XMMProtocolInterfaces » History » Revision 44
Revision 43 (Denis 'GNUtoo' Carikli, 01/31/2022 12:55 PM) → Revision 44/46 (Denis 'GNUtoo' Carikli, 01/31/2022 07:51 PM)
h1. XMMProtocolInterfaces
{{>toc}}
h2. usb_sel
h3. HOWTO enable the modem usb interface
The modem also has an USB port that can be routed to the smartphone/tablet USB port.
To do that you first need to get a root shell in the device as the commands need to be executed as root.
Once this is done you need to switch the USB connector to the modem USB. This can be done with the following command:
<pre>
echo MODEM > /sys/devices/virtual/sec/switch/usb_sel
</pre>
Then nothing will happen, you will still be able to login through adb.
To make the device switch to the modem USB you then need to unplug and replug the USB cable between your computer and the device.
At this point, if the modem was booted, you'll see a new USB device appearing.
Some serial ports will also appear.
Tested on Replicant 6.0 0004 RC3
| Device | Distribution | Modem status | USB ids (lsusb from laptop) | tty |
| GT-I9100 | Replicant 6.0 0004 RC3 | Off | None | N/A |
| GT-I9100 | Replicant 6.0 0004 RC3 | Booted | 1519:0020 Comneon HSIC Device | /dev/ttyACM0 -> /dev/ttyACM6 |
| GT-I9300 | Replicant 6.0 0004 RC3 | Booted | 1519:0020 Comneon HSIC Device | /dev/ttyACM0 -> /dev/ttyACM6 |
When running lsusb on the SOC on the Replicant 11 kernel on a GT-I9300, we also see @1519:0020 Comneon HSIC Device@ once the modem is booted. Once powered on and before booting, the USB ids seen in lsusb with that kernel are these ones: @058b:0041 Infineon Technologies Flash Loader utility@ instead.
As the modem isn't visible either when not powered on, we need to look if it's possible to boot the modem from a laptop for instance.
h3. Protocols
|_. Device |_. State |_. UART |_. Protocol |
| GT-I9100 | modem booted | /dev/ttyACM0 | AT: [[GTI9100ModemTTYACM0]] |
| GT-I9100 | modem booted | /dev/ttyACM1 | Compatible with xgoldmon |
| GT-I9300 | modem booted | /dev/ttyACM0 | AT: [[GTI9300ModemTTYACM0]] |
| GT-I9100 | modem booted | /dev/ttyACM1 | With Replicant 6, Xgoldmon waits for messages but nothing arrives,
we have some messages with the stock firmware though |
| GT-I9300 | modem booted | /dev/ttyACM3 | AT: [[GTI9300ModemTTYACM0]] |
h3. Xgoldmon
description: Xgoldmon is a software that can get some cellular protocol traces from some Samsung phones using the samsung-ipc protocol.
git: https://github.com/2b-as/xgoldmon.git
h4. GT-I9100
Xgoldmon seem to display things on the GT-I9100:
<pre>
# ./xgoldmon -vvvv -i localhost -t s2 -l /dev/ttyACM1
LOG:>>[HIGH]oembatt.c,310,[DISP] Thermistor : measured_value=1630666778<<
LOG:>>[HIGH]oembatt.c,137,[DISP] oem_set_batt_level : 4220<<
LOG:>>[HIGH]oembatt.c,236,[DISP] BATT : measured_value_mv=4220, AvgBattVal_mv=4007, battery_level=5<<
LOG:>>[LOW]oemdisplay.c,363,no change -> rssi:4, bat:5<<
LOG:>>[HIGH]oembatt.c,310,[DISP] Thermistor : measured_value=1630666779<<
LOG:>>[HIGH]oembatt.c,137,[DISP] oem_set_batt_level : 4225<<
LOG:>>[HIGH]oembatt.c,236,[DISP] BATT : measured_value_mv=4225, AvgBattVal_mv=4026, battery_level=5<<
LOG:>>[LOW]oemdisplay.c,363,no change -> rssi:4, bat:5<<
LOG:>>[HIGH]oembatt.c,310,[DISP] Thermistor : measured_value=1630666778<<
LOG:>>[HIGH]oembatt.c,137,[DISP] oem_set_batt_level : 4220<<
LOG:>>[HIGH]oembatt.c,236,[DISP] BATT : measured_value_mv=4220, AvgBattVal_mv=4055, battery_level=5<<
LOG:>>[LOW]oemdisplay.c,363,no change -> rssi:4, bat:5<<
</pre>
And when calling an (inexisting/invalid) number, the frames appear in Wireshark.
However on the GT-I9300 it waits for messages that never arrive.
And on the GT-I9100 there seem to be very few messages.
I did some tests and compared a GT-I9100 with Replicant 6 and one with the stock distribution (rooted) and the one running Replicant outputed very few messages while the one running the stock OS outputed many messages.
Both had the same result when running @AT+TRACE?@ on /dev/ttyACM0:
<pre>
at+trace?
+TRACE: 1,921600,"ap=1;st=1;db=1;pr=1;bt=1,lt=1;li=1;ga=1;ae=1","DTM",0
</pre>
For more background on the values:
<pre>
AT+TRACE=?
+TRACE: description START
at+trace=[<mode>],[<speed>],["<unit>=<umode>[,<unit>=<umode>[;...]]]",["<method>"],[PowerSavingCountdown]
<mode>:
-------------------------------------------------------------
0: sets all units OFF [param <unit> will be ignored !]
1: sets all units ON [param <unit> will be ignored !]
no param: 3rd param. <units> configures trace-units
-> trace? will then display 128 as <mode>
<speed>: (115200,230400,460800,921600,1843200,3000000,3250000,6000000)
<units>:
-------------
ap: apoxi
st: stack
db: debug
pr: printf
bt: bluetooth
lt: LLT
li: LwIP
gt: GATE
ae: AENEAS
<umode>:
-----------------
0: unit-trace OFF
1: unit-trace ON
<method>:
--------------------------------
"BTM": byte stuffing trace method
"DTM": direct trace method
"EBTM": extended byte stuffing trace method
<PowerSavingCountdown in msecs>: (0-30000)
i.e.:
--------------------------------------------------
at+trace=0
at+trace=,460800
at+trace=,115200,"st=1,pr=1,bt=1,ap=0,db=1,lt=0,li=0"
at+trace=,,"lt=1,db=1,ga=0"
at+trace=,,,"EBTM"
at+trace=,,,,2000
+TRACE: description END
OK
</pre>
On the stock OS I most followed xmongold procedure:
<pre>
To enable the logging mode ("diag mode") on the S2, S3 and Note2:
- Go to the Phone application, enter *#9900# and set "Debug Level
Enabled" to "HIGH". The phone will reboot.
- Go to the Phone application again, enter *#7284# and set "USB" to
"MODEM" and tap "SAVE and RESET". The phone will reboot again.
</pre>
But I didn't do the @*#9900@ thing as I didn't see any debug level.
I only had the following menu:
<pre>
+-------------------------------------------------+
| Run dumpstate/logcat/modem log |
+-------------------------------------------------+
| Delete dumpstate/logcat |
+-------------------------------------------------+
| run dumpstate/local |
+-------------------------------------------------+
| Copy kenrel log to the SD card |
+-------------------------------------------------+
| Run modem log |
+-------------------------------------------------+
| Copy to sdcard(include CP Ramdump) |
+-------------------------------------------------+
| Disable fast dormancy (Current State: Enabled ) |
+-------------------------------------------------+
| Ramdump Mode Enable/HIGH |
+-------------------------------------------------+
| TCP DUMP START |
+-------------------------------------------------+
| Enable SecLog (currently disabled) |
+-------------------------------------------------+
| Exit |
+-------------------------------------------------+
</pre>
When using run modem log it did show the following popup:
<pre>
+----------------------------+
| /!\ Dump Result |
+----------------------------+
| GET MODEM LOG SUCCESS! |
| Please copy to SDcard with |
| other Menu button. |
+----------------------------+
| OK |
+----------------------------+
</pre>
As for the following:
<pre>
- Go to the Phone application again, enter *#7284# and set "USB" to
"MODEM" and tap "SAVE and RESET". The phone will reboot again.
</pre>
I didn't have any "SAVE and RESET" and I probably didn't need to reboot but I probably needed to disconnect and reconnect the USB cable.
The setting stay across reboots (I still have @1519:0020 Comneon HSIC Device@) and in the recovery I don't have any USB device (anymore?).
In the one running Replicant I did @AT+TRACE=1@.
h4. GT-I9300
On the GT-I9300, following this part:
<pre>
- Go to the Phone application again, enter *#7284# and set "USB" to
"MODEM" and tap "SAVE and RESET". The phone will reboot again.
</pre>
results in the "PARAM partition being written to":https://redmine.replicant.us/projects/replicant/wiki/GTI9300PARAM#USB-switch . At the next boot the bootloader will configure the USB switch to connect to the modem USB. And if you install Replicant just after that, you end up with no adb in the recovery or in Replicant, though USB host works fine and heimdall also works fine.
I've also "written a tool":https://git.replicant.us/contrib/GNUtoo/tools/at-mappers/ to diff the modem settings through AT commands, and it didn't find any difference beside with the @AT+TRACE@ settings.
The goal was to find some differences after doing that:
<pre>
- Go to the Phone application, enter *#9900# and set "Debug Level
Enabled" to "HIGH". The phone will reboot.
</pre>
Here I captured the settings with @LOW@ and @HIGH@, and the only interesting difference is with AT+TRACE:
<pre>
$ diff -u GT-I9300-main-stock-low-1.conf GT-I9300-main-stock-high-3.conf
[...]
-at+trace = ['+TRACE: 0,921600,"ap=0;st=0;db=0;pr=0;bt=0;lt=0;li=0;ga=0;ae=0","DTM",0']
+at+trace = ['+TRACE: 1,921600,"ap=1;st=1;db=1;pr=1;bt=1,lt=1;li=1;ga=1;ae=1","DTM",0']
[...]
</pre>
Note that if we have @+TRACE: 0,921600,"ap=0;st=0;db=0;pr=0;bt=0;lt=0;li=0;ga=0;ae=0","DTM",0@, we can simply do AT+TRACE=1 to make it like it should (@+TRACE: 1,921600,"ap=1;st=1;db=1;pr=1;bt=1,lt=1;li=1;ga=1;ae=1","DTM",0@).
It seems that the bootloader is involved again here:
If we set the debug level from low to medium we have a difference at @0x700208@:
<pre>
$ vbindiff low-2/PARAM.img medium-2/PARAM.img
low-2/PARAM.img
0070 0208: 4C 4F 00 00 00 00 00 00 00 00 00 00 03 00 00 00 LO...... ........
0070 0218: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0228: 63 6F 6E 73 6F 6C 65 3D 72 61 6D 20 6C 6F 67 6C console= ram logl
0070 0238: 65 76 65 6C 3D 38 00 00 00 00 00 00 00 00 00 00 evel=8.. ........
0070 0248: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0258: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0268: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0278: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0298: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02A8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02B8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02C8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02D8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02E8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02F8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
medium-2/PARAM.img
0070 0208: 4D 49 00 00 00 00 00 00 00 00 00 00 03 00 00 00 MI...... ........
0070 0218: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0228: 63 6F 6E 73 6F 6C 65 3D 72 61 6D 20 6C 6F 67 6C console= ram logl
0070 0238: 65 76 65 6C 3D 38 00 00 00 00 00 00 00 00 00 00 evel=8.. ........
0070 0248: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0258: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0268: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0278: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0298: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02A8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02B8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02C8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02D8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02E8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02F8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
┌──────────────────────────────────────────────────────────────────────────────┐
│Arrow keys move F find RET next difference ESC quit T move top │
│C ASCII/EBCDIC E edit file G goto position Q quit B move bottom │
└──────────────────────────────────────────────────────────────────────────────┘
</pre>
And here's from medium to high:
<pre>
$ vbindiff medium-2/PARAM.img high-1/PARAM.img
medium-2/PARAM.img
0070 0200: 00 00 00 00 01 00 00 00 4D 49 00 00 00 00 00 00 ........ MI......
0070 0210: 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 ........ ........
0070 0220: 00 00 00 00 00 00 00 00 63 6F 6E 73 6F 6C 65 3D ........ console=
0070 0230: 72 61 6D 20 6C 6F 67 6C 65 76 65 6C 3D 38 00 00 ram logl evel=8..
0070 0240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
high-1/PARAM.img
0070 0200: 00 00 00 00 01 00 00 00 48 49 00 00 00 00 00 00 ........ HI......
0070 0210: 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 ........ ........
0070 0220: 00 00 00 00 00 00 00 00 63 6F 6E 73 6F 6C 65 3D ........ console=
0070 0230: 72 61 6D 20 6C 6F 67 6C 65 76 65 6C 3D 38 00 00 ram logl evel=8..
0070 0240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 0290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0070 02F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
┌──────────────────────────────────────────────────────────────────────────────┐
│Arrow keys move F find RET next difference ESC quit T move top │
│C ASCII/EBCDIC E edit file G goto position Q quit B move bottom │
└──────────────────────────────────────────────────────────────────────────────┘
</pre>
Unfortunately it seems to also have a checksum:
<pre>
$ vbindiff medium-2/PARAM.img high-1/PARAM.img
medium-2/PARAM.img
007F FC00: 0D 4D 03 C0 FD 5C A8 D1 2B 14 25 76 03 51 C5 27 .M...\.. +.%v.Q.'
007F FC10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
high-1/PARAM.img
007F FC00: 67 39 08 85 9C 4A FE B8 65 47 9C C8 BB 95 DF B7 g9...J.. eG......
007F FC10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FC90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
007F FCF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
┌──────────────────────────────────────────────────────────────────────────────┐
│Arrow keys move F find RET next difference ESC quit T move top │
│C ASCII/EBCDIC E edit file G goto position Q quit B move bottom │
└──────────────────────────────────────────────────────────────────────────────┘
</pre>
To capture that I had to
* set the desired setting
* then shut down the phone
* Then boot into the download mode
* Then flash a Replicant recovery with root to @BOOT@ (do not flash it to RECOVERY)
* Then to dump the PARAM partition
* Then to reboot to the bootloader
* Then to flash back the stock OS BOOT
If for some reason I rebooted to the RECOVERY partition, the setting would be changed back to @LOW@ (this was verified by dialing @*#9900#@ and then looking at the setting value without changing it).
h2. Upstream kernel
The upstream driver for the Galaxy SIII (GT-I9300) is in "drivers/extcon/extcon-max77693.c":https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/extcon/extcon-max77693.c
Once loaded we have:
<pre>
[root@u-boot-i9300 ~]# uname -r
5.10.0-rc2+
[root@u-boot-i9300 ~]# cd /sys/class/extcon/extcon0
[root@u-boot-i9300 extcon0]# ls */
cable.0/:
name state
cable.1/:
name state
cable.2/:
name state
cable.3/:
name state
cable.4/:
name state
cable.5/:
name state
cable.6/:
name state
cable.7/:
name state
cable.8/:
name state
cable.9/:
name state
device/:
driver driver_override extcon input modalias power subsystem uevent
power/:
async autosuspend_delay_ms control runtime_active_kids runtime_active_time runtime_enabled runtime_status runtime_suspended_time runtime_usage
subsystem/:
extcon0
[root@u-boot-i9300 extcon0]# grep . */name
cable.0/name:USB
cable.1/name:USB-HOST
cable.2/name:SDP
cable.3/name:DCP
cable.4/name:FAST-CHARGER
cable.5/name:SLOW-CHARGER
cable.6/name:CDP
cable.7/name:MHL
cable.8/name:JIG
cable.9/name:DOCK
[root@u-boot-i9300 extcon0]# grep . */state
cable.0/state:1
cable.1/state:0
cable.2/state:1
cable.3/state:0
cable.4/state:0
cable.5/state:0
cable.6/state:0
cable.7/state:0
cable.8/state:0
cable.9/state:0
</pre>
I'm unsure if switching from userspace is implemented or not.
Though some part looks unimplemented.
In "gpio-rev00-m0.h in the smdk4412 kernel":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n169 we have:
<pre>
#define GPIO_USB_SEL EXYNOS4212_GPJ0(1)
</pre>
And the "max77693-muic.c driver":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/max77693-muic.c seems to use that to do the switch between the modem USB and the SOC USB.
And that seems to be used to switch to the modem USB.
h2. Links
* https://forum.xda-developers.com/t/info-r-d-i9300-uart-and-nvdata-guide.2928854/ Documentation for some GT-I9300 non-standard AT commands
* https://forum.xda-developers.com/t/a-sgs2-serial-how-to-talk-to-the-modem-with-at-commands.1471241/ Documentation for GT-I9100 tracing commandsh