From morteza.ali.ahmadi at gmail.com  Sun Dec  8 21:29:53 2019
From: morteza.ali.ahmadi at gmail.com (morteza ali Ahmadi)
Date: Mon, 9 Dec 2019 00:59:53 +0330
Subject: Diag output structure of Qualcomm modems
Message-ID: <CANPQb9ASwgc8qi7W1a5zszshKSWmGV6=TrCKUWCByA7cweCNOg@mail.gmail.com>

Hi friends...
Sorry to disturb you...

I have a Qualcomm Quectel EC25 modem which I can send AT-Commands to this
module with reciving the response. I store this modem diag bytes using a
python opensource app (qcsuper <https://github.com/P1sec/QCSuper>) with a
little code manipulation. Here is a sample diag bytes:

21 00 00 0A 08 01 01 00 00 50 1C 00 04 00 03 03 FF FF 00 FF 11 90 02 00 00
10 00 00 00 EF 1F AA 4C 0B 1E 03 00 00 11 90 02 00 00 00 00 08 01 02 63 ...
02 00 B2 00 4F 00 C0 *7E* 01 00 D2 00 FD 00 C0 8E 00 00 C5 00 C5 01 C0 7E
01 00 BA 00 ... 00 00 00 00 14 *7E* 01 00 50 81 01 00 40 7D 01 00 2C ... 8D
00 00 48 8C 00 00 *7E* 00 00 00 7D 00 00 00 78 00 00

QCSuper can also run Wireshark automatically to dissect RRC Signaling
messages.

I had an experience with Qualcomm Snapdragon mobile phone and after
receiving the bytes I could dissect them using a specific structure. Some
of the patterns of this structures were indicated in a python-c++
opensource app (mobile-insight
<https://github.com/mobile-insight/mobileinsight-core>) e.g. the frames in
the diag bytes starts with *98 00* and timestamp and frame type with a
specific size follow it. Also *7E* is indicated the end of the frame.

Now, I want to know is there a similar structure in this modem diag outputs
to allow for dissecting? Can you offer me a suitable document or app like
mobile-insight?

I saw a project in Osmocom as osmo-qcdiag.
<https://github.com/osmocom/libosmocore> Can I use that to get this
structure?

I hope you help me...

Thank you very much


-- 
*When there is much light, The shadow is deep...*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/qc-linux-modems/attachments/20191209/ec9b2e98/attachment.htm>

From pshinjo at sect.tu-berlin.de  Mon Dec  9 12:27:59 2019
From: pshinjo at sect.tu-berlin.de (Shinjo Park)
Date: Mon, 9 Dec 2019 13:27:59 +0100
Subject: Diag output structure of Qualcomm modems
In-Reply-To: <CANPQb9ASwgc8qi7W1a5zszshKSWmGV6=TrCKUWCByA7cweCNOg@mail.gmail.com>
References: <CANPQb9ASwgc8qi7W1a5zszshKSWmGV6=TrCKUWCByA7cweCNOg@mail.gmail.com>
Message-ID: <3721469.hCX09szsUE@brandenburg>

Hi,

> e.g. the frames in
> the diag bytes starts with *98 00* and timestamp and frame type with a
> specific size follow it. Also *7E* is indicated the end of the frame.

Only partially correct. While end-of-frame marker is 0x7e, but start of the 
frame is not always 0x98. The first byte will be any of the diag commands [1]. 
Parsing the diag output of each commands are different and there is no unified 
structure or such. See [2] for some information.

[1] http://cgit.osmocom.org/osmo-qcdiag/tree/src/protocol/diagcmd.h
[2] http://cgit.osmocom.org/osmo-qcdiag/tree/src/protocol/protocol.h

What kind of information do you want to see from diag stream? If your goal is 
extracting signaling messages, please try out SCAT [3] for your needs also. I 
am maintaining this, and Quectel EC25 is one of the device we have.

[3] https://github.com/fgsect/scat

Best,
Shinjo

2019? 12? 8? ??? ?? 10? 29? 53? CET? morteza ali Ahmadi ?? ? ?:
> Hi friends...
> Sorry to disturb you...
> 
> I have a Qualcomm Quectel EC25 modem which I can send AT-Commands to this
> module with reciving the response. I store this modem diag bytes using a
> python opensource app (qcsuper <https://github.com/P1sec/QCSuper>) with a
> little code manipulation. Here is a sample diag bytes:
> 
> 21 00 00 0A 08 01 01 00 00 50 1C 00 04 00 03 03 FF FF 00 FF 11 90 02 00 00
> 10 00 00 00 EF 1F AA 4C 0B 1E 03 00 00 11 90 02 00 00 00 00 08 01 02 63 ...
> 02 00 B2 00 4F 00 C0 *7E* 01 00 D2 00 FD 00 C0 8E 00 00 C5 00 C5 01 C0 7E
> 01 00 BA 00 ... 00 00 00 00 14 *7E* 01 00 50 81 01 00 40 7D 01 00 2C ... 8D
> 00 00 48 8C 00 00 *7E* 00 00 00 7D 00 00 00 78 00 00
> 
> QCSuper can also run Wireshark automatically to dissect RRC Signaling
> messages.
> 
> I had an experience with Qualcomm Snapdragon mobile phone and after
> receiving the bytes I could dissect them using a specific structure. Some
> of the patterns of this structures were indicated in a python-c++
> opensource app (mobile-insight
> <https://github.com/mobile-insight/mobileinsight-core>) e.g. the frames in
> the diag bytes starts with *98 00* and timestamp and frame type with a
> specific size follow it. Also *7E* is indicated the end of the frame.
> 
> Now, I want to know is there a similar structure in this modem diag outputs
> to allow for dissecting? Can you offer me a suitable document or app like
> mobile-insight?
> 
> I saw a project in Osmocom as osmo-qcdiag.
> <https://github.com/osmocom/libosmocore> Can I use that to get this
> structure?
> 
> I hope you help me...
> 
> Thank you very much


-- 
Shinjo Park <pshinjo at sect.tu-berlin.de>
Security in Telecommunications <sect.tu-berlin.de>
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, Sekr TEL 16 / D - 10587 Berlin, Germany
Phone: +49 30 8353 58272