Documenting Samsung Radio variables from the ServiceMode
E:V:A <xdae3v3a@gmail.com>
2014-06-04 11:09:08 GMT
Dear Baseband developers,
We are a very small group of XDA developers and external people trying
to realize our Android based IMSI-catcher Detector (AIMSICD) project.
http://tinyurl.com/l6whse2
However, to realize such an ambitious feat we really need better access
to the various RF variables and details of neighboring cells, among many
other things. We have had partial success in that we're able to use the
ServiceMode (SM) menu from the Samsung ServiceMode application. However,
this is just a wrapper to accessing OEM_RAW_REQUESTS presented by code
that is part of the baseband FW. Now, the tricky part for us non-GSM
experts, is understanding what these variables really mean and represent.
I have started 2 threads on XDA to:
1) completely map out the ServiceMode menu options, for an GT-I9195
(S4-mini) but should work on many similar and newer Samsung devices.
2) To map out the various MM timers and many other RF/GSM variables
shown and available in the SM menu.
http://tinyurl.com/qgcmbsv
We need help from the baseband community to understand the vocabulary
used in this information as presented in (2) above, so that we can start to
fill in the catcher-catcher detection parameters from the table here:
https://opensource.srlabs.de/projects/mobile-network-assessment-tools/wiki/CatcherCatcher
We will be using a modified version of this to do our detection.
I'd also like to invite anyone interested to participate in this free and
(Continue reading)
Re: Documenting Samsung Radio variables from the ServiceMode
☎ <Max.Suraev@fairwaves.co>
2014-06-04 13:44:39 GMT
You might want to look into https://github.com/2b-as/xgoldmon - maybe samsung devs
reused for s4 some of the names from s3
04.06.2014 13:09, E:V:A пишет:
> Dear Baseband developers,
>
> We are a very small group of XDA developers and external people trying
> to realize our Android based IMSI-catcher Detector (AIMSICD) project.
> http://tinyurl.com/l6whse2
>
> However, to realize such an ambitious feat we really need better access
> to the various RF variables and details of neighboring cells, among many
> other things. We have had partial success in that we're able to use the
> ServiceMode (SM) menu from the Samsung ServiceMode application. However,
> this is just a wrapper to accessing OEM_RAW_REQUESTS presented by code
> that is part of the baseband FW. Now, the tricky part for us non-GSM
> experts, is understanding what these variables really mean and represent.
>
> I have started 2 threads on XDA to:
>
> 1) completely map out the ServiceMode menu options, for an GT-I9195
> (S4-mini) but should work on many similar and newer Samsung devices.
>
> 2) To map out the various MM timers and many other RF/GSM variables
> shown and available in the SM menu.
> http://tinyurl.com/qgcmbsv
>
> We need help from the baseband community to understand the vocabulary
> used in this information as presented in (2) above, so that we can start to
> fill in the catcher-catcher detection parameters from the table here:
(Continue reading)
Re: Documenting Samsung Radio variables from the ServiceMode
E:V:A <xdae3v3a@gmail.com>
2014-06-04 20:30:23 GMT
☎-2 wrote
> You might want to look into https://github.com/2b-as/xgoldmon - maybe
> samsung devs
> reused for s4 some of the names from s3
Yes, I have ran that already on my I9100, but that is specific for XMM
(XGOLD) modems and not possible (AFAIK) for Qualcomm modems, unless they
both happen to use the same debug output, which I doubt.
Second, xgoldmon requires the device to be connected and externally via
phone USB port, since the debug is coming directly from modem chip (CP) to
USB port, and not via AP kernel. So unless someone knows more about how
Androids are using RIL and modem RF debug output, that is not an option.
--
View this message in context: http://baseband.devel.722152.n3.nabble.com/Documenting-Samsung-Radio-variables-from-the-ServiceMode-tp4026493p4026498.html
Sent from the baseband.devel mailing list archive at Nabble.com.