https://android.googlesource.com/platform/system/core/+/master/init/README.md ^ Has instructions for attaching strace to services. Nutshell: stop ril-daemon setprop ctl.sigstop_on ril-daemon start ril-daemon ps | grep rild strace -tt -xx -T -y -f -s 104857600 -v -o /data/rild.strace.txt -p ... Hmm, that doesn't work. Sigh. How to unpack initramfs: mkdir q; cd q; zcat ../boot.img-ramdisk.gz | cpio -idv Repacking: find . | cpio --create --format=newc | gzip > ../boot.img-ramdisk.gz Be careful of [QCDT](https://wiki.postmarketos.org/wiki/QCDT) /system/xbin/strace -tt -xx -T -y -f -s 104857600 -v -o /data/rild.strace.txt /system/bin/rild /system/xbin/strace -tt -xx -T -y -s 104857600 -v -fp 3046 2>&1 | tee /data/rild.strace.txt /system/xbin/strace -tt -xx -T -y -f -s 104857600 -v -o /data/cbd.strace.txt /sbin/cbd -d -tss310 -bm -mm -P platform/155a0000.ufs/by-name/RADIO /sbin/cbd -d -tss310 -bm -mm -P platform/155a0000.ufs/by-name/RADIO ^ this symlinks to /dev/block/sda8 00000000: 2f73 6269 6e2f 6362 6400 2d64 002d 7473 /sbin/cbd.-d.-ts 00000010: 7333 3130 002d 626d 002d 6d6d 002d 5000 s310.-bm.-mm.-P. 00000020: 706c 6174 666f 726d 2f31 3535 6130 3030 platform/155a000 00000030: 302e 7566 732f 6279 2d6e 616d 652f 5241 0.ufs/by-name/RA 00000040: 4449 4f00 DIO. cbd reads sda8's MAIN image 63488 bytes at a time (exactly 62k). shmem_xmit_boot (and mem_xmit_boot) is what receives each chunk - chunks are prefixed with a struct modem_firmware struct modem_firmware { unsigned long long binary; u32 size; u32 m_offset; u32 b_offset; u32 mode; u32 len; } __packed; if mode != 0, we are sending to "IPC region" ("DUMP_MODE") if mode == 0, we are sending to "BOOT region" ("BOOT_MODE") enum cp_boot_mode { CP_BOOT_MODE_NORMAL, CP_BOOT_MODE_DUMP, CP_BOOT_RE_INIT, MAX_CP_BOOT_MODE }; address validity: the following must hold: - modem_firmware.size <= total target region size - modem_firmware.len <= total target region size - modem_firmware.m_offset <= total target region size minus modem_firmware.len so this tells us that in modem_firmware: - size is the whole size of the target region, the full upload - len is the current chunk length - m_offset is the offset into the target region next, modem_firmware.binary is a userland pointer to the chunk to upload VIDEO_SELECT_SOURCE = _IO('o', 25) = _IO('o', 0x19) = IOCTL_MODEM_ON VIDEO_CLEAR_BUFFER = _IO('o', 34) = _IO('o', 0x22) = IOCTL_MODEM_BOOT_ON VIDEO_SET_ID = _IO('o', 35) = _IO('o', 0x23) = IOCTL_MODEM_BOOT_OFF cbd sends 0D 90 00 00, and expects 0D A0 00 00 cbd sends 00 9F 00 00, and expects 00 AF 00 00 these are sipc5_link_header structs I think /* SIPC5 link-layer header */ struct __packed sipc5_link_header { u8 cfg; u8 ch; u16 len; union { struct multi_frame_control ctrl; u16 ext_len; }; }; so: cfg = 0x0d = 0b00001101, ch = 0x90, len = 0 (cfg: start_mask = 1 ??, padding exists ??, control field exists ??) cfg = 0x0d = 0b00001101, ch = 0xa0, len = 0 (cfg: start_mask = 1 ??, extension field exists ??) cfg = 0x00 = 0b00000000, ch = 0x9f, len = 0 cfg = 0x00 = 0b00000000, ch = 0xaf, len = 0 support for this hypothesis: log stmt mentions "std_udl_req_resp", which shares a prefix "std_udl_" with definitions in sipc5.h. against this hypothesis: the channel numbers are super weird! According to modem_v1.h's sipc_ch_id, everything between 32 and 214 (incl) are reserved, but here we see 144, 160, 159 and 175. ## Using strings on libsec-ril.so OK so `strings -a libsec-ril.so` yields command type names, but MAYBE out of order. These are values for cmd_type, for responses: INDI 1 RESP 2 NOTI 3 These are values presumably for cmd_type for requests: EXEC 1 GET 2 SET 3 CFRM 4 ?? EVENT 5 ?? These are group/main_cmd values - these seem to be in order!: PWR_CMD 1 CALL_CMD 2 CDMA_DATA_CMD SMS_CMD 4 SEC_CMD 5 PB_CMD 6 phone book?? DISP_CMD 7 NET_CMD 8 SND_CMD 9 MISC_CMD 10 SVC_CMD 11 SS_CMD 12 GPRS_CMD 13 SAT_CMD 14 CFG_CMD 15 IMEI_CMD 16 GPS_CMD 17 sub_cmd=93, noti body: 00 SAP_CMD 18 FACTORY_CMD 19 OMADM_CMD RFS_CMD IMS_CMD EMBMS_CMD DOMESTIC_CMD JPN_CMD GEN_CMD 128 MAIN_CMD_UNDEFINED PWR_PHONE_PWR_UP 1 noti body: 00 PWR_PHONE_PWR_OFF 2 PWR_PHONE_RESET 3 PWR_BATT_STATUS 4 PWR_BATT_TYPE 5 PWR_BATT_COMP 6 PWR_PHONE_STATE 7 noti body: 02 PWR_SUB_CMD_UNDEFINED(0x%x) CALL_OUTGOING 1 body is details of call to place, looks to be a 99-byte FMT packet all told, mostly empty but for destination number CALL_INCOMING 2 noti body: 00 01 00 01 CALL_RELEASE 3 exec body: empty CALL_ANSWER 4 exec body: empty CALL_STATUS 5 noti body: 00 01 00 01 00 00 (dialing) noti body: 00 01 00 05 00 00 (connecting) noti body: 00 01 00 03 00 00 (connected) noti body: 00 01 00 04 00 05 (released) CALL_LIST 6 req body: empty resp body: 01 00 01 00 01 03 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 resp body: 01 00 01 00 01 04 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 resp body: 01 00 01 00 01 01 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 resp body: 00 CALL_BURST_DTMF CALL_CONT_DTMF CALL_WAITING CALL_LINE_ID CALL_SIGNAL CALL_VOICE_PRIVACY CALL_CALL_TIME_COUNT CALL_OTA_PROGRESS CALL_DIAG_OUTGOING CALL_E911_CB_MODE CALL_FLASH_INFO CALL_SRVCC CALL_HOLD CALL_BLOCK_STATUS CALL_DATA_CALL_BYTE_COUNTER CALL_MODIFY CALL_MODIFY_NOTI CALL_MODIFY_CONFIRM CALL_SUB_CMD_UNDEFINED(0x%x) CDMA_DATA_TE2_STATUS CDMA_DATA_BYTE_COUNTER CDMA_DATA_INCOMING_CALL_TYPE CDMA_DATA_TE2_DIALING_INFO CDMA_DATA_TE2_DATA_RATE_INFO CDMA_DATA_PACKET_DATA_CALL_CFG CDMA_DATA_DS_BAUD_RATE CDMA_DATA_MOBILE_IP_NAI CDMA_DATA_CURRENT_NAI_INDEX CDMA_DATA_DORMANT_CONFIG CDMA_DATA_MIP_NAI_CHANGED CDMA_DATA_SIGNEDIN_STATE CDMA_DATA_RESTORE_NAI CDMA_DATA_MIP_CONNECT_STATUS CDMA_DATA_DORMANT_MODE_STATUS CDMA_DATA_R_SCH_CONFIG CDMA_DATA_HDR_SESSION_CLEAR CDMA_DATA_SESSION_CLOSE_TIMER_EXPIRED CDMA_DATA_KEEPALIVETIMER_VALUE CDMA_DATA_DDTMMODE_CONFIG CDMA_DATA_ROAM_GUARD CDMA_DATA_MODEM_NAI CDMA_DATA_KOREA_MODE CDMA_DATA_DATA_SERVICE_TYPE CDMA_DATA_FORCE_REV_A_MODE CDMA_DATA_CUSTOM_CONFIG_MODE CDMA_DATA_NAI_SETTING_MODE CDMA_DATA_PIN_CTRL CDMA_DATA_RAW_DATA_MODE CDMA_DATA_DUN_MODE CDMA_DATA_TE2_CALL_STATUS CDMA_DATA_IP_CONFIGURATION CDMA_DATA_CALL_STATUS CDMA DATA_SUB_CMD_UNDEFINED(0x%x) SMS_SEND_MSG 1 SMS_INCOMING_MSG 2 noti body: 2020-09-09 12:40:45.157159 ipc0 (0035) STATE_ONLINE Packet(len=53, msg_seq=62, ack_seq=0, main_cmd=4, sub_cmd=2, cmd_type=3) 0201ffff012807911356131313f3040b911356974843f70000029090210444800ec67219644e83cc6f90b9de0e01 b'\x02\x01\xff\xff\x01(\x07\x91\x13V\x13\x13\x13\xf3\x04\x0b\x91\x13V\x97HC\xf7\x00\x00\x02\x90\x90!\x04D\x80\x0e\xc6r\x19dN\x83\xcco\x90\xb9\xde\x0e\x01' - that's "Fee fi fo fum!" from my main number 02 01 ff ff 01 28 07 91 13 56 13 13 13 f3 the SMSC number 04 0b 91 13 56 97 48 43 f7 00 00 02 90 90 21 04 44 80 0e c6 72 19 64 4e 83 cc 6f 90 b9 de 0e 01 = 11000110 01110010 00011001 01100100 01001110 10000011 11001100 01101111 10010000 10111001 11011110 00001110 00000001 --> 1000110 F 1100101 e 1100101 e 0100000 SP 1100110 f 1101001 i 0100000 SP 1100110 f 1101111 o 0100000 SP 1100110 f 1110101 u 1101101 m 0100001 ! SMS_READ_MSG 3 SMS_SAVE_MSG 4 SMS_DEL_MSG 5 SMS_DELIVER_REPORT 6 SMS_DEVICE_READY 7 noti body: 02 SMS_SEL_MEM 8 SMS_STORED_MSG_COUNT 9 SMS_SVC_CENTER_ADDR 10 SMS_SVC_OPTION 11 SMS_MEM_STATUS 12 SMS_CBS_MSG 13 SMS_CBS_CFG 14 set body: 01 80 03 11 00 11 01 11 02 [logcat_ALL.txt] set body: 01 80 04 11 00 11 01 11 02 11 04 [logcat_ALL.txt] set body: 01 80 06 11 00 11 01 11 02 11 04 11 13 11 14 [logcat_ALL.txt] set body: 01 80 0C 11 00 11 01 11 02 11 04 11 13 11 14 11 15 11 16 11 17 11 18 11 19 11 1A [logcat_ALL.txt] set body: 01 80 0D 11 00 11 01 11 02 11 04 11 13 11 14 11 15 11 16 11 17 11 18 11 19 11 1A 11 1B [logcat_ALL.txt] SMS_STORED_MSG_STATUS 15 SMS_PARAM_COUNT 16 SMS_PARAM 17 SMS_STATUS SMS_SUB_CMD_UNDEFINED(0x%x) sub_cmd=12, noti body: 0A 98 13 80 40 02 30 16 03 31 F7 SEC_PIN_STATUS 1 sub_cmd=1, noti body: 00 00 sub_cmd=1, noti body: 82 00 sub_cmd=1, noti body: 83 00 SEC_PHONE_LOCK 2 SEC_CHANGE_LOCKING_PW 3 SEC_SIM_LANG 4 SEC_RSIM_ACCESS 5 SEC_GSIM_ACCESS 6 SEC_SIM_ICC_TYPE 7 sub_cmd=7, noti body: 02 SEC_LOCK_INFOMATION 8 SEC_IMS_AUTH 9 SEC_RUIM_CONFIG IPC_SEC_SIMAPPS_INFO SEC_SUB_CMD_UNDEFINED(0x%x) PB_ACCESS 1 PB_STORAGE 2 PB_STORAGE_LIST 3 PB_ENTRY_INFO 4 PB_3GPB_CAPA 5 ?? noti body: 010701fa001200030002fa00280003000396002800000004640028000000050a001200000006fa000500030007fa0002000300 PB_SUB_CMD_UNDEFINED(0x%x) DISP_ICON_INFO 1 noti body: 01 01 00 00 00 00 FF FF FF FF noti body: 01 02 00 00 63 67 09 A0 00 02 DISP_HOMEZONE_INFO DISP_PHONE_FATAL_INFO DISP_EXT_ROAM_INFO DISP_USER_INDICATION DISP_RSSI_INFO 6 noti body: 63 07 63 63 00 FF FF FF FF 10 FF FF noti body: 65 06 63 63 00 FF FF FF FF 11 FF FF noti body: 6B 63 63 04 6B 0A A0 00 09 FF FC FF DISP_SUB_CMD_UNDEFINED(0x%x) NET_PREF_PLMN 1 NET_PLMN_SEL 2 get body: empty resp body: 02 resp body: 05 NET_SERVING_NETWORK 3 noti body: 02 02 04 32 30 34 30 38 23 50 19 00 F0 21 A7 00 21 FD FF 00 00 FF 00 00 FF FF get body: empty noti body: 05 02 21 32 30 34 30 38 23 00 00 00 0D 53 7B 00 21 FD FF 00 00 FF 00 00 7B 01 resp body: 05 02 21 32 30 34 30 38 23 00 00 00 0D 53 7B 00 21 FD FF 00 00 FF 00 00 7B 01 NET_PLMN_LIST 4 NET_REGIST 5 noti body: 04 02 02 00 50 19 F0 21 A7 00 00 21 FD 02 02 00 FF FF 00 noti body: 04 03 02 00 50 19 F0 21 A7 00 00 21 FD 02 02 00 FF FF 00 get body: FF 03 get body: FF 02 noti body: 21 01 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00 resp body: 21 03 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00 resp body: 21 02 02 00 00 00 0D 53 7B 00 00 21 FD 02 02 00 7B 01 00 NET_SUBSCRIBER_NUM 6 NET_BAND_SEL 7 NET_SERVICE_DOMAIN_CONFIG 8 NET_POWERON_ATTACH 9 NET_MODE_SEL 10 NET_ACQ_ORDER 11 NET_IDENTITY 12 NET_PREFERRED_NETWORK_INFO 13 NET_HYBRID_MODE NET_AVOID_SYS NET_HANDOVER NET_DUAL_STANDBY_PREF NET_VOWIFI_HO_THRESHOLD NET_EPDG_HO_THRESHOLD NET_SUB_CMD_UNDEFINED(0x%x) SND_SPKR_VOLUME_CTRL 1 set body: 01 05 set body: 01 04 SND_MIC_MUTE_CTRL 2 SND_AUDIO_PATH_CTRL 3 set body: 01 00 set body: 06 62 [logcat_ALL.txt] set body: 06 18 [logcat_ALL.txt] set body: 06 68 [logcat_ALL.txt] set body: 06 D2 [logcat_ALL.txt] and more variations SND_AUDIO_SOURCE_CTRL 4 SND_LOOPBACK_CTRL 5 SND_VOICE_RECORDING_CTRL 6 SND_VIDEO_CALL_CTRL 7 SND_RINGBACK_TONE_CTRL 8 noti body: 00 SND_CLOCK_CTRL 9 exec body: 00 noti body: 05 noti body: 00 SND_WB_AMR_RPT 10 noti body: 01 SND_TWO_MIC_SOL_CTRL 11 set body: 00 01 SND_DHA_SOL_CTRL SND_AUDIO_MODE_CTRL SND_CLOCK_MODE_CTRL SND_KEY_TONE SND_NOTI_TONE SND_LED_CTRL SND_VIB_CTRL SND_MIC_GAIN_CTRL SND_SPKR_PHONE_CTRL SND_HFK_AUDIO_STARTSTOP SND_VOICECALL_RECORD_REPORT SND_USER_SND_CONFIG SND_GAIN_CTRL SND_QUIET_MODE_CTRL SND_DYVE_MODE_CTRL SND_SUB_CMD_UNDEFINED(0x%x) MISC_ME_VERSION 1 MISC_ME_IMSI 2 MISC_ME_SN 3 MISC_KEY_EVENT_PROCESS MISC_TIME_INFO 5 noti body: 02 01 14 09 08 0B 19 1D 08 01 02 01 32 30 34 30 38 23 2020-09-08 11:25:29 8-quarter-hours? 20408# -- the network?? 2020-09-09 11:47:58.411493 noti body: 02 01 14 09 09 09 2f 3a 08 01 03 01 32 30 34 30 38 23 2020-09-09 09:47:58 8-quarter-hours? 20408# -- the network?? MISC_NAM_INFO MISC_VCALL_CHANNEL_ID MISC_PHONE_DEBUG MISC_FUS MISC_PDA_BOOT_COMPLETE MISC_FACTORY_RESET_COMPLETE MISC_SCREEN_STATUS MISC_GRIP_SENSOR_STATUS MISC_OMADM_CDMA_NAM_INFO MISC_OMADM_PRL_WRITE MISC_LTE_TIMER MISC_DUALSTANDBY_CALL_STATUS MISC_SUB_CMD_UNDEFINED(0x%x) SVC_ENTER 1 SVC_END 2 SVC_PRO_KEYCODE 3 SVC_SCREEN_CFG 4 SVC_DISPLAY_SCREEN 5 SVC_CHANGE_SVC_MODE 6 SVC_DEVICE_TEST 7 SVC_DEBUG_DUMP_MESSAGE 8 SVC_DEBUG_STRING_MESSAGE 9 SVC_CALL_DROP_LOG_INFO SVC_LTE_SCAN_FILE SVC_MENU_INFO SVC_SUB_CMD_UNDEFINED(0x%x) SS_WAITING 1 SS_CLI 2 SS_BARRING 3 SS_BARRING_PW 4 SS_FORWARDING 5 SS_INFO 6 is this info about an incoming call? looks like it? noti body: 0A 00 00 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SS_MANAGE_CALL 7 SS_USSD 8 SS_AOC 9 SS_RELEASE_COMPLETE 10 SS_SUB_CMD_UNDEFINED(0x%x) GPRS_DEFINE_PDP_CONTEXT GPRS_QOS GPRS_PS 3 set body: 00 00 04 [logcat_ALL.txt] noti body: 00 00 05 [logcat_ALL.txt] GPRS_PDP_CONTEXT GPRS_ENTER_DATA GPRS_SHOW_PDP_ADDR GPRS_MS_CLASS GPRS_3G_QUAL_SRVC_PROFILE GPRS_IP_CONFIGURATION GPRS_DEFINE_SEC_PDP_CONTEXT GPRS_TFT GPRS_HSDPA_STATUS 12 noti body: 00 GPRS_CURRENT_SESSION_DATA_COUNTER GPRS_DATA_DORMANT GPRS_PIN_CTRL 15 ?? noti body: 06 00 GPRS_CALL_STATUS GPRS_PORT_LIST GPRS_LTE_QOS GPRS_NWK_INIT_DISCONNECT GPRS_FD_INFORMATION GPRS_TRAFFIC_CHANNEL_STATUS 28 noti body: 01 [logcat_ALL.txt] GPRS_MOBILE_DATA_STATUS GPRS_LTE_QOS_PROFILE GPRS_NW_INITIATED_PDN_DISCONNECT GPRS_LTE_ATTACH_APN_INFO 20 set body: 01 01 02 61 69 72 74 65 6C 67 70 72 73 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [logcat_ALL.txt] GPRS_EPDG_HANDOVER GPRS_EPDG_STATUS GPRS_OPERATOR_RESERVED_PCO GPRS_LTE_CA_STATUS 25 noti body: 00 0A noti body: 01 1E GPRS_BACKOFF_TIMER GPRS_SET_APN_INFO GPRS_IMS_TEST_MODE GPRS_SET_ALWAYS_ON_PDN SAT_PROFILE_DOWNLOAD 1 SAT_ENVELOPE_CMD 2 SAT_PROACTIVE_CMD 3 SAT_TERMINATE_USAT_SESSION 4 SAT_EVENT_DOWNLOAD 5 SAT_PROVIDE_LOCAL_INFO 6 SAT_POLLING 7 SAT_REFRESH 8 SAT_SETUP_EVENT_LIST 9 SAT_CALL_CONTROL_RESULT 10 body: have seen 00 00, so far SAT_IMAGE_CLUT 11 SAT_SETUP_CALL_PROCESSING 12 SAT_SIM_INITIATE_MESSAGE SAT_SUB_CMD_UNDEFINED(0x%x) CFG_DEFAULT_CONFIG CFG_EXTERNAL_DEVICE CFG_MAC_ADDRESS CFG_CONFIGURATION_ITEM CFG_TTY CFG_HSDPA_TMP_SETTING CFG_HSDPA_PERM_SETTING CFG_SIO_MODE CFG_AKEY_VERIFY CFG_MSL_INFO CFG_USER_LOCK_CODE CFG_USB_PATH CFG_CURRENT_SVC_CARRIER CFG_RADIO_CONFIG CFG_VOCODER_OPTION CFG_TEST_SYS CFG_RECONDITIONED_DATE CFG_PROTOCOL_REVISION CFG_SLOT_MODE CFG_ACTIVATION_DATE CFG_CURRENT_UATI CFG_QUICK_PAGING CFG_LMSC_INFO CFG_TAS_INFO CFG_AUTH_INFO CFG_HIDDEN_MENU_ACCESS CFG_UTS_SMS_SEND CFG_UTS_SMS_COUNT CFG_UTS_SMS_MSG CFG_SCM_INFO CFG_SCI_INFO CFG_ACCOLC_INFO CFG_MOBTERM_INFO CFG_1X_EVDO_DIVERSITY_CONFIG CFG_DEVICE_CONFIGURATION CFG_USER_LOCK_CODE_STATUS CFG_UTS_SMS_GET_UNREAD_MSG_STATUS CFG_MOBILEAP_STATUS CFG_ADVANCED_INFO CFG_WDC CFG_GET_OPERATOR CFG_GET_VOICEMAIL_NUM CFG_GET_WALLPAPER_STATUS CFG_GET_PWRONOFF_IMG_STATUS CFG_SAFE_MODE CFG_SEC_VALIDATE CFG_SAR_DEVICE CFG_MMS_PARAM CFG_HIDDEN_PROGRAM CFG_SUB_CMD_UNDEFINED(0x%x) IMEI_START IMEI_CHECK_DEVICE_INFO IMEI_PRE_CONFIG IMEI_WRITE_ITEM IMEI_REBOOT IMEI_VERIFY_FACTORY_RESET IMEI_COMPARE_ITEM IMEI_MASS_STORAGE_INFO IMEI_SUB_CMD_UNDEFINED(0x%x) GPS_OPEN GPS_CLOSE GPS_START GPS_DEVICE_STATE GPS_OPTION GPS_TTFF GPS_LOCK_MODE GPS_SECURITY_UPDATE GPS_SSD GPS_SECURITY_UPDATE_RATE GPS_FIX_REQ GPS_POSITION_RESULT GPS_EXT_POSITION_RESULT GPS_EXT_STATUS_INFO GPS_PD_CMD_CB GPS_DLOAD_STATUS GPS_END_SESSION GPS_FAILURE_INFO GPS_HW_STATE GPS_SECURITY_ENABLE GPS_SECURITY_READ GPS_SECURITY_WRITE GPS_ENCRYPT_READ GPS_REF_LOCATION GPS_PGPS_TIME_INFO GPS_PGPS_EXT_EPH GPS_PGPS_BROADCAST_EPH GPS_SENSOR_INFO GPS_RXN_REF_LOCATION GPS_RXN_UPDATE_CELLID GPS_READY_NOTI GPS_UTS_GET_POSITION GPS_XTRA_SET_TIME_INFO GPS_XTRA_SET_DATA GPS_XTRA_CLIENT_INIT_DOWNLOAD GPS_XTRA_QUERY_DATA_VALIDITY GPS_XTRA_SET_AUTO_DOWNLOAD GPS_XTRA_SET_XTRA_ENABLE GPS_XTRA_DOWNLOAD GPS_XTRA_VALIDITY_STATUS GPS_XTRA_TIME_EVENT GPS_XTRA_DATA_INJECTION_STATUS GPS_XTRA_USE_SNTP GPS_CP_POWER_ON GPS_CP_FREQ_AIDING GPS_CP_PRECISE_TIME_AIDING GPS_CP_PSEUDORANGE_MSMT GPS_CP_SESSION_CANCELLATION GPS_AGPS_PDP_CONNECTION GPS_AGPS_DNS_QUERY GPS_AGPS_SSL GPS_AGPS_MODE GPS_VERIFICATION GPS_DISPLAY_SUPLFLOW GPS_SUB_CMD_UNDEFINED(0x%x) SAP_CONNECT SAP_STATUS SAP_TRANSFER_ATR SAP_TRANSFER_APDU SAP_TRANSPORT_PROTOCOL SAP_SIM_POWER SAP_TRANSFER_CARD_READER_STATUS SAP_SUB_CMD_UNDEFINED(0x%x) FACTORY_DEVICE_TEST FACTORY_OMISSION_AVOIDANCE_TEST FACTORY_DFT_TEST FACTORY_MISCELLANEOUS_TEST FACTORY_BYPASS_TEST 5 ?? FACTORY_SLATE_TEST FACTORY_FRAME_BUFFER_TEST FACTORY_DIAG_PST_UTS FACTORY_SEMI_FINAL_TEST FACTORY_SUB_CMD_UNDEFINED(0x%x) OMADM_PRL_SIZE OMADM_MODEL_NAME OMADM_OEM_NAME OMADM_SW_VER OMADM_IS683_DATA OMADM_PRL_READ OMADM_PRL_WRITE OMADM_PUZL_DATA OMADM_ROOTCERT_READ OMADM_ROOTCERT_WRITE OMADM_MMC_OBJECT OMADM_MIP_NAI_OBJECT OMADM_CURRENT_NAI_INDEX OMADM_MIP_AUTH_ALGO OMADM_NAM_INFO OMADM_START_CIDC OMADM_START_CIFUMO OMADM_START_CIPRL OMADM_START_HFA OMADM_START_REG_HFA OMADM_SETUP_SESSION OMADM_SERVER_START_SESSION OMADM_CLIENT_START_SESSION OMADM_SEND_DATA OMADM_ENABLE_HFA OMADM_SUB_CMD_UNDEFINED(0x%x) EMBMS_SERVICE_MSG EMBMS_SESSION_MSG EMBMS_BSSI_MSG EMBMS_COVERAGE_MSG EMBMS_SESSION_LIST_MSG EMBMS_SIGNAL_STRENGTH_MSG EMBMS_SIB16_NETWORK_TIME_MSG EMBMS_SAI_LIST_MSG EMBMS_GLOBAL_CELL_ID_MSG EMBMS_SUB_CMD_UNDEFINED(0x%x) DOMESTIC_CHANNEL_SETTING DOMESTIC_LTE_RRC_SETTING DOMESTIC_DELETE_STORED_CELL_LIST DOMESTIC_ACTIVATION_DATE DOMESTIC_SECURITY_MODE DOMESTIC_HSDPA_ON_OFF DOMESTIC_LAST_CALL DOMESTIC_LTE_THROUGHPUT_TEST_MENU DOMESTIC_CARD_TYPE DOMESTIC_BAND_SEL DOMESTIC_GCF_TEST_MODE DOMESTIC_OTA_REG_MODE DOMESTIC_NET_REG_STATUS_UI DOMESTIC_NSRI_PROCESS DOMESTIC_NSRI_TOAST_CMD DOMESTIC_DISABLE_LTE_B7 DOMESTIC_MOBILE_QUALITY_INFO DOMESTIC_ANDROID_ENTER_DIALER DOMESTIC_KEEP_LTE_ICON_CSFB_SETTING DOMESTIC_VOICE_CALL_STATUS DOMESTIC_SYSTEM_INFO_FOR_LTE DOMESTIC_SYSTEM_INFO_FOR_WIPI DOMESTIC_NSRI_SECURE_CALL_MODE DOMESTIC_IMSI_CHANGED_INFO DOMESTIC_NETWORK_INFO_NOTI DOMESTIC_PS_BARRING_FOR_VOLTE DOMESTIC_KT_HD_VOICE_STATUS DOMESTIC_UKNIGHT_INFO DOMESTIC_LTE_WIDEBAND_INFO IPC_DOMESTIC_LTE_ROAMING_STATUS DOMESTIC_PROTOCOL_FEATURE DOMESTIC_NSRI_ENCRYPT_SMS DOMESTIC_NSRI_DECRYPT_SMS DOMESTIC_NSRI_DECRYPTTX_SMS DOMESTIC_NSRI_CHECK_SUSIM DOMESTIC_NSRI_REQUEST_PROC DOMESTIC_SUB_CMD_UNDEFINED(0x%x) GEN_PHONE_RES 1 body is main/sub/type of request, plus response bytes -- usually 00 80 for "OK" I suppose - these are a `short`, so 0x8000 for OK I guess GEN_SUB_CMD_UNDEFINED(0x%x) IPC_MMB_NVINFO IPC_DATA_SETTINGINFO IPC_JPN_AC_BARRING_FOR_VOLTE IPC_JAPAN_KDDI_SIMBLOB JPN_SUB_CMD_UNDEFINED(0x%x) MAIN_AND_SUB_UNDEFINED(0x%x,0x%x) Oh no! There's more! MMS_PROVISION_CMD MODEM_TEST_CMD PCSC_CMD QMI_HIDDENMENU_CMD SMARTAS_CMD PROSE_CMD MCPTT_CMD QMIIMS_CMD IIL_CMD CALL_LINE_CTRL CALL_ALERT_CONTROL CALL_ECCLIST CALL_ECC_STATUS CALL_VOICE_RADIO_BEARER_HANDOVER CDMA_DATA_SERVICE_CFG CDMA_DATA_CALL_ESTABLISH CDMA_DATA_SIGN_IN_STATE DATA_CALL_STATUS CDMA_DATA_WORKING_MODE CDMA_DATA_EVDO_REVISION_CONFIG CDMA_DATA_SIP_PARAMETER CDMA_DATA_CALL_STATUS_IPBASED SMS_CBS_CBMI_CFG SMS_CBS_ACTIVATION IPC_SMS_RP_SMMA SEC_ATR_INFO SEC_SIM_ICCID SEC_SIM_POWER SEC_IMS_SUPP_AUTH_TYPES NET_CELL_INFO 17 get body: empty resp body: 00 00 00 01 01 32 30 34 30 38 23 50 19 F0 21 A7 00 7A 01 C3 0B 0F 00 resp body: 00 00 01 00 01 32 30 34 30 38 23 0D 53 7B 00 7B 01 00 00 21 FD 00 19 00 00 20 6B 0A FC FF 09 0E 00 00 00 NET_ECC_RAT NET_CSG_SEARCH NET_PREFERRED_ROAMING_PLMN_LIST NET_DOMAIN_SPECIFIC_RESTRICTED NET_ACB_INFO NET_SSAC_INFO NET_LTE_BAND_PRIORITY NET_LTE_ROAMING NET_CA NET_AUTONOMOUS_GAP NET_DISABLE_2G NET_NAS_TIMER MISC_ALARM_INFO MISC_PUBLIC_MODE MISC_RESERVED MISC_DEVICE_POSITION MISC_VTCALL_CONNECTION_STATUS MISC_PREPAY_MODE MISC_TBSR_CDMA MISC_MODEM_INTERFACE_MODE MISC_MODEM_UART_MODE MISC_T_MPSR_VALUE MISC_ENS_STATE MISC_1XADV_INFO MISC_SMS_FORMAT MISC_SMS_OVER_IP_INFO MISC_HOME_DOMAIN_NAME MISC_1X_SVC_DELAY_TIMER MISC_TSIP_TIMER MISC_UART_AUTO MISC_IMS_TESTMODE MISC_IMS_SIP_PORT MISC_IMS_FQDN_CSCF MISC_IPC_LOOPBACK MISC_PA_THERMISTER MISC_LOGGING_TIME_INFO MISC_SILENT_LOGGING_CONTROL MISC_GPIODVS_DATA MISC_AT_CMD_FWD MISC_SIMLOCK_SHARED_KEY MISC_SIMLOCK_BLOB MISC_DEVICE_CAPA MISC_CA_PROPERTY MISC_T3402_TIMER MISC_POA_DELETE_GUTI MISC_BIP_INFO MISC_CP_POSITION MISC_GRIP_SENSOR_INFO MISC_AP_GPS_POSITION MISC_LCD_MIPI_CONTROL MISC_CLM_TT_CMD MISC_ECHOLOCATE_MENU_STATUS MISC_SSDS_ONEHW_SIM_SLOT_COUNT MISC_CP_SPD_STATUS MISC_MANUFACTURE_SALES_CODE MISC_SHARED_MEM_CMD_SAVE_FULL_MEMORY MISC_SEND_CP_FEATURE IPC_MISC_CP_NW_DATA SVC_BIG_DATA_INFO 13 noti body: 00 DB 00 7B 22 4A 56 45 52 22 3A 22 53 50 4C 31 22 2C 22 48 57 5F 56 22 3A 22 4D 50 5F 30 2E 37 30 30 22 2C 22 43 74 79 70 22 3A 22 31 22 2C 22 50 4C 4D 4E 22 3A 22 32 30 34 30 38 23 22 2C 22 41 43 54 5F 22 3A 22 32 22 2C 22 52 41 43 5F 22 3A 22 30 22 2C 22 4C 41 43 5F 22 3A 22 31 39 35 30 22 2C 22 54 41 43 5F 22 3A 22 30 30 30 30 22 2C 22 43 5F 49 44 22 3A 22 41 37 32 31 46 30 22 2C 22 50 68 49 44 22 3A 22 33 37 38 22 2C 22 44 4C 43 68 22 3A 22 33 30 31 31 22 2C 22 52 67 53 74 22 3A 22 32 22 2C 22 52 6A 43 75 22 3A 22 30 22 2C 22 47 52 49 50 22 3A 22 32 22 2C 22 45 41 52 4A 22 3A 22 30 22 2C 22 41 55 53 54 22 3A 22 34 22 2C 22 54 78 41 53 22 3A 22 33 22 7D noti body: 09a1007b224a564552223a2253504c31222c22504c4d4e223a22323034303823222c224143545f223a2234222c225241435f223a2230222c224c41435f223a2230303030222c225441435f223a2230303030222c22435f4944223a2230222c2250684944223a2230222c22444c4368223a2236343030222c2252675374223a2232222c2254595045223a2232222c22454d4d43223a2230222c2245534d43223a2230227d b'\t\xa1\x00{"JVER":"SPL1","PLMN":"20408#","ACT_":"4","RAC_":"0","LAC_":"0000","TAC_":"0000","C_ID":"0","PhID":"0","DLCh":"6400","RgSt":"2","TYPE":"2","EMMC":"0","ESMC":"0"}' SVC_AUTOMATION_INFO SVC_FAKE_CELL_INFO SS_UUS SS_IC_BARRING SS_EXTRAS SS_TRANSFER_CALL CFG_UART_MODEM_PATH CFG_DEBUG_MSG_LEVEL CFG_UTS_HIDDEN_MENU_ACCESS CFG_SIM_LOCK_INFO CFG_SIM_UICCID CFG_SSD_DATA CFG_SAR_CONTROL IMEI_MASS_STORAGE_FILE_NUMBER IMEI_UPDATE_ITEM IMEI_VERIFY_COMPARE_STATUS IPC_IMEI_CERT_STATUS GPS_INIT GPS_DEINIT GPS_STOP_SESSION GPS_POSITION_DATA GPS_EXT_MEASURMENT GPS_PARAMETERS GPS_DATA_CONNECTION GPS_DNS_LOOKUP GPS_PD_EVENT GPS_XTRA_INIT GPS_XTRA_DEINIT GPS_XTRA_ENABLE GPS_XTRA_TIME GPS_XTRA_DATA GPS_EXT_RADIO_SIG GPS_CP_MO_LOCATION GPS_ASSIST_DATA GPS_RELEASE_GPS GPS_MEASURE_POSITION GPS_MTLR_NOTIFICATON GPS_RESET_ASSIST_DATA GPS_FREQUENCY_AIDING GANSS_ASSIST_DATA IPC_GPS_CONTROL_PLANE GANSS_MEASURE_POSITION IPC_FACTORY_WARRANTY_BIT RFS responses: id and command same as id and command of request. RFS_NV_READ_ITEM 1 reads from the NV data file? req: 4 bytesLE >> #offset, 4 bytesLE >> #length resp: 1 byte >> #confirm "1 for success, 0 for failure", 4 bytesLE >> #offset "copied from request", 4 bytesLE >> #length "copied from request", 'length' bytes >> #data RFS_NV_WRITE_ITEM 2 writes into the NV data file? req: 4 bytesLE >> #offset, 4 bytesLE >> #length, 'length' bytes >> #data resp: 1 byte >> #confirm "1 for success, 0 for failure", 4 bytesLE >> #offset "copied from request", 4 bytesLE >> #length "copied from request", RFS_READ_FILE 3 ?? RFS_WRITE_FILE 4 ?? RFS_LSEEK_FILE 5 ?? RFS_CLOSE_FILE 6 close(2) req: 4 bytesLE >> #fd resp: 4 bytesLE signed >> #result, 4 bytesLE signed >> #errno RFS_PUT_FILE 7 ?? RFS_GET_FILE 8 ?? RFS_RENAME_FILE 9 ?? RFS_GET_FILE_INFO 10 ?? RFS_UNLINK_FILE 11 ?? RFS_MAKE_DIR 12 ?? RFS_REMOVE_DIR 13 ?? RFS_OPEN_DIR 14 ?? RFS_READ_DIR 15 ?? RFS_CLOSE_DIR 16 ?? RFS_OPEN_FILE 17 open(2) [0 0 0 0 18 0 0 0 67 80 95 65 85 68 73 79 95 83 76 83 73 46 98 105 110 0] 4 bytes "flags. O_RDONLY = 0 on linux, so maybe error out if nonzero here" 4 bytesLE "length of file path, incl trailing NUL byte" file path resp: 4 bytesLE signed >> #result, 4 bytesLE signed >> #errno RFS_FTRUNCATE_FILE 18 ?? RFS_GET_HANDLE_INFO 19 ?? RFS_CREATE_FILE 20 ?? RFS_NV_WRITE_ALL_ITEM 21 ?? RFS_NV_BUFFER_MESSAGE 22 ?? RFS_NV_RESTORE 23 ?? MMS_PROVISION_GET_ITEM_DATA MMS_SUB_CMD_UNDEFINED(0x%x) IMS_CHANNEL IMS_CODEC IMS_RTP_MEDIA IMS_DTMF IMS_OPTION IMS_PDN IMS_SESSION_REFRESH IMS_REGI IMS_ENGINE IMS_FRAME_TIME IMS_DEDICATED_BEARER_INFO IMS_INFORMATION IMS_TIMER IMS_RRC_CONNECTION IPC_IMS_CP_STATE IPC_IMS_HVOLTE_SWITCH IMS_SIP_INFO_ACB IMS_SUB_CMD_UNDEFINED(0x%x) IPC_DOMESTIC_INVITE_FLUSH DOMESTIC_CHANNEL_SETTING_LTE DOMESTIC_LTE_CA DOMESTIC_PROTOCOL_ERROR_DETECTION DOMESTIC_LTE_ROAMING_STATUS DOMESTIC_PTT_USIM_LOCK QMI_HIDDENMENU_CDMA_DATA_BYTE_COUNTER QMI_HIDDENMENU_CDMA_DATA_MOBILE_IP_NAI QMI_HIDDENMENU_CDMA_DATA_MIP_NAI_CHANGED QMI_HIDDENMENU_CDMA_DATA_MIP_CONNECT_STATUS QMI_HIDDENMENU_CDMA_DATA_DDTMMODE_CONFIG QMI_HIDDENMENU_CDMA_DATA_WORKING_MODE QMI_HIDDENMENU_CDMA_DATA_EVDO_STATE_AND_CONN_ATTEMPT QMI_HIDDENMENU_CDMA_CALL_TIME_COUNT QMI_HIDDENMENU_CDMA_MODEM_RESET QMI_HIDDENMENU_WB_AMR_RPT QMI_HIDDENMENU_CDMA_CHANNEL_IO QMI_HIDDENMENU_CDMA_BAND_CLASS QMI_HIDDENMENU_EHRPD_CONFIG QMI_HIDDENMENU_CDMA_DATA_EVDO_AUTH_VALUE QMI_HIDDENMENU_BAND26_ENABLED QMI_HIDDENMENU_BAND41_ENABLED QMI_HIDDENMENU_BAND25_PRIORITY QMI_HIDDENMENU_BAND_PROVISIONED QMI_HIDDENMENU_BAND25_ENABLED QMI_HIDDENMENU_BAND_ENABLED QMI_HIDDENMENU_BAND41_TX_SWITCHING_DIVERSITY QMI_HIDDENMENU_LTE_ROAMING_ENABLED QMI_HIDDENMENU_CA_ENABLED QMI_HIDDENMENU_BAND_PRIORITY QMI_HIDDENMENU_CA_CONFIG IPC_QMI_HIDDENMENU_DATA_IMSIP_INTERFACE_ID QMI_HIDDENMENU_CMD_UNDEFINED(0x%x) PROSE_CORE_CONTROL PROSE_APP_REGIST PROSE_APP_SERVER_PROVISION_UPDATE PROSE_DISCOVERY_CONTROL PROSE_DISCOVERY_STATE PROSE_DISCOVERY_QUERY PROSE_COMMUNICATION_CONTROL PROSE_UE2NETWORK_RELAY_CONTROL PROSE_EMBMS_RELAY_CONTROL PROSE_CELLID_ANNOUNCEMENT_CONTROL PROSE_PER_PACKET_PRIORITY_CONTROL PROSE_GEOGRAPHICAL_AREA_INFO PROSE_CONFIGURATION_DATA_CONTROL PROSE_SIGNALING_CONTROL PROSE_UE2NET_RELAY_AVAILABILITY PROSE_SYSTEM_TIME_INFO PROSE_USER_INFO PROSE_SIDELINK_SYNC_INFO PROSE_SUB_CMD_UNDEFINED(0x%x) MCPTT_FCP_USER_INFO MCPTT_PDN_MSG MCPTT_FCP_FLOOR_CHANNEL_MSG MCPTT_FCP_FLOOR_INFO MCPTT_FCP_FLOOR_OPERATION MCPTT_FCP_FLOOR_MESSAGE MCPTT_FCP_FLOOR_EVENT MCPTT_FCP_GNRL_MBMS_SUBCH MCPTT_FCP_FLOOR_MBMS_SUBCH MCPTT_FCP_SESSION_CALL_CNTRL MCPTT_FCP_SECURITY_INFO MCPTT_CCP_CHANNEL_MSG MCPTT_CCP_PERIODIC_ANNOUNCE_MSG MCPTT_CCP_INSTANT_TRANSMISSION_MSG MCPTT_MCP_CHANNEL MCPTT_MCP_CODEC MCPTT_MCP_CONTROL MCPTT_MCP_DTMF MCPTT_MCP_OPTION MCPTT_MCP_FRAME_TIME MCPTT_MCP_DEDICATE_BEARER_INFO MCPTT_MCP_INFORMATION MCPTT_MCP_SIP_INFO_ACB MCPTT_SUB_CMD_UNDEFINED(0x%x) QMIIMS_DEDICATED_BEARER_INFO QMIIMS_ECM_SEARCH QMIIMS_ECM_FOUND_SVC QMIIMS_SUB_CMD_UNDEFINED(0x%x) SMS examples [pid 4916] write(18, "+\0`\0\4\1\1\2\2\0 \7\221\23V\23\23\23\363\1\0\v\221\23V\227HC\367\0\0\f\324\362\234\16\242\313\303\343\264\373\f", 43) = 43 <0.000118> [pid 4918] read(18, "\f\0\214\0\4\1\3\2\0\0\2\0", 264192) = 12 <0.000242> [pid 4918] read(18, "/\0\221\0\4\2\3\2\1\377\377\1\"\7\221\23V\23\23\23\363\4\v\221\23V\227HC\367\0\0\2\220p\2\203\220\200\10A\220\274\fg\347C", 264192) = 47 <0.000217> [pid 4916] write(18, "\f\0a\0\4\6\1\2\0\0\1\0", 12) = 12 <0.000157> [pid 4918] read(18, "\f\0\222\0\200\1\2\4\6\1\0\200", 264192) = 12 <0.000087> 2020-09-16 22:54:20 (87200) a SamsungFmtMessage(40:0 #SMS/#'SMS_INCOMING_MSG'/#noti #[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14] '.....&...V........V.HC.....12.c.............') 2020-09-16 23:08:59 (LinuxInputTestSink) Generic: a SamsungFmtMessage(34:0 #SMS/#'SMS_INCOMING_MSG'/#noti #[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14] '.....&...V........V.HC.....12.c.............') 2020-09-16 23:08:59 (LinuxInputTestSink) SMS: SMS_INCOMING_MSG#[2 1 255 255 1 38 7 145 19 86 19 19 19 243 0 11 145 19 86 151 72 67 247 0 0 2 144 49 50 18 99 128 12 212 247 155 204 46 131 230 227 247 155 14]'.....&...V........V.HC.....12.c.............' Call examples - INCOMING call [G] RX: (M)CALL_CMD (S)CALL_INCOMING (T)NOTI l:b m:d3 a:00 [ 00 01 00 01 ] [G] RX: (M)SS_CMD (S)SS_INFO (T)NOTI l:81 m:d4 a:00 [ 31 00 00 FF 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] [G] RX: (M)SND_CMD (S)SND_WB_AMR_RPT (T)NOTI l:8 m:d5 a:00 [ 01 ] [G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:d6 a:00 [ 05 ] [G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:80 a:00 [ ] [G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:1c m:d7 a:80 [ 01 00 01 00 02 05 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 ] [G] RX: (M)DISP_CMD (S)DISP_RSSI_INFO (T)NOTI l:13 m:d8 a:00 [ 69 04 63 63 00 FF FF FF FF 12 FD FF ] [G] TX: (M)SND_CMD (S)SND_MIC_MUTE_CTRL (T)SET l:8 m:81 a:00 [ 00 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:d9 a:81 [ 09 02 03 00 80 ] [G] TX: (M)CALL_CMD (S)CALL_ANSWER (T)EXEC l:7 m:82 a:00 [ ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:da a:82 [ 02 04 01 00 80 ] [G] TX: (M)SND_CMD (S)SND_AUDIO_PATH_CTRL (T)SET l:9 m:83 a:00 [ 01 00 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:db a:83 [ 09 03 03 00 80 ] [G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:dc a:00 [ 05 ] [G] RX: (M)SND_CMD (S)SND_RINGBACK_TONE_CTRL (T)NOTI l:8 m:dd a:00 [ 00 ] [G] RX: (M)CALL_CMD (S)CALL_STATUS (T)NOTI l:d m:de a:00 [ 00 01 00 03 00 00 ] [G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:84 a:00 [ ] [G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:1c m:df a:84 [ 01 00 01 00 02 01 00 0C 11 2B 33 31 36 35 37 39 38 34 33 34 37 ] [G] TX: (M)SND_CMD (S)SND_TWO_MIC_SOL_CTRL (T)SET l:9 m:85 a:00 [ 00 01 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e0 a:85 [ 09 0B 03 00 80 ] [G] TX: (M)SND_CMD (S)SND_SPKR_VOLUME_CTRL (T)SET l:9 m:86 a:00 [ 01 04 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e1 a:86 [ 09 01 03 00 80 ] [G] RX: (M)MISC_CMD (S)MISC_TIME_INFO (T)NOTI l:19 m:e2 a:00 [ 02 01 14 09 08 0B 19 38 08 01 02 01 32 30 34 30 38 23 ] [G] RX: (M)DISP_CMD (S)DISP_RSSI_INFO (T)NOTI l:13 m:e3 a:00 [ 65 06 63 63 00 FF FF FF FF 11 FD FF ] [G] TX: (M)CALL_CMD (S)CALL_RELEASE (T)EXEC l:7 m:87 a:00 [ ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e4 a:87 [ 02 03 01 00 80 ] [G] RX: (M)SND_CMD (S)SND_RINGBACK_TONE_CTRL (T)NOTI l:8 m:e5 a:00 [ 00 ] [G] RX: (M)CALL_CMD (S)CALL_STATUS (T)NOTI l:d m:e6 a:00 [ 00 01 00 04 00 05 ] [G] RX: (M)SVC_CMD (S)SVC_BIG_DATA_INFO (T)NOTI l:e5 m:e7 a:00 [ 00 DB 00 7B 22 4A 56 45 52 22 3A 22 53 50 4C 31 22 2C 22 48 57 5F 56 22 3A 22 4D 50 5F 30 2E 37 30 30 22 2C 22 43 74 79 70 22 3A 22 31 22 2C 22 50 4C 4D 4E 22 3A 22 32 30 34 30 38 23 22 2C 22 41 43 54 5F 22 3A 22 32 22 2C 22 52 41 43 5F 22 3A 22 30 22 2C 22 4C 41 43 5F 22 3A 22 31 39 35 30 22 2C 22 54 41 43 5F 22 3A 22 30 30 30 30 22 2C 22 43 5F 49 44 22 3A 22 41 37 32 31 46 30 22 2C 22 50 68 49 44 22 3A 22 33 37 38 22 2C 22 44 4C 43 68 22 3A 22 33 30 31 31 22 2C 22 52 67 53 74 22 3A 22 32 22 2C 22 52 6A 43 75 22 3A 22 30 22 2C 22 47 52 49 50 22 3A 22 32 22 2C 22 45 41 52 4A 22 3A 22 30 22 2C 22 41 55 53 54 22 3A 22 34 22 2C 22 54 78 41 53 22 3A 22 33 22 7D ] [G] TX: (M)CALL_CMD (S)CALL_LIST (T)GET l:7 m:88 a:00 [ ] [G] RX: (M)CALL_CMD (S)CALL_LIST (T)RESP l:8 m:e8 a:88 [ 00 ] [G] TX: (M)SND_CMD (S)SND_AUDIO_PATH_CTRL (T)SET l:9 m:89 a:00 [ 01 00 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:e9 a:89 [ 09 03 03 00 80 ] [G] TX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)EXEC l:8 m:8a a:00 [ 00 ] [G] RX: (M)GEN_CMD (S)GEN_PHONE_RES (T)RESP l:c m:ea a:8a [ 09 09 01 00 80 ] [G] RX: (M)SND_CMD (S)SND_CLOCK_CTRL (T)NOTI l:8 m:eb a:00 [ 00 ]