gnokii-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TDMA 5120


From: Eduardo Spremolla
Subject: TDMA 5120
Date: 10 Jul 2002 10:10:11 -0300

After playing a while with my 5120i y find some use full frames:

1) got from sneefing in Logomanger the get startup logo :

 40 {0x07, 0x07, 0x08, section} section goes from 1 to 6
answer
 dd {+0x01, 0x00, 0x07, 0x08, (84 bytes => 84 cols x 8 bits bit0 first 
row )

Cant figure out how to modify 6110 code to get & put the logo, not in a
hi value to me now.
 
2) got key press working as stated in

 http://www.flosys.com/tdma/n5160.html

with frame: key-press:   D1 {+00 01 50 00 01 KY}
this seems to press the key for a while. No release needed
            key-release: D1 {+00 01 50 00 00 KY}
and D1 {+00 01 50 00 02 00 KY} keep the key press => got speedee dial.

3) the getmemory  40 {+00 00 07 11 00 10 00 mem} get phonebook with the
phone in bcd, but it seems to be a way to read chunks of memory with
diferent numbers in the 6 place. in particular:

 40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x0f, 0x00, 0x00 } get configuration
pins.

 40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x09, 0x00, 0x00 } get security code
 40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x08, 0x00, nam# } get NAM data 
that last answers with :
 dd {+01 00 11 00 08 00 00,

03 04 : home sys id
01 4d : primary paggin channel
02 c4 : seconda paggin channel
88 88 88 88 88 : own #
09 63 c2 09 03 00 0b : unknow
0a : group id
01 : Access method
01 : local option
0f : overload class
20 41 43 41 45 00 00 00 00 00 00 00 00 00 00 00  : alpha tag
b3 4d : unknow
01 : NAM status
11 11 11 11 11 00 00 00 00 00 00 00 00 : unknow
00 00 00 00 00 00 01 00 00 00 01 36 : unknow
01 4d : dedicate ch
01 4e : dedicate B ch
14 : dedicate ch #
14 : dedicate B ch #
00 : msg center # len
00 : msg center in flag
00 00 00 00 00 00 00 00 00 00 00 00 00 00 : msg center #
08 01 80 70 8f dd 00 ef 00 00 00 00 00 00 00 00 : unknow
00 00 00 00 00 : gate way #
00 00 00 : unknow

More interesting ( and dangerous ) is than the 07 10 sequence  in place
of 07 11 in the request change the command from read to write.be care
full!!! I almost ruin my 5125 with a 40 {+0x00, 0x00, 0x07, 0x10, 0x00,
0x08, 0x00, 0x01 } frame , since the frame is ok, but the phone the
write info from an area of the buffer that I did not send!!!!

 
OK so far. Still looking for how to handle SMS......

LALO





reply via email to

[Prev in Thread] Current Thread [Next in Thread]