SamsungIpcDissector

Introduction

The packets were captured with tshark / wireshark-cli on the GT-I9300 with a Replicant 11 kernel and a specific revision of the work in progress libsamsung-ipc that works with it.

Since the GT-I9300 modem is connected through the HSIC bus (which is a subset of USB, without the PHY), we can simply capture it with tshark/Wireshark by capturing on the usbmon interface that sees the modem.

Examples

This packet was the first USB packet containing samsung-ipc packet(s) right after the modem finished booting:

0000   80 df 35 c3 00 00 00 00 43 03 81 02 01 00 2d 00 | USB packet
0010   e8 f1 03 62 00 00 00 00 7e 59 0d 00 00 00 00 00 | USB packet
0020   28 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 | USB packet
0030   00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 | USB packet

       +------------------------------------------------ HDLC_START
       |  +--------------------------------------------- ?
       |  |  +------------------------------------------ ?
       |  |  |  +--------------------------------------- ?
       |  |  |  |  +--+--------------------------------- ipc_fmt_header.length
       |  |  |  |  |  |
       |  |  |  |  |  |  +------------------------------ ipc_fmt_header.mseq     +--- IPC_PWR_PHONE_PWR_UP == 0x0101
       |  |  |  |  |  |  |  +--------------------------- ipc_fmt_header.aseq     |
       |  |  |  |  |  |  |  |  +------------------------ ipc_fmt_header.group ---+
       |  |  |  |  |  |  |  |  |  +--------------------- ipc_fmt_header.index ---+
       |  |  |  |  |  |  |  |  |  |  +------------------ ipc_fmt_header.type  ------- IPC_TYPE_NOTI == 0x03
       |  |  |  |  |  |  |  |  |  |  |  +--------------- HDLC_END
       |  |  |  |  |  |  |  |  |  |  |  |
0040   7f 0a 00 00 07 00 ff ff 01 01 03 7e

       +--+--------------------------------------------- ipc_fmt_header.length
       |  |  +------------------------------------------ ipc_fmt_header.mseq     +--- IPC_MISC_ME_IMSI == 0x0a02
       |  |  |  +--------------------------------------- ipc_fmt_header.aseq     |
       |  |  |  |  +------------------------------------ ipc_fmt_header.group ---+
       |  |  |  |  |  +--------------------------------- ipc_fmt_header.index ---+
       |  |  |  |  |  |  +------------------------------ ipc_fmt_header.type  ------- IPC_TYPE_NOTI == 0x03
       |  |  |  |  |  |  |  +--------------------------- Payload length
       |  |  |  |  |  |  |  |              +------------ HDLC_START
       |  |  |  |  |  |  |  |              |  +--------- ?
       |  |  |  |  |  |  |  |              |  |  +------ ?
       |  |  |  |  |  |  |  |              |  |  |  +--- ?
       |  |  |  |  |  |  |  |              |  |  |  |
0040   |  |  |  |  |  |  |  |              7f 1a 00 00
0050   17 00 ff 00 0a 02 03 0f 30 30 30 30 30 30 30 30
                               |  |  |  |  |  |  |  |
                               |  |  |  |  |  |  |  |
       +--+--+--+--+--+--+-----+--+--+--+--+--+--+--+--- Payload (IMSI)
       |  |  |  |  |  |  |
       |  |  |  |  |  |  |
0060   30 30 30 30 30 30 30 7e
                             |
                             +-------------------------- HDLC_END