scat icon indicating copy to clipboard operation
scat copied to clipboard
verified publisher icon fgsect

S24Ultra with Qualcomm baseband unable to parse LTE MAC PDU to pcap

Open alexjiao2021 opened this issue 1 year ago • 7 comments

Hi, With latest code, I tried below command to parse LTE MAC PDU to pcap file: sudo scat -t qc -u -a 002:004 -i 0 -L mac -F s24u_lte_mac.pcap But there are no packets in the pcap file. Below is stdout with lots of warnings: s24u_lte_mac.txt

alexjiao2021 avatar Apr 20 '24 08:04 alexjiao2021

In short there are 3 missing versions:

2024-04-20 16:22:32,441 scat.qualcommparser (parse_lte_ml1_scell_meas_response) WARNING: Unknown LTE ML1 Serving Cell Meas Serving Cell Measurement Result subpacket version 60
2024-04-20 16:22:32,718 scat.qualcommparser (parse_lte_mac_subpkt_v1) WARNING: Unexpected MAC UL Subpacket version 5
2024-04-20 16:22:33,088 scat.qualcommparser (parse_lte_mac_dl_block) WARNING: Unknown LTE MAC DL transport block packet version 0x32

For the mentioned packet version I don't have devices and log samples yet. If you can capture the logs to QMDL file (use --qmdl option) I can take a look on it later. Please also keep in mind that MAC/PDCP decoding is still in early phase.

peremen avatar Apr 21 '24 18:04 peremen

@peremen Thanks for reply. Here is QMDL log: s24u_lte.zip BTW do you have plans to add NR MAC PDU support?

alexjiao2021 avatar Apr 22 '24 02:04 alexjiao2021

@alexjiao2021 I assume this is on an unrooted S24 Ultra? My rooted S928B gets stuck at "Starting Diag" and doesn't report chipset either.

2024-04-22 14:01:10,452 scat.qualcommparser (stop_diag) INFO: Stopping diag
2024-04-22 14:01:10,461 scat.qualcommparser (init_diag) INFO: Initializing diag
Radio 0: Compile: /, Release: /, Chipset: 
Radio 0: Build ID: OEDB410
Radio 0: Log Config: Retrieve ID ranges: 1: 3632, 4: 2320, 5: 1056, 7: 1279, 10: 906, 11: 2559, 13: 511, 
Radio 0: Extended message range: 0-142, 500-506, 1000-1007, 2000-2008, 3000-3014, 4000-4010, 4500-4584, 4600-4616, 5000-5037, 5500-5517, 6000-6082, 6500-6521, 7000-7003, 7100-7111, 7200-7201, 8000-8000, 8500-8532, 9000-9008, 9500-9521, 10200-10210, 10251-10255, 10300-10300, 10350-10377, 10400-10416, 10500-10505, 10600-10620, 10801-10821, 11057-11073, 49152-49251, 
2024-04-22 14:01:11,493 scat.qualcommparser (prepare_diag) INFO: Starting diag

jstys avatar Apr 22 '24 18:04 jstys

@peremen Thanks for reply. Here is QMDL log: s24u_lte.zip BTW do you have plans to add NR MAC PDU support?

From my initial analysis, the packet format across versions had been largely changed, it will take some time to analyze it.

And not yet for NR MAC, support is planned after finalizing GSMTAPv3 which is scheduled within 1H 2024.

peremen avatar Apr 22 '24 18:04 peremen

@alexjiao2021 I assume this is on an unrooted S24 Ultra? My rooted S928B gets stuck at "Starting Diag" and doesn't report chipset either.


2024-04-22 14:01:10,452 scat.qualcommparser (stop_diag) INFO: Stopping diag

2024-04-22 14:01:10,461 scat.qualcommparser (init_diag) INFO: Initializing diag

Radio 0: Compile: /, Release: /, Chipset: 

Radio 0: Build ID: OEDB410

Radio 0: Log Config: Retrieve ID ranges: 1: 3632, 4: 2320, 5: 1056, 7: 1279, 10: 906, 11: 2559, 13: 511, 

Radio 0: Extended message range: 0-142, 500-506, 1000-1007, 2000-2008, 3000-3014, 4000-4010, 4500-4584, 4600-4616, 5000-5037, 5500-5517, 6000-6082, 6500-6521, 7000-7003, 7100-7111, 7200-7201, 8000-8000, 8500-8532, 9000-9008, 9500-9521, 10200-10210, 10251-10255, 10300-10300, 10350-10377, 10400-10416, 10500-10505, 10600-10620, 10801-10821, 11057-11073, 49152-49251, 

2024-04-22 14:01:11,493 scat.qualcommparser (prepare_diag) INFO: Starting diag

@jstys Yes, it's unrooted.

alexjiao2021 avatar Apr 23 '24 05:04 alexjiao2021

@jstys Maybe try if this trick works for you to turn on DM (DIAG mode) for the USB:

  • Enable USB debugging
  • Enable USB menu/diag mode in phone by dialling *#0808# for Samsung and *#8011# for Oneplus
  • Select option RMNET+DM+MODEM+ADPL+ADB

domi007 avatar Aug 02 '24 11:08 domi007

@jstys Maybe try if this trick works for you to turn on DM (DIAG mode) for the USB:

* Enable USB debugging

* Enable USB menu/diag mode in phone by dialling *#0808# for Samsung and *#8011# for Oneplus

* Select option RMNET+DM+MODEM+ADPL+ADB

Appreciate the feedback but this wasn't my issue. The only way I got it working was to flash a zip that disables system encryption because on rooted S24 Ultra (SM-S928B model), rooting the device broke diag functionality altogether and this was the only way to revive it. (Even unrooting the device / flashing stock did not fix it so probably related to bootloader unlocking / encryption in some way)

jstys avatar Aug 02 '24 11:08 jstys

LTE MAC V1 DL subpacket V50 is supported from the commit 2a494c7d9b38483f5a80728569e1d61e23b82968. UL v5 will be following.

peremen avatar Nov 29 '25 22:11 peremen