Documenting Samsung Radio variables from the ServiceMode

historical

Dear Baseband developers,

We are a very small group of XDA developers and external people trying 
to realize our Android based IMSI-catcher Detector (AIMSICD) project.
http://tinyurl.com/l6whse2

However, to realize such an ambitious feat we really need better access 
to the various RF variables and details of neighboring cells, among many 
other things. We have had partial success in that we're able to use the
ServiceMode (SM) menu from the Samsung ServiceMode application. However, 
this is just a wrapper to accessing OEM_RAW_REQUESTS presented by code 
that is part of the baseband FW. Now, the tricky part for us non-GSM 
experts, is understanding what these variables really mean and represent. 

I have started 2 threads on XDA to:

1) completely map out the ServiceMode menu options, for an GT-I9195 
(S4-mini) but should work on many similar and newer Samsung devices. 

2) To map out the various MM timers and many other RF/GSM variables 
shown and available in the SM menu. 
http://tinyurl.com/qgcmbsv

We need help from the baseband community to understand the vocabulary 
used in this information as presented in (2) above, so that we can start to 
fill in the catcher-catcher detection parameters from the table here:
https://opensource.srlabs.de/projects/mobile-network-assessment-tools/wiki/CatcherCatcher
We will be using a modified version of this to do our detection. 

I'd also like to invite anyone interested to participate in this free and
open 
project. Everything we have done so far is available on github. There are
also some hidden documents available to motivated developers who have 
shown an honest effort to help us out.

Best Regards,
E:V:A

--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Documenting-Samsung-Radio-variables-from-the-ServiceMode-tp4026493.html
Sent from the baseband-devel mailing list archive at Nabble.com.