search

mobile-insight / mobileinsight-core

Mobile Network Intelligence Made Easy -- MobileInsight core functionalities
http://www.mobileinsight.net
Other
105 stars 80 forks source link

(MI)Unknown LTE RRC OTA packet version: 27 #115

Open ltshandsome opened 2 years ago

ltshandsome commented 2 years ago

I let the smartphone connect to the desktop, and I used monitor-example.py to monitor the messages from the smartphone. However, some packets have errors and cannot be decoded.

desktop: Ubuntu 20.04 smartphone: Samsung A42

Error: (MI)Unknown LTE RRC OTA packet version: 27

jnunez101 commented 2 years ago

Check out my pull request/fork for version 27 support ;)

chihyangchen commented 2 years ago

Check out my pull request/fork for version 27 support ;)

Hi,

Could you share which 3gpp document that we could refer? I have tested the EM9191, version 27 can be resolved.

Thanks!

jnunez101 commented 2 years ago

I used Release 15.10.0 (3GPP TS 36.331). I specifically used this website https://www.lteexplained.com/rrc. This document does not show how to set up a new packet version as the packet version information is not part of any 3gpp document I could find. I manually decoded it by comparing the EM9191 output and the output of an EM7455.

chihyangchen commented 2 years ago

Than you for the information. It is not an easy task.

ltshandsome commented 2 years ago

I used Release 15.10.0 (3GPP TS 36.331). I specifically used this website https://www.lteexplained.com/rrc. This document does not show how to set up a new packet version as the packet version information is not part of any 3gpp document I could find. I manually decoded it by comparing the EM9191 output and the output of an EM7455.

Thank you for your help as well :) Btw may I ask if there are other related references or tutorials so that we can also use the similar method to modify the source code if we have similar issues (unsupported messages)? Big thanks!

jnunez101 commented 2 years ago

Sorry, I do not know of any. I just recommend having one modem that works and one that has the unknown message. Save the output from the dm port to a file for both and look through them with a hex editor. Messages end with a 0x7E and start with 0x9800010000 (if i remember the hex correctly). Then just go through the fields on the one you know one at a time and try to find the same hex in the unknown modem. As far as I can tell the 0x7E and 0x9800010000 holds true for Qualcomm based modems (I don't have anything from MediaTek). Scan at the same place and at the same time for both and then looking for the PCI and ARFCN since those will be the same and stick out in the hex. Identify as much as possible from the two messages and fill out the pieces from there. Other recommendations are to lock on to only one band that has only one tower in it (this makes it easier to get hex output for the same tower) and to use the last template that exists such as using version 26 of LTE as a basis for 27.