hey guys
I just installed CM7 RC2 and I wanted to test the Wimax (never used it before since I flashed CM6 last summer, then subsequently MIUI).
When I turn on Wimax, it says "scanning" and one time it even connected, but shortly disconnected.
So I downloaded and ran the RSA key checker, came back with "Sorry, your WiMAX RSA Key is missing!"
Then I ran
# wimax_mtd
Open WiMAX partition ........ OK
Get HTC WiMAX Tag ........ OK
Verify WiMAX Tag (HTC-WiMAX-SQN1130)........ PASS
Read WiMAX partition ........ OK
Check Firwmare Version (4.6.2.2_v24722) ........ 4.6.2.2_v24722
Check Firwmare File ........ MATCH
Dev MAC = 00:18:41:XX:XX:XX (X'd out be me)
Read properties from flash ..... OK
+ in wmx_PropSetFromFlash.
+ in wmx_CheckPropTag.
- out wmx_CheckPropTag.
pPropName = persist.wimax.Cold_Boot_Flag
PropNameLen = 28
wmx_PropSetFromFlash: Find matched property name in flash.
pMemAddr == pPropName = 1
pPropData = 1
persist.wimax.Cold_Boot_Flag = 1
isColdBoot = 0
// Not Cold Boot: Load properties from flash.
+ in wmx_AllPropSetFromFlash.
+ in wmx_CheckPropTag.
- out wmx_CheckPropTag.
pPropName = prop_exist
readLen = strlen(prop_exist)+1 = 10+1= 11
pPropName = persist.wimax.Cold_Boot_Flag
readLen = strlen(persist.wimax.Cold_Boot_Flag)+1 = 28+1= 29
pPropData = 1
readLen = strlen(1)+1 = 1+1= 2
pPropName = persist.wimax.STANDBY_TIME
readLen = strlen(persist.wimax.STANDBY_TIME)+1 = 26+1= 27
pPropData = 600000
readLen = strlen(600000)+1 = 6+1= 7
pPropName = persist.wimax.SCAN_RATE
readLen = strlen(persist.wimax.SCAN_RATE)+1 = 23+1= 24
pPropData = 1800000
readLen = strlen(1800000)+1 = 7+1= 8
pPropName = persist.wimax.Realm
readLen = strlen(persist.wimax.Realm)+1 = 19+1= 20
pPropData = @sprintpcs.com
readLen = strlen(@sprintpcs.com)+1 = 14+1= 15
pPropName = persist.wimax.CenterFrequency
readLen = strlen(persist.wimax.CenterFrequency)+1 = 29+1= 30
pPropData = 2647000,2657000,2667000
readLen = strlen(2647000,2657000,2667000)+1 = 23+1= 24
pPropName = persist.wimax.Bandwidth
readLen = strlen(persist.wimax.Bandwidth)+1 = 23+1= 24
pPropData = 10,10,10
readLen = strlen(10,10,10)+1 = 8+1= 9
pPropName = persist.wimax.0.Man
readLen = strlen(persist.wimax.0.Man)+1 = 19+1= 20
pPropData = SEQUANS
readLen = strlen(SEQUANS)+1 = 7+1= 8
pPropName = persist.wimax.0.Mod
readLen = strlen(persist.wimax.0.Mod)+1 = 19+1= 20
pPropData = SQN1210
readLen = strlen(SQN1210)+1 = 7+1= 8
pPropName = persist.wimax.0.FwV
readLen = strlen(persist.wimax.0.FwV)+1 = 19+1= 20
pPropData = 24836
readLen = strlen(24836)+1 = 5+1= 6
pPropName = persist.wimax.0.HwV
readLen = strlen(persist.wimax.0.HwV)+1 = 19+1= 20
pPropData = REV0944
readLen = strlen(REV0944)+1 = 7+1= 8
pPropName = persist.wimax.0.SwV
readLen = strlen(persist.wimax.0.SwV)+1 = 19+1= 20
pPropData = 4.6.2.2
readLen = strlen(4.6.2.2)+1 = 7+1= 8
pPropName = persist.wimax.0.MAC
readLen = strlen(persist.wimax.0.MAC)+1 = 19+1= 20
pPropData = 00:18:41:81:CC:E4
readLen = strlen(00:18:41:81:CC:E4)+1 = 17+1= 18
pPropName = persist.wimax.0.TO-FUMO-REF
readLen = strlen(persist.wimax.0.TO-FUMO-REF)+1 = 27+1= 28
pPropData = ./FUMO
readLen = strlen(./FUMO)+1 = 6+1= 7
pPropName = persist.wimax.TO-WiMAX-REF
readLen = strlen(persist.wimax.TO-WiMAX-REF)+1 = 26+1= 27
pPropData = ./WiMAXSupp
readLen = strlen(./WiMAXSupp)+1 = 11+1= 12
pPropName = persist.wimax.IPv4
readLen = strlen(persist.wimax.IPv4)+1 = 18+1= 19
pPropData = TRUE
readLen = strlen(TRUE)+1 = 4+1= 5
pPropName = persist.wimax.IPv6
readLen = strlen(persist.wimax.IPv6)+1 = 18+1= 19
pPropData = TRUE
readLen = strlen(TRUE)+1 = 4+1= 5
pPropName = persist.wimax.ServerInitiated
readLen = strlen(persist.wimax.ServerInitiated)+1 = 29+1= 30
pPropData = TRUE
readLen = strlen(TRUE)+1 = 4+1= 5
pPropName = persist.wimax.CLInit.PollSuprt
readLen = strlen(persist.wimax.CLInit.PollSuprt)+1 = 30+1= 31
pPropData = TRUE
readLen = strlen(TRUE)+1 = 4+1= 5
pPropName = persist.wimax.CLInit.PollIntrvl
readLen = strlen(persist.wimax.CLInit.PollIntrvl)+1 = 31+1= 32
pPropData = -1
readLen = strlen(-1)+1 = 2+1= 3
pPropName = persist.wimax.WorkMode
readLen = strlen(persist.wimax.WorkMode)+1 = 22+1= 23
pPropData = 2
readLen = strlen(2)+1 = 1+1= 2
pPropName = persist.wimax.Session_Conti
readLen = strlen(persist.wimax.Session_Conti)+1 = 27+1= 28
pPropData = 0
readLen = strlen(0)+1 = 1+1= 2
pPropName = persist.wimax.Scan_Timeout
readLen = strlen(persist.wimax.Scan_Timeout)+1 = 26+1= 27
pPropData = 1
readLen = strlen(1)+1 = 1+1= 2
pPropName = persist.wimax.Scan_Retry
readLen = strlen(persist.wimax.Scan_Retry)+1 = 24+1= 25
pPropData = 120
readLen = strlen(120)+1 = 3+1= 4
pPropName = persist.wimax.Idle_Sleep
readLen = strlen(persist.wimax.Idle_Sleep)+1 = 24+1= 25
pPropData = 10
readLen = strlen(10)+1 = 2+1= 3
pPropName = persist.wimax.Entry_RX
readLen = strlen(persist.wimax.Entry_RX)+1 = 22+1= 23
pPropData = -89
readLen = strlen(-89)+1 = 3+1= 4
pPropName = persist.wimax.Entry_CINR
readLen = strlen(persist.wimax.Entry_CINR)+1 = 24+1= 25
pPropData = 4
readLen = strlen(4)+1 = 1+1= 2
pPropName = persist.wimax.Entry_Delay
readLen = strlen(persist.wimax.Entry_Delay)+1 = 25+1= 26
pPropData = 300
readLen = strlen(300)+1 = 3+1= 4
pPropName = persist.wimax.Exit_CINR
readLen = strlen(persist.wimax.Exit_CINR)+1 = 23+1= 24
pPropData = 2
readLen = strlen(2)+1 = 1+1= 2
pPropName = persist.wimax.Exit_Delay
readLen = strlen(persist.wimax.Exit_Delay)+1 = 24+1= 25
pPropData = 2
readLen = strlen(2)+1 = 1+1= 2
pPropName = persist.wimax.0.H-NSP-ID
readLen = strlen(persist.wimax.0.H-NSP-ID)+1 = 24+1= 25
pPropData = 000004
readLen = strlen(000004)+1 = 6+1= 7
pPropName = persist.wimax.OperatorName
readLen = strlen(persist.wimax.OperatorName)+1 = 26+1= 27
pPropData = SPRINT
readLen = strlen(SPRINT)+1 = 6+1= 7
pPropName = persist.wimax.PollingInterval
readLen = strlen(persist.wimax.PollingInterval)+1 = 29+1= 30
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.Primary.Name
readLen = strlen(persist.wimax.Primary.Name)+1 = 26+1= 27
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.Primary.Activated
readLen = strlen(persist.wimax.Primary.Activated)+1 = 31+1= 32
pPropData = FALSE
readLen = strlen(FALSE)+1 = 5+1= 6
pPropName = persist.wimax.0.METHOD-TYPE
readLen = strlen(persist.wimax.0.METHOD-TYPE)+1 = 27+1= 28
pPropData = 13
readLen = strlen(13)+1 = 2+1= 3
pPropName = persist.wimax.0.VENDOR-ID
readLen = strlen(persist.wimax.0.VENDOR-ID)+1 = 25+1= 26
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.0.VENDOR-TYPE
readLen = strlen(persist.wimax.0.VENDOR-TYPE)+1 = 27+1= 28
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.0.USER-IDENTITY
readLen = strlen(persist.wimax.0.USER-IDENTITY)+1 = 29+1= 30
pPropData = [email protected]
readLen = strlen([email protected])+1 = 22+1= 23
pPropName = persist.wimax.0.PSEUDO-IDENTITY
readLen = strlen(persist.wimax.0.PSEUDO-IDENTITY)+1 = 31+1= 32
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.0.PASSWORD
readLen = strlen(persist.wimax.0.PASSWORD)+1 = 24+1= 25
pPropData = 321j8f
readLen = strlen(321j8f)+1 = 6+1= 7
pPropName = persist.wimax.0.REALM
readLen = strlen(persist.wimax.0.REALM)+1 = 21+1= 22
pPropData = sprintpcs.com
readLen = strlen(sprintpcs.com)+1 = 13+1= 14
pPropName = persist.wimax.0.USE-PRIVACY
readLen = strlen(persist.wimax.0.USE-PRIVACY)+1 = 27+1= 28
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.0.ENCAPS
readLen = strlen(persist.wimax.0.ENCAPS)+1 = 22+1= 23
pPropData =
readLen = strlen()+1 = 0+1= 1
pPropName = persist.wimax.0.VFY-SRVR-REALM
readLen = strlen(persist.wimax.0.VFY-SRVR-REALM)+1 = 30+1= 31
pPropData = TRUE
readLen = strlen(TRUE)+1 = 4+1= 5
pPropName = persist.wimax.0.S-RLM.0.S-RLM
readLen = strlen(persist.wimax.0.S-RLM.0.S-RLM)+1 = 29+1= 30
pPropData = sprintpcs.com
readLen = strlen(sprintpcs.com)+1 = 13+1= 14
pPropName = persist.wimax.0.To-IP-REF
readLen = strlen(persist.wimax.0.To-IP-REF)+1 = 25+1= 26
pPropData = ./IP
readLen = strlen(./IP)+1 = 4+1= 5
Dump all properties in Flash. (262144) ........ OK
total time: 1.684 sec!
Lastely I ran:
#grep RSA /dev/mtd/mtd0
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
I was able to run sed -n '/BEGIN CERTIFICATE/,$p' /dev/mtd/mtd0 > /sdcard/rsa_OEM.key
and it created a 3.6MB file in the sdcard root, so I think the key is there, but why doesn't the WiMAX work and the checker says the key is missing?
key's their. maybe something went wrong while flashing cm7. did you try reflashing it?
Last-Chance said:
key's their. maybe something went wrong while flashing cm7. did you try reflashing it?
Click to expand...
Click to collapse
Thanks for the info. I didn't try to reflash yet, but perhaps I have too huh?
Related
Does someone know this? I want to unregister from the GSM network, but not enter the flightmode (I still need SIM access, and it should be fast). The following code works fine on a S100 (WM2003), but the 9100 (WM5) refuses to unregister. Registering works fine on both devices.
Code:
GsmControl::GsmControl()
{
errorMsg = TEXT("No ERROR/SUCCESS message to display.");
hLineApp = NULL;
hLine = NULL;
LineInitializeExParams.dwTotalSize = sizeof(LineInitializeExParams);
LineInitializeExParams.dwNeededSize = 0;
LineInitializeExParams.dwUsedSize = 0;
LineInitializeExParams.dwOptions = LINEINITIALIZEEXOPTION_USEEVENT;
LineInitializeExParams.Handles.hEvent = NULL;
LineInitializeExParams.dwCompletionKey = 0;
dwLineAPIVersion = TAPI_CURRENT_VERSION;
GsmInitialize();
}
HRESULT GsmControl::GsmInitialize()
// Initializes TAPI interface
{
res = lineInitializeEx(&hLineApp, NULL, NULL, NULL, &dwNumDevs, &dwLineAPIVersion, &LineInitializeExParams);
res = lineOpen(hLineApp, 0, &hLine, dwLineAPIVersion, 0, 0, LINECALLPRIVILEGE_MONITOR, 0, NULL);
return res;
}
HRESULT GsmControl::GsmLineUnregister()
{
res = lineUnregister(hLine);
// res = lineSetEquipmentState(hLine, LINEEQUIPSTATE_NOTXRX); /* Edit: This is commented out, as I don't want any kind of flightmode behaviour */
return res;
}
HRESULT GsmControl::GsmLineRegister()
{
// lineSetEquipmentState(hLine, LINEEQUIPSTATE_FULL); /* Edit: This is commented out, as I don't want any kind of flightmode behaviour */
res = lineRegister(hLine, LINEREGMODE_AUTOMATIC, NULL, 0);
if ( res != 0 ) //FAILED(res) )
{
errorMsg = TEXT("ERROR GsmLineRegister - lineRegister\n");
} else {
errorMsg = TEXT("SUCCESS GsmLineRegister - lineRegister");
}
return res;
}
Whats the return value of the lineUnregister() call?
Sorry, I have a problem getting the value. It's larger than zero.
Shouldn't the following code open a message window that says "GsmLineUnregister returned X"?
Code:
LPTSTR lpText = new WCHAR[1024];
swprintf(lpText, TEXT("GsmLineUnregister returned $d"), gsmCtrl->GsmLineUnregister());
MessageBox(NULL, lpText, TEXT("Deva Daemon"), MB_ICONINFORMATION);
Edit: I'm making too many mistakes lately. I also commented out lineSetEquipmentState, as that's how I want it to work but it doesn't (on a 9100)
OK, I've got it now. lineUnregister returns '11'.
Edit: It's not stable, it seems to return quite all kinds of values larger than ten. Each value is larger than its predecessor. After a reboot, I got a 12, and then again increasing numbers (19, 25, 29, 31). It doesn't seem to make any sense.
(Will I ever manage to write a post with no edits this week?)
Hey guys,
I have spent at least 24 hours trying to figure this out by myself and still havn't been able to...so I broke down and came here.
This code works...it does not (9/10s sure here...) run asyn and receives the same number of bytes as the picture should have
Code:
class ClientThread implements Runnable {
@TargetApi(Build.VERSION_CODES.GINGERBREAD)
public void run() {
while(true){
try {
int bytesRead;
int totalBytes = 0;
byte[] pic = new byte[1024];
byte[] inputPic_bytes = new byte[5000000];
DataInputStream dis;
DataOutputStream dos;
try {
dis = new DataInputStream(socket.getInputStream());
dos = new DataOutputStream(socket.getOutputStream());
dos.writeBytes("snapshot" + '\n');
int pic_size = Integer.parseInt(dis.readLine());
Log.e("TCP", "Pic size: " + pic_size);
while (totalBytes < pic_size){
bytesRead = dis.read(pic);
System.arraycopy(pic, 0, inputPic_bytes, totalBytes, bytesRead);
totalBytes += bytesRead;
pic[0] = (byte) (pic[0]&0xFF);
Log.e("TCP", "Read bytes: " + bytesRead + " Total bytes: " + totalBytes + " Bytes: " + pic[0] + " " + pic[1] + " " + pic[2]);
}
this code runs async and receives ~5k more bytes than the picture size which does not even seem possible to me (read_mode = 2 gets the pic)
Code:
protected Boolean doInBackground(Void... params) { //This runs on a different thread
boolean result = false;
try {
//create a new socket instance
SocketAddress sockaddr = new InetSocketAddress("192.168.0.5", 50007);
nsocket = new Socket();
nsocket.connect(sockaddr, 5000);//connect and set a 10 second connection timeout
if (nsocket.isConnected()) {//when connected
nis = new DataInputStream(nsocket.getInputStream());
nos = nsocket.getOutputStream();//and output stream from the socket
Log.e("Buffer Size", "Size: " + nsocket.getReceiveBufferSize());
networktask.SendDataToNetwork("sensors");
while(true){//while connected
if(read_mode == 0){
String getPicLength = nis.readLine();//read the lines coming from the socket
byte[] array_getPicLength = getPicLength.getBytes();
publishProgress(array_getPicLength);//update the publishProgress
Log.e("While_Count_0", "Count");
read_mode = 0;
}
else if(read_mode == 1){
String getPicLength = nis.readLine();//read the lines coming from the socket
byte[] array_getPicLength = getPicLength.getBytes();
publishProgress(array_getPicLength);//update the publishProgress
Log.e("While_Count_1", "Count");
read_mode = 2;
}
else if(read_mode == 2){
nis.read(pic);
publishProgress(pic);//update the publishProgress
}
}
}
Not sure if I have included enough info here...but this is seriously troubling me as I used to have it working.
What is so different about async that it is causing to receive so many extra bytes of "picture" data?
Thanks all...this is really bothering me.
I am using the below code to get the call log details which is working very fine for single SIM device, but the problem arises when it comes to the DUAL sim. I am trying to find work around for getting logs from dual sim device.
/**
* Get All Call Logs details as JSON
*
* @param context
*/
@SuppressLint("SimpleDateFormat")
private void getInitialCallDetailsAsJSON() {
// Print dates of the current week starting on Monday
DateFormat df = new SimpleDateFormat("dd-MMM-yyyy hh:mm aa",
Locale.getDefault());
final Uri contacts = CallLog.Calls.CONTENT_URI;
final Cursor managedCursor = getContentResolver().query(contacts, null,
null, null, null);
final int name = managedCursor
.getColumnIndex(CallLog.Calls.CACHED_NAME);
final int number = managedCursor.getColumnIndex(CallLog.Calls.NUMBER);
final int type = managedCursor.getColumnIndex(CallLog.Calls.TYPE);
final int date = managedCursor.getColumnIndex(CallLog.Calls.DATE);
final int durationOfCall = managedCursor
.getColumnIndex(CallLog.Calls.DURATION);
final JSONObject allDetailsJsonObject = new JSONObject();
final JSONArray array = new JSONArray();
if (managedCursor != null && managedCursor.getCount() > 0) {
while (managedCursor.moveToNext()) {
String contactName = managedCursor.getString(name);
final String phoneNumber = managedCursor.getString(number);
final String callTypeIndex = managedCursor.getString(type);
final String callDate = managedCursor.getString(date);
final String callDurationSeconds = managedCursor
.getString(durationOfCall);
final int totalTime = Integer.parseInt(callDurationSeconds);
int day = (int) TimeUnit.SECONDS.toDays(totalTime);
long hours = TimeUnit.SECONDS.toHours(totalTime) - (day * 24);
long minute = TimeUnit.SECONDS.toMinutes(totalTime)
- (TimeUnit.SECONDS.toHours(totalTime) * 60);
long second = TimeUnit.SECONDS.toSeconds(totalTime)
- (TimeUnit.SECONDS.toMinutes(totalTime) * 60);
String callDurationFormatted = "";
if (hours < 10) {
callDurationFormatted += "0" + hours + "h ";
} else {
callDurationFormatted += hours + "h ";
}
if (minute < 10) {
callDurationFormatted += "0" + minute + "m ";
} else {
callDurationFormatted += minute + "m ";
}
if (second < 10) {
callDurationFormatted += "0" + second + "s";
} else {
callDurationFormatted += second + "s";
}
String callType = null;
final int dircode = Integer.parseInt(callTypeIndex);
switch (dircode) {
case CallLog.Calls.OUTGOING_TYPE:
callType = CallAnalyticsConstant.OUTGOING;
break;
case CallLog.Calls.INCOMING_TYPE:
callType = CallAnalyticsConstant.INCOMING;
break;
case CallLog.Calls.MISSED_TYPE:
callType = CallAnalyticsConstant.MISSED;
break;
}
if (contactName == null || contactName.equalsIgnoreCase("")) {
contactName = "UNKNOWN";
}
}
managedCursor.close();
}
If anyone having any idea please kindly help me to get call related details for dual sim phones.
APP which is working fine for dual sim phone as well - CALL LOG MONITOR
Hello,
I have a problem with this function :
Code:
void notifyNewMail() {
Intent contentIntent = new Intent(context, MainMenuActivity.class);
TaskStackBuilder stackBuilder = TaskStackBuilder.create(context);
stackBuilder.addParentStack(MainMenuActivity.class);
stackBuilder.addNextIntent(contentIntent);
PendingIntent resultPendingIntent = stackBuilder.getPendingIntent(0, PendingIntent.FLAG_UPDATE_CURRENT);
NotificationCompat.InboxStyle style = new NotificationCompat.InboxStyle()
.setBigContentTitle("Big content title");
style = style.addLine("Line 1");
style = style.addLine("Line 2");
style = style.addLine("Line 3");
NotificationCompat.Builder builder = new NotificationCompat.Builder(context)
.setSmallIcon(R.drawable.ic_action_email)
.setLargeIcon(BitmapFactory.decodeResource(context.getResources(), R.drawable.ic_launcher))
.setTicker("Ticker")
.setNumber(3)
.setVibrate(new long[]{0, 500})
.setStyle(style)
.setContentIntent(resultPendingIntent);
((NotificationManager)context.getSystemService(Context.NOTIFICATION_SERVICE)).notify(2, builder.build());
}
(context is an Application, obtained by getApplicationContext(), if that matters)
This function shows a notification, but "Big content title" and "Line 1" "Line 2" "Line 3" are not shown.
Here is a screenshot of the notification : http://dl-1.va.us.xda-developers.co....png?key=eUu4S0J6fvqGY7S9Q2tExQ&ts=1406226417
Thanks for your help.
up
I need help to identify USB interfaces of MSM8905 (Snapdragon 205) device (Nokia 8110 4G) running KaiOS (Boot 2 Gecko aka FirefoxOS clone, uses many Android features such as ADB).
Here are the interfaces I have found so far, details follow:
Vendorroduct 0x18d1:d001 - adb sideload
Vendorroduct 0x05c6:0xf003 - MTP storage access
Vendorroduct 0x05c6:0xf00e - USB tethering
Vendorroduct 0x05c6:0x9092 - generic interface
adb sideload from recovery
I managed to switch the device to the Recovery mode (middle key up + power, then again power) - no ADB interface present, but there is an "Apply update from ADB" option and after this it presents this interface:
Code:
ugen7.2: <QUALCOMM Nokia 8110 4G> at usbus7, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x18d1
idProduct = 0xd001
bcdDevice = 0x0310
iManufacturer = 0x0001 <QUALCOMM>
iProduct = 0x0002 <Nokia 8110 4G>
iSerialNumber = 0x0003 <99887766>
bNumConfigurations = 0x0001
Configuration index 0
bLength = 0x0009
bDescriptorType = 0x0002
wTotalLength = 0x0020
bNumInterfaces = 0x0001
bConfigurationValue = 0x0001
iConfiguration = 0x0000 <no string>
bmAttributes = 0x0080
bMaxPower = 0x00fa
Interface 0
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0000
bAlternateSetting = 0x0000
bNumEndpoints = 0x0002
bInterfaceClass = 0x00ff <Vendor specific>
bInterfaceSubClass = 0x0042
bInterfaceProtocol = 0x0001
iInterface = 0x0004 <ADB Interface>
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0001 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0081 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Indeed, adb seems to see the device.
Unfortunately, I cannot seem to be able to switch to the fastboot interface (this seems to be possible on a very similar Reliance JioPhone) - there is no option in the recovery menu to do this and other middle buttons do not seem to work as expected.
MTP storage interface
When switching USB storage access one gets MTP device like this:
Code:
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x05c6
idProduct = 0xf003
bcdDevice = 0x0310
iManufacturer = 0x0001 <Android>
iProduct = 0x0002 <Android>
iSerialNumber = 0x0003 <99887766>
bNumConfigurations = 0x0001
Configuration index 0
bLength = 0x0009
bDescriptorType = 0x0002
wTotalLength = 0x0027
bNumInterfaces = 0x0001
bConfigurationValue = 0x0001
iConfiguration = 0x0000 <no string>
bmAttributes = 0x0080
bMaxPower = 0x00fa
Interface 0
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0000
bAlternateSetting = 0x0000
bNumEndpoints = 0x0003
bInterfaceClass = 0x00ff <Vendor specific>
bInterfaceSubClass = 0x00ff
bInterfaceProtocol = 0x0000
iInterface = 0x0006 <MTP>
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0081 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0001 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 2
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0082 <IN>
bmAttributes = 0x0003 <INTERRUPT>
wMaxPacketSize = 0x001c
bInterval = 0x0006
bRefresh = 0x0000
bSynchAddress = 0x0000
This appears to work as a expected.
USB tethering interface
When switching USB tethering on
Code:
ugen7.2: <Android Android> at usbus7, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x05c6
idProduct = 0xf00e
bcdDevice = 0x0310
iManufacturer = 0x0001 <Android>
iProduct = 0x0002 <Android>
iSerialNumber = 0x0003 <99887766>
bNumConfigurations = 0x0001
Configuration index 0
bLength = 0x0009
bDescriptorType = 0x0002
wTotalLength = 0x004b
bNumInterfaces = 0x0002
bConfigurationValue = 0x0001
iConfiguration = 0x0000 <no string>
bmAttributes = 0x0080
bMaxPower = 0x00fa
Additional Descriptor
bLength = 0x08
bDescriptorType = 0x0b
bDescriptorSubType = 0x00
RAW dump:
0x00 | 0x08, 0x0b, 0x00, 0x02, 0xe0, 0x01, 0x03, 0x08
Interface 0
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0000
bAlternateSetting = 0x0000
bNumEndpoints = 0x0001
bInterfaceClass = 0x00e0 <Wireless controller>
bInterfaceSubClass = 0x0001
bInterfaceProtocol = 0x0003
iInterface = 0x0006 <RNDIS Communications Control>
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x00
RAW dump:
0x00 | 0x05, 0x24, 0x00, 0x10, 0x01
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x01
RAW dump:
0x00 | 0x05, 0x24, 0x01, 0x00, 0x01
Additional Descriptor
bLength = 0x04
bDescriptorType = 0x24
bDescriptorSubType = 0x02
RAW dump:
0x00 | 0x04, 0x24, 0x02, 0x00
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x06
RAW dump:
0x00 | 0x05, 0x24, 0x06, 0x00, 0x01
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0082 <IN>
bmAttributes = 0x0003 <INTERRUPT>
wMaxPacketSize = 0x0008
bInterval = 0x0009
bRefresh = 0x0000
bSynchAddress = 0x0000
Interface 1
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0001
bAlternateSetting = 0x0000
bNumEndpoints = 0x0002
bInterfaceClass = 0x000a <CDC-data>
bInterfaceSubClass = 0x0000
bInterfaceProtocol = 0x0000
iInterface = 0x0007 <RNDIS Ethernet Data>
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0081 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0001 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
One of those interfaces gets detected as the RNDIS interfaces and gives me Ethernet.
Default interfaces
If neither tethering not storage is enabled, the device presents itself as a set of 3 interfaces:
Code:
ugen7.2: <Android Android> at usbus7, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x05c6
idProduct = 0x9092
bcdDevice = 0x0310
iManufacturer = 0x0001 <Android>
iProduct = 0x0002 <Android>
iSerialNumber = 0x0003 <99887766>
bNumConfigurations = 0x0001
Configuration index 0
bLength = 0x0009
bDescriptorType = 0x0002
wTotalLength = 0x006f
bNumInterfaces = 0x0003
bConfigurationValue = 0x0001
iConfiguration = 0x0000 <no string>
bmAttributes = 0x0080
bMaxPower = 0x00fa
Interface 0
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0000
bAlternateSetting = 0x0000
bNumEndpoints = 0x0002
bInterfaceClass = 0x00ff <Vendor specific>
bInterfaceSubClass = 0x00ff
bInterfaceProtocol = 0x00ff
iInterface = 0x0000 <no string>
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0081 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0001 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Interface 1
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0001
bAlternateSetting = 0x0000
bNumEndpoints = 0x0003
bInterfaceClass = 0x00ff <Vendor specific>
bInterfaceSubClass = 0x0000
bInterfaceProtocol = 0x0000
iInterface = 0x0000 <no string>
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x00
RAW dump:
0x00 | 0x05, 0x24, 0x00, 0x10, 0x01
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x01
RAW dump:
0x00 | 0x05, 0x24, 0x01, 0x00, 0x00
Additional Descriptor
bLength = 0x04
bDescriptorType = 0x24
bDescriptorSubType = 0x02
RAW dump:
0x00 | 0x04, 0x24, 0x02, 0x02
Additional Descriptor
bLength = 0x05
bDescriptorType = 0x24
bDescriptorSubType = 0x06
RAW dump:
0x00 | 0x05, 0x24, 0x06, 0x00, 0x00
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0083 <IN>
bmAttributes = 0x0003 <INTERRUPT>
wMaxPacketSize = 0x000a
bInterval = 0x0009
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0082 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 2
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0002 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Interface 2
bLength = 0x0009
bDescriptorType = 0x0004
bInterfaceNumber = 0x0002
bAlternateSetting = 0x0000
bNumEndpoints = 0x0003
bInterfaceClass = 0x00ff <Vendor specific>
bInterfaceSubClass = 0x00ff
bInterfaceProtocol = 0x00ff
iInterface = 0x0000 <no string>
Endpoint 0
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0085 <IN>
bmAttributes = 0x0003 <INTERRUPT>
wMaxPacketSize = 0x0008
bInterval = 0x0009
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 1
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0084 <IN>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Endpoint 2
bLength = 0x0007
bDescriptorType = 0x0005
bEndpointAddress = 0x0003 <OUT>
bmAttributes = 0x0002 <BULK>
wMaxPacketSize = 0x0200
bInterval = 0x0000
bRefresh = 0x0000
bSynchAddress = 0x0000
Those look like proprietary interfaces. I have hacked adb to force it to talk to those endpoints with its protocol, but there is no reply after two initial packets.
I have been reading excellent posts from like MSM8960 Info, Architecture and Bootloader(s) by @E:V:A and [R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & feature by @SouL Shadow and I suspect those are proprietary interfaces used by QPST.
My questions:
Are those product:vendor numbers something new?
Are my guesses correct? If yes, which interface should I try poke with HDLC packets?