Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qualcomm modem Jamming Detection #221

Closed
E3V3A opened this issue Dec 17, 2014 · 6 comments
Closed

Qualcomm modem Jamming Detection #221

E3V3A opened this issue Dec 17, 2014 · 6 comments
Labels
dev_discussion documentation remember_this

Comments

@E3V3A
Copy link
Contributor

E3V3A commented Dec 17, 2014

According to some past documents, many Qualcomm baseband processors (BP) and SoC's has a built in "Jamming Detection" feature. This is clearly not documented in any other place and I've never seen any device or software using it. It would be great to find out if this is something that we could use.
@SecUpwN
Copy link
Member

SecUpwN commented Dec 18, 2014

That sounds indeed interesting, @E3V3A. From the top of your head, do you remember if those past documents stated something about what happens when jamming is detected? Some quick findings:

Don't be mad at me when some things might be unrelated. I am just trying to help finding information.

@E3V3A
Copy link
Contributor Author

E3V3A commented Dec 18, 2014

@SecUpwN Thanks!! That really helped. So this is what I found.

In [1] they clearly refer to the document called "WM_DEV_SEC_UGD_003". But you won't find that document by searching with any normal engines like Google or Bing. But I found it elsewhere, namely in their Jamming Library plug-in, along with example sources.

jam1

So how does it work? Just use the Sierra Wireless OEM AT command:

Command Answers
AT+WJAM? +WJAM: mode \n OK
AT+WJAM=? +WJAM: (list of supported _mode_s),(list of supported _threshold_s) \n OK
AT+WJAM=mode[,threshold] ERROR or OK
Parameter Values range Description Default value
mode 0-4 0 - stop the jamming detection algorithm. 1
1 - start the jamming detection algorithm.
2 - request last final jamming status.
3 - get the mean threshold value.
4 - set the mean threshold value.
threshold 0-63 the value of the mean threshold used in the algorithm. 40

The devices in question are:

------------------------------------------------
AirPrime Compatibility List             FCC ID
------------------------------------------------
AirPrime Q2686 Refreshed                N7NQ2686        
AirPrime Q2687 Refreshed                N7NQ2687        
AirPrime SL6087                         N7NSL6087
AirLink Fastrack Xtend EDGE (FXT009)    O9EQ2687

References:

@E3V3A
Copy link
Contributor Author

E3V3A commented Dec 18, 2014

Obviously this is not directly relevant to us, unless we can find the Qualcomm QMI to enable the built-in Jamming detection on those phones using a supported baseband.

@E3V3A E3V3A mentioned this issue Dec 29, 2014
Open
@E3V3A
Copy link
Contributor Author

E3V3A commented Jan 18, 2015

So I'm closing this as it's not a relevant issue, but worth remembering.

@E3V3A E3V3A closed this as completed Jan 18, 2015
@b-meson
Copy link

b-meson commented Jan 18, 2015

It would be useful to have to detect downgrade attacks. I've mentioned this previously ...

@E3V3A
Copy link
Contributor Author

E3V3A commented Jan 19, 2015

I know, but we have no idea how to activate and use this in the Qualcomm BPs...especially from Androids. Maybe we should start a signature collection campaign to have them release this info?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dev_discussion documentation remember_this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@E3V3A @b-meson @SecUpwN