| blob | a42c0a822c14b362c23d83d906da34719b3f92a9 |
1 >>> Send packet
2 <<< Receive packet
4 The following series of packets occur after SB_COMMAND_CLOSE_SOCKET when
5 either loading or forcefully erasing a module that is in use (busy). This
6 sequence is strikingly similar to the one used by cfp.exe utility when it
7 resets the handheld. It also resembles the sequence used to probe for
8 devices.
10 The entire sequence is actually not necessary. The final packet is the
11 only one required to cause the device to reset. However, this document
12 helps to serve as documentation for several previously unknown packets.
14 The meaning of several packets was discovered by analyzing the debug
15 logs created by RIM's own USB driver on windows. Debug logging is turned
16 on by setting two registry keys.
18 >>> 00000000: 00 00 10 00 01 ff 00 03 bb 35 2d b9 01 00 00 00 .........5-.....
19 ^^^^^ socket number
20 ^^^^^ size of packet
21 ^^ echo command
22 this looks to be a simple echo command
23 ^^^^^ SB_MODE_REQUEST_SOCKET in barry
24 ^^ socket sequence
25 ^^^^^^^^^^^^^^^^^^^^^^^
26 these 8 bytes seem to always increase with
27 each execution of javaloader... if the
28 value is interpreted as a time span in
29 microseconds it is very close to the
30 duration since system startup
31 <<< 00000000: 00 00 10 00 02 ff 00 03 bb 35 2d b9 01 00 00 00 .........5-.....
32 ^^ echo response
35 >>> 00000000: 00 00 0c 00 05 ff 00 04 14 00 01 00 ............
36 ^^ fetch attribute
37 ^^^^^ SB_MODE_REQUEST_SOCKET
38 ^^ socket sequence
39 ^^^^^ SB_OBJECT_INITIAL_UNKNOWN
40 ^^^^^ SB_ATTR_INITIAL_UNKNOWN
41 <<< 00000000: 00 00 20 00 06 ff 00 04 14 00 01 00 3c 41 30 3e .. .........<A0>
42 ^^ begin 20 byte device GUID
43 <<< 00000010: 1e 47 24 0d 99 92 3f b1 38 d6 a3 6e 75 cd c9 d7 .G$...?.8..nu...
46 >>> 00000000: 00 00 0c 00 05 ff 00 05 08 00 04 00 ............
47 ^^^^^ SB_OBJECT_PROFILE
48 ^^^^^ SB_ATTR_PROFILE_PIN (Network and PPIN?)
49 <<< 00000000: 00 00 14 00 06 ff 00 05 08 00 04 00 03 00 00 00 ................
50 <<< 00000010: 2e 36 61 20 .6a
53 >>> 00000000: 00 00 0c 00 05 ff 00 06 04 00 05 00 ............
54 ^^^^^ SB_OBJECT_SOCKET_UNKNOWN
55 ^^^^^ unknown (Emulator ID?)
56 <<< 00000000: 00 00 0c 00 06 ff 00 06 00 00 00 00 ............
59 >>> 00000000: 00 00 0c 00 05 ff 00 07 04 00 06 00 ............
60 ^^^^^ SB_OBJECT_SOCKET_UNKNOWN
61 ^^^^^ unknown (USB Serial Interface Version?)
62 <<< 00000000: 00 00 0c 00 06 ff 00 07 00 00 00 00 ............
65 >>> 00000000: 00 00 0c 00 05 ff 00 08 04 00 07 00 ............
66 ^^^^^ SB_OBJECT_SOCKET_UNKNOWN
67 ^^^^^ unknown (MUX Version Successful)
68 <<< 00000000: 00 00 10 00 06 ff 00 08 04 00 07 00 00 02 00 00 ................
69 ^^^^^^^^^^^ MUX version = 200
72 >>> 00000000: 00 00 0c 00 05 ff 00 09 04 00 08 00 ............
73 ^^^^^ SB_OBJECT_SOCKET_UNKNOWN
74 ^^^^^ unknown (EVDO Modem Version?)
75 <<< 00000000: 00 00 0c 00 06 ff 00 09 00 00 00 00 ............
78 >>> 00000000: 00 00 0c 00 05 ff 00 0a 04 00 0a 00 ............
79 ^^^^^ SB_OBJECT_SOCKET_UNKNOWN
80 ^^^^^ unknown (ESN?)
81 <<< 00000000: 00 00 0c 00 06 ff 00 0a 00 00 00 00 ............
84 >>> 00000000: 00 00 08 00 03 ff 00 0b ........
85 ^^ reset command
86 <<< 00000000: 00 00 08 00 04 ff 00 0b ........
87 ^^ reset response