I run
sudo adb root
I compile tcpdump for android (it turns out is not needed on Replicant 6
as tcpdump is already included) I push tcpdump to the device using
sudo adb push tcpdump-4.99.4/tcpdump /data/local/tcpdump
You will notice the version I used. This was the last version I could
successfully compile (but not run) When I run my compiled version of
tcpdump I get error: only position independent executables (PIE) are
supported.
I run (in "adb shell"):
lsusb
I get:
Bus 001 Device 001: ID 1d6b:0002
Bus 002 Device 001: ID 1d6b:0001
Bus 001 Device 002: ID 05c6:904c
You will see that Bus 001, Device 002 is the usb modem.
I run:
tcpdump -D
... to list devices:
1.nfqueue (Linux netfilter queue (NFQUEUE) interface)
2.usbmon1 (USB bus number 1)
3.wwan2
4.usbmon2 (USB bus number 2)
5.any (Pseudo-device that captures on all interfaces)
6.lo
I incorrectly try usbmon2 because I was reading the device number
instead of the bus number and get listening on usbmon2, link-type
USB_LINUX (USB with Linux header), capture size 65535 bytes and 0
packets captured
I then try "usbmon1", like a proper hacker lol.
tcpdump -i usbmon1 -vvv -XX -s0 -w modem_replicant.pcap
with tcpdump running I
- dial a call
for some reason, when sniffing with tcpdump, the call is automatically
answered. Either way I hang up on the calling phone.
To try and dissect the file on my computer, I use:
sudo apt-get install tshark wireshark tcpdump
git clone https://github.com/dnlplm/WiresharkQMIDissector
git clone
https://gitlab.freedesktop.org/mobile-broadband/libqmi.git cd
WiresharkQMIDissector python3 generate_lua.py ../libqmi/data/
tshark -T json -r ../modem_replicant.pcap -X
lua_script:qmi_dissector_gen.lua | tee
modem_replicant_dissected.json
I grep the json for "qmi" and "QMI" but receive no results. I also
search for the number I dialled and recieve no results.
I then try wireshark with the GUI because I am actually a novice.
wireshark -r ../modem_replicant.pcap -X
lua_script:qmi_dissector_gen.lua
As with tshark, I don't see any qmi fields.
Regarding "Info" section of wireshark when reading the pcap file with
the lua dissector... There are "GET_STATUS Request" for [Port 1] to
[Port 3] There are "CLEAR FEATURE Request"
There are "CLEAR FEATURE Request [Port 2: C_PORT_SUSPEND]"
There are "GET STATUS Request"
There are "GET_STATUS Response" [Port 1] to [Port 3]
There are "SET FEATURE Request"
There are "SET_FEATURE Response"
There are "SET_FEATURE Request [Port 2: PORT_SUSPEND]"
There are "URB_BULK in"
There are "URB_CONTROL in"
There are "URB_INTERRUPT in"
The protocols are all either
"USB"
or
"USB HUB"
The source seems to be either
"host",
"1.1.0",
"1.1.1",
"1.2.0",
"1.2.1",
"1.2.3",
"1.2.8",
"1.2.9"
The destination (likewise) seems to be either
"host",
"1.1.0",
"1.1.1",
"1.2.0",
"1.2.1",
"1.2.3",
"1.2.8",
"1.2.9"
As I could see no QMI fields in wireshark or tshark, I decided not to
reinstall LineageOS yet and get a tcpdump for that to compare with. I
only try on scintill's branch of replicant 6 so far.
I could possibly PM you Denis the pcap file but I don't believe it
would be worth it. I may try the pmos thing now less anyone has any
other suggestions.
Josh
_______________________________________________
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant
