Sophie: gammu-1.34.0-1.mga5 i586

gammu-1.34.0-1.mga5.i586.rpm

TDMA 5120
=========

Eduardo Spremolla at gnokii-users@mail.freesoftware.fsf.org

After playing a while with my 5120i y find some use full frames:

got from sneefing in Logomanger the get startup logo
----------------------------------------------------

request::

    40 {0x07, 0x07, 0x08, section} section goes from 1 to 6

answer::

    dd {+0x01, 0x00, 0x07, 0x08, (84 bytes => 84 cols x 8 bits bit0 first row )

Cant figure out how to modify 6110 code to get & put the logo, not in a
hi value to me now.

got key press working
---------------------

As stated in http://www.flosys.com/tdma/n5160.html

with frame: key-press::

    D1 {+00 01 50 00 01 KY}

this seems to press the key for a while. No release needed

key-release:

    D1 {+00 01 50 00 00 KY}

keep the key press => got speedee dial::

    D1 {+00 01 50 00 02 00 KY}

get memory
----------

the getmemory::
    40 {+00 00 07 11 00 10 00 mem}

get phonebook with the phone in bcd, but it seems to be a way to read
chunks of memory with diferent numbers in the 6 place. in particular:

get configuration pins::

    40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x0f, 0x00, 0x00 }

get security code::

    40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x09, 0x00, 0x00 }

get NAM data ::

    40 {+0x00, 0x00, 0x07, 0x11, 0x00, 0x08, 0x00, nam# }

that last answers with::

    dd {+01 00 11 00 08 00 00,

03 04
    home sys id
01 4d
    primary paggin channel
02 c4
    seconda paggin channel
88 88 88 88 88
    own #
09 63 c2 09 03 00 0b
    unknow
0a
    group id
01
    Access method
01
    local option
0f
    overload class
20 41 43 41 45 00 00 00 00 00 00 00 00 00 00 00
    alpha tag
b3 4d
    unknow
01
    NAM status
11 11 11 11 11 00 00 00 00 00 00 00 00
    unknow
00 00 00 00 00 00 01 00 00 00 01 36
    unknow
01 4d
    dedicate ch
01 4e
    dedicate B ch
14
    dedicate ch #
14
    dedicate B ch #
00
    msg center # len
00
    msg center in flag
00 00 00 00 00 00 00 00 00 00 00 00 00 00
    msg center #
08 01 80 70 8f dd 00 ef 00 00 00 00 00 00 00 00
    unknow
00 00 00 00 00
    gate way #
00 00 00
    unknow

More interesting ( and dangerous ) is than the 07 10 sequence  in place
of 07 11 in the request change the command from read to write.be care
full!!! I almost ruin my 5125 with a 40 {+0x00, 0x00, 0x07, 0x10, 0x00,
0x08, 0x00, 0x01 } frame , since the frame is ok, but the phone the
write info from an area of the buffer that I did not send!!!!

OK so far. Still looking for how to handle SMS......