Main page News Guest book Home bs0dd.net Phones List of modelsFirmware Net Monitor FT/NM activationNet Monitor (DCT3) Net Monitor (DCT4) Soft and games Java MIDletsOfficial soft Soft for 5510 PC software Connectivity Data-CablesFLOSYS FBUS/MBUS docs DLR-3 MBUS (atrox) Modding Color display (6310)WAP WAP-gatewayWAP-page Other Nokia 9210 archiveElektronika MK Kannel for Windows |
Here are some of the details that I've observed while monitoring the protocol Nokia Cellular Data Suite uses to talk over a serial cable to the 6110. The information is fairly sketchy at the moment with lots of gaps, especially in the basic frame format. It is, however, a start. Snooping was performed over a wired connection. It is assumed that if infra red is used that much the same data is sent, but it may be wrapped up in a low level IrDA format. Serial Communication
Basic Packet Format In a similar manner to the 21xx protocol. Packets sent from the 'phone must be acknowledged by the PC via a special packet and vice versa. Most communication takes the form of:
Format of packets from PC: +--+--+--+----+--+---+----------+-+--+--+----+----+ |1e|00|0c|type|00|len|...body...|n|sq|0?| chk | +--+--+--+----+--+---+----------+-+--+--+----+----+ type: some indication of message type: ( 1, 2, 4, 10, 11, 13, 14, 64 seen) len: length in bytes from following byte to sq inclusive n: if this packet is part of a group (i.e. long sms) indicates how many more messages, including this one, there are sq: packet sequence number, least significant nibble: incremented in range 0..7 for each new packet most significant nibble: ? seems to be normally 4, but appears to be 0 if this is not the first packet in a group. 6 has also been seen 0?: 0x00, only included if len is odd chk: 16 bit xor of all preceding 16 bit words Format of ack from PC: +--+--+--+--+--+---+----+--+----+----+ |1e|00|0c|7f|00|len|type|sq| chk | +--+--+--+--+--+---+----+--+----+----+ type: corresponds to original message type len: length in bytes, always 2 sq: last 3 bits indicate sequence number of packet being acknowledged, most significant nibble is normally 0, 8 for sequence error? chk: 16 bit xor of all preceding 16 bit words. Format of packets from 6110: +--+--+--+----+--+---+----------+-+--+--+----+----+ |1e|0c|00|type|00|len|...body...|n|sq|0?| chk | +--+--+--+----+--+---+----------+-+--+--+----+----+ type: some indication of message type (1, 2, 4, 10, 11, 13, 14, 64 observed) len: length in bytes from following byte to id inclusive n: if this message is part of a group (i.e. long sms) indicates how many more messages, including this one, there are sq: packet sequence number, least significant nibble: incremented in range 0..7 for each new packet most significant nibble: ? seems to be 4 normally, but appears to be 0 if this is not the first packet in a group. 6 has also been seen 0?: 00, only included if len is odd chk: 16 bit xor of all preceding 16 bit words. Format of ack from 6110: +--+--+--+--+--+---+----+--+----+----+ |1e|0c|00|7f|00|len|type|sq| chk | +--+--+--+--+--+---+----+--+----+----+ type: corresponds to original message type len: length in bytes, always 02 sq: last 3 bits indicate sequence number of packet being acknowledged, most significant nibble is normally 0, 8 for sequence error? chk: 16 bit xor of all preceding 16 bit words. Format of SMS-SUBMIT from PC: Referring to GSM 03.40 will make the following fields clearer. It should be noted that the format of the data in this packet is different to the SMS-SUBMIT TPDU. The fields are, however, the same. GSM 03.38 shows how the message itself is packed. This packet format is only valid as long as len < 0x41 if the message length would force the packet to be longer then the message is split across multiple packets. I'll post that information shortly. +--+--+--+--+--+---+--+--+--+--+--+--+--+--+-------+--+--+--+--+ |1e|00|0c|02|00|len|00|01|00|01|02|00|sl|st|..sca..|fo|00|pi|dc| +--+--+--+--+--+---+--+--+--+--+--+--+--+--+-------+--+--+--+--+ +--+--+--+--------+------+---------+--+--+--+-------+ |ml|dl|dt|...da...|..vp..|...msg...|01|sq|0?| chk | +--+--+--+--------+------+---------+--+--+--+-------+ len: packet length from following byte to sq inclusive sl: SMSC number len in octets including st st: SMSC number type e.g. 0x81-unknown 0x91-international 0xa1-national sca: SMSC number. This is packed in BCD format ie. 2 digits per octet it is a 10 byte field whether the number is 20 digits or not. fo: first octet of TPDU, holds flas such as validity period format pi: pid, protocol id dc: dcs, data coding scheme ml: message length in 7 bit chars dl: destination address (da) length in used semi-octets, dt: da type eg. 81-unknown 91-international a1-national da: destination number packed as BCD ie. 2 digits per octet this is a 10 byte field. Unused octets can sometimes hold rubbish. vp: validity period (1 integer byte or 7 octets - vpf) 7 byte field msg: 7 bit chars packed into bytes (see GSM 03.38) sq: packet sequence number, least significant nibble: incremented in range 0..7 for each new packet most significant nibble: ? seems to be 4 normally, but appears to be 0 if this is not the first packet in a group. 6 has also been seen 0?: pad bye, only present if len is odd chk: 6 bit xor of all preceding 16 bit words. Example: SMS sent to 987654321 via SMSC 12345678. First octet of TPDU (fo) = 0x11, Validity Period (vp) = 0xa7, Data Coding Scheme (dcs) = 0 and Protocol Identifier (pid) = 0. Message reads "hello" - 0xe8 0x32 0x9b 0xfd 0x06 in packed format: 1e 00 0c 02 00 31 00 01 00 01 02 00 06 81 21 43 65 87 f9 63 a8 00 00 00 11 00 00 00 05 09 81 89 67 45 23 f1 b8 81 20 15 63 a7 00 00 00 00 00 00 e8 32 9b fd 06 01 44 00 Phonebook Packet Format In the following descriptions, ME = mobile equipment (i.e. the phone or it's memory) and SM = sim card. PC reading phonebook entry: +--+--+--+--+--+---+--+--+--+--+--+--+--+--+--+--+---+ |1e|00|0c|03|00|len|00|01|00|01|st|ix|00|01|sq|0?|chk| +--+--+--+--+--+---+--+--+--+--+--+--+--+--+--+--+---+ st: storage type e.g. 02-ME 03-SM etc. ix: index e.g. to read location with index 1 from the sim: 1e 00 0c 03 00 09 00 01 00 01 03 01 00 01 46 00 57 0a 6110 responding to a phonebook read: +--+--+--+--+--+---+--+--+--+--+--+--+----+--+---+--+--+--+--+--+---+ |1e|0c|00|03|00|len|01|08|00|02|00|tl|text|nl|num|05|00|01|sq|0?|chk| +--+--+--+--+--+---+--+--+--+--+--+--+----+--+---+--+--+--+--+--+---+ tl: name text length text: entry name text in ASCII nl: number len (in digits) num: number in ASCII e.g. response to reading sim location 1 containing "Action Line", 0345888444: 1e 0c 00 03 00 20 01 08 00 02 00 0b 41 63 74 69 6f 6e 20 4c 69 6e 65 0a 30 33 34 35 38 38 38 34 34 34 05 00 01 44 5d 18 Reading empty location 1 from the phone returns (as expected): 1e 0c 00 03 00 0b 01 08 00 02 00 00 00 05 00 01 47 00 58 0a i.e. text and number lengths are 0 and there are no actual text or number fields PC writing a phonebook entry: +--+--+--+--+--+---+--+--+--+--+--+--+--+----+--+---+--+--+--+--+---+ |1e|00|0c|03|00|len|00|01|00|04|st|ix|tl|text|nl|num|ff|01|sq|0?|chk| +--+--+--+--+--+---+--+--+--+--+--+--+--+----+--+---+--+--+--+--+---+ st: storage type 02-ME 03-SM etc. ix: index tl: name text length text: entry name text in ASCII nl: number len (in digits) num: number in ASCII e.g. writing an entry "Test", 1234 to location index 2 to the phone memory: 1e 00 0c 03 00 13 00 01 00 04 02 02 04 54 65 73 74 04 31 32 33 34 ff 01 47 00 bf 33 6110 responding to phonebook write: Success: 1e 0c 00 03 00 06 01 08 00 05 01 46 1e 42 ^^-indicates success? Failure due to index being out of range: 1e 0c 00 03 00 07 01 08 00 06 74 01 43 00 28 07 indicates failure---^^ ^^--indicates reason? PC requesting storage parameters: +--+--+--+--+--+---+--+--+--+--+--+--+--+--+---+ |1e|00|0c|03|00|len|00|01|00|07|st|01|sq|0?|chk| +--+--+--+--+--+---+--+--+--+--+--+--+--+--+---+ st: storage type e.g. requesting parameters for the sim card: 1e 00 0c 03 00 07 00 01 00 07 03 01 43 00 52 03 6110 responding with storage parameters: +--+--+--+--+--+---+--+--+--+--+--+--+--+--+--+--+---+ |1e|0c|00|03|00|len|01|08|00|08|st|fr|us|01|sq|0?|chk| +--+--+--+--+--+---+--+--+--+--+--+--+--+--+--+--+---+ st: storage type fr: number of free locations us: number of used locations e.g. responding for the sim storage which has 90 locations 59 of which are used: 1e 0c 00 03 00 09 01 08 00 08 03 1f 3b 01 43 00 64 18 |
WAP-gateway IP: 79.186.132.242 Port: 9201 | |
Powered by COMPPAG 0.50 2022-2024 © Compys S&N Systems |