I run
        sudo adb root

I compile tcpdump for android (it turns out is not needed on Replicant 6
as tcpdump is already included) I push tcpdump to the device using
        sudo adb push tcpdump-4.99.4/tcpdump /data/local/tcpdump
You will notice the version I used. This was the last version I could
successfully compile (but not run) When I run my compiled version of
tcpdump I get error: only position independent executables (PIE) are

I run (in "adb shell"):

I get:

        Bus 001 Device 001: ID 1d6b:0002
        Bus 002 Device 001: ID 1d6b:0001
        Bus 001 Device 002: ID 05c6:904c

You will see that Bus 001, Device 002 is the usb modem.

I run:
        tcpdump -D

... to list devices:

        1.nfqueue (Linux netfilter queue (NFQUEUE) interface)
        2.usbmon1 (USB bus number 1)
        4.usbmon2 (USB bus number 2)
        5.any (Pseudo-device that captures on all interfaces)

I incorrectly try usbmon2 because I was reading the device number
instead of the bus number and get listening on usbmon2, link-type
USB_LINUX (USB with Linux header), capture size 65535 bytes and 0
packets captured

I then try "usbmon1", like a proper hacker lol.

        tcpdump -i usbmon1 -vvv -XX -s0 -w modem_replicant.pcap

with tcpdump running I
- dial a call

for some reason, when sniffing with tcpdump, the call is automatically
answered. Either way I hang up on the calling phone.

To try and dissect the file on my computer, I use:

        sudo apt-get install tshark wireshark tcpdump
        git clone https://github.com/dnlplm/WiresharkQMIDissector
        git clone
        https://gitlab.freedesktop.org/mobile-broadband/libqmi.git cd
        WiresharkQMIDissector python3 generate_lua.py ../libqmi/data/
        tshark -T json -r ../modem_replicant.pcap -X
        lua_script:qmi_dissector_gen.lua | tee

I grep the json for "qmi" and "QMI" but receive no results. I also
search for the number I dialled and recieve no results.

I then try wireshark with the GUI because I am actually a novice.

        wireshark -r ../modem_replicant.pcap -X

As with tshark, I don't see any qmi fields.

Regarding "Info" section of wireshark when reading the pcap file with
the lua dissector... There are "GET_STATUS Request" for [Port 1] to
[Port 3] There are "CLEAR FEATURE Request"
        There are "CLEAR FEATURE Request [Port 2: C_PORT_SUSPEND]"
        There are "GET STATUS Request"
        There are "GET_STATUS Response" [Port 1] to [Port 3]
        There are "SET FEATURE Request"
        There are "SET_FEATURE Response"
        There are "SET_FEATURE Request [Port 2: PORT_SUSPEND]"
        There are "URB_BULK in"
        There are "URB_CONTROL in"
        There are "URB_INTERRUPT in"

The protocols are all either
        "USB HUB"

The source seems to be either
The destination (likewise) seems to be either

As I could see no QMI fields in wireshark or tshark, I decided not to
reinstall LineageOS yet and get a tcpdump for that to compare with. I
only try on scintill's branch of replicant 6 so far.

I could possibly PM you Denis the pcap file but I don't believe it
would be worth it. I may try the pmos thing now less anyone has any
other suggestions.

Replicant mailing list

Reply via email to