<div dir="ltr"><div>Hi list</div><div><br></div><div>I'm hacking a protocol that runs inside Huawei SCP, in between USAU (signaling gateway within IN) and SCP node itself.</div><div>There is a small file at my disposal (few megs), to study. Unfortunately there is no way to run a trace at the other side of USAU in parallel, so need to guess about fields.</div>
<div><br></div><div>Here is the typical IDP found with my guestimations</div><div><br></div><div>000000a7<span class="" style="white-space:pre"> </span>- packet length</div><div>0000feab<span class="" style="white-space:pre"> </span>- packet ID</div>
<div>00a1<span class="" style="white-space:pre"> </span>- length of remained portion</div><div><br></div><div>1000<span class="" style="white-space:pre"> </span>- (***) protocol type, 0x1000 is similar to CAMEL, other protocols are {0100,0200,0300,0400,0500,0600,1000,1200,1300,1400,1500,1700}</div>
<div>01d6f100<span class="" style="white-space:pre"> </span>- transaction ID</div><div>01d6f100</div><div><br></div><div>01ff<span class="" style="white-space:pre"> </span>- msg type and direction, 01FF - IDP, where FF means that it goes from gsmSCP to gsmSCP, response is 0100</div>
<div>0000010000000000 - something unknown, some messages may have non-zero values here</div><div><br></div><div>8c <span class="" style="white-space:pre"> </span>- length</div><div>30 81<span class="" style="white-space:pre"> </span>- tag+len, something like IDP args</div>
<div> 89 8001 01</div><div> 82 08 84 90 xxxxxxxxxxxx - A pty, MSISDN</div><div> 83 08 84 13 xxxxxxxxxxxx - B pty, MSISDN</div><div> 85 01 0a</div><div> 88 04 00000000</div><div> 8a 04 84 13 xxxx<span class="" style="white-space:pre"> </span>- E.164 country code</div>
<div> bb 05 80038090a3</div><div> 9c 01 0c</div><div> 9f32 08 xxxxxxxxxxxxxxxx - IMSI (A)</div><div> bf33 02 8000</div><div> bf34<span class="" style="white-space:pre"> </span> - a tag that assumes no length/value </div>
<div> 22 02 0159</div><div> 80 08 1000000000000000</div><div> 81 08 91 xxxxxxxxxxxxxxx - GT of MSC(ssf)</div><div> a3 09 8007 xxxxxxxxxxxxxx location number ?</div><div> bf35 03 830111</div><div> 9f36 05 207a77c430</div>
<div> 9f37 08 91 xxxxxxxxxxxxxx - GT of MSC(ssf) </div><div> 9f39 08 xxxxxxxxxxxxxxxx - some number in unknown format (neither E.164 nor E.212)</div><div><br></div><div><br></div><div>a-pty MSISDN may be alternatively coded with 9F38 tag</div>
<div><br></div><div><br></div><div>The most tricky thing is to decode another protocol types (marked with *** above) that are not so obvious</div><div><br></div><div>My final goal is to decode both CAP portion and amount of credit available</div>
<div><br></div><div>Is there anybody who faced similar task or who can provide additional traces.. or can even make some traces? </div><div>An ideal case is to perform SS7 and USAU trace in parallel.</div><div>Or even has some papers on this topic</div>
<div><br></div><div>Regards,</div><div>Dmitri Soloviev</div></div>