[maemo-developers] Major progress made on Cell Broadcast SMS on N900
From: Jonathan Wilson jfwfreo at tpgi.com.auDate: Fri Jun 24 16:32:42 EEST 2011
- Previous message: Where to post bug reports for Maemo 6 Harmattan?
- Next message: Major progress made on Cell Broadcast SMS on N900
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
With a bit of reverse engineering and debugging (and a little reverse engineering help from the Harmattan-i386 package of libsms :), I have managed to get Cell Broadcast SMS to function on the N900 up to the point where I can see an incoming cell broadcast message (in this case a cell tower name as that's the only thing my local cell tower is broadcasting) Reference http://www.cncmods.net/files/cbsms.zip for the files I mention in the description below. The reason Cell Broadcast SMS is broken on the N900 is that there is a bug in libsms, specifically it is incorrectly dealing with the size field of the SMS packet being sent from the cell modem firmware. As Nokia are unlikely to fix the bug (at least in Fremantle libsms, its fixed in Harmattan libsms), publish source code for libsms or publish the information required to produce a replacement for libsms that doesn't require rewriting or replacing half the system, I have found a way to patch the binary of libsms to fix the bug. To do it, change byte DD78 from 0xFF to 0x52, (changes a CMP R3, #0xFF instruction to a CMP R3, #0x52 instruction) then change DD7C from 0x00 to 0x52 and DD7F from 0x03 to 0xC3 (changes a MOVEQ R3, #0 instruction into a MOVGT R3, #0x52) After the bug is fixed (whether the right fix is a binary patch to the file on disk or some sort of in-memory patch to the memory of libsms.so as loaded into the CSD daemon I don't know, the binary patch is easier for testing), then you can listen to the IncomingCBS signal via DBUS. dbuscb.c contains a test program (written using the Fremantle Scratchbox SDK) which will listen for the signal and dump any incoming cell broadcast messages to disk (in a file /var/log/cbsms.log) The output in cbsms.log contains PDU data ready to send straight to a Cell Broadcast SMS decoder such as the cbs_decode/cbs_decode_text functions in ofono. cbsms.log contains an example of a dumped cell broadcast message and sms-test.c is a modified ofono test program and contains code to test the decoding of cell broadcast messages dumped from dbuscb (when you run it, it will decode the same cell broadcast message contained in cbsms.log and should print EastVicPark as the decoded message (its the name of a 2G GSM cell tower near where I live, presumably the one sending CBSMS messages to my phone) What is required to make Cell Broadcast SMS messages fully functional is for someone to figure out the best way to apply the binary patch and then for someone to write some kind of UI to do something with the incoming messages. BTW, I can confirm that libsms.so and the SMS subsystem is subscribing to every single cell broadcast SMS message channel (or whatever it is) and will receive anything the tower is sending.
- Previous message: Where to post bug reports for Maemo 6 Harmattan?
- Next message: Major progress made on Cell Broadcast SMS on N900
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]