samsungparser: Large diag items could be splitted in two diag items
Closed this issue · 4 comments
I was trying to figure out why scat couldn't parse the UE Capability Information from a samsung s10 5G (SM-G977B). So I added a raw writer.
I found out that the message I was looking for was splitted in two different buffers:
scat/parsers/samsung/samsungparser.py
Line 137 in b553feb
This contains the first part of the UE Capability Information:
first-buffer.txt
This contains the second part:
second-buffer.txt
This is a pcap that contains the UE Capability Information mentioned above:
UECAP-notparsed.pcap.zip
This contains an UE Capability Information parsed with scat, in that case the message is smaller because the operator requested only LTE bands 20, 7, 3 and 1:
UECAP-parsed.pcap.zip
Note that the size of the first buffer is exactly 2000bytes, so this size could be the max size of a diag item.
Hmm, that's interesting. I haven't seen that before and I will look into it.
Hmm, that's interesting because 0x02 0x54 is LTE_RRC_ASN_VERSION (parsers/samsung/sdmcmd.py, also https://github.com/P1sec/LTE_monitor_c2xx/blob/master/wireshark/epan/dissectors/packet-c2xx.c#L413) and I don't think I've got similar packets from my traces.
On the other hand, SDM 5G RRC messages could be split into multiple fragments. There is similar combining logic in parsers/qualcomm/diag1xlogparser.py for IP packets. However, most of the 5G SA signaling messages I have analyzed are fitting within one packet though.
Okay, confirmed the same packet split on Galaxy S22, fixes will be landing soon.