ZTE MF823 autoswitch
Markus Gothe
nietzsche at lysator.liu.se
Tue Sep 13 17:31:22 UTC 2016
So I’ve got these PCAP-dumps.
One from Win10 and one from Ubuntu / Linux 3.13.x
-------------- next part --------------
A non-text attachment was scrubbed...
Name: win10_mbim_k5008-z.pcap
Type: application/vnd.tcpdump.pcap
Size: 61617 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libmbim-devel/attachments/20160913/572dcfe5/attachment-0001.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_probe_k5008-z.pcapng
Type: application/octet-stream
Size: 268804 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libmbim-devel/attachments/20160913/572dcfe5/attachment-0001.obj>
-------------- next part --------------
Using this data we should be able to emulate Win10.
//M
On 12 Sep 2016, at 18:39 , Markus Gothe <nietzsche at lysator.liu.se> wrote:
> I see…
> Fwiw: ZTE asked for IMEI when I requested their GPL sources.
>
> I will try to get time to do some USB sniffing tomorrow.
>
> //M
>
> On 12 Sep 2016, at 18:30 , Bjørn Mork <bjorn at mork.no> wrote:
>
>> Markus Gothe <nietzsche at lysator.liu.se> writes:
>>
>>> This actually implies that all qualcomm-android-based devices will
>>> have this behviour as a default.
>>
>> That's definitely not so. I've only tested on the Sierra Wireless EM7455
>> so far, and it doesn't even have the 0xee string descriptor.
>>
>> I'm pretty sure the MBIM code is much the same, based on for example the
>> debug messages in the gadget function driver:
>>
>> drivers/usb/gadget/f_mbim.c:1511 [g_android]mbim_func_suspend =_ "Got Function Suspend(%u) command for %s function\012"
>> / # grep mbim /sys/kernel/debug/dynamic_debug/control
>> drivers/usb/gadget/f_mbim.c:871 [g_android]mbim_ep0out_complete =_ "dev:%p\012"
>> drivers/usb/gadget/f_mbim.c:901 [g_android]mbim_ep0out_complete =_ "Set NTB INPUT SIZE %d\012"
>> drivers/usb/gadget/f_mbim.c:1772 [g_android]mbim_unbind =_ "unbinding mbim\012"
>> drivers/usb/gadget/f_mbim.c:1191 [g_android]mbim_ctrlrequest =_ "%02x.%02x v%04x i%04x l%u\012"
>> drivers/usb/gadget/f_mbim.c:993 [g_android]mbim_setup =_ "USB_CDC_RESET_FUNCTION\012"
>> drivers/usb/gadget/f_mbim.c:1002 [g_android]mbim_setup =_ "USB_CDC_SEND_ENCAPSULATED_COMMAND\012"
>> drivers/usb/gadget/f_mbim.c:1006 [g_android]mbim_setup =_ "w_length > req->length: %d > %d\012"
>> drivers/usb/gadget/f_mbim.c:1016 [g_android]mbim_setup =_ "USB_CDC_GET_ENCAPSULATED_RESPONSE\012"
>> drivers/usb/gadget/f_mbim.c:1025 [g_android]mbim_setup =_ "req%02x.%02x v%04x i%04x l%d\012"
>> drivers/usb/gadget/f_mbim.c:1044 [g_android]mbim_setup =_ "copied encapsulated_response %d bytes\012"
>> drivers/usb/gadget/f_mbim.c:1051 [g_android]mbim_setup =_ "USB_CDC_GET_NTB_PARAMETERS\012"
>> drivers/usb/gadget/f_mbim.c:1064 [g_android]mbim_setup =_ "USB_CDC_GET_NTB_INPUT_SIZE\012"
>> drivers/usb/gadget/f_mbim.c:1072 [g_android]mbim_setup =_ "Reply to host INPUT SIZE %d\012"
>> drivers/usb/gadget/f_mbim.c:1078 [g_android]mbim_setup =_ "USB_CDC_SET_NTB_INPUT_SIZE\012"
>> drivers/usb/gadget/f_mbim.c:1100 [g_android]mbim_setup =_ "USB_CDC_GET_NTB_FORMAT\012"
>> drivers/usb/gadget/f_mbim.c:1108 [g_android]mbim_setup =_ "NTB FORMAT: sending %d\012"
>> drivers/usb/gadget/f_mbim.c:1115 [g_android]mbim_setup =_ "USB_CDC_SET_NTB_FORMAT\012"
>> drivers/usb/gadget/f_mbim.c:1122 [g_android]mbim_setup =_ "NCM16 selected\012"
>> drivers/usb/gadget/f_mbim.c:1126 [g_android]mbim_setup =_ "NCM32 selected\012"
>> drivers/usb/gadget/f_mbim.c:1149 [g_android]mbim_setup =_ "control request: %02x.%02x v%04x i%04x l%d\012"
>> drivers/usb/gadget/f_mbim.c:703 [g_android]mbim_reset_function_queue =_ "Queue empty packet for QBI\012"
>> drivers/usb/gadget/f_mbim.c:718 [g_android]mbim_reset_function_queue =_ "%s: Wake up read queue\012"
>> drivers/usb/gadget/f_mbim.c:944 [g_android]fmbim_cmd_complete =_ "dev:%p port#%d\012"
>> drivers/usb/gadget/f_mbim.c:952 [g_android]fmbim_cmd_complete =_ "Add to cpkt_req_q packet with len = %d\012"
>> drivers/usb/gadget/f_mbim.c:961 [g_android]fmbim_cmd_complete =_ "Wake up read queue\012"
>> drivers/usb/gadget/f_mbim.c:2113 [g_android]mbim_ioctl =_ "Received command %d\012"
>> drivers/usb/gadget/f_mbim.c:1904 [g_android]mbim_read =_ "Enter(%zu)\012"
>> drivers/usb/gadget/f_mbim.c:1929 [g_android]mbim_read =_ "Requests list is empty. Wait.\012"
>> drivers/usb/gadget/f_mbim.c:1938 [g_android]mbim_read =_ "Received request packet\012"
>> drivers/usb/gadget/f_mbim.c:1952 [g_android]mbim_read =_ "cpkt size:%d\012"
>> drivers/usb/gadget/f_mbim.c:1963 [g_android]mbim_read =_ "copied %d bytes to user\012"
>> drivers/usb/gadget/f_mbim.c:1981 [g_android]mbim_write =_ "Enter(%zu)\012"
>> drivers/usb/gadget/f_mbim.c:2039 [g_android]mbim_write =_ "delay ep_queue: notifications queue is busy[%d]\012"
>> drivers/usb/gadget/f_mbim.c:2064 [g_android]mbim_write =_ "Exit(%zu)\012"
>> drivers/usb/gadget/f_mbim.c:757 [g_android]mbim_do_notify =_ "notify_state: %d\012"
>> drivers/usb/gadget/f_mbim.c:770 [g_android]mbim_do_notify =_ "No pending notifications\012"
>> drivers/usb/gadget/f_mbim.c:775 [g_android]mbim_do_notify =_ "Notification %02x sent\012"
>> drivers/usb/gadget/f_mbim.c:778 [g_android]mbim_do_notify =_ "notify_response_avaliable: done\012"
>> drivers/usb/gadget/f_mbim.c:815 [g_android]mbim_do_notify =_ "queue request: notify_count = %d\012"
>> drivers/usb/gadget/f_mbim.c:831 [g_android]mbim_notify_complete =_ "dev:%p\012"
>> drivers/usb/gadget/f_mbim.c:838 [g_android]mbim_notify_complete =_ "notify_count = %d\012"
>> drivers/usb/gadget/f_mbim.c:860 [g_android]mbim_notify_complete =_ "dev:%p Exit\012"
>> drivers/usb/gadget/f_mbim.c:1728 [g_android]mbim_bind =_ "MBIM in configuration %d\012"
>> drivers/usb/gadget/f_mbim.c:1881 [g_android]mbim_bind_config =_ "MBIM: dwNtbOutMaxSize:%d\012"
>> drivers/usb/gadget/android.c:1267 [g_android]mbim_function_bind_config =_ "%s: mbim transport is %s"
>> drivers/usb/gadget/f_mbim.c:1413 [g_android]mbim_disable =_ "MBIM data interface is not opened. Returning\012"
>> drivers/usb/gadget/f_mbim.c:1232 [g_android]mbim_set_alt =_ "intf=%u, alt=%u\012"
>> drivers/usb/gadget/f_mbim.c:1438 [g_android]mbim_suspend =_ "%s(): remote_wakeup:%d\012:"
>> drivers/usb/gadget/f_mbim.c:1454 [g_android]mbim_suspend =_ "MBIM data interface is not opened. Returning\012"
>> drivers/usb/gadget/f_mbim.c:1486 [g_android]mbim_resume =_ "MBIM data interface is not opened. Returning\012"
>> drivers/usb/gadget/f_mbim.c:1511 [g_android]mbim_func_suspend =_ "Got Function Suspend(%u) command for %s function\012"
>>
>>
>>
>> Bjørn
>
> //Markus - The panama-hat hacker
>
> _______________________________________________
> libmbim-devel mailing list
> libmbim-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/libmbim-devel
//Markus - The panama-hat hacker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.freedesktop.org/archives/libmbim-devel/attachments/20160913/572dcfe5/attachment-0001.sig>
More information about the libmbim-devel
mailing list