Complete AT command list for Samsung Galaxy S2 (GB 2.3.4, KI4)

These were obtained by sending the "list all available AT commands" request: AT+CLAC .
Their functions have been collected from many different sources, none of which originates
from Samsung. Thus many ATC's are marked with one or more "?" to signify the uncertainty.

The standard AT set as shown in the OP, I have not bothered to describe here.

Code:
Select Code
ATA                             - Answer
ATD                             - Dial ...
ATE                             - Enable command echo (0=disable, 1=enable)
ATH                             - ??? Hangup/Hook
ATO                     ??      - Return to Online Data Mode
ATQ                             - Result code supression 
ATS                             - Command line termination?     S[3,4,5]
ATV                             - Command response format (0=Numerical, 1=Verbose)
ATX                             - Result code format for CONNECT        Mfg!
ATZ                             - Reset Modem (...)
ATl                             - 
ATm                             - 

AT&C                    ?       - (Received line signal detector) Behaviour
AT&D                    ?       - (Data terminal ready) Behaviour
AT&F                    ?       - Restore Factory Default Configuration

AT\Q                    ?       - Local flow control selection

AT+CACM
AT+CAMM
AT+CAOC
AT+CBC
AT+CBST
AT+CCFC
AT+CCHC
AT+CCHO                         - Open Logical Channel
AT+CCID                         - SIM Serial Number
AT+CCLK                         - Realtime clock
AT+CCUG
AT+CCWA
AT+CCWE
AT+CEER         
AT+CFUN         *               ? This command selects the level of  functionality <fun> in the MS. Only some values of<fun> are  allowed (see Defined values).

AT+CGACT                        - 
AT+CGATT                        - 
AT+CGAUTO                       - 
AT+CGCLASS                      - 
AT+CGCMOD                       - 
AT+CGDATA                       - 
AT+CGDCONT                      - 
AT+CGDSCONT                     - 
AT+CGEQMIN                      - 
AT+CGEQNEG                      - 
AT+CGEQREQ                      - 
AT+CGEREP       *               - Packet Domain event reporting
AT+CGLA                 E       - Generic UICC Logical Channel access
AT+CGMI                         - Request manufacturer identification 
AT+CGMM                         - Request model identification
AT+CGMR                         - Request revision identification
AT+CGPADDR                      - 
AT+CGQMIN                       - 
AT+CGQREQ                       - 
AT+CGREG        *               - GPRS network registration status                              AT+CGREG=2;+CGREG?
AT+CGSMS                        - 
AT+CGSN         *               - Request product serial number identification (IMEI)
AT+CGTFT

AT+CHLD
AT+CHUP                         - Hangup call
AT+CIMI         *               - Request international mobile subscriber identity (IMSI)
AT+CLAC                         - List all available AT commands
AT+CLAN
AT+CLCC
AT+CLCK
AT+CLIP
AT+CLIR
AT+CMEE                         - Report mobile termination error (+CME) verbosity mode (0,1,2)
AT+CMGC
AT+CMGD
AT+CMGF
AT+CMGL
AT+CMGR
AT+CMGS
AT+CMGW
AT+CMMS
AT+CMOD
AT+CMSS
AT+CMUX                         - Set multiplexing protocol control channel mode(s)
AT+CNAP
AT+CNMA
AT+CNMI         *               - This command selects the procedure,  how receiving of new SMS from network is indicated to the TE
AT+CNUM
AT+COLP
AT+COLR
AT+CONNECTPORT
AT+COPN
AT+COPS                         - 
AT+CPAS
AT+CPIN
AT+CPIN2
AT+CPLS
AT+CPMS
AT+CPOL
AT+CPUC
AT+CPWD
AT+CPWROFF
AT+CR
AT+CRC
AT+CREG
AT+CRES
AT+CRLA                 ?       - Restricted UICC Logical Channel access
AT+CRLP         *               - Radio link protocol
AT+CRSM
AT+CSAS
AT+CSCA
AT+CSCB
AT+CSCS
AT+CSDH
AT+CSIM
AT+CSMP
AT+CSMS
AT+CSQ                          - Signal Quality
AT+CSSN
AT+CSTA
AT+CSVM
AT+CTFR
AT+CTZR
AT+CTZU
AT+CUAD                         - UICC Application Discovery
AT+CUSD
AT+CVHU

AT+FCLASS                       - Select mode: put TA into mode: (data, fax, voice etc.)
AT+IPR                          - This command specifies the data rate  at which the DCE will accept commands. The full range of data rate  values may be reduced dependent on HW or other criteria.
AT+NEER                         
AT+TRACE        *               ? (see: +XSIO) This command controls the  trace; it allows selecting the trace mode, method and the trace data  transfer rate. 
AT+VTD                          
AT+VTS                          

AT+XAACOPS                      ?
AT+XAPP         *       !       - Known buffer overflow in Iphone 4S  (unsigned code execution):  Probably used to send executable code  (application) to BB! 
AT+XBANDSEL                     ? This command allows to switch from  automatic band selection to selection of one or more (up to four) bands.
AT+XCALLSTAT    *               ? Set reporting call status: This  command allows enabling / disabling the reporting voice call status on  DTE using an unsolicited result code +XCALLSTAT:  <call_id><stat>.
AT+XCEER                        ?
AT+XCGCLASS                     ?? Changing the startup MS Mobile class ("B", "CC")
AT+XCONFIG              +       ?? This command allows the configuration of DLCs (Data Logical Channels). (see +XMUX)
AT+XCOPS                        ? Display of the most adapted name of  the network.The command parameter <type> allows requesting the  name type which shall be displayed.
AT+XCSP                         ? This command reads the customer  service profile (CSP) from the SIM. The CSP indicates the services that  are user accessible.
AT+XCSPAGING                    ? This command allows enable/disable the  circuit switching paging. The command has an effect only when used  before +COPS or +CGATT.     
AT+XCSSMS                       ? Initiate Resending of SMS over CS if GPRS Fails
AT+XCTMS                        ? This command allows to set the TTY/CTM  behavior. The selected setting is stored also in NVRAM and remains  valid also after switch off the mobile
AT+XDATACHANNEL                 ? This command configures the channel over which CSD or GPRS data shall be routed.
AT+XDLCTEST                     ?
AT+XDNS                         ? This command enables / disables a  dynamic DNS (Domain Name Service) request before context activation.
AT+XDTMF                        ? This command allows setting the value  of SEND DTMF user setting that controls whether the DTMF tone generation  on request from SIM-TK is allowed.
AT+XEER                         ?
AT+XEONS                        ? displays the list of available  networks with details like long operator name, short operator name,  MCC/MNC, Long EONS name, Short EONS name for each PLMN.
AT+XFDOR                        ? Trigger Fast Dormancy
AT+XFDORT                       ? Set Fast Dormancy Timer
AT+XGAUTH                       ? This proprietary command allows to  enter the type of authentication for a user-name (using a password) for  the specified PDP context
AT+XGENDATA                     ? This command requests the software version and generation data.
AT+XHOMEZR                      ? This Set command enables and disables  the home zone change event reporting. If the reporting is enabled; the  MT returns the unsolicited result code +XHOMEZR: <label> whenever  the home zone is changed.
AT+XHSDUPA                      ? This command configures the mode of  HSDPA and HSUPA (by changing the appropriate dynamic NVRAM parameter)
AT+XL1SET                       ? Call the L1-specific function
AT+XLEMA                        ??? Emergency number list (Ofono)
AT+XLIN                         ? This command sets the current line.
AT+XLOG         *       !       - Known buffer overflow in Iphone 4S  (unsigned code execution) ? This command allows displaying the  exceptions stored in NVRAM on DTE. The MS-error LOG is contained in a  response code formatted as +XLOG:  <num>,<code>,<file>,<line>,<count> or an  other appropriate format as specified below.
AT+XMER                         ? Enables or disables sending of  unsolicited result codes from the MS to the DTE when the battery charge  level or the radio signal level crosses a defined threshold.
AT+XMUX                 +       ? Multiplexing mode: This command configures the GSM 07.10 multiplexing protocol. 
AT+XNOTIFYDUNSTATUS             ??? (LG) This command is used to notify DNS setting status
AT+XNVMMCC                      ?
AT+XNVMPLMN                     ?
AT+XPINCNT                      - This command reads the remaining attempts for SIM PIN, SIM PIN2, SIM PUK and SIM PUK2.        
AT+XPOW                         ? This command sets the powersaving-mode.
AT+XPROGRESS                    ? This command allows enabling /  disabling the display of an unsolicited result code + XPROGRESS:  <cin> (call number indication), <status> on DTE while a call  is in progress.
AT+XRAT                         ? This command forces the selection of the Radio Access Technology (RAT) in the protocol stack.
AT+XREDIAL                      ? Enabling of automatic redialing if the called party was busy.
AT+XREG                 !       ? Involved in the iPhone unlock hacks...
AT+XRXDIV       *               ? This command is used to allow external  control of the Rx Diversity feature during runtime.            
AT+XSETCAUSE                    ?
AT+XSIMSTATE                    ? Display SIM and Phonelock Status  (write at+xsimstate=1 to turn on, at+xsimstate=0 to turn off) 
AT+XSIO         *               ? This command allows the configuration  of the modem-interface (AT), trace-interface, IrDA interface and  MUX-interface by setting the variant number.
AT+XSMS                         ? Detection of Signal DR_SM_FINISHED_IND
AT+XSVM                         ? This command allows to set the voice mail server number.
AT+XSYSTRACE                    ?
AT+XTESM                        ?
AT+XTRACECONFIG                 ?
AT+XUBANDSEL                    ?
AT+XUICC                        - Checks for UICC Card, whether the current SIM is a 2G or 3G sim.
AT+XVTS                         -
As you can see there are quite a few OEM commands here, whose functions I have not been able to
figure out yet. Please post if you know anything or have any documentation on these. They all
start with: AT+X<something>. There are also others that, that are not documented at all, AFAIK.
[2012-02-05]

On this list, the most interesting ATC's for our purposes are AT+XSIO and AT+XTRACE as described here:
Code:
Select Code
AT+XSIO         This command allows the configuration of the modem-interface (AT), 
                trace-interface, IrDA interface and MUX-interface by setting the 
                variant number.

                • Set command allows the configuration of the modem-interface (AT), trace-interface, IrDA interface and
                  MUX-interface by setting the variant number. The set variant number becomes active only after a reset
                • Read command allows seeing which is the current variant and which is the requested variant. A star marks
                  the active variant.
                • Test command returns the possible and customizable variants.

Defined values:
                <requested>     requested variant, which may be in range 0-255
                <active>        currently active variant, which may be in range 0-255
                <AT-interface>  NULL, UART0, …, UARTn
                <Trace>         NULL, UART0, …, UARTn
                <MUX>           1-x
                <IrDA>          NULL, UART0, …, UARTn
Example:

AT+XSIO=?                                                                       

+XSIO: [SP62XX_es1] Variant=0:  AT= USART2 USB[03]; BB-Trace= USB1; 3G-Trace= USB2; OCT= USB6;                                                                  
+XSIO: Variant=1 :  AT= USART2 USB[03]; BB-Trace= TADO0; 3G-Trace= TADO1; OCT= USB1;                                                                            
+XSIO: Variant=2 :  AT= USART2 USB[01]; BB-Trace= BG0; 3G-Trace= BG1;           
+XSIO: Variant=3 :  AT= USB[01]; BB-Trace= USART2; 3G-Trace= USIF5; OCT= USB6;  
+XSIO: Variant=4 :  AT= USART2 USB[01]; BB-Trace=/bbt/0; 3G-Trace=/3gt/0;       

AT+XSIO?                                                                        

+XSIO: 0, *0

-------------------------------------------------------------------------------
AT+TRACE        This command controls the trace; it allows selecting the trace mode,
                method and the trace data transfer rate. 

                • Set command switches the trace on or off. It allows the trace mode, method and the trace data transfer rate.
                • Read command allows seeing the current set mode value along with the speed, i.e. data transfer rate. It also
                  allows knowing which traceable unit is on or off.
                • Test command returns all the possible values of mode, data transfer rate, traceable unit, their mode and
                  power saving countdown.

Command Syntax:
                
AT+TRACE=[<mode>],[<speed>],[<unit>=<umode>],[<method>],[PowerSavingCountdown]

Defined Valuse:

<mode>  may be
0       switch trace off
1       switch trace on (all kinds of traces are switched on)
128     This value can not be entered, it is only displayed via read 
        syntax if trace configuration is done by unitdefinitions
        the last time. See <umode> & <unit> for trace configuration;

<unit>=<umode>
<unit> indicates a traceable unit as follows:

St stack
Pf printf
Bt Bluetooth
Ap apoxi
Db debug
Lt LLT (Low Level Trace)
Li LwIP (Lightweight TCP/IP Stack)
Ga GATE (3rd Party Software Decoding with a Windows DLL)

<umode> defines whether the unit related trace is on or off and can have the values:

0 unit-trace off
1 unit-trace on

<method> sting type indicating the trace method with possible values:

"BTM" byte stuffing trace method
"EBTM" extended byte stuffing trace method

<PowerSavingCountdown> 
        Integer value indicating the power saving countdown 
        value in units of milliseconds. The maximum valid value is
        30000.

Example:

AT+TRACE?                                                                       
+TRACE: 1,921600,"ap=1;st=1;db=1;pr=1;bt=1,lt=1;li=1;ga=1;ae=1","DTM",0
[2012-02-14]

Additional hidden AT commands on the SGS-2

Runing strings on the stock /system/bin/drexe , you will find the following AT commands embedded.
These are probably not directly supported by Modem, but rather interpreted by drexe, as
they're not present in the +CLAC list. In addition, some of them just don't work and maybe only
provided for backward compatibility for other devices and modems.

Code:
Select Code
AT+APPLIST
AT+AUTHKEY=
AT+BATGETLEVEL?
AT+CERTKEY
AT+CGMM
AT+CGSN
AT+CGTEMR=NewPCStudio
AT+DEVAUTH
AT+DEVCONINFO
AT+DISSTRNO=
AT+FOTALOC?
AT+FOTAREADY?
AT+FOTASTART
AT+FUS?
AT+GMM
AT+GSN
AT+HIDSWVER
AT+IMEINUM
AT+PASSWORDINPUT
AT+PRODUCTCODE
AT+PROF=
AT+SECUKEY
AT+SUDDLMOD=
AT+SUPPORTFUS
AT+SWVER
AT+SYNCML=MOBEXSTART
AT+SYNCML=MOBEXSTOP
[2012-02-09]