Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,804,192 Members 37,025 Now Online
XDA Developers Android and Mobile Development Forum

[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Tip us?
 
E:V:A
Old
(Last edited by E:V:A; 8th May 2014 at 01:44 PM.)
#1  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
Default [REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

RF/Radio properties of the ServiceMode Application

Thread Difficulty: HARD
Thread Noob Patience: LOW

Thread Topic

This thread is a Reference and Research & Development thread for
investigating and to better document the various radio related variables
as found and displayed by the ServiceMode application. Here we are
particularly concerned with those found in Samsung phones, but as
you will see, this is more modem (BP/CP) dependent than phone model
dependent. So much of this info should also apply to other devices
using the same modem.

Off Topic?

If you have questions that does not directly concern the main focus
of this thread, please ask in the general forum. If you ask support
questions here, they will be deleted without warning.

If you're just looking for info how to enter the Service Menu on a recent
Samsung, look in this thread:
[REF][ServiceMode] How to make your Samsung perform dog tricks


Background

Because the ServiceMode (SM) application is really running in the
Modem under its own RTOS, it is limited in the presentation. So what
you see running in the AOS ServiceMode application is really just a
Java wrapper to code that is running in the RTOS. This severely
limits the information presented, if accessible at all.

Most mobile device manufacturers doesn't want their users to have
access to the ServiceMode functions, for various and good reasons.
Perhaps the best reason is that you can easily hard-brick your
device and/or mess up all the internal radio related settings.
However, we are already used to this, so why not have a better look
at the mobile network parameters within our devices. These can be
extremely useful from identifying network problems to detect and
prevent illegal or clandestine mobile network monitoring.

So what are the limiting factors of the ServiceMode Application?

  • It is a Java wrapper application that is usually made by
    the device manufacturer (Samsung, HTC, Nokia etc) that
    need to be present and compatible with your AOS FW.
    (API, RIL etc)
  • The actual code is running in Modem RTOS and usually queried
    by ServiceMode.apk by the use of a RIL_REQUEST_OEM_HOOK_RAW request,
    that allows requests to circumvent the normal RIL filter.
  • The parameters present depends on the Modem FW versions.
    (You will find many misspellings and other FUBAR objects in
    various modem SM presentations.)
  • The displayed RF related parameters depend on the Modem HW,
    and are thus completely different in an Intel XMM modem, than
    for an Qualcomm MSM type modem/processor SoC, and so on.
  • The displayed RF related parameters depend on the network
    you are currently using and connected to.

But the mobile network interface is transparent from the AOS AP point
of view, so a large set of radio parameters must comply to the 3GPP
standards in order for your device to function properly. But only a
very small subset of these RF parameters are part of the non-internal AOS API.

We want more!

By carefully looking at all the details and information that is
presented by the SM application, we can find out many more and
useful network details, such as ciphering modes, network types,
bands, and technology used. But to do this we need to understand
the language used. Unfortunately, many times the language does
not reflect the current 3GPP standards, so we are left to guess,
until some anonymous modem RF-expert/developer come along and
correct us.

So if you happen to know anything specific, this is where you
can really help this thread...


ServiceMode Vocabulary

Here I try to resolve some of the more obscure sounding items,
as found in the SM of mainly two devices.

(a) Samsung Galaxy S2 (GT-I9100, XXKI1 with Intel XMM6260 modem)
(b) Samsung Galaxy S4-mini (GT-I9195, XXUBML4 with Qualcomm MSM8930AB SoC)

In post#2 you will find an almost complete menu structure for
the UMTS MENU items as found in (b). I have not posted the items
for the LTE or CDMA menus, since I don't have that network, which
means I don't know how they would look. So feel free to post your
own findings, if you use those.

Also, remember that the end-point/detailed view of the menu
items, depend on your current network. I.e. you will see
different items, when connected to GSM vs. WCDMA, and so on.

In post#3 I show the detailed explanations of the various
3GPP defined RR timers as shown under the NAS/MM items.

In post#4 I attempt to describe the specific end-point menu items:

Code:
        [1] BASIC INFORMATION
        [1] MM INFORMATION
        [2] MM REJECT CAUSE
        [3] GMM REJECT CAUSE
        [3] AS INFORMATION
        [4] NEIGHBOUR CELL


I still need help deciphering some of those values.

(What exactly do they represent and mean?)

MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

The Following User Says Thank You to E:V:A For This Useful Post: [ Click to Expand ]
 
E:V:A
Old
(Last edited by E:V:A; 8th May 2014 at 12:29 PM.)
#2  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
The root MAIN MENU

Code:
MAIN MENU
[1] UMTS                
[2] CDMA                
[3] LTE                         
[4] SIM- Not Used.                     ==> <E>
[5] DOCOMO DEBUG SCREEN         
[6] run EFS SYNC()              
[7] DEBUG SCREEN



The UMTS MENU tree


Here is an almost complete menu structure for the UMTS MENU items
found in a GT-I9195. I have not posted the items for the LTE or CDMA
menus, since I don't have that network, which means I don't know how
they would look. So please post your own findings, if you use those.

Code:
[1]     UMTS MAIN MENU
        [1] DEBUG SCREEN
        [2] VERSION INFORMATION
        [3] UMTS RF NV
        [4] GSM RF NV
        [5] AUDIO
        [6] COMMON
        [7] LTE BAND CONFIG CHECK
        ------------------------------

        [1]     DEBUG SCREEN
                [1] BASIC INFORMATION                   ==> <E>         Code: 0011
                [2] NAS INFORMATION
                [3] AS INFORMATION
                [4] NEIGHBOUR CELL
                [5] GPRS INFORMATION
                [6] SIM INFORMATION
                [7] HANDOVER
                [8] PHONE CONTROL
                [9] ANTENNA/ADC


                [1]     // BASIC INFORMATION            ==> <E> 

                        RRC: IDLE, Band1                                
                        MCC-MNC:nnn-01                                  
                        RX: 10663, RI: -59, CID: hhhhh
                        TX: 9713, PSC: 394
                        EcIo: -4, RSCP: -63                             
                        SpeechVER: FR FR FR                             
                        L1: PCH_Sleep                                   
                        Drx cycle: 64                                   
                        SIB19 is received                               
                        therm: 162 LNA: 0                               
                        Service: Available                              


                [2]     NAS INFORMATION

                        [1] MM INFORMATION
                        [2] MM REJECT CAUSE
                        [3] GMM REJECT CAUSE
                        [4] PS REJECT CAUSE
                        [5] RESET MM&GMM REJECT List
                        [6] EF_RAT INFORMATION
                        [7] SAT REFRESH INFO
                        [8] SMC RESULT INFO
                        [9] CALL END CAUSE


                        [1]     // MM INFORMATION

                                mm: Idle                                        
                                MCC-MNV: nnn-01                                 
                                LAC: hhh, RAC: nn                               
                                TIMER_T32:      10(S) 11(S) 12(A)
                                                13(S) 20(S) 30(S) 40(S)
                                GmmState: Registered(3)
                                SubState: normal(0)
                                PmmMode: IDLE(1)
                                rej_cause: 0, IuAttCnt: 0
                                TMSI: hhhhhhh

                        [2]     // MM REJECT CAUSE

                                MM reject Information List
                                1. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                2. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                3. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                4. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                5. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                6. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM

                        [3]     // GMM REJECT CAUSE

                                GMM reject Information List
                                1. Time: 4M 9D 14h19m02s
                                   Type: 4, Cause:7 nnn-01, UMTS
                                2. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                3. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                4. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM
                                5. Time: 1M 6D 0h00m00s
                                   Type: 0, Cause:0 000-000, GSM

                        [4]     // PS REJECT CAUSE
                                PDP and PDN recet List
                                - No Data

                        [5]     // RESET MM&GMM REJECT List             <== Immediately clears reject list!

                        [6]     // EF_RAT INFORMATION

                                Boot-up EF_RAT
                                NONE(-1)
                                Refreshed EF_RAT
                                1.GSM_WCDMA(1), 000-000
                                2.GSM_WCDMA(1), 000-000
                                3.GSM_WCDMA(1), 000-000
                                4.GSM_WCDMA(1), 000-000
                                5.GSM_WCDMA(1), 000-000

                        [7]     // SAT REFRESH INFO
                                <exactly the same as above>

                        [8]     // SMC RESULT INFO                      -->  <E>

                                RRC: IDLE, Band1
                                MCC-MNC: nnn-01
                                RX: 10663, RI: -59, CID: hhhhh
                                TX: 9713, PSC: 394
                                EcIo: -4, RSCP: -63
                                SpeechVER: FR FR FR
                                L1: PCH_Sleep
                                Drx cycle: 64
                                SIB19 is received
                                therm: 162 LNA: 0
                                Service: Available

                        [9]     // CALL END CAUSE                               -->  <E>
                                <exactly the same as above>


                [3]     // AS INFORMATION

                        RRC: IDLE, Band1
                        WCDMA: IDLE
                        RX: 10663, RI: -59, CID: hhhhh
                        TX: 9713, PSC: 394
                        EcIo: -4, RSCP: -63
                        VOC: FR FR FR, 0
                        L1: PCH_Sleep
                        CQI: 0, Sam: 0

                [4]     // NEIGHBOUR CELL
                        
                        Aset: 10663 394 -60 -7 53 29                    <== rapid changes
                        Sych: 10663 403 -83 -51 31 -15          
                        Sych: 10663 403 -83 -51 31 -15          
                        Sych: 10663 403 -83 -51 31 -15          
                        Asych: 10663 422 -121 -49 29 -1         
                        Asych: 10663 262 -121 -49 0 0           
                        Asych: 10663 102 -121 -49 0 0           
                        Asych: 10663 450 -121 -49 0 0           


                [5]     GPRS INFORMATION
                        FUNCTION:ds_gprs_information

                [6]     SIM INFORMATION

                        [1] General Info
                        [2] QMI UIM status
                        [3] CHECK NV


                        [1]     // General Info

                                SIM Phase: 0                            
                                Card Capability: USIM                   
                                SIM voltage class: 1.8V SIM             
                                None                                    
                                None                                    
                                Proactive command:                      
                                00 00 00 00 00 00 00 00 00 00           - ^^ (10 Hex)

                        [2]     // QMI UIM status
                                
                                CARD_STATE:     Present                 
                                CARD_ERROR:     Unknown                 
                                APP_TYPE:       USIM                    
                                APP_STATE:      Ready                   
                                PERSO_STATE:    Ready                   
                                PERSO_FEATURE:  Unsupported             
                                PIN1_STATE:     Enabled_Verified 
                                pin1_num(3), puk1_num(10)
                                PIN2_STATE:     Enabled_Not_Verified
                                pin2_num(3), puk2_num(10)              

                        [3]     // CHECK NV

                                CHECK NV                                
                                Band pref: Unexpected value             
                                RTRE Configuration: SIM based           
                                FTM Mode: Online Mode                   
                                ENS: Disabled                          
                                UIM CLASS: UMTS


                [7]     HANDOVER

                        [1] HANDOVER GtoG
                        [2] HANDOVER GtoW
                        [3] HANDOVER WtoG
                        [4] HANDOVER TEST

                [8]     PHONE CONTROL

                        [1] DRX CONTROL                 
                        [2] FAKE SECURITY CONTROL       
                        [3] NAS CONTROL                 
                        [4] UE STATE CONTROL                            
                        [5] SIMULATION                                  
                        [6] NETWORK LOCK                                
                        [7] NETWORK CONTROL                             


                        [1]     // DRX CONTROL
                                DRX: Not Active
                                [1] DRX: ON
                                [2] DRX: OFF

                        [2]     // FAKE SECURITY CONTROL
                                FAKE SECURITY: OFF 
                                [1] FAKE SECURITY: ON
                                [2] FAKE SECURITY: OFF
                        
                        [3]     NAS CONTROL

                                [1] CIPHERING CONTROL
                                [2] INTEGRITY CONTROL
                                [3] SIM CLASS CONTROL
                                [4] REVISION CONTROL
                                [5] RRC(HSPA) CONTROL
                                [6] DUALMODE IMPROVEMENT CONTROL
                                [7] NAS AVOID SECURITY CONTROL


                                [1]     // CIPHERING CONTROL
                                        CIPHERING CONTROL: ON
                                        [1] CIPHERING: ON
                                        [2] CIPHERING: OFF

                                [2]     // INTEGRITY CONTROL
                                        INTEGRITY CONTROL: ON
                                        [1] INTEGRITY: ON
                                        [2] INTEGRITY: OFF

                                [3]     // SIM CLASS CONTROL
                                        UIM CLASS: UMTS
                                        [1] UIM CLASS: UMTS
                                        [2] UIM CLASS: GSM

                                [4]     REVISION CONTROL
                                        [1] DISPLAY REVISION 
                                        [2] CHENGE REVISION 

                                [5]     RRC(HSPA) CONTROL
                                        [1] DISPLAY RRC REVISION
                                        [2] CHANGE RRC REVISION

                                [6]     // DUALMODE IMPROVEMENT CONTROL
                                        DUALMODE IMPROVEMENT: NOT ACT
                                        [1] DUALMODE IMPROVEMENT: ON
                                        [2] DUALMODE IMPROVEMENT: OFF

                                [7]     NAS AVOID SECURITY CONTROL
                                        AVOID_SECURITY_CHECK: NOT ACT
                                        [1] SECURITY_CHECK: ON
                                        [2] SECURITY_CHECK: OFF


                        [4]     UE STATE CONTROL

                                [1] CALL CONNECT STATE
                                [2] CHANGE RAT TO WCDMA
                                [3] CHANGE RAT TO GSM

                        [5]     SIMULATION

                                [1] Modem Assert (Reset)
                                [2] SW WATCHDOG
                                [3] HW WATCHDOG
                                [4] CP Logging (Started)
                                [5] Realtime Log(OFF) - Don't!          <== WTF?
                        
                        [6]     NETWORK LOCK

                                [1] PERSO SHA256 Info
                                        SHA256_ENABLE_FLAG [1]

                        [7]     NETWORK CONTROL                         

                                [1] GCF
                                [2] BAND SELECTION                      ==> Code: 2263 "BAND"
                                [3] SERVICE DOMAIN
                                [4] AQUISITION ORDER
                                [5] PLMN(AUTO/MANUAL) SELECTIO
                                [6] FPLMN
                                [7] IMSI replacement


                                [1]     GCF

                                        [1] GSM/(E)GPRS/WCDMA REL8
                                        [2] GSM/(E)GPRS/WCDMA REL7
                                        [3] GSM/(E)GPRS/WCDMA REL6
                                        [4] GSM/(E)GPRS/WCDMA REL5
                                        [5] SETTING CANCELLATION

                                [2]     BAND SELECTION

                                        [1] Automatic
                                        [2] WCDMA Band Preference
                                        [3] GSM Band Preference
                                        [4] LTE Band Preference


                                [3]     // SERVICE DOMAIN
                                        [1] CS + PS (*)
                                        [2] CS ONLY
                                        [3] PS ONLY

                                [4]     // AQUISITION ORDER
                                        [1] Automatic
                                        [2] GSM_UMTS
                                        [3] UMTS_GSM (*)
                                        [4] No Change

                                [5]     // PLMN(AUTO/MANUAL) SELECTIO
                                        [1] AUTOMATIC (*)
                                        [2] MANUAL

                                [6]     FPLMN

                                        [1] FPLMN READ
                                        [2] FPLMN DELETE ALL
                                        [3] FPLMN DELETE EXCL DOM

                                [7]     // IMSI replacement
                                        [1] Enable
                                        [2] Disable (*)



                [9]     ANTENNA/ADC
                                ds_antenna_adc


        ------------------------------
        [2]     VERSION INFORMATION
                [1] SW VERSION
                [2] HW VERSION

        [3]     UMTS RF
                [1] RF NV READ
                [2] RF NV WRITE
                [3] UMTS DIVERSITY CONTROL
                [4] RF CALIBRATION CHECK

        [4]     GSM RF
                [1] RF NV READ
                [2] RF NV WRITE
        
        [5]     AUDIO                           ==> Locked! See Note (a)
                ...

        [6]     COMMON
                [1] FTM
                [2] DEBUG INFO
                [3] RF SCANNING
                [4] DIAG CONFIG
                [5] WCDMA SET CHANNEL
                [6] NV REBUILD
                [7] FACTORY TEST
                [8] FORCE SLEEP
                [9] GPS


                [1]     FTM : OFF                ==> Locked! See Note (b)
                        [1] NOT SUPPORT 
                        [2] FTM : OFF

                [2]     DEBUG INFO
                        [1] MM REJECT CAUSE
                        [2] LOG DUMP
                        [3] UI DEBUG POPUP - N/S

                        
                [3]     RF SCANNING     
                        [1] SETTING
                        [2] START RF SCANNING
                        [3] RESULT TO PC
                        [4] RESULT TO SCREEN

                [4]     DIAG CONFIG
                        [1] USB  ( )
                        [2] UART (*)
                        [3] DBG MSG ON  (*)
                        [4] DBG MSG OFF ( )

                [5]     WCDMA SET CHANNEL       
                [6]     NV REBUILD              
                [7]     FACTORY TEST          
                [8]     FORCE SLEEP             
                [9]     GPS
                        co_gps_menu             

        
        [7]     LTE BAND CONFIG CHECK           --> <E>
(Where I have replaced my LAC/CID with "nnnnn" and "hhhhh", respectively)

Note that the end-point/detailed view of the menu items, depend on your
current network. I.e. you will see different items, when connected to GSM vs. WCDMA.

For example. Here is a picture comparing the BASIC INFORMATION view for LTE, CDMA and GSM/UMTS, respectively.



(Picture stolen from THIS website. Sorry, there is no owner/contact info there to ask for permission.)

So what does all those numbers mean?
That's what we will try to figure out in the next posts and in this thread! But first I will show you
another menu view. The menu that concerns the MM (Mobile Management) MENU items.
To get to the picture below:

MAIN MENU > [1] UMTS MAIN MENU > [1] DEBUG SCREEN > [2] NAS INFORMATION > [1] MM INFORMATION

Which should result in:

Code:
mm: Idle
MCC-MNV: nnn-01
LAC: hhh, RAC: nn
TIMER_T32:      10(S) 11(S) 12(A)
                13(S) 20(S) 30(S) 40(S)
GmmState: Registered(3)
SubState: normal(0)
PmmMode: IDLE(1)
rej_cause: 0, IuAttCnt: 0
TMSI: hhhhhhh
< placeholder >

As you can see, these include the values of a few important RR timers used. These timers are discussed in the next section.
Attached Thumbnails
Click image for larger version

Name:	0011s.jpg
Views:	1931
Size:	98.8 KB
ID:	2732066  
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

The Following User Says Thank You to E:V:A For This Useful Post: [ Click to Expand ]
 
E:V:A
Old
(Last edited by E:V:A; 8th May 2014 at 12:48 PM.)
#3  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
The Mobility Management (MM) Timers: MS-side

All the MM timers are defined and thorough;y explained in [1]. But here I
summarize the timers we have found in our SM as shown above. Where we
have the following timers clearly visible:
Code:
T3210
T3211
T3212
T3213
T3220
T3230
T3240
Here's a summary table also taken and edited from [1].





The very brief 3GPP summary for T3210/11/12/13 is:

< WIP placeholder>


The very brief 3GPP summary for T3220/30/40 is:
Code:
T3220   Timer is used during the MM states of: 
        
        - IMSI Detach Initiated

        Timer is started at IMSI Detach.
        Timer is stopped when: release from RM-sublayer
        At expiry it:   "enter Null or Idle, ATTEMPTING TO UPDATE" ??


T3230   Timer is used during the MM states of:

        - Wait For Outgoing MM Connection
        - Wait For Additional Outgoing MM Connection
        - Wait TO Re-establish MM connection

        Timer is started in the mobile station when:
        
        - the MS makes a Ciphering Mode (CM) service request
        - the MS makes a Ciphering Mode (CM) re-establishment request

        Timer is stopped when:

        - the MS makes a CM setting
        - the MS receives a CM Service Reject 
        - the MS receives a CM Service Accept 
        
        At expiry it provides a release indicator.



T3240   Timer is started in the mobile station when:
 
        - the mobile station receives a LOCATION UPDATING ACCEPT message completing a location updating procedure in the cases specified in subclauses 4.4.4.6 and 4.4.4.8;
        - the mobile station receives a LOCATION UPDATING REJECT message in the cases specified in subclause 4.4.4.7;
        - the mobile station has sent a CM SERVICE ABORT message as specified in subclause 4.5.1.7;
        - the mobile station has released or aborted all MM connections in the cases specified in 4.3.2.5, 4.3.5.2, 4.5.1.1, and 4.5.3.1;
        - the mobile station receives the paging message from network and enter the MM state 9 (WAIT FOR NETWORK COMMAND).

        Timer is stopped, reset, and started again at receipt of an MM message.

        Timer is stopped and reset (but not started) at receipt of a CM message that initiates establishment of an CM connection (an appropriate SETUP, REGISTER, or CP-DATA message as defined in 3GPP TS 24.008, 3GPP TS 24.010 [21] or 3GPP TS 24.011 [22]).

        If timer expires, the MS shall abort the RR connection and enter the MM state MM IDLE.



References:


[1] "Mobile Radio Interface Layer 3 specification, Core Network Protocols"
3GPP TS 24.008 V12.5.0 (2014-03): (678 pages)
[2]
Attached Thumbnails
Click image for larger version

Name:	sm_timers_1_800.jpg
Views:	1891
Size:	98.8 KB
ID:	2732139  
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

The Following User Says Thank You to E:V:A For This Useful Post: [ Click to Expand ]
 
E:V:A
Old
(Last edited by E:V:A; 8th May 2014 at 01:08 PM.)
#4  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
The Variable Vocabulary

Here is a list of variable names, and their inferred meaning, as found in the SM shown above.

Code:

RX              : Receive/Down-Link Channel aka "DL CH"                                             
TX              : Transmit/Up-Link Channel aka "UL CH"                                              
RI              : [dBm] RSSI (Receive Signal Strength Indicator)                                    
CID             : Cell ID                                                                           
PSC             : Primary Synchronization Code                                                      
EcIo            :                                       [1] Ec/Io = RSCP / RSSI = Eb/No - Gp
RSCP            : [dBm] Received Signal Code Power      [2,3] RSCP  = RSSI + Ec/No          
                                                                                                    
SpeechVER       : The Voice Codec in use                [EFR/FR/HR/AMR]                     
L1              :                                       [FACH,DCH,BCH,PCH_Sleep]            
Drx cycle       : Discontinuous Reception (DRX) Cycle                                               
therm           : Thermal Power (                                                                   
LNA             : Low Noise Amplifier ???                                                           


mm: Idle                : Mobile Management connection status ??                
lu: Upda                :                                                       
SS: Avail               : Subsystem System Simulator ?? Secondary Synchronization Signal ??
RAC                     : Routing Area Code                                     
TIMER_T32: 10 (S)       : Really refers to the T3210 timer, and where           
GmmState: Registered(3) :                                                       
SubState: normal(0)     :                                                       
PmmMode: IDLE(1)        :                                                       
rej_cause:0             :                                                       
luAttCnt:0              : Location Update (IMSI Attach?)/(Attempts?) Count        
TMSI: 9xxxxxxd          : Temporary Mobile Subscriber Identity                  
                                                                                
AS INFORMATION:         : Access Stratum                                        
VOC                     :                                                       
CQI                     : Channel-Quality Indication                            
Sam                     :                                                       
        "Specific Anthropomorphic Mannequin"        ??                            
        "Service Aware Manager" (Alcatel/Lucent)   ??                             

As you can see there are many not yet clearly defined items.
To clarify these (and others) is the main purpose of this thread!



< more crazy dragons to be >
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

The Following User Says Thank You to E:V:A For This Useful Post: [ Click to Expand ]
 
E:V:A
Old
#5  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
< more crazy dragons to be >
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

 
E:V:A
Old
(Last edited by E:V:A; 10th July 2014 at 02:24 AM.)
#6  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
A very nice book chapter and collection of useful baseband info and document links.

Quote:
Benoit Michau, 2014
"Analyse de sécurité des modems mobiles"
[French]
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

 
oddball3
Old
#7  
oddball3's Avatar
Junior Member
Thanks Meter 1
Posts: 16
Join Date: Jun 2012
Location: Johannesburg
Default LNA

Quote:
Originally Posted by E:V:A View Post
The Variable Vocabulary

Here is a list of variable names, and their inferred meaning, as found in the SM shown above.

Code:
[SIZE=2]
LNA             : Low Noise Amplifier ???
LNA = Line Noise Attenuator/Attenuation

 
E:V:A
Old
#8  
E:V:A's Avatar
Recognized Developer - OP
Thanks Meter 1,785
Posts: 1,341
Join Date: Dec 2011
Location: -∇ϕ
Quote:
Originally Posted by oddball3 View Post
LNA = Line Noise Attenuator/Attenuation
Thanks for your attention, but I don't think that is correct, because this is a radio device and not an ADSL-router or other "line" dependent device. You'll have to try harder to convince me. (: Links to a reliable source, helps.
 
oddball3
Old
(Last edited by oddball3; 16th July 2014 at 12:18 AM.) Reason: added source
#9  
oddball3's Avatar
Junior Member
Thanks Meter 1
Posts: 16
Join Date: Jun 2012
Location: Johannesburg
Quote:
Originally Posted by E:V:A View Post
Thanks for your attention, but I don't think that is correct, because this is a radio device and not an ADSL-router or other "line" dependent device. You'll have to try harder to convince me. (: Links to a reliable source, helps.
Not spot on, but proof of concept:

http://www.w3eee.com/Noiz%20.html

I had the perfect site I wanted to post here for you, and just to prove what a crappy country this is, our power utility decided to cut supply to our area :-\ I reckon I was about two sentences away from perfection haha!! Was so disappointed it's taken me since then to work up the enthusiasm to try again!!

Edit: Good Reference source - http://ieeexplore.ieee.org/xpl/login...mber%3D6471543
=====================================
Android Addict, Fearless Experimenter and Tireless Flasher hehe... I reckon I've resurrected more "dead" devices over the years than the amount of fleas on bin Laden's camel :P

Tags
gsm/umts/lte/cdma, internal, modem, radio, servicemode
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes