Research Pre GSM Modem
Revision as of 18:13, 13 October 2009 by StefanSchmidt (talk | contribs) (its /dev/modemuart not ttyS0)
Modem Ports
There are several ports for communicating with the modem on the Palm Pre:
- /dev/modemuart: Modem UART (UART Port)
- /dev/tts/modem0 (Symlink for ttyACM0): USB Serial to Modem for AT commands (Data Port)
- /dev/tts/modemdiag (Symlink for ttyACM1): USB Serial to Modem for Diagnositics (DIAG Port)
sysfs Entries
- Power Control: /sys/user_hw/pins/modem/power_on/level
Palm Programs for communicating with the modem
In /usr/bin are some interessting programs:
- PmLinuxModemCmd: You can do some operations on the modem from command line
- PmModemInfo: Shows you the IMEI and the version of the modem firmware
- PmModemPower: A simple shell script to turn on/reset the modem
- PmModemUpdater: Flash the modem with a new firmware
Through disassembling the PmLinuxModemCmd binary I found some binary sequences which indicates that the Pre communicates with the modem over a binary protocol.
The binary sequences are:
00014a1c <enableloopbackdataport>: 14a1c: 31455441 .word 0x31455441 ... 159c0: 0a0d .short 0x0a0d 000159c2 <loopback>: 159c2: 0f88 .short 0x0f88 159c4: 00010000 .word 0x00010000 159c8: 7eb3d400 .word 0x7eb3d400 000159cc <identify>: 159cc: 7e3b1c1d .word 0x7e3b1c1d 000159d0 <getVer>: 159d0: 1b0000fa .word 0x1b0000fa 159d4: 00000009 .word 0x00000009 159d8: 00000000 .word 0x00000000 159dc: 7e .byte 0x7e 000159dd <testAlive>: 159dd: fa .byte 0xfa 159de: 0000 .short 0x0000 159e0: 0000011b .word 0x0000011b 159e4: 00000000 .word 0x00000000 159e8: b74c .short 0xb74c 159ea: 7e .byte 0x7e 000159eb <testAliveResp>: 159eb: 1b .byte 0x1b 159ec: 00000001 .word 0x00000001 159f0: 0000 .short 0x0000 ... 000159f3 <testAliveResp1>: 159f3: 1c .byte 0x1c 159f4: 00000002 .word 0x00000002 159f8: 0000 .short 0x0000 ... 000159fb <testAliveCDMA>: 159fb: fa .byte 0xfa 159fc: 14080000 .word 0x14080000 15a00: f904d200 .word 0xf904d200 15a04: 7e27 .short 0x7e27 00015a06 <testAliveRespCDMA>: 15a06: 0122 .short 0x0122 15a08: 0000 .short 0x0000 ... 00015a0b <enterFTMmode>: 15a0b: 29 .byte 0x29 15a0c: 73810003 .word 0x73810003 15a10: 7e .byte 0x7e 00015a11 <CDMAdiagPortOnUART>: 15a11: fa .byte 0xfa 15a12: 0000 .short 0x0000 15a14: 00002308 .word 0x00002308 15a18: fbf1 .short 0xfbf1 15a1a: 7e .byte 0x7e 00015a1b <CDMAdiagPortOnUSB>: 15a1b: fa .byte 0xfa 15a1c: 23080000 .word 0x23080000 15a20: 29e20001 .word 0x29e20001 15a24: 7e .byte 0x7e 00015a25 <resetCDMA>: 15a25: 29 .byte 0x29 15a26: 0002 .short 0x0002 15a28: 6a59 .short 0x6a59 15a2a: 7e .byte 0x7e 00015a2b <onlineMode>: 15a2b: fa .byte 0xfa 15a2c: 00030000 .word 0x00030000 15a30: 00000000 .word 0x00000000 15a34: 09f00500 .word 0x09f00500 15a38: 7e .byte 0x7e 00015a39 <offlineMode>: 15a39: fa .byte 0xfa 15a3a: 0000 .short 0x0000 15a3c: 00000003 .word 0x00000003 15a40: 06000000 .word 0x06000000 15a44: 3b6b .short 0x3b6b 15a46: 7e .byte 0x7e 00015a47 <ATCGDCONT>: 15a47: 41 .byte 0x41 15a48: 47432b54 .word 0x47432b54 15a4c: 4e4f4344 .word 0x4e4f4344 15a50: 0a0d3f54 .word 0x0a0d3f54 00015a54 <ATE0E1Cmd>: 15a54: 30455441 .word 0x30455441 15a58: 30453145 .word 0x30453145 15a5c: 30453145 .word 0x30453145 15a60: 30453145 .word 0x30453145 15a64: 0a0d3145 .word 0x0a0d3145 00015a68 <ATCmd>: 15a68: 0a0d5441 .word 0x0a0d5441 00015a6c <Charging90mA>: 15a6c: 1b0000fa .word 0x1b0000fa 15a70: 00000006 .word 0x00000006 15a74: 00180000 .word 0x00180000 15a78: f0f30000 .word 0xf0f30000 15a7c: 7e .byte 0x7e 00015a7d <Charging500mA>: 15a7d: fa .byte 0xfa 15a7e: 0000 .short 0x0000 15a80: 0000061b .word 0x0000061b 15a84: 18000000 .word 0x18000000 15a88: 2b000100 .word 0x2b000100 15a8c: 7ee9 .short 0x7ee9 00015a8e <Charging1A>: 15a8e: 00fa .short 0x00fa 15a90: 00061b00 .word 0x00061b00 15a94: 00000000 .word 0x00000000 15a98: 00070018 .word 0x00070018 15a9c: bdfb .short 0xbdfb 15a9e: 7e .byte 0x7e 00015a9f <getQPSTConfig>: 15a9f: 0c .byte 0x0c 15aa0: 417e3a14 .word 0x417e3a14 15aa4: 43512454 .word 0x43512454 15aa8: 0d474d44 .word 0x0d474d44 15aac: 51245441 .word 0x51245441 15ab0: 474d4443 .word 0x474d4443 15ab4: 2454410d .word 0x2454410d 15ab8: 4d444351 .word 0x4d444351 15abc: 067e0d47 .word 0x067e0d47 15ac0: 7e7e954e .word 0x7e7e954e 00015ac4 <getESN>: 15ac4: 00000026 .word 0x00000026 ... 15b48: 7ed2ad00 .word 0x7ed2ad00 00015b4c <CDMAPcmLoopbackOn>: 15b4c: 000e0b4b .word 0x000e0b4b 15b50: 00010003 .word 0x00010003 15b54: 0001000c .word 0x0001000c 15b58: 7e00 .short 0x7e00 00015b5a <CDMAPcmLoopbackOff>: 15b5a: 0b4b .short 0x0b4b 15b5c: 0003000e .word 0x0003000e 15b60: 000c0001 .word 0x000c0001 15b64: 7e000000 .word 0x7e000000 00015b68 <GSMPcmLoopbackOn>: 15b68: 000e0b4b .word 0x000e0b4b 15b6c: 000b0003 .word 0x000b0003 15b70: 0001000c .word 0x0001000c 15b74: 7e00 .short 0x7e00 00015b76 <GSMPcmLoopbackOff>: 15b76: 0b4b .short 0x0b4b 15b78: 0003000e .word 0x0003000e 15b7c: 000c000b .word 0x000c000b 15b80: 7e000000 .word 0x7e000000 00015b84 <Dial>: 15b84: 000000fa .word 0x000000fa 15b88: 00000000 .word 0x00000000 15b8c: 04000000 .word 0x04000000 ... 15bf0: 34000000 .word 0x34000000 15bf4: 31363830 .word 0x31363830 15bf8: 32333837 .word 0x32333837 15bfc: 00000037 .word 0x00000037 ... 15c30: 0a000000 .word 0x0a000000 ... 15c58: 0000 .short 0x0000 15c5a: 7e .byte 0x7e 00015c5b <disableloopbackdataport>: 15c5b: 41 .byte 0x41 15c5c: 0d304554 .word 0x0d304554 15c60: 0a .byte 0x0a 00015c61 <ATDT>: 15c61: 41 .byte 0x41 15c62: 4454 .short 0x4454 15c64: 37313654 .word 0x37313654 15c68: 37323338 .word 0x37323338 15c6c: 0a0d .short 0x0a0d 00015c6e <testAlive_1>: 15c6e: 00fa .short 0x00fa 15c70: 00011b00 .word 0x00011b00 15c74: 00000001 .word 0x00000001 15c78: 7ead8101 .word 0x7ead8101 00015c7c <onlineMode_1>: 15c7c: 030000fa .word 0x030000fa 15c80: 00000000 .word 0x00000000 15c84: 4f020000 .word 0x4f020000 15c88: 5d7d .short 0x5d7d 15c8a: 7e .byte 0x7e
PmModemUpdater
Usage: PmModemUpdater -h Print usage PmModemUpdater -v Detect current modem firmware version PmModemUpdater -p /path/to/firmware.tar Check the firmware package info PmModemUpdater -b Backup NV items from device to /var/firmware/palm_nv_backup.txt PmModemUpdater -r /path/to/nvfile Load NV items from nvfile PmModemUpdater<firmware.tar Update the firmware using a tar file as input PmModemUpdater<firmware.tar -f Force an update even the modem has the same version than tar file PmModemUpdater<firmware.tar -s xx xx Force the modem to be flashed (RESCUE MODE) PmModemUpdater -i Start a data/voice test on your umts modem directly PmModemUpdater -e Ignore stop/start TIL/WAND PmModemUpdater -o silent mode which means no verbose output at all PmModemUpdater<firmware.tar -m Force the modem to be flashed (INFINITE USB RESCUE MODE) on USB
pmmodempower
#!/bin/sh for i in "$*" if [ "$i" = "on" ] then echo Powering On Modem echo 1 > /sys/user_hw/pins/modem/power_on/level fi if [ "$i" = "off" ] then echo Powering Off Modem echo 0 > /sys/user_hw/pins/modem/boot_mode/level echo 0 > /sys/user_hw/pins/modem/power_on/level fi if [ "$i" = "cycle" ] then echo Powering Off Modem echo 0 > /sys/user_hw/pins/modem/boot_mode/level echo 0 > /sys/user_hw/pins/modem/wakeup_modem/level echo 0 > /sys/user_hw/pins/modem/power_on/level sleep 2 echo Powering On Modem echo 1 > /sys/user_hw/pins/modem/power_on/level #echo Waiting for MODEM_WAKE_APP Low #while [ "$appwake" != "0" ] #do # appwake=`cat /sys/user_hw/pins/modem/wakeup_app/level` #done #echo Waiting for MODEM_WAKE_APP Pulse High #appwake=`cat /sys/user_hw/pins/modem/wakeup_app/level` #while [ "$appwake" != "1" ] #do # appwake=`cat /sys/user_hw/pins/modem/wakeup_app/level` #done #while [ "$appwake" != "0" ] #do # appwake=`cat /sys/user_hw/pins/modem/wakeup_app/level` #done echo Asserting APP_WAKE_MODEM echo 1 > /sys/user_hw/pins/modem/wakeup_modem/level fi done
PmLinuxModemCmd
usage: PmLinuxModemCmd <Port> <[a][b][c][d <number>][e][f][ftm][h][g][i][k <#pkts>][l][m][n][o][pcmloopback <radio> <state>][q][r][s][t][u <#pkts>][zr][zt][zl][1] [5][9]]> [v] where: <Port>: /dev/ttyS0 - Modem UART. - UART PORT /dev/tts/modem0 - USB Serial to Modem for AT commands - DATA PORT. /dev/tts/modemdiag - USB Serial to Modem for Diagnostics - DIAG PORT. where: e - empty read buffer from specified port. u - Loopback mode performance test. Next argument <#pkts> UART PORT COMMANDS: (/dev/ttyS0) b - Send loopback mode command for 256 bytes. UART goes into loopback mode until power cycle. d - Send commands to dial a phone number. Phone number in the format 4086178327. f - Send offline mode and read pkt. ftm - Enter modem FTM mode (both CDMA and GSM modems). i - Send identify command. l - Send testalive then loop forever doing ( onlinemode, offlinemode, sleep to UART. m - Disable loopback mode. o - Send online mode and read pkt. pcmloopback - control PCM loopback. <radio> = GSM/CDMA <state> = on/off. q - Send test alive, online mode and then read pkts. r - Get firmware version. t - Send test alive and read pkt. 1 - Send command to enable 1A charging. 5 - Send command to enable 500mA charging. 9 - Send command to enable 90mA charge. zs - CDMA reset modem. zt - CDMA send test alive and read pkts. zdiagonusb - CDMA put diag port on USB diag. zdiagonuart- CDMA put diag port on UART. DATA PORT COMMANDS: (/dev/tts/modem0) a - Send AT\n. c - Send ATCGDCONT\n. h - Send Echo command. k - Test loopback perf using command (ATE1\n). DIAG PORT COMMANDS: (/dev/tts/modemdiag) g - Get QPST serial port config from DIAG port. s - Get ESN from DIAG port. zl - CDMA put modemdiag into loopback. zr - CDMA Read performance tests. Takes two arguments <numpkts> and <pktSize>. Eg. %s /dev/tts/modemdiag zr <NumPkts> <PktSize> [v] zw - CDMA Write performance tests. Takes two arguments <numpkts> and <pktSize>. Eg. %s /dev/tts/modemdiag zw <NumPkts> <PktSize> [v] zu - CDMA Performance tests of the diag port after putting it into loopback. Takes two arguments <numpkts> and <pktSize>. Eg. %s /dev/tts/modemdiag zu <NumPkts> <PktSize> [v] where v - verbose output.