Related
I've got a ppc-6601 (harrier) from Sprint and I'm trying to develop a program to use the location information - hopefully gps coords. Any idea on how to get that info? The program will basically be a location connector - converting phone location info to nmea sentences so any mapping program out there will be able to use the location info. The big question is, how do I get that info from the phone?
Is this a HTC product?
I once looked a (if I remember correctly) Swiss product that was able to show th current location based on the cell-info from the gsm radio.
The trouble seems to be that you need a map calibrated with gsm cell-info.
Remember: you wount get a more detailled specification of the location than approx. 200 metres.
I believe it's built by HTC, but branded by Audiovox. Sprint uses cdma, so the usual gsm location stuff isn't gonna work. Sprint uses the qualcomm/snaptrack technology - gpsOne. Sprint/Qualcomm got a java api out there for MIDP 2.0 phones, but I'm not sure if it'll work w/ ppc phones. This api gives you alot of info - including gps coords. http://www.shaftek.org/blog/archives/000139.html
So any ideas?
The carrier must have a location server online, currently Sprint and Verizon's LBS servers are not ready for point-to-point relay of LBS data.
An Australian based company has managed to extract this info from windows ce devices. From their web site (www.locatrix.com) it also seems as though this kind of service is supported on all mobile phones.
Pretty cool I thought.
HickHack said:
An Australian based company has managed to extract this info from windows ce devices. From their web site (www.locatrix.com) it also seems as though this kind of service is supported on all mobile phones.
Pretty cool I thought.
Click to expand...
Click to collapse
Uh, no. That program relies on tracerouting your IP address, and, if available, using their proprietary LBS API that if you want to route into GPSOne, you get to do on your own.
No, it doesn't use traceroute. I've got an i-Mate device here on Vodafone determining location to within 100m. The external API is for other/desktop applications (such as CRM, field management, mapping etc) that may wish to display the device's location.
Friends of mine have also tried their clients for Blackberry and Symbian OS with similiar results...
HickHack said:
No, it doesn't use traceroute. I've got an i-Mate device here on Vodafone determining location to within 100m. The external API is for other/desktop applications (such as CRM, field management, mapping etc) that may wish to display the device's location.
Friends of mine have also tried their clients for Blackberry and Symbian OS with similiar results...
Click to expand...
Click to collapse
Well, on the GSM side it has more options (I was referring to the Harrier and CDMA), such as locating the location of the tower and using signal fade information to make a best-guess estimate. Depending on where you live, and how close towers are spaced, it can get pretty close.
yes, but based on a flexible set of methods
-Using RIL (GSMTestMode)
-Using RIL_GetCellTower
-Using RIL Notifications
-Using RIL (fieldtest) -> reply structure has to be found
-Using offset method (few structures included)
-Using COM port
The project is based on:
-cellguardian.dll and cellguardian.xml : How to get CELLID on devices
-cell2latlon.dll and cellDb.xml : Calculate lat/lon using CELLID
-gsmcelluloz.exe : the main exe
-gsmcellulozCF.exe : the same, as PoC, in CF, but very simple
http://usuc.dyndns.org/tv/gsm/gsmcelluloz/
DEBUG mode creates a lot of log in \Temp
The device method configuration is in a file called "cellGuardian.xml"
Offset version works only with the "ALL" parameter (I don't know what defines the offset, which component version?)
Many things should be incomplete (like documentations )
Here is a google map (result from logging) made using a GSMTestode compatible device:
http://usuc.dyndns.org/tv/gsm/releve_poly.php
I'll write a quick documentation on how using cellguardian.dll (the brain from the cellid-getting), and cellguardian.xml.
I'm also working in antenna position interpolation but it's an harder process... (for now the cell2latlon works but uses a very simple barycentric algorithm)
Sample walk:
http://usuc.dyndns.org/tv/gsm/testParcours.php
Have fun, I hope to have some fieldtest compatible device log in order to decrypt the structure
If your device is still not working... Tell me!
The source will be released as soon as the modaco challenge will be finished (I hope to win a device with cellguardian.dll... or a sticker )
Did not work for me Tornado with Crossbow-Rom, i think you may ask maniac for the Offsets, he created CellProfileSwitcher, an very useful SmartPhoneTool with a huge list of compatible devices.
In Combination with your Tool it may be useful to create my own "CellMap", to see my Homezone or some other kind of zones, switched by CPS,yea.
But the Screenshots looks nice,...
Thank your for another nice way to waste my time with my lovely Phone,hehe...but i need the offsets...dont know how...
Have you tried "Find offset" in the 8FFB0000-8FFC0000 range?
8FDC0000-8FDD0000
8F1D0000-8F1E0000
8A3B0000-8A3C0000
8A4B0000-8A4C0000
8C0D0000-8C0E0000
Are other possible ranges.
The result will be contained in a file located on \Temp
Possible structures (if you define your configuration in cellguardian.xml)
TORNADO
TYPHOON
IPAQ
MPX220
WIZARD
Offset method will be activated once you'll have removed other options (COMPORT...) from the config file.
Remember that as long as I don't know what defines the offset, the only version that works is "ALL". This field will be used once I'll be quite sure the component version defines really the offset.
I hope to improve it, but also to let a chance to the user to configure it by himself.
Quick help page
I made a quick help page to help ppl finding the offset until I find some cleaner way to find it...
http://usuc.dyndns.org/tv/gsm/help/
After this, just modify \Program Files\cellguardian.xml
and replace
<device name="HTC Tornado">
<OEMID>Qtek 8310</OEMID>
<method type="RILHTC1"></method>
<method type="RILTOWER"></method>
<method type="COMPORT"><port>COM9:</port></method>
</device>
Click to expand...
Click to collapse
by
<device name="HTC Tornado">
<OEMID>Qtek 8310</OEMID>
<method type="OFFSET">
<offset version="ALL" structure="TORNADO">YOUROFFSET</offset>
</method>
</device>
Click to expand...
Click to collapse
Where YOUROFFSET is the offset you found (try the adresse ranges I suggested above)
Let me be your tester
Hello!
I have found your excellent project and I am going to test it and share with you results. My phone is smartphone - HTC S310 (know also as HTC Oxygene, SPV C100).
When I am launching the application I get error:
Cannot load \Program Files\GSMCelluloz\CellGuardian.dll:0x7e126
Is your app suitable for smartphones? I have downloaded the
GSMCelluloz_SP5_R.CAB.
Maybe I should use:
GSMCelluloz_WM5_R.CAB?
What offsets sould I put to test my phone and which method?
Best greetings and congratulations for your job!
RA
Solved
abramq said:
When I am launching the application I get error:
Cannot load \Program Files\GSMCelluloz\CellGuardian.dll:0x7e126
Click to expand...
Click to collapse
Hi again!
The problem was because I've installed app on card, not on device memory.
Cell searching works excellent, on my phone works GSMTestMode method (I am going to find out the differences between methods, but don't know where).
By the way - user interface for smartphone (non-touch display) looks like not fnished - 'backspace' keys doesn't work and it is difficult to leave edit mode too.
Will test it more and make some enhancement
Best greetings and please keep working
JA
P.S.
What Compact Framework needs the CellulozCF? I have the 2.0 and the app doesn't work (I get the unexpected error: Microsoft.AGI.CommonMISC.HandleAr() in System.Windows.Forms.Control._InitInstance.
I think the best cell id application from all times ever would be that which can change phone profile depending from location. I saw someone here is trying to do it, but will not be free, so no use. An app like that will eclipse all other... it will be like the next step in mobile evolution. Probably japanese already have it.
You are outDated...this idea is really old...lookat maniacs Homepage;
Maniacs SmartPhoneTools
...but for now not useable on devices without TiOmapProcessor
But PhoneAlarm by PocketMax supports different [email protected],too.. but cost money and hard to configure,no learningfunction,no neighbourcells and you have to add every Cell one by one...
but youre right,too; Actions by Locations are always missed in Apps with Notifications or ProfileChangingFunction.
Route Tracker
With Route Tracker you can create routes and add several route points containing text and/or images from your current position. If gps is available it will take the current longitude, latitude and altitude. Without a gps module information of the current cell id and the location area code are saved.
For each route a report can be created which can be saved as a html file.
prerequisites:
PocketPC with .net compact framework 2.0 and SQL Compact Server 2005 (already installed in WM6 professional)
(tested on a WM6 professional device without gps)
known issues:
after uninstall the db and the images will not be deleted
getting MyLocation can time out
timer greater than ~15 seconds doesn't word when device is in suspend mode
in the view form only the map type for default route maps is working
next features:
automatic point adding by distance (every x meters)
more robust MyLocation
geo game (show taken image and try to find the place on the map)
Any comments are appreciated.
version 1.0.5
new view showing the whole route in one image using Google Maps (markers or path)
this view can be saved to an image file
check its settings form for parameters
version 1.0.4
new setting: Use Google's MyLocation for report GMaps and for exporting to kml. On devices without gps the cell id information will be used to get an approximate location. (default on and will use internet connection!)
version 1.0.3
new report "GMaps" using google maps (will try to use internet connection!)
updated date set to last saved route point
additional setting: Flash on Saving (flash on main screen)
version 1.0.2
additional settings: check gps, vibrate on saving
saving settings: seconds, minutes and vibrate on saving
show time with date in the grid
version 1.0.1
A report can be saved to kml for viewing in google maps.
In Menu/Auto Report... timed saving can be activated.
Thanks,
heliosdev
Anybody tried?
Would be interesting to know if the gps information gets stored and if there are any issues on devices with qwerty hardware keyboard (regarding screen rotation).
Thanks!
New version is up. If you have difficulties with the gps data, try to start gps with another app and after having enough sat fixes try Route Tracker.
Nice now this app work, but here some ideas:
A Sign that shows a record was made
Start Time on the main screen
Show Cell ID or GPS is used
Other Ideas will follow
Thanks for the input! New version is up.
very cool! i will be certainly using it.
nir36 said:
very cool! i will be certainly using it.
Click to expand...
Click to collapse
me too. will report back feedback. thanks.
heliosdev said:
Anybody tried?
Would be interesting to know if the gps information gets stored and if there are any issues on devices with qwerty hardware keyboard (regarding screen rotation).
Thanks!
Click to expand...
Click to collapse
It works on my Diamond without any problem.
Great but here some Ideas:
Show the last position time in the grid (Last position time saved at
Vibrate is good, but better would it if you make a flashing dot on the main screen because if you use it in a carholder its not so go.
(Or you can add vibrate too under settings)
And Upload direct the cab file, its easier to use!
Thx and work on!
didn't work on my vogue - got a net framework error.
@all
thanks for your input!
@fredcatsmommy
what is the error message saying? Can you go to menu/settings and press the 'Check GPS' button?
heliosdev said:
@fredcatsmommy
what is the error message saying? Can you go to menu/settings and press the 'Check GPS' button?
Click to expand...
Click to collapse
okay, here's the message I get when trying to run RouteTracker (which does not open at all):
Error
RouteTracker.exe
MissingMethodException
File or assembly name
'System.Data.SqlServerCe,
Version=3.0.3600.0, Culture=neutral,
PublicKeyToken=3BE235DF1C8D2AD3',
or one of its dependencies, was not
found.
Well, it looks like sql is not installed on your device! I've seen cooked roms which removed this to save some space...
What .net version do you have installed? (run /Windows/cgacutil.exe)
heliosdev said:
Well, it looks like sql is not installed on your device! I've seen cooked roms which removed this to save some space...
What .net version do you have installed? (run /Windows/cgacutil.exe)
Click to expand...
Click to collapse
I'm using the ppckitchen to cook a custom rom and have included both sql, 3.5 supposed to be included and I also select .netcf 2. Maybe that's a problem, but I've not ever gotten that message with any of the other programs I use that require .netcf. When I run /Windows/cgacutil.exe it says 2.0.7045.0
Will this work with .NET 3.5 or only 2.0?
I get this error using the ROM in my sig and SQLce 3.5 added.
Code:
An unexpected error has occurred in RouteTracker.exe.
Select Quit and then restart this program, or select Details for more information.
File or assembly name 'System.Data.SqlServerCe, Version=3.0.3600.0, Culture=neutral, PublicKeyToken=3BE235DF1C8D2AD3', or one of its dependencies, was not found.
Here a new Idea
Make a Today Plugin that shows CELL ID, LAC, MCC, MNC or GPS and a count down. It shows new recorde made in xx.xx.xx (ex. 00:00:10 = 10 sek.)
Well, I'm using C# .net and I'm not sure if this can be used for today plugin development.
Btw, new version is up!
new version is up!
Tests with devices without gps are appreciated! (internet connection needed)
(report GMaps and save report (in Report form) to kml and view it with google maps/earth on desktop)
Nice,
works fine!
But can you set a dot on mylocation?
Like here http://cellid.schlapa.net
Also show the cellID data on the Gmaps Screen.
Thx wait for next versions ...
Dtrieb
Hi thanks for this app!!!!
Is it possible to get bigger screen shots ?
Thanks dude
Last Update January 15, 2009
I have been working on a nice add-in for windows mobile,
this application will find your location (based on cell id) and change the profile based on these locations.
currently the software is capable of changing the WiFi status (on/off/unchanged) and also Bluetooth (on/off/unchanged).
changes to this document will be marked in blue
Added Spy Photos of the new Version, it will take a while but it worths the wait
Todo:
- Add Vibration Control.
- Add Ringing Volume Control.
- Make as invisible process.
- Unknown location Profile.
- Switch to Flight mode profile option.
- Display Personal Note profile option.
- smartWatchM Support, Displays location and vibrates when location changes
- Suggestion : Mortscript or application execution on certain location.
LPM V0.1.1:
- Hide Button.
- Display Cell ID Instead of unknown.
- Added Programs Shortcut.
LPM V0.1:
- Initial Release
Features:
- Cell ID Based
- Switch Profiles Automatically.
- Wireless (on/off/unchanged) support
- Bluetooth (on/off/unchanged) support.
- Leave Unchanged option.
- XML Configuration and profiles storage.
- Polling rate of 30000ms (30 Seconds).
Requirements:
- Windows Mobile OS (Tested on WM6.1 Xperia).
- dot Net framework 3.5.
i have published the source code on Codeplex on this link
http://www.codeplex.com/LPM
if you are interested in working with me to improve this application, let me know
How to use :
1 - Start the application.
2 - Click and hold on the Empty box then select add.
3 - Type the location name, select BT & WIFI settings (unchecking the box = Don't change status when reaching this place).
4 - Click menu, start recording. then move around the place to capture all cell IDs.
5 - Click save
6 - Repeat for your locations.
7 - Enjoy.
Please Post your mobile device after testing the software. state if the test is successfull or not and if you found any bugs.
Compatibility List :
- Sony Ericsson X1
Warning : Use at your own risk, neither me or XDA-Developers are responsible if anything goes wrong.
the file(s) attached here follows the License found on codeplex
http://www.codeplex.com/LPM/license
السلام عليكم ورحمة الله وبركاتهis it only for changing the profile or it can do more
thanks !! for your time to make it happen any how.
awesome, I was designing this kind of application myself..
But this looks nice, I will look at the source and see if my style matches yours. If so I think I'd like to help develop.
This could duplicate (and more) the functionality of Wifilocations (also on xda-developers), but more than just turning on/off the wifi and bluetooth!
johnchan78 said:
This could duplicate (and more) the functionality of Wifilocations (also on xda-developers), but more than just turning on/off the wifi and bluetooth!
Click to expand...
Click to collapse
i don't think so, anyway i'm planing to implement alot of new features.
let me know if you have any specific request.
I've been wondering when WM would get to have something like this. About 3yrs ago, I played with a similar program on my Nokia S60 phone. It worked pretty good. When I went to the conference room I could have the phone memorize that location and it would put my phone to silent. And so on. Thanks for your interest and work on this. I look forward to testing it out!
noellenchris said:
I've been wondering when WM would get to have something like this. About 3yrs ago, I played with a similar program on my Nokia S60 phone. It worked pretty good. When I went to the conference room I could have the phone memorize that location and it would put my phone to silent. And so on. Thanks for your interest and work on this. I look forward to testing it out!
Click to expand...
Click to collapse
thanks for your support, please let me know if you are facing any problems.
i will be including some more stuff in it soon
I use Wifilocations, but I find it somewhat unreliable with the cell-readout (but perhaps it's me). Anyway, I will give your application a try. I will mainly use it for turning on/off Wifi anyway.
I have a few questions though:
What is the polling frequency?
Is there a special -hide autostart option?
What is going to be different from Wifilocations?
Thx for your work!
Best, danckel
danckel said:
I use Wifilocations, but I find it somewhat unreliable with the cell-readout (but perhaps it's me). Anyway, I will give your application a try. I will mainly use it for turning on/off Wifi anyway.
I have a few questions though:
What is the polling frequency?
Is there a special -hide autostart option?
What is going to be different from Wifilocations?
Thx for your work!
Best, danckel
Click to expand...
Click to collapse
in the future, this application will have alot of features,
it will have a default profile (Unknown Location Profile) which will allow you to set your default setting when you are not in a known area.
also it will have options to prevent from stopping bluetooth and/or wifi if a call is on going (to prevent a BT Headset from disconnection or to prevent Wifi incase of VOIP call).
some more features will be there and whatever you have in mind can be implemented.
the polling time will soon be an option to set i think now it is set to 30 seconds (i'm not sure about the timer settings), the software automatically polls the cell id when a major event happens (add new location or edit one for example).
but i'm concerned about one thing, is it consuming battery?!
i didn't notice anychange in battery life or performance of the device. can you please confirm this?
thanks all for your support.
Didn't test it yet, but I'll suggest you add:
launch an app (sequence)
send predefined sms
connect to A2DP receiver
go to flight mode (cinema, hospital, plane)
turn off GSM part (bad or no coverage)
antitheft actions / lock the phone (when it leaves a specified location)
-> maybe this can be done with just running another app
How accurate is this ?
Cheers
Good Job ,, Well Done ,,
mmm ,, also I suggest to search for another products to collect more ideas to rich your software ,,
You can test this software I'm really using it ,,
http://www.handango.com/catalog/ProductDetails.jsp?storeId=2218&productId=246582
it has many ideas that you can include in your software ,,
also ,, this software not depending on net framework ,, and it has an independent wm service working in backgroud to monitor the cells and change the profile this thing make it too light and stable,,
it also has a today pluggin ,, so today pluggin it important ,,
so ,, give your self a time to try it to get more ideas for your software ,,
like,,, making it shareware
nono ,, please don't make it shareware ,, take all features from GSM Locator except this one ,,
lastnikita said:
Didn't test it yet, but I'll suggest you add:
launch an app (sequence)
send predefined sms
connect to A2DP receiver
go to flight mode (cinema, hospital, plane)
turn off GSM part (bad or no coverage)
antitheft actions / lock the phone (when it leaves a specified location)
-> maybe this can be done with just running another app
How accurate is this ?
Cheers
Click to expand...
Click to collapse
Sure, Sure, these are all nice features
i started immediately on some of what you said
regarding the accuracy, this cannot be measured in any unit!
the GSM mobile cell looks like a hexagon, when you are outside the city this hexagon is set to be larger (covers more land) while it is smaller inside the city, mostly, inside the city (or locations with high mobile traffic) will have more accuracy but not that much precised! for example it will not distinguish a room in your home, but it will be able to recognize your home (but maybe not your neighbour if both are covered with the same cell tower).
CodeMaster said:
Good Job ,, Well Done ,,
mmm ,, also I suggest to search for another products to collect more ideas to rich your software ,,
You can test this software I'm really using it ,,
http://www.handango.com/catalog/ProductDetails.jsp?storeId=2218&productId=246582
it has many ideas that you can include in your software ,,
also ,, this software not depending on net framework ,, and it has an independent wm service working in backgroud to monitor the cells and change the profile this thing make it too light and stable,,
it also has a today pluggin ,, so today pluggin it important ,,
so ,, give your self a time to try it to get more ideas for your software ,,
Click to expand...
Click to collapse
needing dot NET framework is not a minus! it's a framework, it makes my life (as a systems developer) easier.
developing a today plugin is tricky, it requres an unmanaged code (cannot be done via managed code at all), so if anyone is interesed in helping me in this part i would be pleased
lastnikita said:
like,,, making it shareware
Click to expand...
Click to collapse
No way, i'm not planing to establish a company and sell this product. i'm having fun developing it in my spare time
some people might have a performance concern, i did my best to avoid any practice that might affect performance. but even though, please report any performance issues if you face some
enjoy it
CodeMaster said:
Good Job ,, Well Done ,,
mmm ,, also I suggest to search for another products to collect more ideas to rich your software ,,
You can test this software I'm really using it ,,
http://www.handango.com/catalog/ProductDetails.jsp?storeId=2218&productId=246582
it has many ideas that you can include in your software ,,
also ,, this software not depending on net framework ,, and it has an independent wm service working in backgroud to monitor the cells and change the profile this thing make it too light and stable,,
it also has a today pluggin ,, so today pluggin it important ,,
so ,, give your self a time to try it to get more ideas for your software ,,
Click to expand...
Click to collapse
Guy, you were plugging your app (with handango link no less) three times on the other thread and now you are bumping it in here on the other app's thread, again? You must seriously work for them. Please, cut it off.
I tried your program, however, it could never get a fix on my location... it was always "unknown".
Im using a Xperia X1 GSM version...
johnchan78 said:
I tried your program, however, it could never get a fix on my location... it was always "unknown".
Im using a Xperia X1 GSM version...
Click to expand...
Click to collapse
please check the first post, i added how to use.
let me know if it didn't work and if you are facing any more problems.
anaadoul said:
the polling time will soon be an option to set i think now it is set to 30 seconds (i'm not sure about the timer settings), the software automatically polls the cell id when a major event happens (add new location or edit one for example).
Click to expand...
Click to collapse
Polling time of 30sec is fine, but I could not verify it. A very helpful trigger event is "turning on the device again". Could you include an active polling on this event?
It would also be nice if the application showed the actual cell id rather than reporting "Unknown" on the main screen. This enables me to check whether the polling actually works.
Wifilocations also has a trigger event when you leave rather than enter a cell. This could also be very handy.
Battery drain is of course a major concern, because the application has to run continuously. I haven't had time to check the battery drain yet.
Finally, is there a program switch that enables starting the program in the background?
PS: Thanks also for sharing the source code.
send predefined sms
-this option would be very useful for people who always travel because it can send an sms to a pre defined number especially if it will also send the cellid. it can be used as a tracking device.
this is what i did:
- launched LPM
- Options > Add New Location
- added location name: Office> ticked Ringing Volume > adjusted to lowest point > Start Recording > Saved
- quit the app
- relaunched the app, now the Current Location shows "Office", Ringer: 0%
- when someone calls, the ringer volume is still max
Intel / Infineon XMM6260 & X-GOLD 626 Modem Hack-Pack Release!
After several unsuccessful months of trying to get my phone (application) to
talk AT-commands with the baseband processor (BP), I've had to learn a lot of
hardware and internal Android and OEM based tricks and secrets. Although this
have not been enough to make anything of practical use, it is definitely worth
sharing. If not at least some more talented people may be able to continue
where I have left of...
Now, it should be immediately stated that there is nothing revolutionary
in here, apart the Infineon manual for tuning your GSM modem, using the
AT CLI and GTI sequencer. This is something that could potentially be very
useful for better understanding the advanced features that the modem
platform incorporates. However, it is also a sure way of making a an
expensive brick out of your phone! You have been warned...
Brief Modem Description
The XMM6260 is the "platform" that consists of:
The X-GOLD 626 baseband processor
The SMARTi UE2 RF-transceiver DSP
The 3GPP Release 7 HSPA+ protocol stack with:
Downlink: Category 14, Uplink: Category 7
The X-GOLD 626 baseband processor (labelled "PMB 9811") is communicating
with the DSP RF-tranceiver chip called SMARTi-UE2 (labelled "PBM 5712 A1"),
using a communication interface that corresponds to the MIPI DigRF-3G
(V.3.09) standard. Through this protocol the BP can control some or all
aspects of the RF DSP.
Alternative Names
Infineon IFX6260
Intel IMC6260
Intel XMM626
Some other devices using this platform:
Code:
- Lava XOLO X900 [Phone] FCC ID: ???
- Lenovo K800 [Tablet/Pad] FCC ID: ???
- LG-P920 (LG ?) [Phone] FCC ID: BEJP920
- LG-P925 (LG Optimus 3D?) [Phone] FCC ID: BEJP925
- Huawei E369 (3G Hi-Universe) [USB 3G Modem] FCC ID: QISE369 (Russian distrubutor: Merlion)
- Huawei MU733/MU739 [PC/CE Module] FCC ID: QISMU739
- Samsung Galaxy Nexus (I9200) [Phone] FCC ID: ???
Other devices that may (!?) also contain the X-GOLD 626:
---------------------------------------------------------
- LG Optimus 4X HD [Phone] FCC ID: ???
- HTC One X [Phone] FCC ID: ???
- Huawei Ascend D Quad [Phone] FCC ID: QIS ???
- Huawei E392 (E392u-511) [LTE Multi-mode USB stick] FCC ID: QISE392U-511
- Huawei E353 (E352s-6) [HSPA+ USB stick] FCC ID: QIS ???
Hack-Pack Content
Code:
- Pictures/Diagrams:
- XMM6260 colored pinout map
- XMM6260 mounted in a Samsung Galaxy S2
- SMARTi UE DSP RF-tranceiver chip mounted in the SGS-2
- IPC xxxxxx stuff
- Infineon PhoneTools testing program
- Raw 1byte greyscale PNG of modem.bin from XXKI1
- PDF files/documents:
- ITA-RF-Adjustment-GSM (XMM6260 Specification)
- Infineon MIPI-HSI Product Brief
- X-GOLD 616 Product Brief
- Fairchild FSA9280/88A USB/UART switch/MUX datasheet
- Similar Modem AT sets/documents:
- AT_Command_Set_3GPP-TS-27007-940.pdf
- AT_Command_Set_AMOD_HSPA.pdf
- AT_Command_Set_Gobi.pdf
- AT_Command_Set_Motorola_XM7200S.pdf
- AT_Command_Set_Teltonika_TM3.pdf
- AT_Command_Set_iWOW_TR-900.pdf
- Text Files:
- 3GPP 27.007 AT-list
- XMM6260 official AT-set
- XMM6260 internal AT-set
- XMM6260 homebrew specifications
+ X-GOLD 626 Modem pinouts
+ MUX pinouts
+ AP connections (SGS2)
+ AP relevant info
- Strings of modem.bin (stock firmware image: [B]XXKI1[/B])
- Strings of drexe
- Strings of rild
- Strings of libril.so
- Strings of libsec-ril.so
- GT-I9100 stock (GB 2.3.4) binary files:
(Taken from: PDA:[B]XWKI4[/B], Phone:[B]XXKI1[/B])
- libKiesDataRouter.so
- libril.so
- libsec-ril.so
- libsecril-client.so
- drexe
- rild
- Android hardware hacking binaries (tools):
- dbus-monitor
- dbus-send
- hciconfig
- hcidump
- hcitool
- i2cdetect
- i2cdump
- i2cget
- i2cset
- ipcfilter
- ipcdump
- ipctool
- procmem
- showmap
- showslab
- strace
- tcpdump
- viewmem
+ various other content
Download Here! (57.72 MB)
The modem firmware referred to and studied can be
found here (Modem.bin.7z) or here, under "XXKI1".-------------------------------------------------------------------------------
DISCLAIMER:
All the material in this collection was found on internet by
appropriate Google-Fu and/or by laborious manual creation.
Nothing is stolen or reversed, so I am not held responsible
for the origin or problems affiliated with the use of these
documents, programs or other binaries.
-------------------------------------------------------------------------------
If you are a developer or other corporate official of Intel or Infineon:
Please contact your superiors and ask them to release the proper
datasheets and documentation of these products to the public.
Why? Because:
It would significantly increase the sales of your hardware, by promoting
a much more open approach to hardware development. There are currently
more than 10 open-sourced and open-hardware smartphone projects around
the world, who would benefit from the use of a more modern baseband than
what is currently and openly available.
.
It would significantly promote your hardware in front of your competitors,
as your company would be the first one to open up your documentation to the
public. Thus increasing public technical knowledge of your hardware, which
would ultimately lead to you having an easier time to find qualified
developers that cost you less!
.
It would significantly reduce the cost and time for firmware development,
while increasing the firmware code-quality and compatibility, as you
would be able to benefit from the large community and knowledge from
other professional developers as well as hardware-hackers.
(Yes, there are several bugs found in your firmware, but since there is
no way to report and discuss these with your developers, they will
continue to cost you money and head-scratching for all developers
having to deal with your platform.)
.
Your competitive advantage due to 1-3, would promote new and better
future hardware developments, that would not only benefit your
company/business but also society as a whole.
.
Its simply the right thing to do!
The thread where all this become crisply relevant is this one:
[A][SGS2][Serial] How to talk to the Modem with AT commands
There you will find all documents which I have found to date, which
is essentially none. At least nothing that can be of ANY practical use.
UPDATE: [2012-04-17]
As soon as I get a chance I'll update the HackPack (HP) with new data regarding the MUX
and some other hardware used in the SGS2. This data, as presented within HP, is simply wrong!
Reserved 2 me 3
Awesome info I was also thinking looking at the ServiceMode application in the SGS2 could provide interesting information. BTW, do you know if the X-GOLD has a diagnostic mode similar to the one usually found in Qualcomm modems?
xd.bx said:
Awesome info I was also thinking looking at the ServiceMode application in the SGS2 could provide interesting information. BTW, do you know if the X-GOLD has a diagnostic mode similar to the one usually found in Qualcomm modems?
Click to expand...
Click to collapse
Thanks! The ServiceMode app is mostly interesting because its code actually reside inside the Modem firmware, where the java app is acting as a wrapper. I'm not familiar with the Qualcomm modems, could you elaborate on what that "diagnostic mode" does? (The x-gold firmware is FULL of various modes. Just depends on what you want to do, and to get the proper documentation on how to use it!)
Just found ... a bit older, but still very interesting
http://hwplatform.googlecode.com/svn/trunk/Infineon/
RNC States from libsec-ril.so
Hi
Very valuable information! Does anyone have an idea about how to get the information displayed from serviceMode programatically? Looks like most of it is being polled directly to the libsec-ril.so. In my case I'm interested in obtaining information about the RNC states on the handset
Thanks for this information
Thanks for the info E:V:A. I did quite some figuring out about the Radio/DSP unit of the Nokia DCT3 back in the day and also the GSM protocol (anyone remember Project Blacksphere / OpenGPA?).
Things have likely come a long way since then. One thing that is clearly different is that the baseband processor is completely isolated from the application processor. In the DCT3 there was one ARM processor that drove both the user interface and parts of the GSM protocol, and connected to a DSP for the low-level radio stuff.
I wonder how other things have changed with 3G. I may get back in the game. This will give me an headstart
Memory map and boot process
It appears that modem.bin consists of multiple partitions that are loaded separately at bootup of the device, reflecting the modem boot up sequence in libsec-ril.so:
Code:
Offset Size Address Description
0x000000 0x00f000 0x00800000 PSI
0x00f000 0x019000 0x60000000? EBL
0x028000 0x9d8000 0x60300000 Main image
0x9ff800 0x000800 Used for verification (buliding ReqSecStart command)?
0xa00000 0x200000 0x60e80000 NV data (file contains default data)
0xc00000 0x000200 Unused?
Offset is offset in file, address is flash/ram offset on device. Whereabouts about the EBL are a bit unknown, address 0x60000000 is based on a guess the others are sure.
Also I did an attempt at constructing the run-time memory map of the device, based on static analysis but as I've not found a way yet to actually probe it there are quite a few question marks.
Code:
Device memory map:
0x00000000 RAM/ROM? (what is here?)
0x00080000 PSI bootloader *RAM*
0x40000000 Flash (what is flashed here?)
0x60000000? Code (EBL)
0x60100000 Flash
0x60300000 Code (Flash)
0x60e80000 NVram data (Flash)
0xe0000000 Peripheral mapping for memory-mapped I/O (256MB)
0xffff0000 Memory (initial stack)
As for I/O devices in peripheral mapping, my understanding is still very limited and based on the bootloader only. I have a longer list of addresses from static analysis, but as I can't yet label anything it is pointless to publish. As usual, the upper bits (how many? 8?) select which peripheral, the lower bits (20?) select a port within that peripheral.
Code:
0xe4d00164 ? status bits
0xe4d00384 ? status bits
0xe8000070 ? status bits
Entry points:
Code:
Offset Address Description
0x000000 0x00080000 Boot loader
0x00f400 0x60000000? EBL
0x1a8000 0x60480000 Main stack
I'm trying to run this in QEMU and created a basic environment, but as my understanding of ARM kernel space (interrupt handling, timers, etc) is very limited, it currently gets stuck in a loop waiting for some other thread (or interrupt handler) to update an address.
just thought it might be of interest and help - http---en.samaanet.com/?p=2390
direct link:
http://en.samaanet.com/?p=2390
Polarfuchs said:
direct link:
http://en.samaanet.com/?p=2390
Click to expand...
Click to collapse
That's a direct rip-off of my XDA thread!
Any more posts with such links will be removed!
How should I know, I just posted the link as "service" because the user above me could't post links.
I've been informed that the download link doesn't work. i will upload again as soon as I have time...
Really interesting stuff you have got here.
One thing I've been searching for a while now: I own a Galaxy Nexus, which has a XMM6260 modem. Samsung had on their stock ROM a feature in service mode where you can check the power modes of the 3G data connection. Since the Galaxy S2 has the same modem, thus it should be possible to get that feature.
I'm interested in this stuff because my Galaxy Nexus likes to drain like crazy on the 3G network that I use and I suspect that it has to do with the 3G data power modes. 3G+wifi is extremely efficient in power use but 3G+mobile date is al big battery hog.
I hope you post a working link soon, than I can start reading this stuff.
Seems like this might be the best place to ask this... I also asked in the "fun with AT commands" thread so my apologies up front for the spam.
I'm looking for a fastboot friendly radio baseband I can flash with a 4.2.1 friendly RIL. This may be more than what I actually need but I've got a full telephony build of the Nexus 7 3G going and while SMS and MMS are fully functional I'm getting a CME ERROR: 4 when I try to do voice dialing and don't see anything coming in via logcat on an inbound call.
The mobile plan I'm using is full voice capable and verified as functional.
Doing a strings of the included RIL (libxgold-ril.so) shows all the necessary voice functions listed (although I guess this could be a false positive if it is interface based).
The modem mounts up on /dev/ttyACM0 and I'm able to do all the basics with radiooptions, except voice dialing and answering of course.
Any pointers / advice / direction would be greatly appreciated... coming up to speed real quick in this area.
XGold626 One X Pinout
I have removed my BB CPU and here is the pinout if it helps anyone
How to start?
I'm a rookie so is anyone can provide a step-by-step tutorial about how to send AT commands to the baseband processor directly? Right now I only can use i2cdetect to list i2c channels, but how to do next?
Thanks,
Andong
XGold 626 Reversing
witchspace said:
It appears that modem.bin consists of multiple partitions that are loaded separately at bootup of the device, reflecting the modem boot up sequence in libsec-ril.so:
[snip]
Click to expand...
Click to collapse
Hi!
Nice work. I'm working on reversing the xgold626 baseband as well. Specifically, I'm looking at the NELK2 baseband for my GT-i9300.
Perhaps we could join forces? Anyone else working on reversing the xgold626 baseband is welcome to contact me as well.
I'm reachable at: je at clevcode.org, or on my ircd (irc.clevcode.org, port 7000, SSL, nick je).
Cheers,
Joel
witchspace said:
It appears that modem.bin consists of multiple partitions that are loaded separately at bootup of the device, reflecting the modem boot up sequence in libsec-ril.so:...
I'm trying to run this in QEMU and created a basic environment, but as my understanding of ARM kernel space (interrupt handling, timers, etc) is very limited, it currently gets stuck in a loop waiting for some other thread (or interrupt handler) to update an address.
Click to expand...
Click to collapse
clevcoder said:
Specifically, I'm looking at the NELK2 baseband for my GT-i9300. Perhaps we could join forces? Anyone else working on reversing the xgold626 baseband is welcome to contact me as well.
Click to expand...
Click to collapse
Yep, that is very interesting. Send me PM if there are more interest in pursuing this further! What's the primary interest of doing this?