Add some notes and examples on the protocol
This commit is contained in:
commit
f4b09b312a
|
@ -0,0 +1,216 @@
|
|||
The basic protocol is described in the slides of a 28C3 talk
|
||||
|
||||
|
||||
0x7E CMD Variable-length data CRC-CCITT 0x7E
|
||||
|
||||
Data is escaped to not class with the 0x7E. The ModemManager
|
||||
has also some routines for QCDM handling (but not the commands
|
||||
we want right now).
|
||||
|
||||
== Types ==
|
||||
0x00 == Version Information Request/Response
|
||||
0x1D == Timestamp Request/Response
|
||||
0x4B == SUBSYS (Call Manager/State Info, UMTS/Version, GSM/Version, GSM/Status, WC..)
|
||||
0x60 == Diag Event Report
|
||||
0x73 == Logging Config Request
|
||||
0x7C == Extended Build ID Request/Response
|
||||
0x7D == Extended Message Report Config
|
||||
0x79 == MSG
|
||||
|
||||
|
||||
== Diag ==
|
||||
|
||||
Event Report Control 0x60 0x00
|
||||
Event Report Control Resp 0x60 0x00 0x00
|
||||
|
||||
Logging Config Request 0x73 ....
|
||||
|
||||
|
||||
=== Logging ===
|
||||
|
||||
Request1:
|
||||
73 00 00 00 03 00 00 00 01 00 00 00 69 01 00 00 s...........i...
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 01 00 00 ..............
|
||||
|
||||
Request2:
|
||||
73 00 00 00 03 00 00 00 04 00 00 00 7D 07 00 00 s...........}...
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
|
||||
Request3:
|
||||
73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(...
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 .....
|
||||
|
||||
Request4:
|
||||
73 00 00 00 03 00 00 00 07 00 00 00 07 03 00 00 s...............
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 .
|
||||
|
||||
Extended Message Report Request1:
|
||||
7D 04 00 00 00 00 00 00 00 00 00 00 }...........
|
||||
|
||||
Event Report:
|
||||
60 01 `.
|
||||
|
||||
Extended Message Report Config:
|
||||
7D 04 00 00 00 00 00 00 02 00 00 00 }...........
|
||||
|
||||
|
||||
Opening the RX QUAL view:
|
||||
|
||||
Logging Config Request:
|
||||
73 00 00 00 03 00 00 00 05 00 00 00 28 04 00 00 s...........(...
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 0F 02 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 .....
|
||||
|
||||
Response:
|
||||
|
||||
|
||||
73 00 00 00 03 00 00 00 00 00 00 00 05 00 00 00 s...............
|
||||
20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 0F 02 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
00 00 00 00 00 00 00 00 00 .........
|
||||
|
||||
|
||||
== Log Reset when disabling the service ==
|
||||
Event Report Control Request 60 00
|
||||
0x00 == off, 0x01 == on
|
||||
|
||||
|
||||
Logging Config Request
|
||||
73 00 00 00 00 00 00 00 s.......
|
||||
|
||||
Logging Config Response
|
||||
73 00 00 00 00 00 00 00 00 00 00 00 s...........
|
||||
|
||||
Extended Message Report Config
|
||||
7D 05 00 00 00 00 00 00 }.......
|
||||
|
||||
Response..
|
||||
7D 05 01 00 00 00 00 00 }.......
|
||||
|
||||
|
||||
== Log Messages ==
|
||||
|
||||
|
||||
Legacy/Medim 20:54:56.260
|
||||
79 00 03 00 0E 00 D0 D4 B5 07 00 00 CB 06 00 00 y.....ÐÔµ...Ë...
|
||||
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
||||
52 65 70 6F 72 74 69 6E 67 20 55 49 4D 20 41 63 Reporting.UIM.Ac
|
||||
63 65 73 73 00 75 69 6D 67 65 6E 2E 63 00 cess.uimgen.c.
|
||||
|
||||
Legacy/Medium 20:55:43.481
|
||||
79 00 03 00 06 00 61 68 B6 07 00 00 E0 01 00 00 y.....ah¶...à...
|
||||
02 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 ................
|
||||
67 73 6D 5F 6C 31 5F 77 61 69 74 20 63 61 6C 6C gsm_l1_wait.call
|
||||
65 64 20 73 69 67 73 3D 25 64 2C 20 6D 61 73 6B ed.sigs=%d,.mask
|
||||
3D 25 64 00 6C 31 5F 74 61 73 6B 2E 63 00 =%d.l1_task.c.
|
||||
|
||||
Legacy/Medium 20:55:48.035
|
||||
79 00 03 00 06 00 9C 76 B6 07 00 00 D4 00 00 00 y......v¶...Ô...
|
||||
02 00 00 00 39 00 00 00 63 F9 FF FF 00 00 00 00 ....9...cùÿÿ....
|
||||
41 43 51 20 53 74 61 72 74 65 64 2C 20 41 52 46 ACQ.Started,.ARF
|
||||
43 4E 3D 25 64 2C 20 52 78 50 57 52 78 31 36 3D CN=%d,.RxPWRx16=
|
||||
25 64 00 6C 31 5F 61 63 71 2E 63 00 %d.l1_acq.c.
|
||||
|
||||
0x79 == Log Message
|
||||
0x00 0x3 0x06 0x00 == ???
|
||||
0x9c 0x76 0xB6 0x07 could be the timestamp..
|
||||
0x00 0x00 ???
|
||||
0xD4 0x00 0x00 0x00 == Line Number == 212
|
||||
|
||||
|
||||
0x02 0x00 0x00 is starting the parameters.. (signed)
|
||||
0x39 0x00 0x00 0x00 == 57
|
||||
0x63 0xF9 0xFF 0xFF == -1693
|
||||
0x00 0x00 0x00 0x00 == 0
|
||||
Null Terminated String with the log message
|
||||
Null Terminated String with the filename
|
||||
|
||||
|
||||
|
||||
|
||||
== Events ==
|
||||
|
||||
EVENT GSM SELECTION START Reason (Started due to RR_PLMNN_SELECT REQ from MM...)
|
||||
|
||||
60 0E 00 BA 61 12 00 70 68 B6 07 00 00 03 00 01 `..ºa..ph¶......
|
||||
00 .
|
||||
|
||||
|
||||
EVENT GSM POWER SCAN STATUS Started
|
||||
60 0B 00 BC 21 0F 00 79 68 B6 07 00 00 00 `..¼!..yh¶....
|
||||
|
||||
EVENT GSM POWER SCAN STATUS Completed
|
||||
60 0B 00 BC 21 18 00 91 76 B6 07 00 00 01 `..¼!...v¶....
|
||||
|
||||
69 68 b6 07 == time?
|
||||
|
||||
00 00 00 00 == Started
|
||||
00 00 00 01 == Completed
|
||||
|
||||
|
||||
EVENT GSM CAMP ATTEMPT START (BCCH ARFCN 57, BSIC 0x00 <0,0>
|
||||
60 0E 00 B3 61 21 00 9A 79 B6 07 00 00 03 39 00 `..³a!..y¶....9.
|
||||
00 .
|
||||
|
||||
0x9A 0x79 0xB6 0x07 == time
|
||||
0x39 == ARFCN
|
||||
BASIC == 0x00
|
||||
|
||||
EVENT GSM CAMP ATTEMPT END (Sucess true, Failure reason 255)
|
||||
60 0C 00 B7 41 03 00 F5 7D B6 07 00 00 01 FF `..·A..õ}¶....ÿ
|
||||
|
||||
|
||||
EVENT GSM RR IN SERVICE (length 0013)
|
||||
60 0A 00 B4 01 18 00 D9 79 B6 07 00 00 `..´...Ùy¶...
|
||||
|
||||
0xD9 0x79 0xB6 0x07 == time
|
||||
|
||||
struct qcdm_event {
|
||||
uint8_t type;
|
||||
uint16_t length;
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue