fgsect/scat

Trying to make it work on Exynos 9825, stuck at `INFO: Starting diag`

arkanoid87 opened this issue · 3 comments

steps:

  • enabled DM + ACM + ADB via *#0808#
  • lsusb shows it as Bus 001 Device 024: ID 04e8:685d Samsung Electronics Co., Ltd GT-I9100 Phone [Galaxy S II] (Download mode) the name of the device is wrong (it really is Note10+)
  • added udev rule SUBSYSTEM=="usb", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="685d", GROUP="users", MODE="0666"
  • cloned scat, created new venv python 3.10.2, pip install -r requirements.txt
  • ./scat.py -t sec -m {model} -u -v 0x04E8 -p 0x685D -i {interface} --pcap-file test.pcap
  • tail -f test.pcap
  • tcpdump -i lo udp

output

  CONFIGURATION 1: 500 mA ==================================                                             
   bLength              :    0x9 (9 bytes)                                                               
   bDescriptorType      :    0x2 Configuration                                                           
   wTotalLength         :   0x79 (121 bytes)                                                             
   bNumInterfaces       :    0x4                                                                         
   bConfigurationValue  :    0x1                                                                         
   iConfiguration       :    0x4 Conf 1                                                                  
   bmAttributes         :   0x80 Bus Powered                                                             
   bMaxPower            :   0xfa (500 mA)                                                                
    INTERFACE 0: CDC Communication =========================                                             
     bLength            :    0x9 (9 bytes)                                                               
     bDescriptorType    :    0x4 Interface                                                               
     bInterfaceNumber   :    0x0                                                                         
     bAlternateSetting  :    0x0                                                                         
     bNumEndpoints      :    0x1                                                                         
     bInterfaceClass    :    0x2 CDC Communication                                                                           
     bInterfaceSubClass :    0x2                                                                                             
     bInterfaceProtocol :    0x1                                                                                                                            
     iInterface         :    0x5 CDC Abstract Control Model (ACM)                                                                                           
      ENDPOINT 0x82: Interrupt IN ==========================                                                                                                
       bLength          :    0x7 (7 bytes)                                                                                                                                         
       bDescriptorType  :    0x5 Endpoint                                                                                                                                          
       bEndpointAddress :   0x82 IN                                                                                                                                                
       bmAttributes     :    0x3 Interrupt                                     
       wMaxPacketSize   :    0xa (10 bytes)                                                              
       bInterval        :    0x9                                                                                                                                                                                   
    INTERFACE 1: CDC Data ==================================                                                                                                                                                       
     bLength            :    0x9 (9 bytes)                                                                                                                                                                         
     bDescriptorType    :    0x4 Interface                                                     
     bInterfaceNumber   :    0x1                                                               
     bAlternateSetting  :    0x0                                                               
     bNumEndpoints      :    0x2                                                                                                                                                                                   
     bInterfaceClass    :    0xa CDC Data                                                                                                                                                                          
     bInterfaceSubClass :    0x0                                                                                                                                                                                   
     bInterfaceProtocol :    0x0                                                               
     iInterface         :    0x6 CDC ACM Data                   
      ENDPOINT 0x81: Bulk IN ===============================    
       bLength          :    0x7 (7 bytes)                      
       bDescriptorType  :    0x5 Endpoint                                                                                        
       bEndpointAddress :   0x81 IN                                                                                              
       bmAttributes     :    0x2 Bulk                                                                                            
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
      ENDPOINT 0x1: Bulk OUT ===============================                                                           
       bLength          :    0x7 (7 bytes)                                                                             
       bDescriptorType  :    0x5 Endpoint                                                                              
       bEndpointAddress :    0x1 OUT                                                                                   
       bmAttributes     :    0x2 Bulk                                                                                  
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
    INTERFACE 2: Vendor Specific ===========================                                                           
     bLength            :    0x9 (9 bytes)                                                                             
     bDescriptorType    :    0x4 Interface                                                                             
     bInterfaceNumber   :    0x2                                                                                       
     bAlternateSetting  :    0x0                                                                                       
     bNumEndpoints      :    0x2                                                                                       
     bInterfaceClass    :   0xff Vendor Specific                                                                       
     bInterfaceSubClass :   0x10                                                                                       
     bInterfaceProtocol :    0x1                                                                                       
     iInterface         :    0x0                                                                                       
      ENDPOINT 0x83: Bulk IN ===============================                                                           
       bLength          :    0x7 (7 bytes)                                                                             
       bDescriptorType  :    0x5 Endpoint                                                                              
       bEndpointAddress :   0x83 IN                                                                                    
       bmAttributes     :    0x2 Bulk                                                                                  
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
      ENDPOINT 0x2: Bulk OUT ===============================                                                           
       bLength          :    0x7 (7 bytes)                                                                             
       bDescriptorType  :    0x5 Endpoint                                                                              
       bEndpointAddress :    0x2 OUT                                                                                   
       bmAttributes     :    0x2 Bulk                                                                                  
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
    INTERFACE 3: Vendor Specific ===========================                                                           
     bLength            :    0x9 (9 bytes)                                                                             
     bDescriptorType    :    0x4 Interface                                                                             
     bInterfaceNumber   :    0x3                                                                                       
     bAlternateSetting  :    0x0                                                                                       
     bNumEndpoints      :    0x2                                                                                       
     bInterfaceClass    :   0xff Vendor Specific                                                                       
     bInterfaceSubClass :   0x42                                                                                       
     bInterfaceProtocol :    0x1                                                                                       
     iInterface         :    0x9 ADB Interface                                                                         
      ENDPOINT 0x3: Bulk OUT ===============================                                                           
       bLength          :    0x7 (7 bytes)                                                                             
       bDescriptorType  :    0x5 Endpoint                                                                              
       bEndpointAddress :    0x3 OUT                                                                                   
       bmAttributes     :    0x2 Bulk                                                                                  
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
      ENDPOINT 0x84: Bulk IN ===============================                                                           
       bLength          :    0x7 (7 bytes)                                                                             
       bDescriptorType  :    0x5 Endpoint                                                                              
       bEndpointAddress :   0x84 IN                                                                                    
       bmAttributes     :    0x2 Bulk                                                                                  
       wMaxPacketSize   :  0x200 (512 bytes)                                                                           
       bInterval        :    0x0                                                                                       
2023-02-08 03:33:31,699 scat.samsungparser (stop_diag) INFO: Stopping diag                                                                                                                                                                    
2023-02-08 03:33:31,699 scat.samsungparser (init_diag) INFO: Initialize diag                                                                                                                                                                  
2023-02-08 03:33:48,716 scat.samsungparser (run_diag) INFO: Starting diag 

and nothing follows
I get zero lines in test.pcap, and zero relevant packets via tcpdump

Changing {model} seems doing nothing
Changing interface works only for values 1 and 2. When using 1 I get occasional extra line in output:

2023-02-08 03:38:22,501 scat.samsungparser (stop_diag) INFO: Stopping diag
2023-02-08 03:38:22,502 scat.samsungparser (init_diag) INFO: Initialize diag
2023-02-08 03:38:22,561 scat.samsungparser (run_diag) INFO: Starting diag
2023-02-08 03:38:22,563 scat.samsungparser (run_diag) WARNING: Cannot find the start of packet

What does this all mean? It seems that the DM port is somehow open, but nothing happens. Do I need a different magic? How can I find one for my device?

just found #27 and it seems indeed a problem of missing magic in first place

if you know how to find it, please share

closing as it seems #27 is the final answer here

As an alternative, you can use SilentLog hidden application to get the SDM files and can decode using SCAT. Check the information on https://github.com/fgsect/scat/wiki/Baseband-Dumps