described in the slides of a 28C3 talk
0x7E CMD Variable-length data CRC-CCITT 0x7E
Data is escaped to not class with the 0x7E. The ModemManager
has also some routines for QCDM handling (but not the commands
we want right now).
== Types ==
0x00 == Version Information Request/Response
0x1D == Timestamp Request/Response
0x4B == SUBSYS (Call Manager/State Info, UMTS/Version, GSM/Version, GSM/Status, WC..)
0x60 == Diag Event Report
0x73 == Logging Config Request
0x7C == Extended Build ID Request/Response
0x7D == Extended Message Report Config
0x79 == MSG
== Diag ==
Event Report Control 0x60 0x00
Event Report Control Resp 0x60 0x00 0x00
Logging Config Request 0x73 ....
=== Logging ===
Request1:
73 00 00 00 03 00 00 00 01 00 00 00 69 01 00 00 s...........i...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 01 00 00 ..............
Request2:
73 00 00 00 03 00 00 00 04 00 00 00 7D 07 00 00 s...........}...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Request3:
73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 .....
Request4:
73 00 00 00 03 00 00 00 07 00 00 00 07 03 00 00 s...............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 .
Extended Message Report Request1:
7D 04 00 00 00 00 00 00 00 00 00 00 }...........
Event Report:
60 01 `.
Extended Message Report Config:
7D 04 00 00 00 00 00 00 02 00 00 00 }...........
Opening the RX QUAL view:
Logging Config Request:
73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 0F 02 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 .....
Response:
73 00 00 00 03 00 00 00 00 00 00 00 05 00 00 00 s...............
20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 0F 02 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 .........
== Log Reset when disabling the service ==
Event Report Control Request 60 00
0x00 == off, 0x01 == on
Logging Config Request
73 00 00 00 00 00 00 00 s.......
Logging Config Response
73 00 00 00 00 00 00 00 00 00 00 00 s...........
Extended Message Report Config
7D 05 00 00 00 00 00 00 }.......
Response..
7D 05 01 00 00 00 00 00 }.......
== Log Messages ==
Legacy/Medim 20:54:56.260
79 00 03 00 0E 00 D0 D4 B5 07 00 00 CB 06 00 00 y.....ÐÔµ...Ë...
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
52 65 70 6F 72 74 69 6E 67 20 55 49 4D 20 41 63 Reporting.UIM.Ac
63 65 73 73 00 75 69 6D 67 65 6E 2E 63 00 cess.uimgen.c.
Legacy/Medium 20:55:43.481
79 00 03 00 06 00 61 68 B6 07 00 00 E0 01 00 00 y.....ah¶...à...
02 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 ................
67 73 6D 5F 6C 31 5F 77 61 69 74 20 63 61 6C 6C gsm_l1_wait.call
65 64 20 73 69 67 73 3D 25 64 2C 20 6D 61 73 6B ed.sigs=%d,.mask
3D 25 64 00 6C 31 5F 74 61 73 6B 2E 63 00 =%d.l1_task.c.
Legacy/Medium 20:55:48.035
79 00 03 00 06 00 9C 76 B6 07 00 00 D4 00 00 00 y......v¶...Ô...
02 00 00 00 39 00 00 00 63 F9 FF FF 00 00 00 00 ....9...cùÿÿ....
41 43 51 20 53 74 61 72 74 65 64 2C 20 41 52 46 ACQ.Started,.ARF
43 4E 3D 25 64 2C 20 52 78 50 57 52 78 31 36 3D CN=%d,.RxPWRx16=
25 64 00 6C 31 5F 61 63 71 2E 63 00 %d.l1_acq.c.
0x79 == Log Message
0x00 0x3 0x06 0x00 == ???
0x9c 0x76 0xB6 0x07 could be the timestamp..
0x00 0x00 ???
0xD4 0x00 0x00 0x00 == Line Number == 212
0x02 0x00 0x00 is starting the parameters.. (signed)
0x39 0x00 0x00 0x00 == 57
0x63 0xF9 0xFF 0xFF == -1693
0x00 0x00 0x00 0x00 == 0
Null Terminated String with the log message
Null Terminated String with the filename
== Events ==
EVENT GSM SELECTION START Reason (Started due to RR_PLMNN_SELECT REQ from MM...)
60 0E 00 BA 61 12 00 70 68 B6 07 00 00 03 00 01 `..ºa..ph¶......
00 .
EVENT GSM POWER SCAN STATUS Started
60 0B 00 BC 21 0F 00 79 68 B6 07 00 00 00 `..¼!..yh¶....
EVENT GSM POWER SCAN STATUS Completed
60 0B 00 BC 21 18 00 91 76 B6 07 00 00 01 `..¼!...v¶....
69 68 b6 07 == time?
00 00 00 00 == Started
00 00 00 01 == Completed
EVENT GSM CAMP ATTEMPT START (BCCH ARFCN 57, BSIC 0x00 <0,0>
60 0E 00 B3 61 21 00 9A 79 B6 07 00 00 03 39 00 `..³a!..y¶....9.
00 .
0x9A 0x79 0xB6 0x07 == time
0x39 == ARFCN
BASIC == 0x00
EVENT GSM CAMP ATTEMPT END (Sucess true, Failure reason 255)
60 0C 00 B7 41 03 00 F5 7D B6 07 00 00 01 FF `..·A..õ}¶....ÿ
EVENT GSM RR IN SERVICE (length 0013)
60 0A 00 B4 01 18 00 D9 79 B6 07 00 00 `..´...Ùy¶...
0xD9 0x79 0xB6 0x07 == time
struct qcdm_event {
uint8_t type;
uint16_t length;
}