Hi,
e.g. the frames in
the diag bytes starts with *98 00* and timestamp and frame type with a
specific size follow it. Also *7E* is indicated the end of the frame.
Only partially correct. While end-of-frame marker is 0x7e, but start of the
frame is not always 0x98. The first byte will be any of the diag commands [1].
Parsing the diag output of each commands are different and there is no unified
structure or such. See [2] for some information.
[1]
http://cgit.osmocom.org/osmo-qcdiag/tree/src/protocol/diagcmd.h
[2]
http://cgit.osmocom.org/osmo-qcdiag/tree/src/protocol/protocol.h
What kind of information do you want to see from diag stream? If your goal is
extracting signaling messages, please try out SCAT [3] for your needs also. I
am maintaining this, and Quectel EC25 is one of the device we have.
[3]
https://github.com/fgsect/scat
Best,
Shinjo
2019년 12월 8일 일요일 오후 10시 29분 53초 CET에 morteza ali Ahmadi 님이 쓴 글:
Hi friends...
Sorry to disturb you...
I have a Qualcomm Quectel EC25 modem which I can send AT-Commands to this
module with reciving the response. I store this modem diag bytes using a
python opensource app (qcsuper <https://github.com/P1sec/QCSuper>) with a
little code manipulation. Here is a sample diag bytes:
21 00 00 0A 08 01 01 00 00 50 1C 00 04 00 03 03 FF FF 00 FF 11 90 02 00 00
10 00 00 00 EF 1F AA 4C 0B 1E 03 00 00 11 90 02 00 00 00 00 08 01 02 63 ...
02 00 B2 00 4F 00 C0 *7E* 01 00 D2 00 FD 00 C0 8E 00 00 C5 00 C5 01 C0 7E
01 00 BA 00 ... 00 00 00 00 14 *7E* 01 00 50 81 01 00 40 7D 01 00 2C ... 8D
00 00 48 8C 00 00 *7E* 00 00 00 7D 00 00 00 78 00 00
QCSuper can also run Wireshark automatically to dissect RRC Signaling
messages.
I had an experience with Qualcomm Snapdragon mobile phone and after
receiving the bytes I could dissect them using a specific structure. Some
of the patterns of this structures were indicated in a python-c++
opensource app (mobile-insight
<https://github.com/mobile-insight/mobileinsight-core>) e.g. the frames in
the diag bytes starts with *98 00* and timestamp and frame type with a
specific size follow it. Also *7E* is indicated the end of the frame.
Now, I want to know is there a similar structure in this modem diag outputs
to allow for dissecting? Can you offer me a suitable document or app like
mobile-insight?
I saw a project in Osmocom as osmo-qcdiag.
<https://github.com/osmocom/libosmocore> Can I use that to get this
structure?
I hope you help me...
Thank you very much
--
Shinjo Park <pshinjo(a)sect.tu-berlin.de>
Security in Telecommunications <sect.tu-berlin.de>
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, Sekr TEL 16 / D - 10587 Berlin, Germany
Phone: +49 30 8353 58272