1137 lines
39 KiB
Markdown
1137 lines
39 KiB
Markdown
|
https://android.googlesource.com/platform/system/core/+/master/init/README.md
|
||
|
|
||
|
^ Has instructions for attaching strace to services.
|
||
|
|
||
|
Nutshell:
|
||
|
|
||
|
stop ril-daemon
|
||
|
setprop ctl.sigstop_on ril-daemon
|
||
|
start ril-daemon
|
||
|
ps | grep rild
|
||
|
strace -tt -xx -T -y -f -s 104857600 -v -o /data/rild.strace.txt -p ...
|
||
|
|
||
|
Hmm, that doesn't work. Sigh.
|
||
|
|
||
|
How to unpack initramfs:
|
||
|
mkdir q; cd q; zcat ../boot.img-ramdisk.gz | cpio -idv
|
||
|
Repacking:
|
||
|
find . | cpio --create --format=newc | gzip > ../boot.img-ramdisk.gz
|
||
|
|
||
|
Be careful of [QCDT](https://wiki.postmarketos.org/wiki/QCDT)
|
||
|
|
||
|
/system/xbin/strace -tt -xx -T -y -f -s 104857600 -v -o /data/rild.strace.txt /system/bin/rild
|
||
|
|
||
|
|
||
|
|
||
|
/system/xbin/strace -tt -xx -T -y -s 104857600 -v -fp 3046 2>&1 | tee /data/rild.strace.txt
|
||
|
|
||
|
|
||
|
|
||
|
/system/xbin/strace -tt -xx -T -y -f -s 104857600 -v -o /data/cbd.strace.txt /sbin/cbd -d -tss310 -bm -mm -P platform/155a0000.ufs/by-name/RADIO
|
||
|
|
||
|
|
||
|
/sbin/cbd -d -tss310 -bm -mm -P platform/155a0000.ufs/by-name/RADIO
|
||
|
|
||
|
^ this symlinks to /dev/block/sda8
|
||
|
|
||
|
00000000: 2f73 6269 6e2f 6362 6400 2d64 002d 7473 /sbin/cbd.-d.-ts
|
||
|
00000010: 7333 3130 002d 626d 002d 6d6d 002d 5000 s310.-bm.-mm.-P.
|
||
|
00000020: 706c 6174 666f 726d 2f31 3535 6130 3030 platform/155a000
|
||
|
00000030: 302e 7566 732f 6279 2d6e 616d 652f 5241 0.ufs/by-name/RA
|
||
|
00000040: 4449 4f00 DIO.
|
||
|
|
||
|
|
||
|
cbd reads sda8's MAIN image 63488 bytes at a time (exactly 62k).
|
||
|
shmem_xmit_boot (and mem_xmit_boot) is what receives each chunk
|
||
|
- chunks are prefixed with a struct modem_firmware
|
||
|
|
||
|
struct modem_firmware {
|
||
|
unsigned long long binary;
|
||
|
u32 size;
|
||
|
u32 m_offset;
|
||
|
u32 b_offset;
|
||
|
u32 mode;
|
||
|
u32 len;
|
||
|
} __packed;
|
||
|
|
||
|
if mode != 0, we are sending to "IPC region" ("DUMP_MODE")
|
||
|
if mode == 0, we are sending to "BOOT region" ("BOOT_MODE")
|
||
|
|
||
|
enum cp_boot_mode {
|
||
|
CP_BOOT_MODE_NORMAL,
|
||
|
CP_BOOT_MODE_DUMP,
|
||
|
CP_BOOT_RE_INIT,
|
||
|
MAX_CP_BOOT_MODE
|
||
|
};
|
||
|
|
||
|
address validity: the following must hold:
|
||
|
- modem_firmware.size <= total target region size
|
||
|
- modem_firmware.len <= total target region size
|
||
|
- modem_firmware.m_offset <= total target region size minus modem_firmware.len
|
||
|
|
||
|
so this tells us that in modem_firmware:
|
||
|
- size is the whole size of the target region, the full upload
|
||
|
- len is the current chunk length
|
||
|
- m_offset is the offset into the target region
|
||
|
|
||
|
next, modem_firmware.binary is a userland pointer to the chunk to upload
|
||
|
|
||
|
VIDEO_SELECT_SOURCE = _IO('o', 25) = _IO('o', 0x19) = IOCTL_MODEM_ON
|
||
|
VIDEO_CLEAR_BUFFER = _IO('o', 34) = _IO('o', 0x22) = IOCTL_MODEM_BOOT_ON
|
||
|
VIDEO_SET_ID = _IO('o', 35) = _IO('o', 0x23) = IOCTL_MODEM_BOOT_OFF
|
||
|
|
||
|
cbd sends 0D 90 00 00, and expects 0D A0 00 00
|
||
|
cbd sends 00 9F 00 00, and expects 00 AF 00 00
|
||
|
these are sipc5_link_header structs I think
|
||
|
|
||
|
/* SIPC5 link-layer header */
|
||
|
struct __packed sipc5_link_header {
|
||
|
u8 cfg;
|
||
|
u8 ch;
|
||
|
u16 len;
|
||
|
union {
|
||
|
struct multi_frame_control ctrl;
|
||
|
u16 ext_len;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
so: cfg = 0x0d = 0b00001101, ch = 0x90, len = 0 (cfg: start_mask = 1 ??, padding exists ??, control field exists ??)
|
||
|
cfg = 0x0d = 0b00001101, ch = 0xa0, len = 0 (cfg: start_mask = 1 ??, extension field exists ??)
|
||
|
cfg = 0x00 = 0b00000000, ch = 0x9f, len = 0
|
||
|
cfg = 0x00 = 0b00000000, ch = 0xaf, len = 0
|
||
|
|
||
|
support for this hypothesis: log stmt mentions "std_udl_req_resp",
|
||
|
which shares a prefix "std_udl_" with definitions in sipc5.h.
|
||
|
|
||
|
against this hypothesis: the channel numbers are super weird!
|
||
|
According to modem_v1.h's sipc_ch_id, everything between 32 and 214
|
||
|
(incl) are reserved, but here we see 144, 160, 159 and 175.
|
||
|
|
||
|
## Using strings on libsec-ril.so
|
||
|
|
||
|
OK so `strings -a libsec-ril.so` yields command type names, but MAYBE out of order.
|
||
|
|
||
|
These are values for cmd_type, for responses:
|
||
|
|
||
|
INDI 1
|
||
|
RESP 2
|
||
|
NOTI 3
|
||
|
|
||
|
These are values presumably for cmd_type for requests:
|
||
|
|
||
|
EXEC 1
|
||
|
GET 2
|
||
|
SET 3
|
||
|
CFRM 4 ??
|
||
|
EVENT 5 ??
|
||
|
|
||
|
These are group/main_cmd values - these seem to be in order!:
|
||
|
|
||
|
PWR_CMD 1
|
||
|
CALL_CMD 2
|
||
|
CDMA_DATA_CMD
|
||
|
SMS_CMD 4
|
||
|
SEC_CMD 5
|
||
|
PB_CMD 6
|
||
|
phone book??
|
||
|
DISP_CMD 7
|
||
|
NET_CMD 8
|
||
|
SND_CMD 9
|
||
|
MISC_CMD 10
|
||
|
SVC_CMD 11
|
||
|
SS_CMD 12
|
||
|
GPRS_CMD 13
|
||
|
SAT_CMD 14
|
||
|
CFG_CMD 15
|
||
|
IMEI_CMD 16
|
||
|
GPS_CMD 17
|
||
|
sub_cmd=93, noti body: 00
|
||
|
SAP_CMD 18
|
||
|
FACTORY_CMD 19
|
||
|
OMADM_CMD
|
||
|
RFS_CMD
|
||
|
IMS_CMD
|
||
|
EMBMS_CMD
|
||
|
DOMESTIC_CMD
|
||
|
JPN_CMD
|
||
|
GEN_CMD 128
|
||
|
MAIN_CMD_UNDEFINED
|
||
|
|
||
|
PWR_PHONE_PWR_UP 1
|
||
|
noti body: 00
|
||
|
PWR_PHONE_PWR_OFF 2
|
||
|
PWR_PHONE_RESET 3
|
||
|
PWR_BATT_STATUS 4
|
||
|
PWR_BATT_TYPE 5
|
||
|
PWR_BATT_COMP 6
|
||
|
PWR_PHONE_STATE 7
|
||
|
noti body: 02
|
||
|
PWR_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
CALL_OUTGOING 1
|
||
|
body is details of call to place, looks to be a 99-byte FMT packet all told, mostly empty but for destination number
|
||
|
CALL_INCOMING 2
|
||
|
noti body: 00 01 00 01
|
||
|
CALL_RELEASE 3
|
||
|
exec body: empty
|
||
|
CALL_ANSWER 4
|
||
|
exec body: empty
|
||
|
CALL_STATUS 5
|
||
|
noti body: 00 01 00 01 00 00 (dialing)
|
||
|
noti body: 00 01 00 05 00 00 (connecting)
|
||
|
noti body: 00 01 00 03 00 00 (connected)
|
||
|
noti body: 00 01 00 04 00 05 (released)
|
||
|
CALL_LIST 6
|
||
|
req body: empty
|
||
|
resp body: 01 00 01 00 01 03 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37
|
||
|
resp body: 01 00 01 00 01 04 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37
|
||
|
resp body: 01 00 01 00 01 01 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37
|
||
|
resp body: 00
|
||
|
CALL_BURST_DTMF
|
||
|
CALL_CONT_DTMF
|
||
|
CALL_WAITING
|
||
|
CALL_LINE_ID
|
||
|
CALL_SIGNAL
|
||
|
CALL_VOICE_PRIVACY
|
||
|
CALL_CALL_TIME_COUNT
|
||
|
CALL_OTA_PROGRESS
|
||
|
CALL_DIAG_OUTGOING
|
||
|
CALL_E911_CB_MODE
|
||
|
CALL_FLASH_INFO
|
||
|
CALL_SRVCC
|
||
|
CALL_HOLD
|
||
|
CALL_BLOCK_STATUS
|
||
|
CALL_DATA_CALL_BYTE_COUNTER
|
||
|
CALL_MODIFY
|
||
|
CALL_MODIFY_NOTI
|
||
|
CALL_MODIFY_CONFIRM
|
||
|
CALL_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
CDMA_DATA_TE2_STATUS
|
||
|
CDMA_DATA_BYTE_COUNTER
|
||
|
CDMA_DATA_INCOMING_CALL_TYPE
|
||
|
CDMA_DATA_TE2_DIALING_INFO
|
||
|
CDMA_DATA_TE2_DATA_RATE_INFO
|
||
|
CDMA_DATA_PACKET_DATA_CALL_CFG
|
||
|
CDMA_DATA_DS_BAUD_RATE
|
||
|
CDMA_DATA_MOBILE_IP_NAI
|
||
|
CDMA_DATA_CURRENT_NAI_INDEX
|
||
|
CDMA_DATA_DORMANT_CONFIG
|
||
|
CDMA_DATA_MIP_NAI_CHANGED
|
||
|
CDMA_DATA_SIGNEDIN_STATE
|
||
|
CDMA_DATA_RESTORE_NAI
|
||
|
CDMA_DATA_MIP_CONNECT_STATUS
|
||
|
CDMA_DATA_DORMANT_MODE_STATUS
|
||
|
CDMA_DATA_R_SCH_CONFIG
|
||
|
CDMA_DATA_HDR_SESSION_CLEAR
|
||
|
CDMA_DATA_SESSION_CLOSE_TIMER_EXPIRED
|
||
|
CDMA_DATA_KEEPALIVETIMER_VALUE
|
||
|
CDMA_DATA_DDTMMODE_CONFIG
|
||
|
CDMA_DATA_ROAM_GUARD
|
||
|
CDMA_DATA_MODEM_NAI
|
||
|
CDMA_DATA_KOREA_MODE
|
||
|
CDMA_DATA_DATA_SERVICE_TYPE
|
||
|
CDMA_DATA_FORCE_REV_A_MODE
|
||
|
CDMA_DATA_CUSTOM_CONFIG_MODE
|
||
|
CDMA_DATA_NAI_SETTING_MODE
|
||
|
CDMA_DATA_PIN_CTRL
|
||
|
CDMA_DATA_RAW_DATA_MODE
|
||
|
CDMA_DATA_DUN_MODE
|
||
|
CDMA_DATA_TE2_CALL_STATUS
|
||
|
CDMA_DATA_IP_CONFIGURATION
|
||
|
CDMA_DATA_CALL_STATUS
|
||
|
CDMA DATA_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
SMS_SEND_MSG 1
|
||
|
SMS_INCOMING_MSG 2
|
||
|
noti body: 2020-09-09 12:40:45.157159 ipc0 (0035) STATE_ONLINE Packet(len=53, msg_seq=62, ack_seq=0, main_cmd=4, sub_cmd=2, cmd_type=3) 0201ffff012807911356131313f3040b911356974843f70000029090210444800ec67219644e83cc6f90b9de0e01 b'\x02\x01\xff\xff\x01(\x07\x91\x13V\x13\x13\x13\xf3\x04\x0b\x91\x13V\x97HC\xf7\x00\x00\x02\x90\x90!\x04D\x80\x0e\xc6r\x19dN\x83\xcco\x90\xb9\xde\x0e\x01'
|
||
|
- that's "Fee fi fo fum!" from my main number
|
||
|
02 01 ff ff 01 28
|
||
|
07 91 13 56 13 13 13 f3 the SMSC number
|
||
|
04 0b 91 13 56 97 48 43 f7
|
||
|
00 00 02 90 90 21 04 44 80
|
||
|
0e c6 72 19 64 4e 83 cc 6f 90 b9 de 0e 01
|
||
|
= 11000110 01110010 00011001 01100100 01001110 10000011 11001100 01101111 10010000 10111001 11011110 00001110 00000001
|
||
|
--> 1000110 F
|
||
|
1100101 e
|
||
|
1100101 e
|
||
|
0100000 SP
|
||
|
1100110 f
|
||
|
1101001 i
|
||
|
0100000 SP
|
||
|
1100110 f
|
||
|
1101111 o
|
||
|
0100000 SP
|
||
|
1100110 f
|
||
|
1110101 u
|
||
|
1101101 m
|
||
|
0100001 !
|
||
|
SMS_READ_MSG 3
|
||
|
SMS_SAVE_MSG 4
|
||
|
SMS_DEL_MSG 5
|
||
|
SMS_DELIVER_REPORT 6
|
||
|
SMS_DEVICE_READY 7
|
||
|
noti body: 02
|
||
|
SMS_SEL_MEM 8
|
||
|
SMS_STORED_MSG_COUNT 9
|
||
|
SMS_SVC_CENTER_ADDR 10
|
||
|
SMS_SVC_OPTION 11
|
||
|
SMS_MEM_STATUS 12
|
||
|
SMS_CBS_MSG 13
|
||
|
SMS_CBS_CFG 14
|
||
|
set body: 01 80 03 11 00 11 01 11 02 [logcat_ALL.txt]
|
||
|
set body: 01 80 04 11 00 11 01 11 02 11 04 [logcat_ALL.txt]
|
||
|
set body: 01 80 06 11 00 11 01 11 02 11 04 11 13 11 14 [logcat_ALL.txt]
|
||
|
set body: 01 80 0C 11 00 11 01 11 02 11 04 11 13 11 14 11 15 11 16 11 17 11 18 11 19 11 1A [logcat_ALL.txt]
|
||
|
set body: 01 80 0D 11 00 11 01 11 02 11 04 11 13 11 14 11 15 11 16 11 17 11 18 11 19 11 1A 11 1B [logcat_ALL.txt]
|
||
|
SMS_STORED_MSG_STATUS 15
|
||
|
SMS_PARAM_COUNT 16
|
||
|
SMS_PARAM 17
|
||
|
SMS_STATUS
|
||
|
SMS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
sub_cmd=12, noti body: 0A 98 13 80 40 02 30 16 03 31 F7
|
||
|
SEC_PIN_STATUS 1
|
||
|
sub_cmd=1, noti body: 00 00
|
||
|
sub_cmd=1, noti body: 82 00
|
||
|
sub_cmd=1, noti body: 83 00
|
||
|
SEC_PHONE_LOCK 2
|
||
|
SEC_CHANGE_LOCKING_PW 3
|
||
|
SEC_SIM_LANG 4
|
||
|
SEC_RSIM_ACCESS 5
|
||
|
SEC_GSIM_ACCESS 6
|
||
|
SEC_SIM_ICC_TYPE 7
|
||
|
sub_cmd=7, noti body: 02
|
||
|
SEC_LOCK_INFOMATION 8
|
||
|
SEC_IMS_AUTH 9
|
||
|
SEC_RUIM_CONFIG
|
||
|
IPC_SEC_SIMAPPS_INFO
|
||
|
SEC_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
PB_ACCESS 1
|
||
|
PB_STORAGE 2
|
||
|
PB_STORAGE_LIST 3
|
||
|
PB_ENTRY_INFO 4
|
||
|
PB_3GPB_CAPA 5 ??
|
||
|
noti body: 010701fa001200030002fa00280003000396002800000004640028000000050a001200000006fa000500030007fa0002000300
|
||
|
PB_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
DISP_ICON_INFO 1
|
||
|
noti body: 01 01 00 00 00 00 FF FF FF FF
|
||
|
noti body: 01 02 00 00 63 67 09 A0 00 02
|
||
|
DISP_HOMEZONE_INFO
|
||
|
DISP_PHONE_FATAL_INFO
|
||
|
DISP_EXT_ROAM_INFO
|
||
|
DISP_USER_INDICATION
|
||
|
DISP_RSSI_INFO 6
|
||
|
noti body: 63 07 63 63 00 FF FF FF FF 10 FF FF
|
||
|
noti body: 65 06 63 63 00 FF FF FF FF 11 FF FF
|
||
|
noti body: 6B 63 63 04 6B 0A A0 00 09 FF FC FF
|
||
|
DISP_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
NET_PREF_PLMN 1
|
||
|
NET_PLMN_SEL 2
|
||
|
get body: empty
|
||
|
resp body: 02
|
||
|
resp body: 05
|
||
|
NET_SERVING_NETWORK 3
|
||
|
noti body: 02 02 04 32 30 34 30 38 23 50 19 00 F0 21 A7 00 21 FD FF 00 00 FF 00 00 FF FF
|
||
|
get body: empty
|
||
|
noti body: 05 02 21 32 30 34 30 38 23 00 00 00 0D 53 7B 00 21 FD FF 00 00 FF 00 00 7B 01
|
||
|
resp body: 05 02 21 32 30 34 30 38 23 00 00 00 0D 53 7B 00 21 FD FF 00 00 FF 00 00 7B 01
|
||
|
NET_PLMN_LIST 4
|
||
|
NET_REGIST 5
|
||
|
noti body: 04 02 02 00 50 19 F0 21 A7 00 00 21 FD 02 02 00 FF FF 00
|
||
|
noti body: 04 03 02 00 50 19 F0 21 A7 00 00 21 FD 02 02 00 FF FF 00
|
||
|
get body: FF 03
|
||
|
get body: FF 02
|
||
|
noti body: 21 01 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00
|
||
|
resp body: 21 03 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00
|
||
|
resp body: 21 02 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00
|
||
|
NET_SUBSCRIBER_NUM 6
|
||
|
NET_BAND_SEL 7
|
||
|
NET_SERVICE_DOMAIN_CONFIG 8
|
||
|
NET_POWERON_ATTACH 9
|
||
|
NET_MODE_SEL 10
|
||
|
NET_ACQ_ORDER 11
|
||
|
NET_IDENTITY 12
|
||
|
NET_PREFERRED_NETWORK_INFO 13
|
||
|
NET_HYBRID_MODE
|
||
|
NET_AVOID_SYS
|
||
|
NET_HANDOVER
|
||
|
NET_DUAL_STANDBY_PREF
|
||
|
NET_VOWIFI_HO_THRESHOLD
|
||
|
NET_EPDG_HO_THRESHOLD
|
||
|
NET_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
SND_SPKR_VOLUME_CTRL 1
|
||
|
set body: 01 05
|
||
|
set body: 01 04
|
||
|
SND_MIC_MUTE_CTRL 2
|
||
|
SND_AUDIO_PATH_CTRL 3
|
||
|
set body: 01 00
|
||
|
set body: 06 62 [logcat_ALL.txt]
|
||
|
set body: 06 18 [logcat_ALL.txt]
|
||
|
set body: 06 68 [logcat_ALL.txt]
|
||
|
set body: 06 D2 [logcat_ALL.txt] and more variations
|
||
|
SND_AUDIO_SOURCE_CTRL 4
|
||
|
SND_LOOPBACK_CTRL 5
|
||
|
SND_VOICE_RECORDING_CTRL 6
|
||
|
SND_VIDEO_CALL_CTRL 7
|
||
|
SND_RINGBACK_TONE_CTRL 8
|
||
|
noti body: 00
|
||
|
SND_CLOCK_CTRL 9
|
||
|
exec body: 00
|
||
|
noti body: 05
|
||
|
noti body: 00
|
||
|
SND_WB_AMR_RPT 10
|
||
|
noti body: 01
|
||
|
SND_TWO_MIC_SOL_CTRL 11
|
||
|
set body: 00 01
|
||
|
|
||
|
SND_DHA_SOL_CTRL
|
||
|
SND_AUDIO_MODE_CTRL
|
||
|
SND_CLOCK_MODE_CTRL
|
||
|
SND_KEY_TONE
|
||
|
SND_NOTI_TONE
|
||
|
SND_LED_CTRL
|
||
|
SND_VIB_CTRL
|
||
|
SND_MIC_GAIN_CTRL
|
||
|
SND_SPKR_PHONE_CTRL
|
||
|
SND_HFK_AUDIO_STARTSTOP
|
||
|
SND_VOICECALL_RECORD_REPORT
|
||
|
SND_USER_SND_CONFIG
|
||
|
SND_GAIN_CTRL
|
||
|
SND_QUIET_MODE_CTRL
|
||
|
SND_DYVE_MODE_CTRL
|
||
|
SND_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
MISC_ME_VERSION 1
|
||
|
MISC_ME_IMSI 2
|
||
|
MISC_ME_SN 3
|
||
|
MISC_KEY_EVENT_PROCESS
|
||
|
MISC_TIME_INFO 5
|
||
|
noti body: 02 01 14 09 08 0B 19 1D 08 01 02 01 32 30 34 30 38 23
|
||
|
2020-09-08 11:25:29 8-quarter-hours?
|
||
|
20408# -- the network??
|
||
|
2020-09-09 11:47:58.411493 noti body: 02 01 14 09 09 09 2f 3a 08 01 03 01 32 30 34 30 38 23
|
||
|
2020-09-09 09:47:58 8-quarter-hours?
|
||
|
20408# -- the network??
|
||
|
|
||
|
MISC_NAM_INFO
|
||
|
MISC_VCALL_CHANNEL_ID
|
||
|
MISC_PHONE_DEBUG
|
||
|
MISC_FUS
|
||
|
MISC_PDA_BOOT_COMPLETE
|
||
|
MISC_FACTORY_RESET_COMPLETE
|
||
|
MISC_SCREEN_STATUS
|
||
|
MISC_GRIP_SENSOR_STATUS
|
||
|
MISC_OMADM_CDMA_NAM_INFO
|
||
|
MISC_OMADM_PRL_WRITE
|
||
|
MISC_LTE_TIMER
|
||
|
MISC_DUALSTANDBY_CALL_STATUS
|
||
|
MISC_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
SVC_ENTER 1
|
||
|
SVC_END 2
|
||
|
SVC_PRO_KEYCODE 3
|
||
|
SVC_SCREEN_CFG 4
|
||
|
SVC_DISPLAY_SCREEN 5
|
||
|
SVC_CHANGE_SVC_MODE 6
|
||
|
SVC_DEVICE_TEST 7
|
||
|
SVC_DEBUG_DUMP_MESSAGE 8
|
||
|
SVC_DEBUG_STRING_MESSAGE 9
|
||
|
SVC_CALL_DROP_LOG_INFO
|
||
|
SVC_LTE_SCAN_FILE
|
||
|
SVC_MENU_INFO
|
||
|
SVC_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
SS_WAITING 1
|
||
|
SS_CLI 2
|
||
|
SS_BARRING 3
|
||
|
SS_BARRING_PW 4
|
||
|
SS_FORWARDING 5
|
||
|
SS_INFO 6
|
||
|
is this info about an incoming call? looks like it?
|
||
|
noti body: 0A 00 00 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||
|
SS_MANAGE_CALL 7
|
||
|
SS_USSD 8
|
||
|
SS_AOC 9
|
||
|
SS_RELEASE_COMPLETE 10
|
||
|
SS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
GPRS_DEFINE_PDP_CONTEXT
|
||
|
GPRS_QOS
|
||
|
GPRS_PS 3
|
||
|
set body: 00 00 04 [logcat_ALL.txt]
|
||
|
noti body: 00 00 05 [logcat_ALL.txt]
|
||
|
GPRS_PDP_CONTEXT
|
||
|
GPRS_ENTER_DATA
|
||
|
GPRS_SHOW_PDP_ADDR
|
||
|
GPRS_MS_CLASS
|
||
|
GPRS_3G_QUAL_SRVC_PROFILE
|
||
|
GPRS_IP_CONFIGURATION
|
||
|
GPRS_DEFINE_SEC_PDP_CONTEXT
|
||
|
GPRS_TFT
|
||
|
GPRS_HSDPA_STATUS 12
|
||
|
noti body: 00
|
||
|
GPRS_CURRENT_SESSION_DATA_COUNTER
|
||
|
GPRS_DATA_DORMANT
|
||
|
GPRS_PIN_CTRL 15 ??
|
||
|
noti body: 06 00
|
||
|
GPRS_CALL_STATUS
|
||
|
GPRS_PORT_LIST
|
||
|
GPRS_LTE_QOS
|
||
|
GPRS_NWK_INIT_DISCONNECT
|
||
|
GPRS_FD_INFORMATION
|
||
|
GPRS_TRAFFIC_CHANNEL_STATUS 28
|
||
|
noti body: 01 [logcat_ALL.txt]
|
||
|
GPRS_MOBILE_DATA_STATUS
|
||
|
|
||
|
GPRS_LTE_QOS_PROFILE
|
||
|
GPRS_NW_INITIATED_PDN_DISCONNECT
|
||
|
GPRS_LTE_ATTACH_APN_INFO 20
|
||
|
set body: 01 01 02 61 69 72 74 65 6C 67 70 72 73 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [logcat_ALL.txt]
|
||
|
GPRS_EPDG_HANDOVER
|
||
|
GPRS_EPDG_STATUS
|
||
|
GPRS_OPERATOR_RESERVED_PCO
|
||
|
GPRS_LTE_CA_STATUS 25
|
||
|
noti body: 00 0A
|
||
|
noti body: 01 1E
|
||
|
GPRS_BACKOFF_TIMER
|
||
|
GPRS_SET_APN_INFO
|
||
|
GPRS_IMS_TEST_MODE
|
||
|
GPRS_SET_ALWAYS_ON_PDN
|
||
|
|
||
|
SAT_PROFILE_DOWNLOAD 1
|
||
|
SAT_ENVELOPE_CMD 2
|
||
|
SAT_PROACTIVE_CMD 3
|
||
|
SAT_TERMINATE_USAT_SESSION 4
|
||
|
SAT_EVENT_DOWNLOAD 5
|
||
|
SAT_PROVIDE_LOCAL_INFO 6
|
||
|
SAT_POLLING 7
|
||
|
SAT_REFRESH 8
|
||
|
SAT_SETUP_EVENT_LIST 9
|
||
|
SAT_CALL_CONTROL_RESULT 10
|
||
|
body: have seen 00 00, so far
|
||
|
SAT_IMAGE_CLUT 11
|
||
|
SAT_SETUP_CALL_PROCESSING 12
|
||
|
SAT_SIM_INITIATE_MESSAGE
|
||
|
SAT_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
CFG_DEFAULT_CONFIG
|
||
|
CFG_EXTERNAL_DEVICE
|
||
|
CFG_MAC_ADDRESS
|
||
|
CFG_CONFIGURATION_ITEM
|
||
|
CFG_TTY
|
||
|
CFG_HSDPA_TMP_SETTING
|
||
|
CFG_HSDPA_PERM_SETTING
|
||
|
CFG_SIO_MODE
|
||
|
CFG_AKEY_VERIFY
|
||
|
CFG_MSL_INFO
|
||
|
CFG_USER_LOCK_CODE
|
||
|
CFG_USB_PATH
|
||
|
CFG_CURRENT_SVC_CARRIER
|
||
|
CFG_RADIO_CONFIG
|
||
|
CFG_VOCODER_OPTION
|
||
|
CFG_TEST_SYS
|
||
|
CFG_RECONDITIONED_DATE
|
||
|
CFG_PROTOCOL_REVISION
|
||
|
CFG_SLOT_MODE
|
||
|
CFG_ACTIVATION_DATE
|
||
|
CFG_CURRENT_UATI
|
||
|
CFG_QUICK_PAGING
|
||
|
CFG_LMSC_INFO
|
||
|
CFG_TAS_INFO
|
||
|
CFG_AUTH_INFO
|
||
|
CFG_HIDDEN_MENU_ACCESS
|
||
|
CFG_UTS_SMS_SEND
|
||
|
CFG_UTS_SMS_COUNT
|
||
|
CFG_UTS_SMS_MSG
|
||
|
CFG_SCM_INFO
|
||
|
CFG_SCI_INFO
|
||
|
CFG_ACCOLC_INFO
|
||
|
CFG_MOBTERM_INFO
|
||
|
CFG_1X_EVDO_DIVERSITY_CONFIG
|
||
|
CFG_DEVICE_CONFIGURATION
|
||
|
CFG_USER_LOCK_CODE_STATUS
|
||
|
CFG_UTS_SMS_GET_UNREAD_MSG_STATUS
|
||
|
CFG_MOBILEAP_STATUS
|
||
|
CFG_ADVANCED_INFO
|
||
|
CFG_WDC
|
||
|
CFG_GET_OPERATOR
|
||
|
CFG_GET_VOICEMAIL_NUM
|
||
|
CFG_GET_WALLPAPER_STATUS
|
||
|
CFG_GET_PWRONOFF_IMG_STATUS
|
||
|
CFG_SAFE_MODE
|
||
|
CFG_SEC_VALIDATE
|
||
|
CFG_SAR_DEVICE
|
||
|
CFG_MMS_PARAM
|
||
|
CFG_HIDDEN_PROGRAM
|
||
|
CFG_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
IMEI_START
|
||
|
IMEI_CHECK_DEVICE_INFO
|
||
|
IMEI_PRE_CONFIG
|
||
|
IMEI_WRITE_ITEM
|
||
|
IMEI_REBOOT
|
||
|
IMEI_VERIFY_FACTORY_RESET
|
||
|
IMEI_COMPARE_ITEM
|
||
|
IMEI_MASS_STORAGE_INFO
|
||
|
IMEI_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
GPS_OPEN
|
||
|
GPS_CLOSE
|
||
|
GPS_START
|
||
|
GPS_DEVICE_STATE
|
||
|
GPS_OPTION
|
||
|
GPS_TTFF
|
||
|
GPS_LOCK_MODE
|
||
|
GPS_SECURITY_UPDATE
|
||
|
GPS_SSD
|
||
|
GPS_SECURITY_UPDATE_RATE
|
||
|
GPS_FIX_REQ
|
||
|
GPS_POSITION_RESULT
|
||
|
GPS_EXT_POSITION_RESULT
|
||
|
GPS_EXT_STATUS_INFO
|
||
|
GPS_PD_CMD_CB
|
||
|
GPS_DLOAD_STATUS
|
||
|
GPS_END_SESSION
|
||
|
GPS_FAILURE_INFO
|
||
|
GPS_HW_STATE
|
||
|
GPS_SECURITY_ENABLE
|
||
|
GPS_SECURITY_READ
|
||
|
GPS_SECURITY_WRITE
|
||
|
GPS_ENCRYPT_READ
|
||
|
GPS_REF_LOCATION
|
||
|
GPS_PGPS_TIME_INFO
|
||
|
GPS_PGPS_EXT_EPH
|
||
|
GPS_PGPS_BROADCAST_EPH
|
||
|
GPS_SENSOR_INFO
|
||
|
GPS_RXN_REF_LOCATION
|
||
|
GPS_RXN_UPDATE_CELLID
|
||
|
GPS_READY_NOTI
|
||
|
GPS_UTS_GET_POSITION
|
||
|
GPS_XTRA_SET_TIME_INFO
|
||
|
GPS_XTRA_SET_DATA
|
||
|
GPS_XTRA_CLIENT_INIT_DOWNLOAD
|
||
|
GPS_XTRA_QUERY_DATA_VALIDITY
|
||
|
GPS_XTRA_SET_AUTO_DOWNLOAD
|
||
|
GPS_XTRA_SET_XTRA_ENABLE
|
||
|
GPS_XTRA_DOWNLOAD
|
||
|
GPS_XTRA_VALIDITY_STATUS
|
||
|
GPS_XTRA_TIME_EVENT
|
||
|
GPS_XTRA_DATA_INJECTION_STATUS
|
||
|
GPS_XTRA_USE_SNTP
|
||
|
GPS_CP_POWER_ON
|
||
|
GPS_CP_FREQ_AIDING
|
||
|
GPS_CP_PRECISE_TIME_AIDING
|
||
|
GPS_CP_PSEUDORANGE_MSMT
|
||
|
GPS_CP_SESSION_CANCELLATION
|
||
|
GPS_AGPS_PDP_CONNECTION
|
||
|
GPS_AGPS_DNS_QUERY
|
||
|
GPS_AGPS_SSL
|
||
|
GPS_AGPS_MODE
|
||
|
GPS_VERIFICATION
|
||
|
GPS_DISPLAY_SUPLFLOW
|
||
|
GPS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
SAP_CONNECT
|
||
|
SAP_STATUS
|
||
|
SAP_TRANSFER_ATR
|
||
|
SAP_TRANSFER_APDU
|
||
|
SAP_TRANSPORT_PROTOCOL
|
||
|
SAP_SIM_POWER
|
||
|
SAP_TRANSFER_CARD_READER_STATUS
|
||
|
SAP_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
FACTORY_DEVICE_TEST
|
||
|
FACTORY_OMISSION_AVOIDANCE_TEST
|
||
|
FACTORY_DFT_TEST
|
||
|
FACTORY_MISCELLANEOUS_TEST
|
||
|
FACTORY_BYPASS_TEST 5 ??
|
||
|
FACTORY_SLATE_TEST
|
||
|
FACTORY_FRAME_BUFFER_TEST
|
||
|
FACTORY_DIAG_PST_UTS
|
||
|
FACTORY_SEMI_FINAL_TEST
|
||
|
FACTORY_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
OMADM_PRL_SIZE
|
||
|
OMADM_MODEL_NAME
|
||
|
OMADM_OEM_NAME
|
||
|
OMADM_SW_VER
|
||
|
OMADM_IS683_DATA
|
||
|
OMADM_PRL_READ
|
||
|
OMADM_PRL_WRITE
|
||
|
OMADM_PUZL_DATA
|
||
|
OMADM_ROOTCERT_READ
|
||
|
OMADM_ROOTCERT_WRITE
|
||
|
OMADM_MMC_OBJECT
|
||
|
OMADM_MIP_NAI_OBJECT
|
||
|
OMADM_CURRENT_NAI_INDEX
|
||
|
OMADM_MIP_AUTH_ALGO
|
||
|
OMADM_NAM_INFO
|
||
|
OMADM_START_CIDC
|
||
|
OMADM_START_CIFUMO
|
||
|
OMADM_START_CIPRL
|
||
|
OMADM_START_HFA
|
||
|
OMADM_START_REG_HFA
|
||
|
OMADM_SETUP_SESSION
|
||
|
OMADM_SERVER_START_SESSION
|
||
|
OMADM_CLIENT_START_SESSION
|
||
|
OMADM_SEND_DATA
|
||
|
OMADM_ENABLE_HFA
|
||
|
OMADM_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
EMBMS_SERVICE_MSG
|
||
|
EMBMS_SESSION_MSG
|
||
|
EMBMS_BSSI_MSG
|
||
|
EMBMS_COVERAGE_MSG
|
||
|
EMBMS_SESSION_LIST_MSG
|
||
|
EMBMS_SIGNAL_STRENGTH_MSG
|
||
|
EMBMS_SIB16_NETWORK_TIME_MSG
|
||
|
EMBMS_SAI_LIST_MSG
|
||
|
EMBMS_GLOBAL_CELL_ID_MSG
|
||
|
EMBMS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
DOMESTIC_CHANNEL_SETTING
|
||
|
DOMESTIC_LTE_RRC_SETTING
|
||
|
DOMESTIC_DELETE_STORED_CELL_LIST
|
||
|
DOMESTIC_ACTIVATION_DATE
|
||
|
DOMESTIC_SECURITY_MODE
|
||
|
DOMESTIC_HSDPA_ON_OFF
|
||
|
DOMESTIC_LAST_CALL
|
||
|
DOMESTIC_LTE_THROUGHPUT_TEST_MENU
|
||
|
DOMESTIC_CARD_TYPE
|
||
|
DOMESTIC_BAND_SEL
|
||
|
DOMESTIC_GCF_TEST_MODE
|
||
|
DOMESTIC_OTA_REG_MODE
|
||
|
DOMESTIC_NET_REG_STATUS_UI
|
||
|
DOMESTIC_NSRI_PROCESS
|
||
|
DOMESTIC_NSRI_TOAST_CMD
|
||
|
DOMESTIC_DISABLE_LTE_B7
|
||
|
DOMESTIC_MOBILE_QUALITY_INFO
|
||
|
DOMESTIC_ANDROID_ENTER_DIALER
|
||
|
DOMESTIC_KEEP_LTE_ICON_CSFB_SETTING
|
||
|
DOMESTIC_VOICE_CALL_STATUS
|
||
|
DOMESTIC_SYSTEM_INFO_FOR_LTE
|
||
|
DOMESTIC_SYSTEM_INFO_FOR_WIPI
|
||
|
DOMESTIC_NSRI_SECURE_CALL_MODE
|
||
|
DOMESTIC_IMSI_CHANGED_INFO
|
||
|
DOMESTIC_NETWORK_INFO_NOTI
|
||
|
DOMESTIC_PS_BARRING_FOR_VOLTE
|
||
|
DOMESTIC_KT_HD_VOICE_STATUS
|
||
|
DOMESTIC_UKNIGHT_INFO
|
||
|
DOMESTIC_LTE_WIDEBAND_INFO
|
||
|
IPC_DOMESTIC_LTE_ROAMING_STATUS
|
||
|
DOMESTIC_PROTOCOL_FEATURE
|
||
|
DOMESTIC_NSRI_ENCRYPT_SMS
|
||
|
DOMESTIC_NSRI_DECRYPT_SMS
|
||
|
DOMESTIC_NSRI_DECRYPTTX_SMS
|
||
|
DOMESTIC_NSRI_CHECK_SUSIM
|
||
|
DOMESTIC_NSRI_REQUEST_PROC
|
||
|
DOMESTIC_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
GEN_PHONE_RES 1
|
||
|
body is main/sub/type of request, plus response bytes -- usually 00 80 for "OK" I suppose
|
||
|
- these are a `short`, so 0x8000 for OK I guess
|
||
|
GEN_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
IPC_MMB_NVINFO
|
||
|
IPC_DATA_SETTINGINFO
|
||
|
IPC_JPN_AC_BARRING_FOR_VOLTE
|
||
|
IPC_JAPAN_KDDI_SIMBLOB
|
||
|
|
||
|
JPN_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
MAIN_AND_SUB_UNDEFINED(0x%x,0x%x)
|
||
|
|
||
|
Oh no! There's more!
|
||
|
|
||
|
MMS_PROVISION_CMD
|
||
|
MODEM_TEST_CMD
|
||
|
PCSC_CMD
|
||
|
QMI_HIDDENMENU_CMD
|
||
|
SMARTAS_CMD
|
||
|
PROSE_CMD
|
||
|
MCPTT_CMD
|
||
|
QMIIMS_CMD
|
||
|
IIL_CMD
|
||
|
|
||
|
CALL_LINE_CTRL
|
||
|
CALL_ALERT_CONTROL
|
||
|
CALL_ECCLIST
|
||
|
CALL_ECC_STATUS
|
||
|
CALL_VOICE_RADIO_BEARER_HANDOVER
|
||
|
|
||
|
CDMA_DATA_SERVICE_CFG
|
||
|
CDMA_DATA_CALL_ESTABLISH
|
||
|
CDMA_DATA_SIGN_IN_STATE
|
||
|
DATA_CALL_STATUS
|
||
|
CDMA_DATA_WORKING_MODE
|
||
|
CDMA_DATA_EVDO_REVISION_CONFIG
|
||
|
CDMA_DATA_SIP_PARAMETER
|
||
|
CDMA_DATA_CALL_STATUS_IPBASED
|
||
|
|
||
|
SMS_CBS_CBMI_CFG
|
||
|
SMS_CBS_ACTIVATION
|
||
|
IPC_SMS_RP_SMMA
|
||
|
|
||
|
SEC_ATR_INFO
|
||
|
SEC_SIM_ICCID
|
||
|
SEC_SIM_POWER
|
||
|
SEC_IMS_SUPP_AUTH_TYPES
|
||
|
|
||
|
NET_CELL_INFO 17
|
||
|
get body: empty
|
||
|
resp body: 00 00 00 01 01 32 30 34 30 38 23 50 19 F0 21 A7 00 7A 01 C3 0B 0F 00
|
||
|
resp body: 00 00 01 00 01 32 30 34 30 38 23 0D 53 7B 00 7B 01 00 00 21 FD 00 19 00 00 20 6B 0A FC FF 09 0E 00 00 00
|
||
|
NET_ECC_RAT
|
||
|
NET_CSG_SEARCH
|
||
|
NET_PREFERRED_ROAMING_PLMN_LIST
|
||
|
NET_DOMAIN_SPECIFIC_RESTRICTED
|
||
|
NET_ACB_INFO
|
||
|
NET_SSAC_INFO
|
||
|
NET_LTE_BAND_PRIORITY
|
||
|
NET_LTE_ROAMING
|
||
|
NET_CA
|
||
|
NET_AUTONOMOUS_GAP
|
||
|
NET_DISABLE_2G
|
||
|
NET_NAS_TIMER
|
||
|
|
||
|
MISC_ALARM_INFO
|
||
|
MISC_PUBLIC_MODE
|
||
|
MISC_RESERVED
|
||
|
MISC_DEVICE_POSITION
|
||
|
MISC_VTCALL_CONNECTION_STATUS
|
||
|
MISC_PREPAY_MODE
|
||
|
MISC_TBSR_CDMA
|
||
|
MISC_MODEM_INTERFACE_MODE
|
||
|
MISC_MODEM_UART_MODE
|
||
|
MISC_T_MPSR_VALUE
|
||
|
MISC_ENS_STATE
|
||
|
MISC_1XADV_INFO
|
||
|
MISC_SMS_FORMAT
|
||
|
MISC_SMS_OVER_IP_INFO
|
||
|
MISC_HOME_DOMAIN_NAME
|
||
|
MISC_1X_SVC_DELAY_TIMER
|
||
|
MISC_TSIP_TIMER
|
||
|
MISC_UART_AUTO
|
||
|
MISC_IMS_TESTMODE
|
||
|
MISC_IMS_SIP_PORT
|
||
|
MISC_IMS_FQDN_CSCF
|
||
|
MISC_IPC_LOOPBACK
|
||
|
MISC_PA_THERMISTER
|
||
|
MISC_LOGGING_TIME_INFO
|
||
|
MISC_SILENT_LOGGING_CONTROL
|
||
|
MISC_GPIODVS_DATA
|
||
|
MISC_AT_CMD_FWD
|
||
|
MISC_SIMLOCK_SHARED_KEY
|
||
|
MISC_SIMLOCK_BLOB
|
||
|
MISC_DEVICE_CAPA
|
||
|
MISC_CA_PROPERTY
|
||
|
MISC_T3402_TIMER
|
||
|
MISC_POA_DELETE_GUTI
|
||
|
MISC_BIP_INFO
|
||
|
MISC_CP_POSITION
|
||
|
MISC_GRIP_SENSOR_INFO
|
||
|
MISC_AP_GPS_POSITION
|
||
|
MISC_LCD_MIPI_CONTROL
|
||
|
MISC_CLM_TT_CMD
|
||
|
MISC_ECHOLOCATE_MENU_STATUS
|
||
|
MISC_SSDS_ONEHW_SIM_SLOT_COUNT
|
||
|
MISC_CP_SPD_STATUS
|
||
|
MISC_MANUFACTURE_SALES_CODE
|
||
|
MISC_SHARED_MEM_CMD_SAVE_FULL_MEMORY
|
||
|
MISC_SEND_CP_FEATURE
|
||
|
IPC_MISC_CP_NW_DATA
|
||
|
|
||
|
SVC_BIG_DATA_INFO 13
|
||
|
noti body: 00 DB 00 7B 22 4A 56 45 52 22 3A 22 53 50 4C 31 22 2C 22 48 57 5F 56 22 3A 22 4D 50 5F 30 2E 37 30 30 22 2C 22 43 74 79 70 22 3A 22 31 22 2C 22 50 4C 4D 4E 22 3A 22 32 30 34 30 38 23 22 2C 22 41 43 54 5F 22 3A 22 32 22 2C 22 52 41 43 5F 22 3A 22 30 22 2C 22 4C 41 43 5F 22 3A 22 31 39 35 30 22 2C 22 54 41 43 5F 22 3A 22 30 30 30 30 22 2C 22 43 5F 49 44 22 3A 22 41 37 32 31 46 30 22 2C 22 50 68 49 44 22 3A 22 33 37 38 22 2C 22 44 4C 43 68 22 3A 22 33 30 31 31 22 2C 22 52 67 53 74 22 3A 22 32 22 2C 22 52 6A 43 75 22 3A 22 30 22 2C 22 47 52 49 50 22 3A 22 32 22 2C 22 45 41 52 4A 22 3A 22 30 22 2C 22 41 55 53 54 22 3A 22 34 22 2C 22 54 78 41 53 22 3A 22 33 22 7D
|
||
|
noti body: 09a1007b224a564552223a2253504c31222c22504c4d4e223a22323034303823222c224143545f223a2234222c225241435f223a2230222c224c41435f223a2230303030222c225441435f223a2230303030222c22435f4944223a2230222c2250684944223a2230222c22444c4368223a2236343030222c2252675374223a2232222c2254595045223a2232222c22454d4d43223a2230222c2245534d43223a2230227d b'\t\xa1\x00{"JVER":"SPL1","PLMN":"20408#","ACT_":"4","RAC_":"0","LAC_":"0000","TAC_":"0000","C_ID":"0","PhID":"0","DLCh":"6400","RgSt":"2","TYPE":"2","EMMC":"0","ESMC":"0"}'
|
||
|
SVC_AUTOMATION_INFO
|
||
|
SVC_FAKE_CELL_INFO
|
||
|
|
||
|
SS_UUS
|
||
|
SS_IC_BARRING
|
||
|
SS_EXTRAS
|
||
|
SS_TRANSFER_CALL
|
||
|
|
||
|
CFG_UART_MODEM_PATH
|
||
|
CFG_DEBUG_MSG_LEVEL
|
||
|
CFG_UTS_HIDDEN_MENU_ACCESS
|
||
|
CFG_SIM_LOCK_INFO
|
||
|
CFG_SIM_UICCID
|
||
|
CFG_SSD_DATA
|
||
|
CFG_SAR_CONTROL
|
||
|
|
||
|
IMEI_MASS_STORAGE_FILE_NUMBER
|
||
|
IMEI_UPDATE_ITEM
|
||
|
IMEI_VERIFY_COMPARE_STATUS
|
||
|
IPC_IMEI_CERT_STATUS
|
||
|
|
||
|
GPS_INIT
|
||
|
GPS_DEINIT
|
||
|
GPS_STOP_SESSION
|
||
|
GPS_POSITION_DATA
|
||
|
GPS_EXT_MEASURMENT
|
||
|
GPS_PARAMETERS
|
||
|
GPS_DATA_CONNECTION
|
||
|
GPS_DNS_LOOKUP
|
||
|
GPS_PD_EVENT
|
||
|
GPS_XTRA_INIT
|
||
|
GPS_XTRA_DEINIT
|
||
|
GPS_XTRA_ENABLE
|
||
|
GPS_XTRA_TIME
|
||
|
GPS_XTRA_DATA
|
||
|
GPS_EXT_RADIO_SIG
|
||
|
GPS_CP_MO_LOCATION
|
||
|
GPS_ASSIST_DATA
|
||
|
GPS_RELEASE_GPS
|
||
|
GPS_MEASURE_POSITION
|
||
|
GPS_MTLR_NOTIFICATON
|
||
|
GPS_RESET_ASSIST_DATA
|
||
|
GPS_FREQUENCY_AIDING
|
||
|
GANSS_ASSIST_DATA
|
||
|
IPC_GPS_CONTROL_PLANE
|
||
|
GANSS_MEASURE_POSITION
|
||
|
IPC_FACTORY_WARRANTY_BIT
|
||
|
|
||
|
RFS responses: id and command same as id and command of request.
|
||
|
|
||
|
RFS_NV_READ_ITEM 1 reads from the NV data file?
|
||
|
req:
|
||
|
4 bytesLE >> #offset,
|
||
|
4 bytesLE >> #length
|
||
|
resp:
|
||
|
1 byte >> #confirm "1 for success, 0 for failure",
|
||
|
4 bytesLE >> #offset "copied from request",
|
||
|
4 bytesLE >> #length "copied from request",
|
||
|
'length' bytes >> #data
|
||
|
RFS_NV_WRITE_ITEM 2 writes into the NV data file?
|
||
|
req:
|
||
|
4 bytesLE >> #offset,
|
||
|
4 bytesLE >> #length,
|
||
|
'length' bytes >> #data
|
||
|
resp:
|
||
|
1 byte >> #confirm "1 for success, 0 for failure",
|
||
|
4 bytesLE >> #offset "copied from request",
|
||
|
4 bytesLE >> #length "copied from request",
|
||
|
RFS_READ_FILE 3 ??
|
||
|
RFS_WRITE_FILE 4 ??
|
||
|
RFS_LSEEK_FILE 5 ??
|
||
|
RFS_CLOSE_FILE 6 close(2)
|
||
|
req:
|
||
|
4 bytesLE >> #fd
|
||
|
resp:
|
||
|
4 bytesLE signed >> #result,
|
||
|
4 bytesLE signed >> #errno
|
||
|
RFS_PUT_FILE 7 ??
|
||
|
RFS_GET_FILE 8 ??
|
||
|
RFS_RENAME_FILE 9 ??
|
||
|
RFS_GET_FILE_INFO 10 ??
|
||
|
RFS_UNLINK_FILE 11 ??
|
||
|
RFS_MAKE_DIR 12 ??
|
||
|
RFS_REMOVE_DIR 13 ??
|
||
|
RFS_OPEN_DIR 14 ??
|
||
|
RFS_READ_DIR 15 ??
|
||
|
RFS_CLOSE_DIR 16 ??
|
||
|
RFS_OPEN_FILE 17 open(2)
|
||
|
[0 0 0 0 18 0 0 0 67 80 95 65 85 68 73 79 95 83 76 83 73 46 98 105 110 0]
|
||
|
4 bytes "flags. O_RDONLY = 0 on linux, so maybe error out if nonzero here"
|
||
|
4 bytesLE "length of file path, incl trailing NUL byte"
|
||
|
file path
|
||
|
resp:
|
||
|
4 bytesLE signed >> #result,
|
||
|
4 bytesLE signed >> #errno
|
||
|
RFS_FTRUNCATE_FILE 18 ??
|
||
|
RFS_GET_HANDLE_INFO 19 ??
|
||
|
RFS_CREATE_FILE 20 ??
|
||
|
RFS_NV_WRITE_ALL_ITEM 21 ??
|
||
|
RFS_NV_BUFFER_MESSAGE 22 ??
|
||
|
RFS_NV_RESTORE 23 ??
|
||
|
|
||
|
MMS_PROVISION_GET_ITEM_DATA
|
||
|
MMS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
IMS_CHANNEL
|
||
|
IMS_CODEC
|
||
|
IMS_RTP_MEDIA
|
||
|
IMS_DTMF
|
||
|
IMS_OPTION
|
||
|
IMS_PDN
|
||
|
IMS_SESSION_REFRESH
|
||
|
IMS_REGI
|
||
|
IMS_ENGINE
|
||
|
IMS_FRAME_TIME
|
||
|
IMS_DEDICATED_BEARER_INFO
|
||
|
IMS_INFORMATION
|
||
|
IMS_TIMER
|
||
|
IMS_RRC_CONNECTION
|
||
|
IPC_IMS_CP_STATE
|
||
|
IPC_IMS_HVOLTE_SWITCH
|
||
|
IMS_SIP_INFO_ACB
|
||
|
IMS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
IPC_DOMESTIC_INVITE_FLUSH
|
||
|
DOMESTIC_CHANNEL_SETTING_LTE
|
||
|
DOMESTIC_LTE_CA
|
||
|
DOMESTIC_PROTOCOL_ERROR_DETECTION
|
||
|
DOMESTIC_LTE_ROAMING_STATUS
|
||
|
DOMESTIC_PTT_USIM_LOCK
|
||
|
|
||
|
QMI_HIDDENMENU_CDMA_DATA_BYTE_COUNTER
|
||
|
QMI_HIDDENMENU_CDMA_DATA_MOBILE_IP_NAI
|
||
|
QMI_HIDDENMENU_CDMA_DATA_MIP_NAI_CHANGED
|
||
|
QMI_HIDDENMENU_CDMA_DATA_MIP_CONNECT_STATUS
|
||
|
QMI_HIDDENMENU_CDMA_DATA_DDTMMODE_CONFIG
|
||
|
QMI_HIDDENMENU_CDMA_DATA_WORKING_MODE
|
||
|
QMI_HIDDENMENU_CDMA_DATA_EVDO_STATE_AND_CONN_ATTEMPT
|
||
|
QMI_HIDDENMENU_CDMA_CALL_TIME_COUNT
|
||
|
QMI_HIDDENMENU_CDMA_MODEM_RESET
|
||
|
QMI_HIDDENMENU_WB_AMR_RPT
|
||
|
QMI_HIDDENMENU_CDMA_CHANNEL_IO
|
||
|
QMI_HIDDENMENU_CDMA_BAND_CLASS
|
||
|
QMI_HIDDENMENU_EHRPD_CONFIG
|
||
|
QMI_HIDDENMENU_CDMA_DATA_EVDO_AUTH_VALUE
|
||
|
QMI_HIDDENMENU_BAND26_ENABLED
|
||
|
QMI_HIDDENMENU_BAND41_ENABLED
|
||
|
QMI_HIDDENMENU_BAND25_PRIORITY
|
||
|
QMI_HIDDENMENU_BAND_PROVISIONED
|
||
|
QMI_HIDDENMENU_BAND25_ENABLED
|
||
|
QMI_HIDDENMENU_BAND_ENABLED
|
||
|
QMI_HIDDENMENU_BAND41_TX_SWITCHING_DIVERSITY
|
||
|
QMI_HIDDENMENU_LTE_ROAMING_ENABLED
|
||
|
QMI_HIDDENMENU_CA_ENABLED
|
||
|
QMI_HIDDENMENU_BAND_PRIORITY
|
||
|
QMI_HIDDENMENU_CA_CONFIG
|
||
|
IPC_QMI_HIDDENMENU_DATA_IMSIP_INTERFACE_ID
|
||
|
QMI_HIDDENMENU_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
PROSE_CORE_CONTROL
|
||
|
PROSE_APP_REGIST
|
||
|
PROSE_APP_SERVER_PROVISION_UPDATE
|
||
|
PROSE_DISCOVERY_CONTROL
|
||
|
PROSE_DISCOVERY_STATE
|
||
|
PROSE_DISCOVERY_QUERY
|
||
|
PROSE_COMMUNICATION_CONTROL
|
||
|
PROSE_UE2NETWORK_RELAY_CONTROL
|
||
|
PROSE_EMBMS_RELAY_CONTROL
|
||
|
PROSE_CELLID_ANNOUNCEMENT_CONTROL
|
||
|
PROSE_PER_PACKET_PRIORITY_CONTROL
|
||
|
PROSE_GEOGRAPHICAL_AREA_INFO
|
||
|
PROSE_CONFIGURATION_DATA_CONTROL
|
||
|
PROSE_SIGNALING_CONTROL
|
||
|
PROSE_UE2NET_RELAY_AVAILABILITY
|
||
|
PROSE_SYSTEM_TIME_INFO
|
||
|
PROSE_USER_INFO
|
||
|
PROSE_SIDELINK_SYNC_INFO
|
||
|
PROSE_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
MCPTT_FCP_USER_INFO
|
||
|
MCPTT_PDN_MSG
|
||
|
MCPTT_FCP_FLOOR_CHANNEL_MSG
|
||
|
MCPTT_FCP_FLOOR_INFO
|
||
|
MCPTT_FCP_FLOOR_OPERATION
|
||
|
MCPTT_FCP_FLOOR_MESSAGE
|
||
|
MCPTT_FCP_FLOOR_EVENT
|
||
|
MCPTT_FCP_GNRL_MBMS_SUBCH
|
||
|
MCPTT_FCP_FLOOR_MBMS_SUBCH
|
||
|
MCPTT_FCP_SESSION_CALL_CNTRL
|
||
|
MCPTT_FCP_SECURITY_INFO
|
||
|
MCPTT_CCP_CHANNEL_MSG
|
||
|
MCPTT_CCP_PERIODIC_ANNOUNCE_MSG
|
||
|
MCPTT_CCP_INSTANT_TRANSMISSION_MSG
|
||
|
MCPTT_MCP_CHANNEL
|
||
|
MCPTT_MCP_CODEC
|
||
|
MCPTT_MCP_CONTROL
|
||
|
MCPTT_MCP_DTMF
|
||
|
MCPTT_MCP_OPTION
|
||
|
MCPTT_MCP_FRAME_TIME
|
||
|
MCPTT_MCP_DEDICATE_BEARER_INFO
|
||
|
MCPTT_MCP_INFORMATION
|
||
|
MCPTT_MCP_SIP_INFO_ACB
|
||
|
MCPTT_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
QMIIMS_DEDICATED_BEARER_INFO
|
||
|
QMIIMS_ECM_SEARCH
|
||
|
QMIIMS_ECM_FOUND_SVC
|
||
|
QMIIMS_SUB_CMD_UNDEFINED(0x%x)
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
SMS examples
|
||
|
|
||
|
[pid 4916] write(18</dev/umts_ipc0>, "+\0`\0\4\1\1\2\2\0 \7\221\23V\23\23\23\363\1\0\v\221\23V\227HC\367\0\0\f\324\362\234\16\242\313\303\343\264\373\f", 43) = 43 <0.000118>
|
||
|
[pid 4918] read(18</dev/umts_ipc0>, "\f\0\214\0\4\1\3\2\0\0\2\0", 264192) = 12 <0.000242>
|
||
|
|
||
|
[pid 4918] read(18</dev/umts_ipc0>, "/\0\221\0\4\2\3\2\1\377\377\1\"\7\221\23V\23\23\23\363\4\v\221\23V\227HC\367\0\0\2\220p\2\203\220\200\10A\220\274\fg\347C", 264192) = 47 <0.000217>
|
||
|
[pid 4916] write(18</dev/umts_ipc0>, "\f\0a\0\4\6\1\2\0\0\1\0", 12) = 12 <0.000157>
|
||
|
[pid 4918] read(18</dev/umts_ipc0>, "\f\0\222\0\200\1\2\4\6\1\0\200", 264192) = 12 <0.000087>
|
||
|
|
||
|
2020-09-16 22:54:20 (87200) a SamsungFmtMessage(40:0 #SMS/#'SMS_INCOMING_MSG'/#noti #[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14] '.....&...V........V.HC.....12.c.............')
|
||
|
2020-09-16 23:08:59 (LinuxInputTestSink) Generic: a SamsungFmtMessage(34:0 #SMS/#'SMS_INCOMING_MSG'/#noti #[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14] '.....&...V........V.HC.....12.c.............')
|
||
|
2020-09-16 23:08:59 (LinuxInputTestSink) SMS: SMS_INCOMING_MSG#[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14]'.....&...V........V.HC.....12.c.............'
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
Call examples - INCOMING call
|
||
|
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_INCOMING (T)NOTI l:b m:d3 a:00 [ 00 01 00 01 ]
|
||
|
[G] RX: (M)SS_CMD (S)SS_INFO (T)NOTI l:81 m:d4 a:00 [ 31 00 00 FF 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
|
||
|
[G] RX: (M)SND_CMD (S)SND_WB_AMR_RPT (T)NOTI l:8 m:d5 a:00 [ 01 ]
|
||
|
[G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:d6 a:00 [ 05 ]
|
||
|
|
||
|
[G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:80 a:00 [ ]
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:1c m:d7 a:80 [ 01 00 01 00 02 05 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 ]
|
||
|
|
||
|
[G] RX: (M)DISP_CMD (S)DISP_RSSI_INFO (T)NOTI l:13 m:d8 a:00 [ 69 04 63 63 00 FF FF FF FF 12 FD FF ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_MIC_MUTE_CTRL (T)SET l:8 m:81 a:00 [ 00 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:d9 a:81 [ 09 02 03 00 80 ]
|
||
|
|
||
|
[G] TX: (M)CALL_CMD (S)CALL_ANSWER (T)EXEC l:7 m:82 a:00 [ ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:da a:82 [ 02 04 01 00 80 ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_AUDIO_PATH_CTRL (T)SET l:9 m:83 a:00 [ 01 00 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:db a:83 [ 09 03 03 00 80 ]
|
||
|
|
||
|
[G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:dc a:00 [ 05 ]
|
||
|
[G] RX: (M)SND_CMD (S)SND_RINGBACK_TONE_CTRL (T)NOTI l:8 m:dd a:00 [ 00 ]
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_STATUS (T)NOTI l:d m:de a:00 [ 00 01 00 03 00 00 ]
|
||
|
|
||
|
[G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:84 a:00 [ ]
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:1c m:df a:84 [ 01 00 01 00 02 01 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_TWO_MIC_SOL_CTRL (T)SET l:9 m:85 a:00 [ 00 01 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e0 a:85 [ 09 0B 03 00 80 ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_SPKR_VOLUME_CTRL (T)SET l:9 m:86 a:00 [ 01 04 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e1 a:86 [ 09 01 03 00 80 ]
|
||
|
[G] RX: (M)MISC_CMD (S)MISC_TIME_INFO (T)NOTI l:19 m:e2 a:00 [ 02 01 14 09 08 0B 19 38 08 01 02 01 32 30 34 30 38 23 ]
|
||
|
[G] RX: (M)DISP_CMD (S)DISP_RSSI_INFO (T)NOTI l:13 m:e3 a:00 [ 65 06 63 63 00 FF FF FF FF 11 FD FF ]
|
||
|
|
||
|
[G] TX: (M)CALL_CMD (S)CALL_RELEASE (T)EXEC l:7 m:87 a:00 [ ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e4 a:87 [ 02 03 01 00 80 ]
|
||
|
|
||
|
[G] RX: (M)SND_CMD (S)SND_RINGBACK_TONE_CTRL (T)NOTI l:8 m:e5 a:00 [ 00 ]
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_STATUS (T)NOTI l:d m:e6 a:00 [ 00 01 00 04 00 05 ]
|
||
|
[G] RX: (M)SVC_CMD (S)SVC_BIG_DATA_INFO (T)NOTI l:e5 m:e7 a:00 [ 00 DB 00 7B 22 4A 56 45 52 22 3A 22 53 50 4C 31 22 2C 22 48 57 5F 56 22 3A 22 4D 50 5F 30 2E 37 30 30 22 2C 22 43 74 79 70 22 3A 22 31 22 2C 22 50 4C 4D 4E 22 3A 22 32 30 34 30 38 23 22 2C 22 41 43 54 5F 22 3A 22 32 22 2C 22 52 41 43 5F 22 3A 22 30 22 2C 22 4C 41 43 5F 22 3A 22 31 39 35 30 22 2C 22 54 41 43 5F 22 3A 22 30 30 30 30 22 2C 22 43 5F 49 44 22 3A 22 41 37 32 31 46 30 22 2C 22 50 68 49 44 22 3A 22 33 37 38 22 2C 22 44 4C 43 68 22 3A 22 33 30 31 31 22 2C 22 52 67 53 74 22 3A 22 32 22 2C 22 52 6A 43 75 22 3A 22 30 22 2C 22 47 52 49 50 22 3A 22 32 22 2C 22 45 41 52 4A 22 3A 22 30 22 2C 22 41 55 53 54 22 3A 22 34 22 2C 22 54 78 41 53 22 3A 22 33 22 7D ]
|
||
|
|
||
|
[G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:88 a:00 [ ]
|
||
|
[G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:8 m:e8 a:88 [ 00 ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_AUDIO_PATH_CTRL (T)SET l:9 m:89 a:00 [ 01 00 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e9 a:89 [ 09 03 03 00 80 ]
|
||
|
|
||
|
[G] TX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)EXEC l:8 m:8a a:00 [ 00 ]
|
||
|
[G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:ea a:8a [ 09 09 01 00 80 ]
|
||
|
|
||
|
[G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:eb a:00 [ 00 ]
|
||
|
|