view miscprog/atsc.c @ 181:bf4286245c74

Pirelli's RF calibration cracked
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Sun, 13 Jul 2014 01:11:22 +0000
parents 597143ba1c37
children
line wrap: on
line source

/*
 * It is known that some GSM devices have undocumented AT commands for
 * changing the IMEI.  There is no standard syntax for such an AT command
 * (by the "proper rules" one is not supposed to exist at all), and instead
 * there seem to be several different ad hoc syntaxes.  This source file,
 * found on a Chinese site, implements one of these numerous ad hoc
 * IMEI-changing AT commands:
 *
 * ftp://ftp.ifctf.org/pub/GSM/TI_src/ati_sc.c
 *
 * Notice that this particular incarnation of the "set IMEI" AT command
 * is called AT@SC; there just happens to be an identically-named AT@SC
 * command on Openmoko's GSM modems.  Might it perchance be the same
 * IMEI changing command?
 *
 * This program constructs what should be a valid input to the decoding
 * logic in the ati_sc.c source above, for the purpose of testing whether
 * or not such a command would indeed effect an IMEI change on a GTA02 modem.
 */

#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>

static char hexdigits[] = "0123456789abcdef";

main(argc, argv)
	char **argv;
{
	char hexout[16];
	unsigned n1, n2, cksum;
	int i, c;

	if (argc != 2) {
usage:		fprintf(stderr, "usage: %s 15-IMEI-digits\n", argv[0]);
		exit(1);
	}
	if (strlen(argv[1]) != 15)
		goto usage;
	n1 = n2 = 0;
	for (i = 0; i < 15; i++) {
		c = argv[1][i];
		if (!isdigit(c))
			goto usage;
		c -= '0';
		hexout[i] = hexdigits[c ^ 5];
		if (i < 7)
			n1 = n1 * 10 + c;
		else
			n2 = n2 * 10 + c;
	}
	hexout[15] = '\0';
	cksum = (n1 + n2) % 1973;
	printf("AT@SC=\"%s%04u\"\n", hexout, cksum);
	exit(0);
}