**** BEGIN LOGGING AT Tue Jul 09 03:00:00 2013
Jul 09 14:29:08 <key2> hi
Jul 09 14:29:11 <morphis> key2: hey
Jul 09 14:29:50 <morphis> key2: here you will find some help regarding libsamsung-ipc
Jul 09 14:29:53 <morphis> also in #replicant
Jul 09 14:30:20 <key2> ah great
Jul 09 14:30:47 <key2> so basically I made some USB capture of my LTE SAMSUNG USB key GT-B3740 when doing a diagnostic mode, and here is the capture: http://whatsphere.com/med4.pcap
Jul 09 14:30:57 <key2> what is interesting is all the USB-in 
Jul 09 14:32:27 <key2> they start with 0x7F and end with 0x7E, so I thought it could be HDLC
Jul 09 14:33:37 <PaulFertser> key2: hey :D
Jul 09 14:34:20 <key2> PaulFertser: yo ! ;)
Jul 09 14:37:54 <morphis> key2: pabs and me are currently working on getting a recent libsamsung-ipc version into debian
Jul 09 14:49:08 <key2> ah ok
Jul 09 14:49:34 <key2> morphis: basically, the reverse I made shows me that it could be IPC
Jul 09 14:49:44 <key2> or IPC encapsulated
Jul 09 19:09:06 <Thamos> hi@all
Jul 09 19:10:05 <PaulFertser> angelox|laptop: hey :)
Jul 09 19:10:10 <PaulFertser> angelox|laptop: how are you doing?
Jul 09 19:11:22 <angelox|laptop> PaulFertser: Hi man, i'm fine thanks, what about you?
Jul 09 19:12:01 <PaulFertser> angelox|laptop: i'm fine too, not doing much on free software lately, unfortunately.
Jul 09 19:15:36 <angelox|laptop> PaulFertser: I'm quite bored on my vacation because i haven't done anything productive, i mean likely coding, or learning something useful, all i have done is learn a bit about modeling using Blender, but i got bored of that too haha, so i'm trying to re-install all my stuff of programming again in my new computer, and it's taking a bit more of time tough, still with bad internet connection...
Jul 09 19:18:38 <PaulFertser> angelox|laptop: i was hacking a bit on openocd lately, understanding jtag etc. I was using jtag to debug microcontrollers for several years already and only recently i started to understand how it works :) 
Jul 09 19:23:56 <Thamos> Can anybody please try to log in at trac.freesmartphone.org? I have tried several times even with new requested password, but can't :(
Jul 09 19:24:11 <angelox|laptop> PaulFertser: oh that is very cool, i was learning a bit about computer vision using OpenCV, which is a great opensource library, i did like it too much because it's fast to learn and fast to program, for example, you can code an application that tracks an object from a scene with a webcam in a very easy way, powerful and easy! but that is indeed higher-level than JTAG stuff!
Jul 09 19:25:19 <PaulFertser> angelox|laptop: yeah, OpenCV is cool, seen that in action at work
Jul 09 19:27:15 <PaulFertser> Have to sleep now, so good night everybody :)
Jul 09 19:27:35 <Thamos> good n8
Jul 09 19:27:36 <angelox|laptop> PaulFertser: oh i see, good night!
Jul 09 19:28:15 <Thamos> anybody with an account for freesmartphone.org here?
Jul 09 19:29:39 <angelox|laptop> Thamos: I've just registered one account for me (i hadn't) and i could log in successfully
Jul 09 19:31:24 <Thamos> hm. Then i guess i have to make a new one, too :(
Jul 09 19:47:54 <key2> bk
Jul 09 19:56:41 <key2> morphis: btw, could you tell me how you got documentation on IPC protocol ? is it based on reverse ing ?
Jul 09 19:56:59 <GNUtoo-x60> hi
Jul 09 19:57:13 <GNUtoo-x60> key2, you want details on libsamsung-ipc?
Jul 09 19:57:20 <key2> yeah
Jul 09 19:57:29 <key2> GNUtoo-x60: i
Jul 09 19:57:35 <GNUtoo-x60> key2, then the person to ask is paulk-desktop 
Jul 09 19:57:43 <key2> GNUtoo-x60: ah ok ;)
Jul 09 19:57:56 <key2> GNUtoo-x60: i'm reversing the protocol of a LTE samsung usb stick
Jul 09 19:58:09 <GNUtoo-x60> libsamsung-ipc is still used, and used very extensively by the Replicant project
Jul 09 19:58:10 <key2> GNUtoo-x60:  and it looks like HDLC with IPC in it
Jul 09 19:58:13 <GNUtoo-x60> ok
Jul 09 19:58:32 <GNUtoo-x60> in fact paulk-desktop is adding or has added support for the galaxy SIII
Jul 09 19:58:50 <paulk-desktop> hi there
Jul 09 19:58:54 <paulk-desktop> let me rollback
Jul 09 19:59:00 <key2> paulk-desktop: hi
Jul 09 19:59:06 <GNUtoo-x60> I'm not sure that libsamsung-ipc is still used by FSO or open-webos...
Jul 09 19:59:17 <GNUtoo-x60> I mean the git HEAD version
Jul 09 19:59:27 <paulk-desktop> key2, yeah, reverse engineering
Jul 09 19:59:34 <paulk-desktop> by someone whose pseudo is ius
Jul 09 19:59:41 <key2> ah ok
Jul 09 19:59:47 <paulk-desktop> He got the protocol from the Samsung H1 binaries
Jul 09 19:59:56 <paulk-desktop> and we updated it to match with recent samsung devices
Jul 09 19:59:57 <key2> ah ok, not in the chanel
Jul 09 20:00:01 <GNUtoo-x60> FSO probably requires an old stable version of libsamsung-ipc and I'm not sure that openwebos uses the official one(for instance they forked ofono for adding libsamsung-ipc support...)
Jul 09 20:00:18 <paulk-desktop> GNUtoo-x60, I'm not sure they use libsamsung-ipc anymore
Jul 09 20:00:18 <GNUtoo-x60> so the only big remaining project using that extensively is Replicant...
Jul 09 20:00:25 <key2> paulk-desktop: I basically was able to turn my device into DIAG mode, and it's quite verbose
Jul 09 20:00:33 <GNUtoo-x60> ok
Jul 09 20:00:37 <paulk-desktop> ofono has support for the Android RIL (added by Cannonical)
Jul 09 20:00:42 <paulk-desktop> so I guess they use blobs
Jul 09 20:00:44 <key2> paulk-desktop: part of the msg start with 7F and finish with 7E
Jul 09 20:00:48 <paulk-desktop> like Ubuntu does
Jul 09 20:00:55 <paulk-desktop> key2, right, that's it
Jul 09 20:00:58 <paulk-desktop> these are the delimiters
Jul 09 20:01:05 <paulk-desktop> then you have header and then data
Jul 09 20:01:08 <key2> paulk-desktop: and there is some more in front of it
Jul 09 20:01:09 <paulk-desktop> in the middle
Jul 09 20:01:12 <GNUtoo-x60> paulk-desktop, really, at the beginning they used ofono(forked)+libsamsung-ipc
Jul 09 20:01:32 <key2> paulk-desktop: if I show u some PCAP traces, would you be able to tell me if that looks familiar to you ?
Jul 09 20:01:38 <paulk-desktop> GNUtoo-x60, yes I know but I mean it's likely that they followed cannonical changes to use directly the blob
Jul 09 20:01:41 <paulk-desktop> net split?
Jul 09 20:01:46 <GNUtoo-x60> (https://github.com/openwebos-ports)
Jul 09 20:01:47 <GNUtoo-x60> ok
Jul 09 20:01:47 <paulk-desktop> key2, sure
Jul 09 20:01:56 <GNUtoo-x60> too bad that they use a blob...
Jul 09 20:02:22 <GNUtoo-x60> ah wrong link, sorry
Jul 09 20:02:31 <key2> http://whatsphere.com/med4.pcap <- u will need wireshark 1.10 as its USB captures
Jul 09 20:02:32 <GNUtoo-x60> let me look
Jul 09 20:02:52 <paulk-desktop> 1.6.7 here
Jul 09 20:02:54 <paulk-desktop> is it ok?
Jul 09 20:03:02 <key2> it will tell u
Jul 09 20:03:06 <key2> if it's ok or not
Jul 09 20:03:12 <key2> ;)
Jul 09 20:03:49 <paulk-desktop> capture for a network type that Wireshark doesn't support.
Jul 09 20:03:49 <paulk-desktop> (pcap: network type 249 unknown or unsupported)
Jul 09 20:04:00 <GNUtoo-x60> key2, how big is the file?
Jul 09 20:04:04 <key2> yeah, need wireshark 1.10
Jul 09 20:04:11 <key2> quite small.. < 1MB
Jul 09 20:04:17 <GNUtoo-x60> ah?
Jul 09 20:04:24 <key2> the pcap or wireshark
Jul 09 20:04:25 <key2> ?
Jul 09 20:04:26 <GNUtoo-x60> how big exactly?
Jul 09 20:04:29 <GNUtoo-x60> pcap
Jul 09 20:04:36 <GNUtoo-x60> can you xz it?
Jul 09 20:04:39 <GNUtoo-x60> (I'm on 3G)
Jul 09 20:04:42 <paulk-desktop> key2, where can I find it?
Jul 09 20:04:53 <key2> 54KB
Jul 09 20:04:57 <key2> paulk-desktop: wireshark ??
Jul 09 20:04:58 <GNUtoo-x60> paulk-desktop, maybe compile wireshark from git
Jul 09 20:05:01 <GNUtoo-x60> key2, ok
Jul 09 20:05:04 <GNUtoo-x60> I'll wget it
Jul 09 20:05:07 <key2> no, download it
Jul 09 20:05:14 <GNUtoo-x60> ok
Jul 09 20:05:31 <key2> http://www.wireshark.org/download.html
Jul 09 20:05:47 <GNUtoo-x60> let me look at the capture
Jul 09 20:05:48 <paulk-desktop> ok it's in sid
Jul 09 20:05:56 <paulk-desktop> I'll look with a debian computer
Jul 09 20:06:05 <key2> ok
Jul 09 20:06:32 <key2> but if that is the case, then I could develop a Wireshark dissector for IPC in order to be able to see in live the Diagnostics
Jul 09 20:06:39 <paulk-desktop> key2, what project are you adding support for that dongle in?
Jul 09 20:07:14 <key2> paulk-desktop:  for the moment, none, I found some hardware documentation about the samsig GT-B3740
Jul 09 20:07:21 <paulk-desktop> ah ok
Jul 09 20:07:26 <key2> I created my jtag cable and attached with openocd
Jul 09 20:07:47 <key2> I used IDA to connect to openocd and dumped the memory and with some script was able to make it decompile the firmware
Jul 09 20:08:15 <GNUtoo-x60> the capture has some AT commands inside...
Jul 09 20:08:36 <GNUtoo-x60> ok
Jul 09 20:08:39 <key2> I found a way to download the firmware updater of the stick, and then was able to capture the USB protocol
Jul 09 20:08:48 <GNUtoo-x60> key2, /join #osmocom
Jul 09 20:09:00 <GNUtoo-x60> they're very interested in the modem-side
Jul 09 20:09:02 <key2> ah, am familiar with osmocom ;)
Jul 09 20:09:07 <GNUtoo-x60> ok
Jul 09 20:09:20 <key2> I'm in touch with harald byw
Jul 09 20:09:22 <key2> btw
Jul 09 20:09:27 <GNUtoo-x60> ok
Jul 09 20:09:36 <key2> so I will most probably make it part of osmocom in fact
Jul 09 20:09:44 <GNUtoo-x60> ok
Jul 09 20:09:45 <key2> depends on what we could do with the key
Jul 09 20:09:55 <GNUtoo-x60> how to extract the CDC from the USB trafic?
Jul 09 20:10:04 <key2> CDC ?
Jul 09 20:10:09 <GNUtoo-x60> some minutes ago I was reading harald's blog...
Jul 09 20:10:16 <GNUtoo-x60> and I found some interesting stuff
Jul 09 20:10:26 <GNUtoo-x60> http://openbsc.osmocom.org/trac/wiki/OsmoDevCon2013 lead me to stuff like:
Jul 09 20:10:34 <GNUtoo-x60> https://github.com/2b-as/xgoldmon
Jul 09 20:10:58 <key2> look packet 440
Jul 09 20:11:13 <GNUtoo-x60> ok
Jul 09 20:11:20 <GNUtoo-x60> I was looking from the start
Jul 09 20:11:24 <GNUtoo-x60> and was at packet 226
Jul 09 20:11:40 <GNUtoo-x60> it said CDC-Data
Jul 09 20:11:44 <GNUtoo-x60> so it's serial over usb
Jul 09 20:12:30 <key2> there is several endpoint
Jul 09 20:12:56 <GNUtoo-x60> ok
Jul 09 20:13:01 <key2> the AT comment are not from the same Source/Dest
Jul 09 20:13:02 <GNUtoo-x60> you mean several functions?
Jul 09 20:13:15 <key2> the capture is done on USB so you see everything mixed
Jul 09 20:13:18 <GNUtoo-x60> like the usb function...
Jul 09 20:13:19 <GNUtoo-x60> ok
Jul 09 20:13:21 <key2> you need to look at the src/dst
Jul 09 20:13:45 <GNUtoo-x60> I was taught the very basics of USB some days ago
Jul 09 20:14:14 <GNUtoo-x60> basically for work I had to go to a formation about the linux kernel where I learned...nearly nothing...
Jul 09 20:14:32 <GNUtoo-x60> so they very briefly presented USB....
Jul 09 20:14:39 <GNUtoo-x60> too briefly...
Jul 09 20:14:58 <GNUtoo-x60> like they told us something like: recopy theses values, it will work...
Jul 09 20:17:39 <key2> GNUtoo-x60: u fr ?
Jul 09 20:18:05 <GNUtoo-x60> yes I'm in France
Jul 09 20:18:08 <key2> "formation" =)
Jul 09 20:18:22 <GNUtoo-x60> well I didn't have time to lookup the word in wikitionary
Jul 09 20:19:09 <GNUtoo-x60> I'm near bordeaux currently
Jul 09 20:23:08 <key2> paulk-desktop: did you get to open the pcap ?
Jul 09 20:23:22 <paulk-desktop> key2, yeah just a couple seconds ago
Jul 09 20:23:26 <paulk-desktop> humm, this is AT isn't it?
Jul 09 20:23:30 <key2> nop
Jul 09 20:23:34 <key2> look from packet 440
Jul 09 20:23:55 <paulk-desktop> but at first it is AT
Jul 09 20:24:14 <paulk-desktop> AT+CFUN=5 ?
Jul 09 20:24:18 <paulk-desktop> wtf is that
Jul 09 20:24:20 <key2> yeah to initialize the modem or have more info about it... dunno
Jul 09 20:24:51 <key2> paulk-desktop: if you look from packet 440, you will see that there is 17 packets repeating non stop
Jul 09 20:25:20 <key2> and each of them has at some point a 7F ..... 7E
Jul 09 20:25:30 <key2> paulk-desktop: so I was wondering if it's IPC inside
Jul 09 20:26:22 <paulk-desktop> yeah I'll look closely
Jul 09 20:27:57 <key2> 5743290015020000f074a95b60a10a95b34815027f190000160026ffa00100117b7306170203002ca33040c814337e
Jul 09 20:28:18 <key2> so we have in here 7f 1900 00160026ffa00100117b7306170203002ca33040c81433 7e
Jul 09 20:28:32 <key2> 1900 = 0x19 which is correct as a size
Jul 09 20:28:55 <paulk-desktop> wait a sec
Jul 09 20:29:08 <paulk-desktop> I'll switch over to the pc with debian
Jul 09 20:32:16 <paulk-hp> #define HDLC_START      0x7F
Jul 09 20:32:20 <paulk-hp>  #define HDLC_END        0x7E
Jul 09 20:32:40 <paulk-hp> then unsigned short len, then 1 control byte
Jul 09 20:33:02 <key2> so it could be that
Jul 09 20:33:29 <key2> then I'd have to check if the crc16 is correct, no ?
Jul 09 20:33:51 <key2> 1433
Jul 09 20:33:53 <paulk-hp> wait a sec
Jul 09 20:35:12 <paulk-hp> yeah it might be an IPC message
Jul 09 20:35:24 <paulk-hp> then you get size again but -3 bytes
Jul 09 20:35:27 <paulk-hp> that matches an IPC header
Jul 09 20:36:38 <key2> mmh
Jul 09 20:36:54 <key2> then I would have to find out each of the msg, its meaning, right?
Jul 09 20:37:02 <paulk-hp> yes
Jul 09 20:37:31 <paulk-hp> it has a0 as group which is not something we know
Jul 09 20:38:05 <key2> ah ok
Jul 09 20:38:32 <key2> I have the TEMS dll which are C#
Jul 09 20:38:35 <key2> so easy to reverse
Jul 09 20:38:44 <key2> i could eventually look at all the stuff in it
Jul 09 20:39:07 <key2> should I use libsamsung-ipc and complete it in order to implement the rest ?
Jul 09 20:39:31 <paulk-hp> that will depend
Jul 09 20:39:42 <paulk-hp> if you find common messages then yes
Jul 09 20:39:55 <paulk-hp> else it might just be something that looks the same
Jul 09 20:40:11 <paulk-hp> if you have the original binary (user-side), run it again strings and grep for IPC
Jul 09 20:40:18 <paulk-hp> against*
Jul 09 20:40:35 <key2> ok and ?
Jul 09 20:40:39 <key2> paulk-hp: i can reverse it
Jul 09 20:41:33 <paulk-hp> look if you find common messages with libsamsung-ipc
Jul 09 20:41:53 <paulk-hp> but anyway I don't think libsamsung-ipc will quite fit your use
Jul 09 20:42:00 <paulk-hp> it's designed for phones
Jul 09 20:42:11 <paulk-hp> but the headers will greatly help if the protocol is the same
Jul 09 20:42:22 <key2> mmh ok
Jul 09 20:42:25 <paulk-hp> just not all of what's in samsung-ipc/
Jul 09 20:42:42 <key2> is there documentation about IPC msg ?
Jul 09 20:42:44 <paulk-hp> key2: keep me noticed about your progress though please
Jul 09 20:42:49 <paulk-hp> key2: only headers
Jul 09 20:42:53 <paulk-hp> and defines
Jul 09 20:42:56 <paulk-hp> we didn't write docs
Jul 09 20:43:06 <key2> documents by samsung ?
Jul 09 20:43:11 <paulk-hp> not any
Jul 09 20:43:11 <key2> or reversed here and there
Jul 09 20:43:13 <key2> ok
Jul 09 20:43:19 <key2> so everything is based on reverse
Jul 09 20:43:23 <paulk-hp> yep
Jul 09 20:43:25 <key2> ok
Jul 09 20:43:43 <key2> the cool part is that i have a decompiled version of the firmware now
Jul 09 20:43:51 <key2> and i could breakpoint
Jul 09 20:45:06 <paulk-desktop> nice
Jul 09 20:45:42 <key2> with jtag
Jul 09 20:46:11 <paulk-desktop> I'll be back later
Jul 09 20:46:13 <key2> what is mseq
Jul 09 20:46:14 <key2> aseq
Jul 09 20:46:18 <paulk-desktop> sequence numbers
Jul 09 20:46:25 <paulk-desktop> one is filled by the sender
Jul 09 20:46:40 <key2> a = answer?
Jul 09 20:46:48 <paulk-desktop> and when the other hand writes the response to that message, it fills the other one with the sequence number
Jul 09 20:47:16 <paulk-desktop> for instance you send a request with mseq=1 (don't care about aseq so set it to 0 or ff)
Jul 09 20:47:23 <paulk-desktop> and the response arrives with aseq=1
Jul 09 20:47:29 <paulk-desktop> or the other way around
Jul 09 20:47:41 <paulk-desktop> I never know which one is set by the request and which one by the response
Jul 09 20:47:51 <paulk-desktop> bbl
Jul 09 21:26:14 <key2> I actually wonder if the IPC protocol is not an ASN.1 based protocol
**** ENDING LOGGING AT Wed Jul 10 02:59:59 2013