Re: Novatel Wireless power cycle

From: Dan Williams <dcbw redhat com>
To: David Pfeffer <david fivepmtechnology com>
Cc: networkmanager-list gnome org
Subject: Re: Novatel Wireless power cycle
Date: Thu, 11 Oct 2012 16:23:04 -0500
On Thu, 2012-10-11 at 16:20 -0500, Dan Williams wrote:
> On Thu, 2012-10-11 at 08:45 -0400, David Pfeffer wrote:
> > Hi all,
> > 
> > 
> > I noticed in the modemmanager Novatel plugin code there's nothing
> > there to power cycle the modem on disable/enable. This is a problem
> > for me since I've found that one modem in particular, the MC760, it'll
> > sometimes get into this state where the radio always tells the modem
> > there's No Carrier until you power cycle it.
> > 
> > 
> > I don't know about the GSM devices, but I've been developing for a
> > little while now with the CDMA devices. There's definitely a way to do
> > it. Using strace and the NovaCore SDK (which I have obtained from
> > Novatel's software development department and without signing an NDA),
> > I've found that the following goes out over the QCDM port when you
> > turn the radio off in the SDK:
> > 
> > 
> > write(4, "K\17\0\0\273`~", 7)           = 7
> > write(4, "K\372\7\0\7\377\377\0\0\344o~", 12) = 12
> > write(4, "K\17\0\0\273`~", 7)           = 7
> > write(4, ")\1\0001@~", 6)               = 6
> > write(4, "K\17\0\0\273`~", 7)           = 7
> > write(4, "K\17\0\0\273`~", 7)           = 7
> 
> They break down like this:
> 
> K = DIAG_CMD_SUBSYS
> \17 (decimal 15) = DIAG_SUBSYS_CM (call manager)
> \0\0 = DIAG_SUBSYS_CM_STATE_INFO
> 
> K = DIAG_CMD_SUBSYS
> \372 (decimal 250) = DIAG_SUBSYS_RESERVED_OEM_0
> \7\0 (0x7) = DIAG_SUBSYS_NW_CONTROL_MODEM_SNAPSHOT
> \7 = DIAG_SUBSYS_NW_CONTROL_MODEM_SNAPSHOT_TECH_CDMA_EVDO
> \377\377\0\0 = snapshot mask
> 
> ) = DIAG_CMD_CONTROL
> \1 = DM_CONTROL_MODE_OFFLINE

Forgot to mention the last 3 bytes in all of these are the CRC-16 and
0x7E.  The DM/DIAG packet format is <cmdcode><stuff><crc-16><0x7E>.  And
of course everything before the 0x7E is HDLC encoded so that 0x7E never
appears in the body, and thus you can use it as the frame marker.

Dan

> So basically it's querying the generic modem state using the Call
> Manager subsystem (see DMCmdSubsysCMStateInfoRsp in libqcdm), and then
> it's asking for the Novatel-specific subsystem state (see
> DMCmdSubsysNwSnapshotRsp and DMCmdSubsysNwSnapshotCdma in libqcdm) and
> then it's telling the modem to go offline.  I'll assume at some point it
> tells the modem to go back online too :)
> 
> > However, I have no idea what this means -- I can't find any
> > documentation to speak of for QCDM so its just opaque binary to me.
> 
> Because there isn't unless you sign NDAs with Qualcomm, and then you
> can't do anything open-source with it.  So we've basically reverse
> engineered some stuff we need for ModemManager:
> 
> http://cgit.freedesktop.org/ModemManager/ModemManager/tree/libqcdm
> 
> and perhaps more specifically:
> 
> http://cgit.freedesktop.org/ModemManager/ModemManager/tree/libqcdm/src/dm-commands.h
> 
> The actual C API that clients of libqcdm should use is commands.h
> though, since the rest of the stuff is pretty low-level and the
> internals might change around if we discover something new later, which
> is why the commands.h uses the QcdmResult structure instead of hardcoded
> returned parameters.
> 
> > If someone is willing to assist me with the QCDM portion or give me
> > some pointers, I'd be happy to reverse engineer power off, power on,
> > and reset, and contribute a patch back. Again this is just for CDMA
> > -- 
> 
> The CONTROL command works for both GSM and CDMA devices actually.  I'm
> just missing the define for "online" so if you can capture that, that
> would be great.  I'm pretty sure it'll be something like:
> 
> write(4, ")\0\0001@~", 6) or write(4, ")\3\0001@~", 6)
> 
> there are a bunch of modes though, but I'm guessing that "online" is
> mode 0.
> 
> > the NovaCore SDK does support GSM devices but I don't own one. If
> > someone else has one, I can send you the NovaCore SDK to reverse
> > engineer this for GSM modems.
> 
> What license is the NovaCore SDK distributed under?  That has a great
> deal to do with whether or not it can just be sent around.  If you've
> obtained it under a method compatible with the license (ie, directly
> from Novatel) that's probably fine, but downloading it off some Chinese
> site may not be.  Also note that even though the EULA or license may
> prohibit reverse engineering (almost all software EULAs do), it's
> actually completely legal for the purpose of interoperability, which is
> what we're doing here with libqcdm.  But it still depends on how you got
> it...
> 
> I typically use a Windows connection manager and sniff the USB packets,
> since all the connection managers are legally obtainable via the carrier
> or manufacturers websites, or even in the firmware on the dongles
> themselves.  Helps keep the legal things clearer.
> 
> Dan
> 
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list gnome org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list
Follow-Ups:
- Re: Novatel Wireless power cycle
  - From: David Pfeffer
References:
- Novatel Wireless power cycle
  - From: David Pfeffer
- Re: Novatel Wireless power cycle
  - From: Dan Williams
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]