Looking for a sample code or tutorial to fetch few transmission parameters like
1. RXlevel (Signal Strength)
2. RXQual (Bit Error Rate)
3. C/I (carrier to interference)
4. FER (Frame erase rate
6. towers location.
7. Radio access technology
8. mobile country code
9. mobile network code
10. location code area
11. CELL ID
12. absolute RF channel number
13. base station identity code
13. RSSI
14. C1 hand-over parametr
15. CELLS information for example:
a. absolute RF channel number.
b. base station identity code
c. RSSI
I noticed a application Signal which must be using something similar, but since it only works on Jailbroken devices I understand it is using private API. Can anyone recommend which private framework can provide this information.
Look at CoreTelephony, but it only gives a few things (mobile country code, mobile network code) Apple Docs for CoreTelephony see CTCarrier class.
Related
I have a compliance board for SFP+ transceivers. For CFP2 transceivers there is some integrated PRBS pattern generator, but I can't find something similar for SFP+ transceivers.
Is this even possible using the compliance board alone or do I need an AWG?
You can send anything you want from an SFP+ module - it doesn't care what you feed it.
You need to turn on the laser and then feed a differential signal to pins 18 and 19. Check SFF-8418 for details.
I have the Panasonic MN63Y1210 tag. I have read it with different phones and always I see that the ID is 0x00000000
I've made a program with Arduino and Adafruit's PN532 shield and I have that response too, in ATQB, the PUPI appears like 0x00000000, but when I read the ISO 14443-3 I read this:
A Pseudo-Unique Identifier (PUPI) is used to differenciate PICCs
during anticollision. This 4-byte number may be either a number
dinamically generated by the PICC or a diversified fixed number. The
PUPI shall only be generated by a state transition form the POWER-OFF
to the IDLE state.
For the transition from POWER OFF to IDLE, we need a field, so, I expect that when I try to read the tag this is not in POWER OFF, because I'm applying a field, but I think it is strange to have that PUPI of 0x00000000. I've tested with another tag (same Panasonic model) and I get the same PUPI...
Is this normal? Or what do you think about it?
I would suggest that you start by looking into the datasheet of the MN63Y1210:
On page 26 (table 3-13) you will find that the default value this chip uses for the PUPI is 00000000. You can configure that value, for instance, over the serial interface.
Assumed I have a JTAG-chain with several devices from different manufactures:
How does my software, which shall communicate with a specific system within that chain, known the length of the IR for all the others devices within the chain? I do have to know them to send a certain instruction to my device, right?
It is possible to detect the total length of all IR registers in your JTAG daisy-chain. It is also possible to detect the number of devices (or TAPs) in your chain. But you can't detect the individual IR length of a single TAP.
What you can do: You can read out the JTAG ID code register of all of you TAPs. The ID code register (in DR path) is always 32 bit and gets selected by test-logic-reset.
With the ID code you can identify the existing TAPs and look up in the datasheet the length of the individual IR registers.
And yes: In general you do have to know the individual IR length of all the TAPs in your chain to communicate with one of them.
try here: http://www.fpga4fun.com/JTAG3.html
When IR = '1...1', the BYPASS is selected.
The idea is to send a lot of '1' so regardless of IR length all devices will select BYPASS.
What is the Difference between BGAPI and BGScript ?
And if we write any code for BG profile than how can we burn it in BLE 112?
The BGAPI interface defines the protocol used to talk to the module over USB or serial link.
BGScript is something which runs on the module processor itself, when the USB or serial link is not used.
I have the dongle, BLED112, which is the same thing as BLE112 with a USB connector on it, and the code is "burned" to it using standard USB DFU interface.
The downloading of the code to BLE112 can be done using several methods:
(1) Bring out the DD, DC debug interface pins from your module and use the CC-Debugger (digikey part 296-30207-ND, $55). This works every time. If you have the DKBLE112 kit, the CC-Debugger fits on the 10-pin .050 connector in lower right corner. You can "burn" any firmware and any stack this way. Works awesome.
(2) Hope that the current firmware on the CC2540 has serial bootloader, and load the new firmware (hopefully also containing serial bootloader) using UART. TI has the tools, but it sure seems quite convoluted to me, and I did not try it.
Every iPhone has a NORID (8 bytes) & CHIPID (12 bytes) unique to each phone.
Where is this stored? NOR? seczone? Can it be dumped?
An iPhone requires a NCK to unlock. From what I understand the NCK is 15 characters.
Is it numeric, alpha or alphanumeric?
The security token for check if the NCK is valid is stored encrypted at +0x400 in the seczone.
Is this correct?
Based on what I've read from dogbert's blog, the security token is created using a method similar to the following pseudo code:
deviceKey = SHA1_hash(norID+chipID)
nckKey = custom_hash(norID, chipID, SHA1_hash(NCK), deviceKey)
rawSignature = generateSignature(SHA1_hash(norID+chipID), SHA1_hash(chipID))
Signature = RSA_encrypt(rawSignature, RSAkey)
security token = TEA_encrypt_cbc(Signature, nckKey)
Is the pseudocode correct? If it is then what is the custom hash that is being used? What is being used to generate the rawSignature? What is the RSAKey that is being used? Is it a public key that can be found in the phone?
If the above pseudocode is CORRECT. Then we would have to bruteforce all 15 character combinations to find the correct NCK key right? Because, even though we are able to recover the NORID and CHIPID, we will not be able to use that information to shorten the amount of characters which we need to find.
Correct?
New generations of iPhone OS contains a wildcardticket that is generated during activation process.
but this should be no problem generating once we have the NCK right? Correct?
The NOR ID is the hardware chip id burned into the baseband chip of the device. I don't know where you are getting the 8 bytes from but it is actually burned into the chip and the size is 64 bytes for iPhone 3G and 128 bytes for the iPhone 3GS.
The NCK is a 15 digit (base 10 so it is not alpha-numeric). ie. the max NCK would be 999999999999999
Your device key is wrong.
It should read:
deviceUniqueKey = SHA(NCK + CHIPID + NORID)
teaEncryptedData = &seczone[0x400]
rsaEncryptedData = TEA_DECRYPT(teaEncryptedData, deviceUniqueKey)
validRSAMessage = RSA_DECRYPT(rsaEncryptedData, rsaKey)
When your NCK produces a valid RSA message, you have found the correct NCK to unlock your device.
Here is the python script that can decrypt iPhone baseband memory so you will be able to get all NCK tokens like
CHIP ID
NOR ID
IMEI hushes
Tea hashes
But this script was used only for old basebands (S-Gold chipset) but you can always make your own.
Also here are some ways to dump iphone baseband into the file by using iPhone core dump function or by other script like NOR dumper. Hope this help