Actions
SamsungIpcDissector¶
Introduction¶
The packets were captured with tshark / wireshark-cli on the GT-I9300 with a Replicant 11 kernel and a specific revision of the work in progress libsamsung-ipc that works with it.
Since the GT-I9300 modem is connected through the HSIC bus (which is a subset of USB, without the PHY), we can simply capture it with tshark/Wireshark by capturing on the usbmon interface that sees the modem.
Examples¶
This packet was the first USB packet containing samsung-ipc packet(s) right after the modem finished booting:
0000 80 df 35 c3 00 00 00 00 43 03 81 02 01 00 2d 00 | USB packet
0010 e8 f1 03 62 00 00 00 00 7e 59 0d 00 00 00 00 00 | USB packet
0020 28 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 | USB packet
0030 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 | USB packet
+------------------------------------------------ HDLC_START
| +--------------------------------------------- ?
| | +------------------------------------------ ?
| | | +--------------------------------------- ?
| | | | +--+--------------------------------- ipc_fmt_header.length
| | | | | |
| | | | | | +------------------------------ ipc_fmt_header.mseq +--- IPC_PWR_PHONE_PWR_UP == 0x0101
| | | | | | | +--------------------------- ipc_fmt_header.aseq |
| | | | | | | | +------------------------ ipc_fmt_header.group ---+
| | | | | | | | | +--------------------- ipc_fmt_header.index ---+
| | | | | | | | | | +------------------ ipc_fmt_header.type ------- IPC_TYPE_NOTI == 0x03
| | | | | | | | | | | +--------------- HDLC_END
| | | | | | | | | | | |
0040 7f 0a 00 00 07 00 ff ff 01 01 03 7e
+--+--------------------------------------------- ipc_fmt_header.length
| | +------------------------------------------ ipc_fmt_header.mseq +--- IPC_MISC_ME_IMSI == 0x0a02
| | | +--------------------------------------- ipc_fmt_header.aseq |
| | | | +------------------------------------ ipc_fmt_header.group ---+
| | | | | +--------------------------------- ipc_fmt_header.index ---+
| | | | | | +------------------------------ ipc_fmt_header.type ------- IPC_TYPE_NOTI == 0x03
| | | | | | | +--------------------------- Payload length
| | | | | | | | +------------ HDLC_START
| | | | | | | | | +--------- ?
| | | | | | | | | | +------ ?
| | | | | | | | | | | +--- ?
| | | | | | | | | | | |
0040 | | | | | | | | 7f 1a 00 00
0050 17 00 ff 00 0a 02 03 0f 30 30 30 30 30 30 30 30
| | | | | | | |
| | | | | | | |
+--+--+--+--+--+--+-----+--+--+--+--+--+--+--+--- Payload (IMSI)
| | | | | | |
| | | | | | |
0060 30 30 30 30 30 30 30 7e
|
+-------------------------- HDLC_END
Updated by Denis 'GNUtoo' Carikli about 3 years ago · 1 revisions