\documentclass{beamer} \usepackage[english]{babel} \usepackage{color} \usepackage{graphicx} \usepackage{ifthen} \usepackage[utf8]{inputenc} \usepackage{listings} \usepackage{pdfpages} \lstdefinestyle{terminal}{ backgroundcolor=\color{black}, basicstyle=\scriptsize\color{green}, } %% Based on: %% https://tex.stackexchange.com/questions/136900/insert-a-full-page-image \newcommand{\pictureframe}[1] { { \begin{frame} \noindent \resizebox{\textwidth}{\textheight} {\includegraphics{#1}} \hspace*{-\textwidth} \end{frame} } } \usetheme{Singapore} \title{Modems support in Replicant} \author{Denis 'GNUtoo' Carikli} \date{\today} \begin{document} \maketitle %% TODO: Using \itemize{} fails to compile %% TODO: convert \center frames to chapter title \begin{frame} \center{In this presentation:} \begin{itemize} \item The hardware \item Android Reference implementation (More simple) \item Questions and/or Pause \item Replicant's Samsung IPC implementation (More complex) \end{itemize} \end{frame} \begin{frame} \center{The hardware} \end{frame} \pictureframe{../../external_resources/replicant_website/images/freedom-privacy-security-issues/hardware.png} \pictureframe{../../external_resources/replicant_website/images/freedom-privacy-security-issues/good-modem-isolation.png} \pictureframe{output/example_modem.png} \begin{frame} \center{Why do we look at android reference implementation first?} \begin{itemize} \item The hardware is more simple \item The protocol is way easier to understand \item Has good enough documentation (standard, reference implentation) \item It also explains why we got protocols like samsung-ipc \item Relevant for devices with free software bootloaders \end{itemize} \end{frame} \begin{frame} \center{Example: Openmoko} \begin{itemize} \item Simple \item But very strongly outdated \end{itemize} \end{frame} \pictureframe{output/serial_modem_hardware.png} \begin{frame} \center{AT commands} \begin{itemize} \item The good parts: \begin{itemize} \item Standard (ETSI GSM 07.07 / 3GPP TS 27.007) \item Publically available, no registration \item pdf versions: git://git.osmocom.org/3gpp-etsi-pdf-links.git \end{itemize} \item The bad parts: More on that later... \end{itemize} \end{frame} \begin{frame} \center{Examples based on the specification (07.07)} \end{frame} \begin{lstlisting}[style=terminal] # use verbose error values, report registration > AT+CMEE=2;+CREG=1 < OK > AT < OK > AT+CFUN=1 < OK \end{lstlisting} \begin{lstlisting}[style=terminal] # use verbose error values, report registration > AT+CMEE=2;+CREG=1 < OK > AT+CFUN=1 < +CME ERROR: SIM PIN required > AT+CPIN="1234" < +CME ERROR: incorrect password (user entered wrong PIN) > AT+CPIN="4321" < OK # Automatic registration to an operator # +COPS: [,,] # mode 0: automatic ( field is ignored) # format 0: long format alphanumeric > AT+COPS=0,0 < OK < +CREG: 1 > AT+COPS? < +COPS: 0,0,"SFR" > OK \end{lstlisting} \begin{frame} \center{AT commands: The bad parts:} \begin{itemize} \item Syncronous \item difficult to write parsers (need to keep state) \item Slow \item Vendors extensions \end{itemize} \end{frame} \begin{frame} \center{More realistic example} \end{frame} \begin{lstlisting}[style=terminal] # 0707: +CSQ: , # MDM6200/6600: +CSQ: # 0707: 31 = -51dbm # MDM6200/6600: 31 = -75dbm > +CSQ: 31 < +CRING: VOICE/06050403002 \end{lstlisting} \begin{lstlisting}[style=terminal] # Enable noise cancelation on the OpenMoko > AT%N0105 < OK \end{lstlisting} \begin{frame} \center{Example of issues} \begin{itemize} \item What if the answer doesn't come back? \item What if there is some noise on the serial port? \item What if I need to run another commands while waiting for the answer of the previous one? \item More modern modems with AT protocol (Example: GTA04): \begin{itemize} \item Modem connected over USB \item Serveral "virtual serial" interfaces \end{itemize} \end{itemize} \end{frame} \begin{frame} \center{The bad parts:} \begin{itemize} \item $\rightarrow$This lead vendor to make their own protocol. \item $\rightarrow$Very similar issues with GPS (NMEA not meant for GPS). \end{itemize} \end{frame} \begin{frame} \center{AT commands are still in use:} \begin{itemize} \item GTA04 \item Optimus black \item Usually (also) available on modems available at low quantity orders. \item $\rightarrow$Often in use on devices made for the free software community . \item Sometimes vendor documentation is even publically available for specific modems. \end{itemize} \end{frame} \begin{frame} \center{Handling AT command set in Android} \end{frame} \pictureframe{output/serial_modem_software.png} \begin{frame} \center{rild} \end{frame} \begin{frame} \center{finding libril implementation} \raggedright finding libril implementation: \begin{verse} vendor ril lib path either passed in as -l parameter, or read from rild.libpath property \end{verse} \begin{verse} ril arguments either passed in as - - parameter, or read from rild.libargs property \end{verse} \end{frame} \begin{frame} \center{finding libril implementation} \end{frame} \begin{lstlisting}[style=terminal] $ cd device/samsung/i9300 $ git grep rild system.prop:rild.libpath=/system/lib/hw/libsamsung-ril.so system.prop:rild.libargs=-d /dev/ttyS0 \end{lstlisting} \begin{frame} \center{In the code: hardware/ril/rild/rild.c} \end{frame} \lstset{language=C} \begin{lstlisting} int main(int argc, char **argv) { // [...] const RIL_RadioFunctions *(*rilInit)( const struct RIL_Env *, int, char **); // [...] dlHandle = dlopen(rilLibPath, RTLD_NOW); // [...] RIL_startEventLoop(); // [...] rilInit = (const RIL_RadioFunctions *(*)( const struct RIL_Env *, int, char **)) dlsym(dlHandle, "RIL_Init"); funcs = rilInit(&s_rilEnv, argc, rilArgv); // [...] RIL_register(funcs); // [...] } \end{lstlisting} \begin{frame} \center{reference-ril} \begin{itemize} \item Implements libril, like libsamsung-ril \item Same git repository than rild \item AT commands, very basic (only one channel) \item Beware of CaMeL Case Code and \_ mix (RIL\_Init, not RIL\_init) \end{itemize} \end{frame} \lstset{language=C} \begin{lstlisting} const RIL_RadioFunctions *RIL_Init( const struct RIL_Env *env, int argc, char **argv) { while ( -1 != (opt = getopt(argc, argv, "p:d:s:c:"))) { // [...] switch (opt) { // [...] case 'd': s_device_path = optarg; RLOGI("Opening tty device %s\n", s_device_path); break; // [...] } } // [...] } \end{lstlisting} \lstset{language=C} \begin{lstlisting} static const RIL_RadioFunctions s_callbacks = { RIL_VERSION, onRequest, currentState, onSupports, onCancel, getVersion }; // [...] const RIL_RadioFunctions *RIL_Init( const struct RIL_Env *env, int argc, char **argv) { // [...] return &s_callbacks; } \end{lstlisting} \begin{frame} \center{Calling} \end{frame} \lstset{language=C} \begin{lstlisting} static void onRequest (int request, void *data, size_t datalen, RIL_Token t) { // [...] switch (request) { // [...] case RIL_REQUEST_DIAL: requestDial(data, datalen, t); break; // case [...] } \end{lstlisting} \begin{frame} \center{requestDial} \end{frame} \lstset{language=C} \begin{lstlisting} static void requestDial(void *data, size_t datalen __unused, RIL_Token t) { // [...] ret = at_send_command(cmd, NULL); free(cmd); // [...] RIL_onRequestComplete(t, RIL_E_SUCCESS, NULL, 0); } \end{lstlisting} \begin{frame} \center{Incomming call} \end{frame} \begin{frame} \center{onUnsolicited} \end{frame} \lstset{language=C} \begin{lstlisting} static void onUnsolicited (const char *s, const char *sms_pdu) { // [...] if (strStartsWith(s,"+CRING:") || strStartsWith(s,"RING") || strStartsWith(s,"NO CARRIER") || strStartsWith(s,"+CCWA") ) { RIL_onUnsolicitedResponse ( RIL_UNSOL_RESPONSE_CALL_STATE_CHANGED, NULL, 0); // [...] } // [...] } \end{lstlisting} \begin{frame} \center{RIL\_Init} \end{frame} \lstset{language=C} \begin{lstlisting} const RIL_RadioFunctions *RIL_Init( const struct RIL_Env *env, int argc, char **argv) { // [...] ret = pthread_create(&s_tid_mainloop, &attr, mainLoop, NULL); // [...] } \end{lstlisting} \begin{frame} \center{MainLoop} \end{frame} \lstset{language=C} \begin{lstlisting} static void * mainLoop(void *param __unused) { // [...] ret = at_open(fd, onUnsolicited); // [...] } \end{lstlisting} \begin{frame} \center{at\_open} \end{frame} \lstset{language=C} \begin{lstlisting} static ATUnsolHandler s_unsolHandler; // [...] int at_open(int fd, ATUnsolHandler h) { // [...] s_unsolHandler = h; // [...] ret = pthread_create(&s_tid_reader, &attr, readerLoop, &attr); // [...] } \end{lstlisting} \begin{frame} \center{readerLoop} \end{frame} \lstset{language=C} \begin{lstlisting} static void *readerLoop(void *arg __unused) { for (;;) { // [...] processLine(line); // [...] } // [...] } \end{lstlisting} \begin{frame} \center{processLine} \end{frame} \lstset{language=C} \begin{lstlisting} static void processLine(const char *line) { pthread_mutex_lock(&s_commandmutex); if (sp_response == NULL) { /* no command pending */ handleUnsolicited(line); } // [...] } \end{lstlisting} \lstset{language=C} \begin{lstlisting} static void handleUnsolicited(const char *line) { if (s_unsolHandler != NULL) { s_unsolHandler(line, NULL); } } \end{lstlisting} \begin{frame} \center{Other protocols} \end{frame} \begin{frame} \center{Other protocols: status} \begin{itemize} \item "samsung-ipc" \begin{itemize} \item Implemented in libsamsung-ipc \item Usable on Android and GNU/Linux \item Incomplete \item No wireshark dissectror \item No upstream Linux driver yet \end{itemize} \item QMI \begin{itemize} \item Implemented in libqmi, other? \item Usable with upstream Linux and in GNU/Linux \end{itemize} \item ISI (Nokia: N900, N9, etc) \begin{itemize} \item Implemented in Ofono, Freesmartphone.org, other? \item Wireshark dissector \item Upstream Linux drivers \end{itemize} \item "Palm Pre" \begin{itemize} \item Implemented in msmcomm \item Was usable in GNU/Linux through Freesmartphone.org \item Code lost? Michael Lauer should push it again soon. \end{itemize} \end{itemize} \end{frame} \begin{frame} \center{Other protocols: characteristics} \begin{itemize} \item Like a network protocol \begin{itemize} \item sequence number to match query and response \item Asyncronous \end{itemize} \item Free software implementation not always available \item Or incomplete (samsung-ipc) \end{itemize} \end{frame} \begin{frame} \center{Use a supported protocol} \begin{itemize} \item Example with the Palm pre \begin{itemize} \item Had an unknown protocol that was used by the nonfree default implementation \item Also had AT commands \item People implemented the AT commands \item No ring indication if my memory is correct \item At the end they implemented the unknown vendor protocol in msmcommd \end{itemize} \end{itemize} \end{frame} \begin{frame} \center{Questions?} \begin{itemize} \item Next part is about Samsung IPC \item Increasing level of complexity \item Increasing level of complexity \item $\rightarrow$ Questions on the first part before continuing. \end{itemize} \end{frame} \begin{frame} Licenses: \begin{itemize} \item Attribution-ShareAlike 3.0 Unported for the two images that comes from the Freedom Privacy and Security page. \item \url{https://creativecommons.org/licenses/by-sa/4.0/} for the rest. \end{itemize} \end{frame} \begin{thebibliography}{99} \end{thebibliography} \end{document}