📄 mbus.c
字号:
/********************************************************
* *
* FUNCTION NAME: *
* *
* ARGUMENTS: *
* *
* ARGUMENT NAME: *
* *
* TYPE: *
* *
* I/O: *
* *
* DESCRIPTION *
* *
* *
* RETURNS: *
* *
*********************************************************/
static BOOL MBUS_sendcommand(UINT8 *pU8packet, UINT32 U32packetlen, BOOL Bneedreply, UINT32 *pU32replysize)
{
static UINT8 ack[6];
UINT32 U32acklen;
SINT32 i;
OVERLAPPED osWrite, osRead;
DWORD dwErrorFlags;
COMSTAT ComStat;
#ifdef DUMP_MBUS_REPLY
char numbuff[12];
char linebuff[80];
#endif
if (pU32replysize)
*pU32replysize = 0;
memset(AU8readbuffer, 0, sizeof(AU8readbuffer));
if (!WriteFile(hComm, pU8packet, U32packetlen, &mbus_config.U32writtenbytes, &osWrite))
{
MDBGSTR("MBUS_sendcommand : cannot write to COM port");
/* not so keen on handling comm error */
ClearCommError(hComm, &dwErrorFlags, &ComStat);
return FALSE;
}
if (!ReadFile(hComm, AU8readbuffer, sizeof(AU8readbuffer), &mbus_config.U32receivedbytes, &osRead))
{
MDBGSTR("MBUS_sendcommand : cannot read from COM port");
/* not so keen on handling comm error */
ClearCommError(hComm, &dwErrorFlags, &ComStat);
return FALSE;
}
if (mbus_config.U32receivedbytes==0)
{
MDBGSTR("MBUS_sendcommand : phone does not respond to command");
return FALSE;
}
MBUS_createack(pU8packet, ack, &U32acklen);
#ifdef DUMP_MBUS_REPLY
strcpy(linebuff,"");
for (i=0;i<mbus_config.U32receivedbytes;i++)
{
if (i % 16)
{
MDBGSTR(linebuff);
strcpy(linebuff,"");
}
sprintf(numbuff,"%02X",AU8readbuffer);
strcat(linebuff,numbuff);
}
#endif
mbus_config.S32replyoffset = misc_memstr(AU8readbuffer, mbus_config.U32receivedbytes, ack, U32acklen);
if (mbus_config.S32replyoffset == -1)
{
HDBGSTR("MBUS_sendcommand : invalid reply to command from phone");
return FALSE;
}
if (!Bneedreply) /* If we don't need reply then don't check it */
return TRUE;
mbus_config.S32replyoffset += U32acklen;
if (mbus_config.U32receivedbytes<8)
{
HDBGSTR("MBUS_sendcommand : reply is too short");
return FALSE;
}
for (i = mbus_config.S32replyoffset; i < (SINT32)(mbus_config.U32receivedbytes - 8); i++) {
if (MBUS_checkreply(pU8packet, AU8readbuffer + i, mbus_config.U32receivedbytes - i))
{
*pU32replysize = mbus_config.U32receivedbytes;
MBUS_createack(AU8readbuffer + i, ack, &U32acklen);
if (!WriteFile(hComm, ack, sizeof(ack), &mbus_config.U32writtenbytes, NULL))
{
MDBGSTR("MBUS_sendcommand : cannot write to COM port");
/* not so keen on handling comm error */
ClearCommError(hComm, &dwErrorFlags, &ComStat);
return FALSE;
}
if (!ReadFile(hComm, ack, sizeof(ack), &mbus_config.U32receivedbytes, NULL))
{
MDBGSTR("MBUS_sendcommand : cannot read from COM port");
/* not so keen on handling comm error */
ClearCommError(hComm, &dwErrorFlags, &ComStat);
return FALSE;
}
mbus_config.S32replyoffset = i;
return TRUE;
}
}
return FALSE;
}
/********************************************************
* *
* FUNCTION NAME: *
* *
* ARGUMENTS: *
* *
* ARGUMENT NAME: *
* *
* TYPE: *
* *
* I/O: *
* *
* DESCRIPTION *
* *
* *
* RETURNS: *
* *
*********************************************************/
BOOL MBUS_cmd(UINT8 *pU8seqnum, UINT8 U8messagetype, char *pU8cmd, UINT32 U32cmdlen, BOOL Bneedreply, UINT32 *pU32replysize)
{
UINT32 U32retry = 0;
UINT32 U32packetlen;
BOOL Bfinished = FALSE;
(*pU8seqnum)++;
U32packetlen = MBUS_createframe(*pU8seqnum, U32cmdlen, U8messagetype, (UINT8 *)pU8cmd, AU8transferpacket);
MDBGSTR1("MBUS_cmd : size of command is %d",U32packetlen);
while (!Bfinished)
{
PurgeComm(hComm, PURGE_TXABORT | PURGE_RXABORT | PURGE_TXCLEAR | PURGE_RXCLEAR);
Bfinished = MBUS_sendcommand(AU8transferpacket, U32packetlen, Bneedreply, pU32replysize);
if (!Bfinished)
{
if (++U32retry==RETRY_TIMES)
{
HDBGSTR1("MBUS_cmd : timed out after %d tries",U32retry);
return FALSE;
}
}
}
PurgeComm(hComm, PURGE_TXABORT | PURGE_RXABORT | PURGE_TXCLEAR | PURGE_RXCLEAR);
return TRUE;
}
/********************************************************
* *
* FUNCTION NAME: *
* *
* ARGUMENTS: *
* *
* ARGUMENT NAME: *
* *
* TYPE: *
* *
* I/O: *
* *
* DESCRIPTION *
* *
* *
* RETURNS: *
* *
*********************************************************/
BOOL MBUS_SecurityCommand(const tMBUSCMD *mbuscmd,UINT8 *pU8reply, UINT32 U32replybuffersize, UINT32 *pU32replysize)
{
memset(pU8reply, 0, U32replybuffersize);
if (!MBUS_cmd(&mbus_config.U8sequencenumber, mbuscmd->U8messagetype, (char *)mbuscmd->AU8frame, mbuscmd->U8framesize, TRUE, pU32replysize))
{
flash_errno = FE_CANT_EXECUTE_MBUS_CMD;
return FALSE;
}
*pU32replysize -= (mbus_config.S32replyoffset + mbuscmd->U8replyshift);
memcpy(pU8reply, AU8readbuffer + mbus_config.S32replyoffset + mbuscmd->U8replyshift, *pU32replysize);
return TRUE;
}
/********************************************************
* *
* FUNCTION NAME: *
* *
* ARGUMENTS: *
* *
* ARGUMENT NAME: *
* *
* TYPE: *
* *
* I/O: *
* *
* DESCRIPTION *
* *
* *
* RETURNS: *
* *
*********************************************************/
BOOL MBUS_SetServiceMode(void)
{
UINT8 AU8buffer[SYS_GENERAL_HEADER_LEN];
UINT32 U32replysize;
if (!MBUS_SecurityCommand(&MBUS_enableextendedcmdscmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
MDBGSTR("MBUS_SetServiceMode : cannot enable extended commands");
flash_errno = FE_CANT_EXECUTE_MBUS_CMD;
return FALSE;
}
mbus_config.U8phoneid = AU8buffer[0];
if (!MBUS_SecurityCommand(&MBUS_enableservicemodecmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
MDBGSTR("MBUS_SetServiceMode : cannot enable service mode");
flash_errno = FE_CANT_EXECUTE_MBUS_CMD;
return FALSE;
}
return TRUE;
}
/********************************************************
* *
* FUNCTION NAME: *
* *
* ARGUMENTS: *
* *
* ARGUMENT NAME: *
* *
* TYPE: *
* *
* I/O: *
* *
* DESCRIPTION *
* *
* *
* RETURNS: *
* *
*********************************************************/
BOOL MBUS_SaveSecurityPhoneInfo(char *logfile)
{
FILE *rfile;
UINT8 AU8buffer[1024];
UINT32 U32replysize;
UINT32 i,j,k;
UINT8 U8flag,U8char;
tSIMLOCKINFO *simlockinfo;
if (!mbus_config.Binitialized)
{
HDBGSTR("MBUS_SaveSecurityPhoneInfo : MBUS is not initialized");
return FALSE;
}
if (!MBUS_SetServiceMode())
{
return FALSE;
}
rfile = fopen(logfile,"wt");
if (!rfile)
{
flash_errno = FE_CANT_CREATE_FILE;
return FALSE;
}
fprintf(rfile,"SECURITY PHONE INFO by KNOK\n\n");
if (!MBUS_SecurityCommand(&MBUS_getversioncmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
fprintf(rfile,"Software version: %s\n",AU8buffer);
if (!MBUS_SecurityCommand(&MBUS_getproductcodecmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
fprintf(rfile,"Product code: %s\n",AU8buffer);
if (!MBUS_SecurityCommand(&MBUS_getlanguagepackcmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
fprintf(rfile,"Language pack: %s\n",AU8buffer);
if (!MBUS_SecurityCommand(&MBUS_getIMEIcmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
fprintf(rfile,"IMEI: %s\n",AU8buffer);
if (!MBUS_SecurityCommand(&MBUS_getoriginalIMEIcmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
fprintf(rfile,"Original IMEI: %s\n",AU8buffer);
MBUS_getMSIDcmd.AU8frame[3] = mbus_config.U8phoneid;
MBUS_getMSIDcmd.AU8frame[4] = MBUS_MSID_CMD + mbus_config.U8phoneid;
if (!MBUS_SecurityCommand(&MBUS_getMSIDcmd, AU8buffer, sizeof(AU8buffer), &U32replysize))
{
fclose(rfile);
return FALSE;
}
if (U32replysize==MBUS_MSID_LEN)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -