Hi list
I'm hacking a protocol that runs inside Huawei SCP, in between USAU (signaling gateway within IN) and SCP node itself.
There is a small file at my disposal (few megs), to study. Unfortunately there is no way to run a trace at the other side of USAU in parallel, so need to guess about fields.
Here is the typical IDP found with my guestimations
000000a7 - packet length
0000feab - packet ID
00a1 - length of remained portion
1000 - (***) protocol type, 0x1000 is similar to CAMEL, other protocols are {0100,0200,0300,0400,0500,0600,1000,1200,1300,1400,1500,1700}
01d6f100 - transaction ID
01d6f100
01ff - msg type and direction, 01FF - IDP, where FF means that it goes from gsmSCP to gsmSCP, response is 0100
0000010000000000 - something unknown, some messages may have non-zero values here
8c - length
30 81 - tag+len, something like IDP args
89 8001 01
82 08 84 90 xxxxxxxxxxxx - A pty, MSISDN
83 08 84 13 xxxxxxxxxxxx - B pty, MSISDN
85 01 0a
88 04 00000000
8a 04 84 13 xxxx - E.164 country code
bb 05 80038090a3
9c 01 0c
9f32 08 xxxxxxxxxxxxxxxx - IMSI (A)
bf33 02 8000
bf34 - a tag that assumes no length/value
22 02 0159
80 08 1000000000000000
81 08 91 xxxxxxxxxxxxxxx - GT of MSC(ssf)
a3 09 8007 xxxxxxxxxxxxxx location number ?
bf35 03 830111
9f36 05 207a77c430
9f37 08 91 xxxxxxxxxxxxxx - GT of MSC(ssf)
9f39 08 xxxxxxxxxxxxxxxx - some number in unknown format (neither E.164 nor E.212)
a-pty MSISDN may be alternatively coded with 9F38 tag
The most tricky thing is to decode another protocol types (marked with *** above) that are not so obvious
My final goal is to decode both CAP portion and amount of credit available
Is there anybody who faced similar task or who can provide additional traces.. or can even make some traces?
An ideal case is to perform SS7 and USAU trace in parallel.
Or even has some papers on this topic
Regards,
Dmitri Soloviev