Dear Baseband developers, We are a very small group of XDA developers and external people trying to realize our Android based IMSI-catcher Detector (AIMSICD) project. http://tinyurl.com/l6whse2 However, to realize such an ambitious feat we really need better access to the various RF variables and details of neighboring cells, among many other things. We have had partial success in that we're able to use the ServiceMode (SM) menu from the Samsung ServiceMode application. However, this is just a wrapper to accessing OEM_RAW_REQUESTS presented by code that is part of the baseband FW. Now, the tricky part for us non-GSM experts, is understanding what these variables really mean and represent. I have started 2 threads on XDA to: 1) completely map out the ServiceMode menu options, for an GT-I9195 (S4-mini) but should work on many similar and newer Samsung devices. 2) To map out the various MM timers and many other RF/GSM variables shown and available in the SM menu. http://tinyurl.com/qgcmbsv We need help from the baseband community to understand the vocabulary used in this information as presented in (2) above, so that we can start to fill in the catcher-catcher detection parameters from the table here: https://opensource.srlabs.de/projects/mobile-network-assessment-tools/wiki/… We will be using a modified version of this to do our detection. I'd also like to invite anyone interested to participate in this free and open project. Everything we have done so far is available on github. There are also some hidden documents available to motivated developers who have shown an honest effort to help us out. Best Regards, E:V:A -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Documenting-Samsung-Radio-variab… Sent from the baseband-devel mailing list archive at Nabble.com.