#qi-hardware IRC log for Saturday, 2013-10-12

DocScrutinizer05whitequark: adblock tends to bring maemo browser to a grinding halt, due to extremely bloated sqlite db with URL to block04:13
DocScrutinizer05it frequently takes longer to search the db than it takes to actually download the stuff that would get blocked04:14
whitequarkDocScrutinizer05: oh right, firefox adblock... I've been using chrome adblock for a while06:04
whitequarkthe chrome one uses a giant CSS file instead. webkit processes it rather efficiently.06:04
DocScrutinizer05mhm06:05
DocScrutinizer05a few hours ago I ran into awesome docs about that notorious 900 modem module06:05
whitequarksim900d?06:06
DocScrutinizer05wondering if they are still available06:06
DocScrutinizer05yep06:06
whitequarkoh interesting06:06
DocScrutinizer05well, nothing you don't know06:06
DocScrutinizer05just some rather aged files on my PC06:06
DocScrutinizer05particularly about AT commands - extended06:07
whitequarkI see06:09
DocScrutinizer05was just pondering whether to try and buy some as long as they maybe still available06:10
DocScrutinizer05and 2 or 3 Nokia621006:10
whitequarkhttp://www.ebay.com/itm/SIM900-SIMCOM-Quad-band-GSM-GPRS-Module-/18079420651306:10
whitequarkplenty06:10
DocScrutinizer05\o/06:10
whitequarkit's not the 900D though, let me find that one06:11
whitequarkhttp://www.aliexpress.com/store/product/SMT-type-GSM-GPRS-module-SIM900D/605000_478119548.html06:11
whitequarklooks exactly like the one I have06:11
whitequarkby the way, it seems that russian vendors which have that module in stock offer various firmwares for it and a flasher app06:15
whitequarkhttp://electronix.ru/forum/lofiversion/index.php/t92287.html06:15
DocScrutinizer05that's exactly what I'm interested in06:18
DocScrutinizer05btw what's the relation/difference between alibaba.com and aliexpress.com? is it same company?06:21
whitequarkI think yes06:21
whitequarkone sells in bulk, the other in small quantities06:21
whitequarkhttp://www.edaboard.com/thread182804.html <- also relevant06:23
whitequarkoooooo06:26
whitequarkftp://ftp.macrogroup.ru/Support/SimCom/Firmware/Sim900/06:27
whitequarkthis is a trove of stuff.06:27
whitequarkflash loader and various firmwares.06:27
DocScrutinizer05thanks a lot :-D06:33
whitequarkbtw I've mirrored their entire stash on simcom06:33
whitequarkthere's an embedded AT devkit06:33
whitequarkwhich does exactly what you would think06:34
whitequarkie allows you to compile in arbitrary code.06:34
whitequarkalso, docs, some of which contain "NDA" in the filename :D06:34
whitequarkalso, some kind of tracing utility06:35
DocScrutinizer05cool06:35
DocScrutinizer05alas the modem is 3mm high06:36
DocScrutinizer05no fit on Neo90006:36
whitequarkthey have like several dozens of these modems06:36
DocScrutinizer05I'm still thinking about my BTS-harvester which doesn't rely on C1/C2 based normal reselection by actively tries to log in to each BTS in vicinity automatically06:39
whitequarkI've looked through embedded AT docs06:41
whitequarkit seems that you can only communicate with the modem with AT commands even when you're running on the module itself06:41
DocScrutinizer05I guess my other project to do timesharing on the radio hardware will be way harder to implement, since I'd need to completely swap all registers and RAM06:41
DocScrutinizer05but I definitely should patent this idea06:42
whitequarkRVCT is mandatory in order to build embedded applications. Borland C++ Builder 5.0 or06:42
whitequarkMicrosoft Visual C++ 6.0 is needed for debugging.06:42
whitequarkBorland C++ Builder 5.0 o_o06:42
DocScrutinizer05eeew06:43
whitequarkhow do you even do that at all?!06:43
whitequarkit's... x86 and windows-only06:43
DocScrutinizer05yeah06:43
Action: DocScrutinizer05 wonders how to introduce some skew in sleep-schedule for GSM RX06:45
DocScrutinizer05like, when BTS tells modem to awake on second 1,3,5... I want make it skip a second so it gets scheduled to second 2,4,6... instead06:46
DocScrutinizer05rationaly: sometimes two BTS could have colliding (aka "in sync") schedule for your modem, when you do timesharing the RX06:47
DocScrutinizer05rationale even06:47
whitequarkdunno, maybe you could poke the baseband itself?06:48
whitequarkit comes with a symbol table and memory map, you just need to disable memory protection ;)06:49
whitequarkcan't be that hard to find a buffer overflow or several dozens there06:49
DocScrutinizer05I guess a buffer overflow is "too weak" or "too small a door" to do such *massive* hack with the OS on radio06:50
whitequark>#define TRA_APPL_L1A_SERVING_CELL_PWR_INFO 0xDA06:50
whitequarkwell, you only need to disable memory protection. after that you just need to find the relevant timer and hijack it06:51
DocScrutinizer05the idea is to swap the complete OS out of the radio hw and swap in a different state of same OS06:51
DocScrutinizer05aah, for the timer, yeah that's probably easy06:52
whitequarkI'm not sure if you have enough spare RAM to swap the OS state there06:52
DocScrutinizer05I even doubt the BTS has a certain timeframe for the wakeups of the modem - it rather will send the "INVITE" continuously for 5s and hope for the modem to eventually listen and recognize that message06:53
DocScrutinizer05that's of course a problem06:53
DocScrutinizer05(RAM size)06:53
DocScrutinizer05the whole project is rather targeted at inustry level, so manufacturers could build dual-online (actually 1.99-online) dual-SIM with only one radio06:55
whitequarkthe whole OS-swapping thing sounds reeeeallly bug-prone to me06:56
whitequarkI can totally see how it works as an interesting experiment, but not in prod06:56
DocScrutinizer05obviously during a call the other SIM is "temporarily not available" since RX and TX are operating 100% of time in the channel of the current established call06:56
DocScrutinizer05nah, you're doing basically exactly same on your PC all the time06:57
whitequarkno I mean, it's fine if you have the sources for baseband and everything06:57
whitequarkthat would basically be virtualization06:58
whitequarklike xen does it06:58
DocScrutinizer05during standby, the hardware sleeps 95% of time, and every 1 or 2 seconds it listens if BTS is sending a INVITE06:58
whitequarkbut hijacking existing sw which you only have as undocumented binaries... huh06:58
DocScrutinizer05during that 95% sleep time, the hardware could do someting else, e.g. listening to another BTS for another INVITE to a second SIM06:58
DocScrutinizer05hijacking an existing hw without docs and sourcecode: not feasible06:59
whitequarkso how do you wanna do that? I don't follow :)07:00
DocScrutinizer05I#m just planning07:00
DocScrutinizer05for a patent ;-D07:01
whitequarkoooh I see07:01
whitequarkneat :)07:01
DocScrutinizer05maybe one day test it on SDR07:01
DocScrutinizer05PoC07:01
DocScrutinizer05or rework a chipset by brutally piggybacking RAM to duplicate it, and switch chipselect with a tiny hack in existing software07:02
DocScrutinizer05even that won't fly, but sth like that might be feasible07:02
DocScrutinizer05I just wonder why no chip manuf has offered it yet07:02
DocScrutinizer05dual-SIM one-dot-nine-online07:03
DocScrutinizer05you obviously won't get "call waiting" signal during a call07:03
DocScrutinizer05but that radio can scan (SIC) more than one BTS and carrier concurrently07:04
DocScrutinizer05and lsiten to mire than one IMSI for an INVITE07:04
DocScrutinizer05and listen to more than one IMSI for an INVITE07:05
rjeffriesNot saying this password etc storing service is A Good Thing. But it's mildly interesting. https://www.clipperz.com/ 15:49
whitequarkthe problem is that the code can be modified at any time15:52
viriconline password manager. Funny. hehe16:21
larscthat gives me an idea, we should create a could password storage service17:02
viriccloud?17:03
larscyes cloud17:03
whitequarkwe cloud create a could password storage service! cloudn't we?17:07
viricI guess it's what clipperz provides17:07
MAD_DOGINVITATION HARDWARE < mp3 player > http://www.tatuuu.com.br23:49
--- Sun Oct 13 201300:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!