TDMA 5120

Eduardo Spremolla at gnokii-users@mail.freesoftware.fsf.org

After playing a while with my 5120i y find some use full frames:

got key press working

As stated in http://www.flosys.com/tdma/n5160.html

with frame: key-press:

D1 {+00 01 50 00 01 KY}

this seems to press the key for a while. No release needed

key-release:

D1 {+00 01 50 00 00 KY}

keep the key press => got speedee dial:

D1 {+00 01 50 00 02 00 KY}

get memory

the getmemory::

40 {+00 00 07 11 00 10 00 mem}

get phonebook with the phone in bcd, but it seems to be a way to read chunks of memory with different numbers in the 6 place. in particular:

get configuration pins:

40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x0f, 0x00, 0x00 }

get security code:

40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x09, 0x00, 0x00 }

get NAM data

40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x08, 0x00, nam# }

that last answers with:

dd {+01 00 11 00 08 00 00,
03 04

home sys id

01 4d

primary paggin channel

02 c4

seconda paggin channel

88 88 88 88 88

own #

09 63 c2 09 03 00 0b

unknown

0a

group id

01

Access method

01

local option

0f

overload class

20 41 43 41 45 00 00 00 00 00 00 00 00 00 00 00

alpha tag

b3 4d

unknown

01

NAM status

11 11 11 11 11 00 00 00 00 00 00 00 00

unknown

00 00 00 00 00 00 01 00 00 00 01 36

unknown

01 4d

dedicate ch

01 4e

dedicate B ch

14

dedicate ch #

14

dedicate B ch #

00

msg center # len

00

msg center in flag

00 00 00 00 00 00 00 00 00 00 00 00 00 00

msg center #

08 01 80 70 8f dd 00 ef 00 00 00 00 00 00 00 00

unknown

00 00 00 00 00

gate way #

00 00 00

unknown

More interesting ( and dangerous ) is than the 07 10 sequence in place of 07 11 in the request change the command from read to write.be care full!!! I almost ruin my 5125 with a 40 {+0x00, 0x00, 0x07, 0x10, 0x00, 0x08, 0x00, 0x01 } frame , since the frame is ok, but the phone the write info from an area of the buffer that I did not send!!!!

OK so far. Still looking for how to handle SMS……