SamsungIpcDissector » History » Version 1
Denis 'GNUtoo' Carikli, 02/11/2022 12:51 PM
Add protocol trace
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. SamsungIpcDissector |
|---|---|---|---|
| 2 | |||
| 3 | h2. Introduction |
||
| 4 | |||
| 5 | The packets were captured with tshark / wireshark-cli on the GT-I9300 with a Replicant 11 kernel and a specific revision of the work in progress libsamsung-ipc that works with it. |
||
| 6 | |||
| 7 | Since the GT-I9300 modem is connected through the HSIC bus (which is a subset of USB, without the PHY), we can simply capture it with tshark/Wireshark by capturing on the usbmon interface that sees the modem. |
||
| 8 | |||
| 9 | h2. Examples |
||
| 10 | |||
| 11 | This packet was the first USB packet containing samsung-ipc packet(s) right after the modem finished booting: |
||
| 12 | |||
| 13 | <pre> |
||
| 14 | 0000 80 df 35 c3 00 00 00 00 43 03 81 02 01 00 2d 00 | USB packet |
||
| 15 | 0010 e8 f1 03 62 00 00 00 00 7e 59 0d 00 00 00 00 00 | USB packet |
||
| 16 | 0020 28 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 | USB packet |
||
| 17 | 0030 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 | USB packet |
||
| 18 | |||
| 19 | +------------------------------------------------ HDLC_START |
||
| 20 | | +--------------------------------------------- ? |
||
| 21 | | | +------------------------------------------ ? |
||
| 22 | | | | +--------------------------------------- ? |
||
| 23 | | | | | +--+--------------------------------- ipc_fmt_header.length |
||
| 24 | | | | | | | |
||
| 25 | | | | | | | +------------------------------ ipc_fmt_header.mseq +--- IPC_PWR_PHONE_PWR_UP == 0x0101 |
||
| 26 | | | | | | | | +--------------------------- ipc_fmt_header.aseq | |
||
| 27 | | | | | | | | | +------------------------ ipc_fmt_header.group ---+ |
||
| 28 | | | | | | | | | | +--------------------- ipc_fmt_header.index ---+ |
||
| 29 | | | | | | | | | | | +------------------ ipc_fmt_header.type ------- IPC_TYPE_NOTI == 0x03 |
||
| 30 | | | | | | | | | | | | +--------------- HDLC_END |
||
| 31 | | | | | | | | | | | | | |
||
| 32 | 0040 7f 0a 00 00 07 00 ff ff 01 01 03 7e |
||
| 33 | |||
| 34 | +--+--------------------------------------------- ipc_fmt_header.length |
||
| 35 | | | +------------------------------------------ ipc_fmt_header.mseq +--- IPC_MISC_ME_IMSI == 0x0a02 |
||
| 36 | | | | +--------------------------------------- ipc_fmt_header.aseq | |
||
| 37 | | | | | +------------------------------------ ipc_fmt_header.group ---+ |
||
| 38 | | | | | | +--------------------------------- ipc_fmt_header.index ---+ |
||
| 39 | | | | | | | +------------------------------ ipc_fmt_header.type ------- IPC_TYPE_NOTI == 0x03 |
||
| 40 | | | | | | | | +--------------------------- Payload length |
||
| 41 | | | | | | | | | +------------ HDLC_START |
||
| 42 | | | | | | | | | | +--------- ? |
||
| 43 | | | | | | | | | | | +------ ? |
||
| 44 | | | | | | | | | | | | +--- ? |
||
| 45 | | | | | | | | | | | | | |
||
| 46 | 0040 | | | | | | | | 7f 1a 00 00 |
||
| 47 | 0050 17 00 ff 00 0a 02 03 0f 30 30 30 30 30 30 30 30 |
||
| 48 | | | | | | | | | |
||
| 49 | | | | | | | | | |
||
| 50 | +--+--+--+--+--+--+-----+--+--+--+--+--+--+--+--- Payload (IMSI) |
||
| 51 | | | | | | | | |
||
| 52 | | | | | | | | |
||
| 53 | 0060 30 30 30 30 30 30 30 7e |
||
| 54 | | |
||
| 55 | +-------------------------- HDLC_END |
||
| 56 | </pre> |