S24Ultra with Qualcomm baseband unable to parse LTE MAC PDU to pcap
alexjiao2021 opened this issue · 7 comments
Hi,
With latest code, I tried below command to parse LTE MAC PDU to pcap file:
sudo scat -t qc -u -a 002:004 -i 0 -L mac -F s24u_lte_mac.pcap
But there are no packets in the pcap file.
Below is stdout with lots of warnings:
s24u_lte_mac.txt
In short there are 3 missing versions:
2024-04-20 16:22:32,441 scat.qualcommparser (parse_lte_ml1_scell_meas_response) WARNING: Unknown LTE ML1 Serving Cell Meas Serving Cell Measurement Result subpacket version 60
2024-04-20 16:22:32,718 scat.qualcommparser (parse_lte_mac_subpkt_v1) WARNING: Unexpected MAC UL Subpacket version 5
2024-04-20 16:22:33,088 scat.qualcommparser (parse_lte_mac_dl_block) WARNING: Unknown LTE MAC DL transport block packet version 0x32
For the mentioned packet version I don't have devices and log samples yet. If you can capture the logs to QMDL file (use --qmdl
option) I can take a look on it later. Please also keep in mind that MAC/PDCP decoding is still in early phase.
@peremen Thanks for reply.
Here is QMDL log:
s24u_lte.zip
BTW do you have plans to add NR MAC PDU support?
@alexjiao2021 I assume this is on an unrooted S24 Ultra? My rooted S928B gets stuck at "Starting Diag" and doesn't report chipset either.
2024-04-22 14:01:10,452 scat.qualcommparser (stop_diag) INFO: Stopping diag
2024-04-22 14:01:10,461 scat.qualcommparser (init_diag) INFO: Initializing diag
Radio 0: Compile: /, Release: /, Chipset:
Radio 0: Build ID: OEDB410
Radio 0: Log Config: Retrieve ID ranges: 1: 3632, 4: 2320, 5: 1056, 7: 1279, 10: 906, 11: 2559, 13: 511,
Radio 0: Extended message range: 0-142, 500-506, 1000-1007, 2000-2008, 3000-3014, 4000-4010, 4500-4584, 4600-4616, 5000-5037, 5500-5517, 6000-6082, 6500-6521, 7000-7003, 7100-7111, 7200-7201, 8000-8000, 8500-8532, 9000-9008, 9500-9521, 10200-10210, 10251-10255, 10300-10300, 10350-10377, 10400-10416, 10500-10505, 10600-10620, 10801-10821, 11057-11073, 49152-49251,
2024-04-22 14:01:11,493 scat.qualcommparser (prepare_diag) INFO: Starting diag
@peremen Thanks for reply. Here is QMDL log: s24u_lte.zip BTW do you have plans to add NR MAC PDU support?
From my initial analysis, the packet format across versions had been largely changed, it will take some time to analyze it.
And not yet for NR MAC, support is planned after finalizing GSMTAPv3 which is scheduled within 1H 2024.
@alexjiao2021 I assume this is on an unrooted S24 Ultra? My rooted S928B gets stuck at "Starting Diag" and doesn't report chipset either.
2024-04-22 14:01:10,452 scat.qualcommparser (stop_diag) INFO: Stopping diag 2024-04-22 14:01:10,461 scat.qualcommparser (init_diag) INFO: Initializing diag Radio 0: Compile: /, Release: /, Chipset: Radio 0: Build ID: OEDB410 Radio 0: Log Config: Retrieve ID ranges: 1: 3632, 4: 2320, 5: 1056, 7: 1279, 10: 906, 11: 2559, 13: 511, Radio 0: Extended message range: 0-142, 500-506, 1000-1007, 2000-2008, 3000-3014, 4000-4010, 4500-4584, 4600-4616, 5000-5037, 5500-5517, 6000-6082, 6500-6521, 7000-7003, 7100-7111, 7200-7201, 8000-8000, 8500-8532, 9000-9008, 9500-9521, 10200-10210, 10251-10255, 10300-10300, 10350-10377, 10400-10416, 10500-10505, 10600-10620, 10801-10821, 11057-11073, 49152-49251, 2024-04-22 14:01:11,493 scat.qualcommparser (prepare_diag) INFO: Starting diag
@jstys Yes, it's unrooted.
@jstys Maybe try if this trick works for you to turn on DM (DIAG mode) for the USB:
- Enable USB debugging
- Enable USB menu/diag mode in phone by dialling *#0808# for Samsung and *#8011# for Oneplus
- Select option RMNET+DM+MODEM+ADPL+ADB
@jstys Maybe try if this trick works for you to turn on DM (DIAG mode) for the USB:
* Enable USB debugging * Enable USB menu/diag mode in phone by dialling *#0808# for Samsung and *#8011# for Oneplus * Select option RMNET+DM+MODEM+ADPL+ADB
Appreciate the feedback but this wasn't my issue. The only way I got it working was to flash a zip that disables system encryption because on rooted S24 Ultra (SM-S928B model), rooting the device broke diag functionality altogether and this was the only way to revive it. (Even unrooting the device / flashing stock did not fix it so probably related to bootloader unlocking / encryption in some way)