fgsect/scat

SM-G800F with LineageOS

Closed this issue · 4 comments

I am using a Galaxy S5 Mini with LineageOS 14.1 flashed and rooted.
When dialing *#0808#, it returns Connection Problem or invalid MMI-Code.
I used the second answer from this stackoverflow question to enable diag mode.
lsusb output is:

  CONFIGURATION 1: 96 mA ===================================
   bLength              :    0x9 (9 bytes)
   bDescriptorType      :    0x2 Configuration
   wTotalLength         :   0x79 (121 bytes)
   bNumInterfaces       :    0x4
   bConfigurationValue  :    0x1
   iConfiguration       :    0x0 
   bmAttributes         :   0xc0 Self Powered
   bMaxPower            :   0x30 (96 mA)
    INTERFACE 0: Vendor Specific ===========================
     bLength            :    0x9 (9 bytes)
     bDescriptorType    :    0x4 Interface
     bInterfaceNumber   :    0x0
     bAlternateSetting  :    0x0
     bNumEndpoints      :    0x2
     bInterfaceClass    :   0xff Vendor Specific
     bInterfaceSubClass :   0x10
     bInterfaceProtocol :    0x1
     iInterface         :    0x0 
      ENDPOINT 0x81: Bulk IN ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x81 IN
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0
      ENDPOINT 0x2: Bulk OUT ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :    0x2 OUT
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0
    INTERFACE 1: CDC Communication =========================
     bLength            :    0x9 (9 bytes)
     bDescriptorType    :    0x4 Interface
     bInterfaceNumber   :    0x1
     bAlternateSetting  :    0x0
     bNumEndpoints      :    0x1
     bInterfaceClass    :    0x2 CDC Communication
     bInterfaceSubClass :    0x2
     bInterfaceProtocol :    0x1
     iInterface         :    0x6 CDC Abstract Control Model (ACM)
      ENDPOINT 0x83: Interrupt IN ==========================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x83 IN
       bmAttributes     :    0x3 Interrupt
       wMaxPacketSize   :    0xa (10 bytes)
       bInterval        :    0x9
    INTERFACE 2: CDC Data ==================================
     bLength            :    0x9 (9 bytes)
     bDescriptorType    :    0x4 Interface
     bInterfaceNumber   :    0x2
     bAlternateSetting  :    0x0
     bNumEndpoints      :    0x2
     bInterfaceClass    :    0xa CDC Data
     bInterfaceSubClass :    0x0
     bInterfaceProtocol :    0x0
     iInterface         :    0x7 CDC ACM Data
      ENDPOINT 0x85: Bulk IN ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x85 IN
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0
      ENDPOINT 0x4: Bulk OUT ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :    0x4 OUT
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0
    INTERFACE 3: Vendor Specific ===========================
     bLength            :    0x9 (9 bytes)
     bDescriptorType    :    0x4 Interface
     bInterfaceNumber   :    0x3
     bAlternateSetting  :    0x0
     bNumEndpoints      :    0x2
     bInterfaceClass    :   0xff Vendor Specific
     bInterfaceSubClass :   0x42
     bInterfaceProtocol :    0x1
     iInterface         :    0x0 
      ENDPOINT 0x88: Bulk IN ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x88 IN
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0
      ENDPOINT 0x7: Bulk OUT ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :    0x7 OUT
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :  0x200 (512 bytes)
       bInterval        :    0x0

The command I am using is python3 scat.py -t sec -m e303 -u
The output is:

2020-09-29 21:36:16,644 scat.samsungparser (stop_diag) INFO: Stopping diag
Traceback (most recent call last):
  File "scat.py", line 158, in <module>
    current_parser.stop_diag()
  File "/home/berndb/repos/scat/parsers/samsung/samsungparser.py", line 165, in stop_diag
    self.io_device.write(b'\x7f\x0e\x00\x00\x0b\x00\x00\x00\xa0\x00\x02\x00\x00\x00\x00\x7e')
  File "/home/berndb/repos/scat/iodevices/usbio.py", line 29, in write
    self.w_handle.write(write_buf)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 406, in write
    return self.device.write(self, data, timeout)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 977, in write
    return fn(
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 837, in bulk_write
    return self.__write(self.lib.libusb_bulk_transfer,
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 938, in __write
    _check(retval)
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 602, in _check
    raise USBTimeoutError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBTimeoutError: [Errno 110] Operation timed out

With the additional flag -i 3, output is:

2020-09-29 21:40:32,461 scat.samsungparser (stop_diag) INFO: Stopping diag
Traceback (most recent call last):
  File "scat.py", line 158, in <module>
    current_parser.stop_diag()
  File "/home/berndb/repos/scat/parsers/samsung/samsungparser.py", line 165, in stop_diag
    self.io_device.write(b'\x7f\x0e\x00\x00\x0b\x00\x00\x00\xa0\x00\x02\x00\x00\x00\x00\x7e')
  File "/home/berndb/repos/scat/iodevices/usbio.py", line 29, in write
    self.w_handle.write(write_buf)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 406, in write
    return self.device.write(self, data, timeout)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 974, in write
    intf, ep = self._ctx.setup_request(self, endpoint)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 113, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 227, in setup_request
    self.managed_claim_interface(device, intf)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 113, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 178, in managed_claim_interface
    self.backend.claim_interface(self.handle, i)
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 829, in claim_interface
    _check(self.lib.libusb_claim_interface(dev_handle.handle, intf))
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 604, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 16] Resource busy

That hidden code is only available in Samsung original firmware (only in its dialer app), not LineageOS. -i 3 in this case is ADB as bInterfaceSubClass : 0x42 is usually ADB. Could you please try -i 0 instead?

With -i 0 output is:

2020-09-30 20:39:01,794 scat.samsungparser (stop_diag) INFO: Stopping diag
Traceback (most recent call last):
  File "scat.py", line 158, in <module>
    current_parser.stop_diag()
  File "/home/berndb/repos/scat/parsers/samsung/samsungparser.py", line 165, in stop_diag
    self.io_device.write(b'\x7f\x0e\x00\x00\x0b\x00\x00\x00\xa0\x00\x02\x00\x00\x00\x00\x7e')
  File "/home/berndb/repos/scat/iodevices/usbio.py", line 29, in write
    self.w_handle.write(write_buf)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 406, in write
    return self.device.write(self, data, timeout)
  File "/usr/lib/python3.8/site-packages/usb/core.py", line 977, in write
    return fn(
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 837, in bulk_write
    return self.__write(self.lib.libusb_bulk_transfer,
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 938, in __write
    _check(retval)
  File "/usr/lib/python3.8/site-packages/usb/backend/libusb1.py", line 602, in _check
    raise USBTimeoutError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBTimeoutError: [Errno 110] Operation timed out

That hidden code is only available in Samsung original firmware (only in its dialer app), not LineageOS.

Would it be possible to only install the Samsung dialer app with an apk, I don't want to use stock firmware because of privacy and old android version?

I don't know whether DIAG mode is available using setprop sys.usb.config on LineageOS. Unfortunately you may need to investigate that option.

Closing as stale.