[XMM6260][X-GOLD 626] Modem Specification / Documentation / Hack-Pack

Search This thread
By:
Advanced…
E:V:A

E:V:A

Inactive Recognized Developer
Dec 6, 2011
1,447
2,222
-∇ϕ
sp3dev said:
Guys and girls, the modem bootup sequence via the bootloader IPC transport is reversed ages ago by me for galaxy s2 and galaxy nexus. Take a look at the recent libsamsung-ipc and samsung-ril from replicant

https://github.com/morphis/libsamsung-ipc
https://gitorious.org/replicant/hardware_ril_samsung-ril/commits/master
Click to expand...
Click to collapse

Excellent! But how can we use it? (We need a binary or App that can actually connect to ATCoP from userspace. As far as I can see, the only such interface binary (modemctl.c) is just doing some very rudimentary On/Off/reset stuff.

Code: 
[SIZE=2]...
void print_help()
{[/SIZE][SIZE=2]    printf("usage: modemctrl <command>\n");[/SIZE]
[SIZE=2]    printf("commands:\n");[/SIZE]
[SIZE=2]    printf("\tstart                 bootstrap modem and start read loop\n");[/SIZE]
[SIZE=2]    printf("\tbootstrap             bootstrap modem only\n");[/SIZE]
[SIZE=2]    printf("\tpower-on              power on the modem\n");[/SIZE]
[SIZE=2]    printf("\tpower-off             power off the modem\n");[/SIZE]
[SIZE=2]    printf("arguments:\n");[/SIZE]
[SIZE=2]    printf("\t--debug               enable debug messages\n");[/SIZE]
[SIZE=2]    printf("\t--pin=[PIN]           provide SIM card PIN\n");[/SIZE]
[SIZE=2]}
...[/SIZE]
We need an actual way (like ipctool) to send receive AT command responses.

In addition, it only works (AFAIK) on XMM6260 type CP/BP's and not on Qualcomm. It also seem to require some funky way of installing a new kernel...which would preferably be avoided. While at the same time being incomplete not supporting other features like GPS, 3D graphics engine and BT. At least according to your I9100 4.0 Status page.
 
Last edited:
B

Bob Smith42

Senior Member
Jun 7, 2011
760
136
Torrent for your XGOLD626_Modem_HackPack.7z

Torrent attached. Seed if desired.
 

Attachments

  • XGOLD626_Modem_HackPack.7z.torrent
    4.7 KB · Views: 692
  • Like
Reactions: E:V:A
T

trynd

New member
Mar 27, 2013
3
1
I also have x-gold 626. And I send sequence AT commands into /dev/ttyACM0 and receive IP, GW, DNS from operator. Them I used ioctl codes for assign IP, GW and bringing up interface. But I dont pinging gw: destination host unreachable. What I need to do more? I used IDA for disasm libril-xgold.so.
 
  • Like
Reactions: E:V:A
S

sitsky

Member
Sep 28, 2010
6
0
Don't know if its been mentioned...

Hey all,

Sorry for not reading the whole thread to make sure it hasn't been told before...

I am using my Nexus 7 for GSM calls, with a workaround... I am using the paid app Tablet Talk, and a Samsung Pocket (couldn't find a cheaper phone). The phone basically is a dead weight, but still it works! :) Till you guys figure it out ;))))

Thanks for all the hard work,
~S
 
Q

quackquack147

Member
Jun 13, 2013
17
8
even enbraz

sparkyuiop said:
I have removed my BB CPU and here is the pinout if it helps anyone

Click to expand...
Click to collapse

can i have it for playbook please? blackberry playbook. and secondly i am not an electronics engineer. so i dont know electronics much. what is/are the pinouts for blackberry playbook 16/32/64gb. i need it badly. as i am trying to port coreboot for bootloader and debian as main OS. but this doesnt mean we cant run linux. i need to know which are the
hxxp :// forums.crackberry.com/playbook-rooting-f256/working-root-playbook-whats-your-progress-793657/index4.html#post8653549 but i need to know the traces and also jtag points for blackberry playbook.
thanks in advance.
thanks
-paul
 
X

xd.bx

Senior Member
May 14, 2011
431
292
clevcoder said:
Hi!

Nice work. :) I'm working on reversing the xgold626 baseband as well. Specifically, I'm looking at the NELK2 baseband for my GT-i9300.

Perhaps we could join forces? Anyone else working on reversing the xgold626 baseband is welcome to contact me as well.

I'm reachable at: je at clevcode.org, or on my ircd (irc.clevcode.org, port 7000, SSL, nick je).

Cheers,
Joel
Click to expand...
Click to collapse

Hi Joel,

For the XMM6180 radio image (Nexus S), remove the 0x5000 (first bootloader, not really necessary) and load image @ 0x60000000. Could apply to newer basebands as well. Usually looking at the code in the first bootloader can give a good idea of the loading addresses.
 
  • Like
Reactions: E:V:A
E:V:A

E:V:A

Inactive Recognized Developer
Dec 6, 2011
1,447
2,222
-∇ϕ
For anyone more interested in reversing baseband for XMM modems, I suggest you first getting used to some of their AT commands in the thread: [A][SGS2][Serial] How to talk to the Modem with AT commands

And specifically with the production mode "sequencer" running in pmode_ptest/pmode_normal that is mentioned in post 39
... I'd like to see further progress on how to use these internal features... And to explain the details of the ATCoP options shown in at@help ...


Why is this interesting? Because there are a lot more XMM's on the horizon!

intelmodemroadmap2013_575px.png
 
Last edited:
E:V:A

E:V:A

Inactive Recognized Developer
Dec 6, 2011
1,447
2,222
-∇ϕ
PLEASE NOTE: These instructions are for Intel XMM based devices only!

Lats night I tried to get some GSM variables out of my I9100, by installing xgoldmon (2b-as) following the README info there. Unfortunately that info is lacking in detail for my I9100, so I can't get anything out of it. What Am I missing here? Has anyone got this to work? Please explain.

1) The GT-I9100 is a rooted stock GB 2.3.4. Yes, that is ancient, but you'd be surprised how many such ancient devices are around! I will try to keep my BB related development on ancient devices until people stop using them. When I say ancient, I refer to the AOS API level. Many AP/BP FW updates remove and patch BB access. This is a way to avoid this. In other cases, access is simplified, i.e. in the later Qualcomm Snapdragon series. We'll always be able to make more fun additions to newer devices, once the basics is done.

2) I'm also running this on an ancient but fully updated Cygwin/Windows box.
I have successfully compiled libosmocore, following the instructions there.

This is how you do it:

Code: 
[SIZE=2]mkdir osmocom
cd osmocom 

git clone git://git.osmocom.org/libosmocore.git

cd libosmocore/
autoreconf -i
./configure
make
sudo make install
cd ..
[/SIZE]
Take note of the pkgconfig installation path. You will need to set this
to the PKG_CONFIG_PATH environment variable in the next step.

Unfortunately, the xgoldmon.git by Tobias Engel has not been updated/patched to fix a GSMTAP (gsmtap.h)
message copy/paste error. Everything still works, but you'll get the wrong message in Wireshark.
The bug details can be found HERE.

However, harpreet-s has forked this project and applied the patch,
so we will use his.

Code: 
[SIZE=2]git clone git://github.com/harpreet-s/xgoldmon.git

cd xgoldmon/
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
make 
[/SIZE]
You will now have an executable called: xgoldmon.exe

So far, so good.

Now tricky part, the instructions say:

Code: 
[SIZE=2]
...
Before running xgoldmon
=======================

To enable the logging mode ("diag mode") on the S2, S3 and Note2:
- Go to the Phone application, enter *#9900# and set "Debug Level
  Enabled" to "HIGH". The phone will reboot.
- Go to the Phone application again, enter *#7284# and set "USB" to
  "MODEM" and tap "SAVE and RESET". The phone will reboot again.

The Galaxy Nexus has to be rooted first to activate diag mode! Then:
- In the adb shell, as root, enter:
  echo MODEM > /sys/devices/tuna_otg/usb_sel
- Connect to the first of the serial devices (e.g. /dev/ttyACM0) with
  a terminal emulator and enter
  AT+TRACE=1

When connecting the phone via USB to the computer, several new
pseudo-tty devices should be created. The one with the second lowest
number should be the logging port. So for example on Linux, if you
have no other ttyACM* devices, it should be /dev/ttyACM1.

xgoldmon tries to set proper serial attributes on the device if the
"-s" option is specified. If that fails, you might have to do that
yourself with something like

  stty 115200 pass8 raw -noflsh -F /dev/ttyACM1


Running xgoldmon
================

E.g.:

  xgoldmon -t s3 -l /dev/ttyACM1

Full usage:
usage: ./xgoldmon [-t <phone type>] [-l] [-s] [-i <ip address>] [-v] <logfile or device>
  -t: select 's4', 's3', 'gnex', 's2' or 'note2' (default: 's3')
  -l: print baseband log messages
  -s: set proper serial device attributes
  -i: send gsmtap packets to given ip address (default: 'localhost')
  -v: show debugging messages (more than once for more messages)

In some situations, the phone might close the device, causing xgoldmon
to exit. If you want to do some unsupervised logging, it might be a
good idea to put the call to xgoldmon in a loop.


Watching the radio messages in Wireshark
========================================

xgoldmon uses libosmocore to send the radio messages in GSMTAP format
(http://bb.osmocom.org/trac/wiki/GSMTAP) to UDP port 4729 on the local
host. In order to monitor the packages with Wireshark, something has
to listen on that port, e.g.

  nc -u -l 4729

Then, in Wireshark, start a capture on the loopback interface. To see
only the GSMTAP messages, set this filter:

  udp.port==4729

GSM messages will be decoded out-of-the box in Wireshark. For UMTS/RRC
messages, you need a recent development version of Wireshark (at least
revision 47792), which you most likely will have to build yourself.

If everything works, it should look a bit like the
"screenshot-mtsms-while-in-a-call.png".
It contains a screenshot of Wireshark that shows an S3 receiving a
text message while in a call. (Lots of messages filtered out to show
the more relevant messages)

[/SIZE]
This create problems for people not using Linux and on older API's.

For example,

1) On my I9100, there is no "Debug Level Enabled" to "HIGH" in the *#9900# menu, but many other options.
2) The phone does not reboot after changing anything in there.
3) There is no "SAVE and RESET" button in the *#7284# menu, and therefore no reboot. But regardless, the phone recognize the changes when unplugged and plugged in again.
4) When reconnecting phone, I'm asked for 7 CDC drivers. I remember wrestling with this 2-3 years ago, unfortunately I don't remember if I found the drivers or hacked them and uninstalled them since, or just abandon that problem. :( It is possible it's using Infineon's COMNEON drivers... but I can't seem find them on my computer at the moment... looking.
5) Thus no new pseudo TTY's for me to connect and look at.

I'd very much appreciate if someone can provide a solution or more info on this.

---

EDIT: 2014-03-27

I have found some more details, but I still have to collect and try...
 
Last edited:
H

harpreet.s

Senior Member
Oct 27, 2012
153
47
Google Pixel 7
comneon driver

Hi EVA , search the below post in google and download cdc driver for windows from there(WMC_comneon2_3.33.0.zip). I use linux for default access to these com ports without additional drivers.

how-to-flash-upgrade-software-version-bp-newman-n2-freelander-i20.5004
 
  • Like
Reactions: E:V:A
E:V:A

E:V:A

Inactive Recognized Developer
Dec 6, 2011
1,447
2,222
-∇ϕ
harpreet.sooden said:
Hi EVA , search the below post in google and download cdc driver for windows from there(WMC_comneon2_3.33.0.zip). I use linux for default access to these com ports without additional drivers.
Click to expand...
Click to collapse


Oops I had almost forgotten about this thread and my last posts. Just to inform everyone, I have gotten both xgoldmon working and have made a whole thread about the 7CDCs drivers + installation etc. I meant to publish a write up about how to connect windows network in loopback mode, but just haven't gotten around to do it yet. Soon I hope.

[REF][XMM] Infineon FlashTool & Comneon 7 CDCs Driver
 
Last edited:
  • Like
Reactions: Demetris
W

Worfvx

New member
Jan 11, 2016
1
0
I need also this file or PMB9811 datasheet. Very thanks

Edit: I download file via torrent and PMB9811 I found in LG P925 service manual.
 
Last edited:
M

mammadkhata

Member
Apr 6, 2012
41
6
E:V:A said:
Intel / Infineon XMM6260 & X-GOLD 626 Modem Hack-Pack Release!

After several unsuccessful months of trying to get my phone (application) to
talk AT-commands with the baseband processor (BP), I've had to learn a lot of
hardware and internal Android and OEM based tricks and secrets. Although this
have not been enough to make anything of practical use, it is definitely worth
sharing. If not at least some more talented people may be able to continue
where I have left of...

Now, it should be immediately stated that there is nothing revolutionary
in here, apart the Infineon manual for tuning your GSM modem, using the
AT CLI and GTI sequencer. This is something that could potentially be very
useful for better understanding the advanced features that the modem
platform incorporates. However, it is also a sure way of making a an
expensive brick out of your phone! You have been warned...


Brief Modem Description
The XMM6260 is the "platform" that consists of:

  • The X-GOLD 626 baseband processor
  • The SMARTi UE2 RF-transceiver DSP
  • The 3GPP Release 7 HSPA+ protocol stack with:
    Downlink: Category 14, Uplink: Category 7
The X-GOLD 626 baseband processor (labelled "PMB 9811") is communicating
with the DSP RF-tranceiver chip called SMARTi-UE2 (labelled "PBM 5712 A1"),
using a communication interface that corresponds to the MIPI DigRF-3G
(V.3.09) standard. Through this protocol the BP can control some or all
aspects of the RF DSP.

Alternative Names

  • Infineon IFX6260
  • Intel IMC6260
  • Intel XMM626
Some other devices using this platform:
Code: 
- Lava XOLO X900                        [Phone]                         FCC ID: ???
- Lenovo K800                           [Tablet/Pad]                    FCC ID: ???
- LG-P920  (LG ?)                       [Phone]                         FCC ID: BEJP920
- LG-P925  (LG Optimus 3D?)             [Phone]                         FCC ID: BEJP925

- Huawei E369 (3G Hi-Universe)          [USB 3G Modem]                  FCC ID: QISE369         (Russian distrubutor: Merlion)
- Huawei MU733/MU739                    [PC/CE Module]                  FCC ID: QISMU739       
- Samsung Galaxy Nexus (I9200)          [Phone]                         FCC ID: ???    

Other devices that may (!?) also contain the X-GOLD 626:
---------------------------------------------------------
- LG Optimus 4X HD                      [Phone]                         FCC ID: ???    
- HTC One X                             [Phone]                         FCC ID: ???
- Huawei Ascend D Quad                  [Phone]                         FCC ID: QIS ???
- Huawei E392   (E392u-511)             [LTE Multi-mode USB stick]      FCC ID: QISE392U-511
- Huawei E353   (E352s-6)               [HSPA+ USB stick]               FCC ID: QIS ???
Hack-Pack Content
Code: 
        - Pictures/Diagrams:
                - XMM6260 colored pinout map
                - XMM6260 mounted in a Samsung Galaxy S2
                - SMARTi UE DSP RF-tranceiver chip mounted in the SGS-2
                - IPC xxxxxx stuff
                - Infineon PhoneTools testing program
                - Raw 1byte greyscale PNG of modem.bin from XXKI1

        - PDF files/documents:
                - ITA-RF-Adjustment-GSM (XMM6260 Specification)
                - Infineon MIPI-HSI Product Brief
                - X-GOLD 616 Product Brief
                - Fairchild FSA9280/88A USB/UART switch/MUX datasheet

        - Similar Modem AT sets/documents:
                - AT_Command_Set_3GPP-TS-27007-940.pdf
                - AT_Command_Set_AMOD_HSPA.pdf
                - AT_Command_Set_Gobi.pdf
                - AT_Command_Set_Motorola_XM7200S.pdf
                - AT_Command_Set_Teltonika_TM3.pdf
                - AT_Command_Set_iWOW_TR-900.pdf

        - Text Files:
                - 3GPP 27.007 AT-list
                - XMM6260 official AT-set      
                - XMM6260 internal AT-set
                - XMM6260 homebrew specifications
                        + X-GOLD 626 Modem pinouts
                        + MUX pinouts
                        + AP connections (SGS2)
                        + AP relevant info
                - Strings of modem.bin (stock firmware image: [B]XXKI1[/B])
                - Strings of drexe
                - Strings of rild
                - Strings of libril.so
                - Strings of libsec-ril.so

        - GT-I9100 stock (GB 2.3.4) binary files:
          (Taken from:  PDA:[B]XWKI4[/B], Phone:[B]XXKI1[/B])
                - libKiesDataRouter.so
                - libril.so
                - libsec-ril.so
                - libsecril-client.so
                - drexe
                - rild

        - Android hardware hacking binaries (tools):
                - dbus-monitor
                - dbus-send
                - hciconfig
                - hcidump
                - hcitool
                - i2cdetect
                - i2cdump
                - i2cget
                - i2cset
                - ipcfilter
                - ipcdump
                - ipctool
                - procmem
                - showmap
                - showslab
                - strace
                - tcpdump
                - viewmem

        + various other content
Download Here! (57.72 MB)
The modem firmware referred to and studied can be​
found here (Modem.bin.7z) or here, under "XXKI1".​

-------------------------------------------------------------------------------
DISCLAIMER:
All the material in this collection was found on internet by
appropriate Google-Fu and/or by laborious manual creation.
Nothing is stolen or reversed, so I am not held responsible
for the origin or problems affiliated with the use of these
documents, programs or other binaries.
-------------------------------------------------------------------------------

If you are a developer or other corporate official of Intel or Infineon:
Please contact your superiors and ask them to release the proper​
datasheets and documentation of these products to the public.​
Why? Because:
  1. It would significantly increase the sales of your hardware, by promoting
    a much more open approach to hardware development. There are currently
    more than 10 open-sourced and open-hardware smartphone projects around
    the world, who would benefit from the use of a more modern baseband than
    what is currently and openly available.
    .
  2. It would significantly promote your hardware in front of your competitors,
    as your company would be the first one to open up your documentation to the
    public. Thus increasing public technical knowledge of your hardware, which
    would ultimately lead to you having an easier time to find qualified
    developers that cost you less!
    .
  3. It would significantly reduce the cost and time for firmware development,
    while increasing the firmware code-quality and compatibility, as you
    would be able to benefit from the large community and knowledge from
    other professional developers as well as hardware-hackers.

    (Yes, there are several bugs found in your firmware, but since there is
    no way to report and discuss these with your developers, they will
    continue to cost you money and head-scratching for all developers
    having to deal with your platform.)
    .
  4. Your competitive advantage due to 1-3, would promote new and better
    future hardware developments, that would not only benefit your
    company/business but also society as a whole.
    .
  5. Its simply the right thing to do!

The thread where all this become crisply relevant is this one:
[A][SGS2][Serial] How to talk to the Modem with AT commands

There you will find all documents which I have found to date, which
is essentially none. At least nothing that can be of ANY practical use.
Click to expand...
Click to collapse
Download link is not working, can you please upload it again?
 
You must log in or register to reply here.

Similar threads

AdamOutler
The all-in-one Galaxy S2 Hack Pack
Replies
47
Views
128K
camp0s
camp0s
E:V:A
[R&D] Hacking the Huawei E589 (4G LTE Mobile Router)
Replies
70
Views
310K
adrscu
adrscu
AdamOutler
The All-In-One GalaxyS Hack Pack
Replies
29
Views
78K
DomZg
DomZg
A
Hack Xiaomi Mijia Walkie Talkie
Replies
277
Views
109K
bela
bela
O
[Soldering?] Move internal memory chip
Replies
49
Views
110K
Yamaha169
Yamaha169

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 16
    E:V:A
    E:V:A
    Intel / Infineon XMM6260 & X-GOLD 626 Modem Hack-Pack Release!

    After several unsuccessful months of trying to get my phone (application) to
    talk AT-commands with the baseband processor (BP), I've had to learn a lot of
    hardware and internal Android and OEM based tricks and secrets. Although this
    have not been enough to make anything of practical use, it is definitely worth
    sharing. If not at least some more talented people may be able to continue
    where I have left of...

    Now, it should be immediately stated that there is nothing revolutionary
    in here    , apart the Infineon manual for tuning your GSM modem, using the
    AT CLI and GTI sequencer. This is something that could potentially be very
    useful for better understanding the advanced features that the modem
    platform incorporates. However, it is also a sure way of making a an
    expensive brick out of your phone! You have been warned...


    Brief Modem Description
    The XMM6260 is the "platform" that consists of:

    • The X-GOLD 626 baseband processor
    • The SMARTi UE2 RF-transceiver DSP
    • The 3GPP Release 7 HSPA+ protocol stack with:
      Downlink: Category 14, Uplink: Category 7
    The X-GOLD 626 baseband processor (labelled "PMB 9811") is communicating
    with the DSP RF-tranceiver chip called SMARTi-UE2 (labelled "PBM 5712 A1"),
    using a communication interface that corresponds to the MIPI DigRF-3G
    (V.3.09) standard. Through this protocol the BP can control some or all
    aspects of the RF DSP.

    Alternative Names

    • Infineon IFX6260
    • Intel IMC6260
    • Intel XMM626

    Some other devices using this platform:
    Code: 
    - Lava XOLO X900                        [Phone]                         FCC ID: ???
- Lenovo K800                           [Tablet/Pad]                    FCC ID: ???
- LG-P920  (LG ?)                       [Phone]                         FCC ID: BEJP920
- LG-P925  (LG Optimus 3D?)             [Phone]                         FCC ID: BEJP925

- Huawei E369 (3G Hi-Universe)          [USB 3G Modem]                  FCC ID: QISE369         (Russian distrubutor: Merlion)
- Huawei MU733/MU739                    [PC/CE Module]                  FCC ID: QISMU739        
- Samsung Galaxy Nexus (I9200)          [Phone]                         FCC ID: ???     

Other devices that may (!?) also contain the X-GOLD 626:
---------------------------------------------------------
- LG Optimus 4X HD                      [Phone]                         FCC ID: ???     
- HTC One X                             [Phone]                         FCC ID: ???
- Huawei Ascend D Quad                  [Phone]                         FCC ID: QIS ???
- Huawei E392   (E392u-511)             [LTE Multi-mode USB stick]      FCC ID: QISE392U-511
- Huawei E353   (E352s-6)               [HSPA+ USB stick]               FCC ID: QIS ???
    Hack-Pack Content
    Code: 
            - Pictures/Diagrams:
                - XMM6260 colored pinout map
                - XMM6260 mounted in a Samsung Galaxy S2
                - SMARTi UE DSP RF-tranceiver chip mounted in the SGS-2
                - IPC xxxxxx stuff
                - Infineon PhoneTools testing program
                - Raw 1byte greyscale PNG of modem.bin from XXKI1

        - PDF files/documents:
                - ITA-RF-Adjustment-GSM (XMM6260 Specification)
                - Infineon MIPI-HSI Product Brief
                - X-GOLD 616 Product Brief
                - Fairchild FSA9280/88A USB/UART switch/MUX datasheet

        - Similar Modem AT sets/documents:
                - AT_Command_Set_3GPP-TS-27007-940.pdf
                - AT_Command_Set_AMOD_HSPA.pdf
                - AT_Command_Set_Gobi.pdf
                - AT_Command_Set_Motorola_XM7200S.pdf
                - AT_Command_Set_Teltonika_TM3.pdf
                - AT_Command_Set_iWOW_TR-900.pdf

        - Text Files:
                - 3GPP 27.007 AT-list
                - XMM6260 official AT-set       
                - XMM6260 internal AT-set
                - XMM6260 homebrew specifications
                        + X-GOLD 626 Modem pinouts
                        + MUX pinouts
                        + AP connections (SGS2)
                        + AP relevant info
                - Strings of modem.bin (stock firmware image: [B]XXKI1[/B])
                - Strings of drexe
                - Strings of rild
                - Strings of libril.so
                - Strings of libsec-ril.so

        - GT-I9100 stock (GB 2.3.4) binary files: 
          (Taken from:  PDA:[B]XWKI4[/B], Phone:[B]XXKI1[/B])
                - libKiesDataRouter.so
                - libril.so
                - libsec-ril.so
                - libsecril-client.so
                - drexe
                - rild

        - Android hardware hacking binaries (tools):
                - dbus-monitor
                - dbus-send
                - hciconfig
                - hcidump
                - hcitool
                - i2cdetect
                - i2cdump
                - i2cget
                - i2cset
                - ipcfilter
                - ipcdump
                - ipctool
                - procmem
                - showmap
                - showslab
                - strace
                - tcpdump
                - viewmem

        + various other content
    Download Here! (57.72 MB)
    The modem firmware referred to and studied can be
    found here (Modem.bin.7z) or here, under "XXKI1".
    -------------------------------------------------------------------------------
    DISCLAIMER:
    All the material in this collection was found on internet by
    appropriate Google-Fu and/or by laborious manual creation.
    Nothing is stolen or reversed, so I am not held responsible
    for the origin or problems affiliated with the use of these
    documents, programs or other binaries.
    -------------------------------------------------------------------------------

    If you are a developer or other corporate official of Intel or Infineon:

    Please contact your superiors and ask them to release the proper
    datasheets and documentation of these products to the public.

    Why? Because:

    1. It would significantly increase the sales of your hardware, by promoting
      a much more open approach to hardware development. There are currently
      more than 10 open-sourced and open-hardware smartphone projects around
      the world, who would benefit from the use of a more modern baseband than
      what is currently and openly available.
      .
    2. It would significantly promote your hardware in front of your competitors,
      as your company would be the first one to open up your documentation to the
      public. Thus increasing public technical knowledge of your hardware, which
      would ultimately lead to you having an easier time to find qualified
      developers that cost you less!
      .
    3. It would significantly reduce the cost and time for firmware development,
      while increasing the firmware code-quality and compatibility, as you
      would be able to benefit from the large community and knowledge from
      other professional developers as well as hardware-hackers.

      (Yes, there are several bugs found in your firmware, but since there is
      no way to report and discuss these with your developers, they will
      continue to cost you money and head-scratching for all developers
      having to deal with your platform.)
      .
    4. Your competitive advantage due to 1-3, would promote new and better
      future hardware developments, that would not only benefit your
      company/business but also society as a whole.
      .
    5. Its simply the right thing to do!
    The thread where all this become crisply relevant is this one:
    [A][SGS2][Serial] How to talk to the Modem with AT commands

    There you will find all documents which I have found to date, which
    is essentially none. At least nothing that can be of ANY practical use.
    View
    2
    viperbjk
    viperbjk
    Just found ... a bit older, but still very interesting :)

    http://hwplatform.googlecode.com/svn/trunk/Infineon/
    View
    2
    S
    sp3dev
    Guys and girls, the modem bootup sequence via the bootloader IPC transport is reversed ages ago by me for galaxy s2 and galaxy nexus. Take a look at the recent libsamsung-ipc and samsung-ril from replicant

    https://github.com/morphis/libsamsung-ipc
    https://gitorious.org/replicant/hardware_ril_samsung-ril/commits/master
    View
    2
    Synman
    Synman
    Seems like this might be the best place to ask this... I also asked in the "fun with AT commands" thread so my apologies up front for the spam.

    I'm looking for a fastboot friendly radio baseband I can flash with a 4.2.1 friendly RIL. This may be more than what I actually need but I've got a full telephony build of the Nexus 7 3G going and while SMS and MMS are fully functional I'm getting a CME ERROR: 4 when I try to do voice dialing and don't see anything coming in via logcat on an inbound call.

    The mobile plan I'm using is full voice capable and verified as functional.

    Doing a strings of the included RIL (libxgold-ril.so) shows all the necessary voice functions listed (although I guess this could be a false positive if it is interface based).

    The modem mounts up on /dev/ttyACM0 and I'm able to do all the basics with radiooptions, except voice dialing and answering of course.

    Any pointers / advice / direction would be greatly appreciated... coming up to speed real quick in this area.
    View
    1
    CCD
    CCD
    @E:V:A the link for hack-pack is dead
    Could you please upload it again
    It will be really very helpful
    View

New posts