<whitequark>
btw I've mirrored their entire stash on simcom
<whitequark>
there's an embedded AT devkit
<whitequark>
which does exactly what you would think
<whitequark>
ie allows you to compile in arbitrary code.
<whitequark>
also, docs, some of which contain "NDA" in the filename :D
<whitequark>
also, some kind of tracing utility
<DocScrutinizer05>
cool
<DocScrutinizer05>
alas the modem is 3mm high
<DocScrutinizer05>
no fit on Neo900
<whitequark>
they have like several dozens of these modems
wolfspraul has quit [Quit: leaving]
<DocScrutinizer05>
I'm still thinking about my BTS-harvester which doesn't rely on C1/C2 based normal reselection by actively tries to log in to each BTS in vicinity automatically
<whitequark>
I've looked through embedded AT docs
<whitequark>
it seems that you can only communicate with the modem with AT commands even when you're running on the module itself
<DocScrutinizer05>
I guess my other project to do timesharing on the radio hardware will be way harder to implement, since I'd need to completely swap all registers and RAM
<DocScrutinizer05>
but I definitely should patent this idea
<whitequark>
RVCT is mandatory in order to build embedded applications. Borland C++ Builder 5.0 or
<whitequark>
Microsoft Visual C++ 6.0 is needed for debugging.
<whitequark>
Borland C++ Builder 5.0 o_o
<DocScrutinizer05>
eeew
<whitequark>
how do you even do that at all?!
<whitequark>
it's... x86 and windows-only
<DocScrutinizer05>
yeah
* DocScrutinizer05
wonders how to introduce some skew in sleep-schedule for GSM RX
<DocScrutinizer05>
like, when BTS tells modem to awake on second 1,3,5... I want make it skip a second so it gets scheduled to second 2,4,6... instead
<DocScrutinizer05>
rationaly: sometimes two BTS could have colliding (aka "in sync") schedule for your modem, when you do timesharing the RX
<DocScrutinizer05>
rationale even
<whitequark>
dunno, maybe you could poke the baseband itself?
<whitequark>
it comes with a symbol table and memory map, you just need to disable memory protection ;)
<whitequark>
can't be that hard to find a buffer overflow or several dozens there
<DocScrutinizer05>
I guess a buffer overflow is "too weak" or "too small a door" to do such *massive* hack with the OS on radio
<whitequark>
well, you only need to disable memory protection. after that you just need to find the relevant timer and hijack it
<DocScrutinizer05>
the idea is to swap the complete OS out of the radio hw and swap in a different state of same OS
<DocScrutinizer05>
aah, for the timer, yeah that's probably easy
<whitequark>
I'm not sure if you have enough spare RAM to swap the OS state there
<DocScrutinizer05>
I even doubt the BTS has a certain timeframe for the wakeups of the modem - it rather will send the "INVITE" continuously for 5s and hope for the modem to eventually listen and recognize that message
<DocScrutinizer05>
that's of course a problem
<DocScrutinizer05>
(RAM size)
<DocScrutinizer05>
the whole project is rather targeted at inustry level, so manufacturers could build dual-online (actually 1.99-online) dual-SIM with only one radio
<whitequark>
the whole OS-swapping thing sounds reeeeallly bug-prone to me
<whitequark>
I can totally see how it works as an interesting experiment, but not in prod
<DocScrutinizer05>
obviously during a call the other SIM is "temporarily not available" since RX and TX are operating 100% of time in the channel of the current established call
<DocScrutinizer05>
nah, you're doing basically exactly same on your PC all the time
<whitequark>
no I mean, it's fine if you have the sources for baseband and everything
<whitequark>
that would basically be virtualization
<whitequark>
like xen does it
<DocScrutinizer05>
during standby, the hardware sleeps 95% of time, and every 1 or 2 seconds it listens if BTS is sending a INVITE
<whitequark>
but hijacking existing sw which you only have as undocumented binaries... huh
<DocScrutinizer05>
during that 95% sleep time, the hardware could do someting else, e.g. listening to another BTS for another INVITE to a second SIM
<DocScrutinizer05>
hijacking an existing hw without docs and sourcecode: not feasible
<whitequark>
so how do you wanna do that? I don't follow :)
<DocScrutinizer05>
I#m just planning
<DocScrutinizer05>
for a patent ;-D
<whitequark>
oooh I see
<whitequark>
neat :)
<DocScrutinizer05>
maybe one day test it on SDR
<DocScrutinizer05>
PoC
<DocScrutinizer05>
or rework a chipset by brutally piggybacking RAM to duplicate it, and switch chipselect with a tiny hack in existing software
<DocScrutinizer05>
even that won't fly, but sth like that might be feasible
<DocScrutinizer05>
I just wonder why no chip manuf has offered it yet
<DocScrutinizer05>
dual-SIM one-dot-nine-online
<DocScrutinizer05>
you obviously won't get "call waiting" signal during a call
<DocScrutinizer05>
but that radio can scan (SIC) more than one BTS and carrier concurrently
<DocScrutinizer05>
and lsiten to mire than one IMSI for an INVITE
<DocScrutinizer05>
and listen to more than one IMSI for an INVITE
kilae has joined #qi-hardware
mth has quit [Remote host closed the connection]
wej has quit [Ping timeout: 264 seconds]
dos1 has joined #qi-hardware
wej has joined #qi-hardware
wej has quit [Ping timeout: 264 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 245 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 264 seconds]
wej has joined #qi-hardware
rz2k has joined #qi-hardware
kilae has quit [Quit: ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]]
kristianpaul has quit [Quit: leaving]
wej has quit [Ping timeout: 245 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 245 seconds]
xiangfu has quit [Ping timeout: 252 seconds]
Codora has joined #qi-hardware
xiangfu has joined #qi-hardware
wej has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 264 seconds]
wej has joined #qi-hardware
qwebirc90446 has joined #qi-hardware
qwebirc90446 is now known as rjeffries
<rjeffries>
Not saying this password etc storing service is A Good Thing. But it's mildly interesting. https://www.clipperz.com/
<whitequark>
the problem is that the code can be modified at any time
wej has quit [Ping timeout: 245 seconds]
wej has joined #qi-hardware
rjeffries has quit [Ping timeout: 250 seconds]
<viric>
online password manager. Funny. hehe
pcercuei has joined #qi-hardware
porchaso0 is now known as porchas0
porchas0 is now known as porchaso0
<larsc>
that gives me an idea, we should create a could password storage service
<viric>
cloud?
<larsc>
yes cloud
<whitequark>
we cloud create a could password storage service! cloudn't we?