HL7692 Android SIM Unlock: Wrong AT command

Hello everyone,

I’m trying to integrate android 9 ril software into my Android 9. The kernel I’m using is 4.14.98.
HL7692 modem firmware was updated to 2.27.
On my android device the modem is connected via USB OTG.
The SIM works fine on other devices. All works fine, mobile network with 4G is working.
But i can’t unlock the SIM on the Android Lockscreen:

 02-03 15:52:19.295 E/use-Rlog/RLOG-RIL( 2927): processRequest: ENTER_SIM_PIN
 02-03 15:52:19.295 I/use-Rlog/RLOG-AT( 2927): --- AT+CPIN="3603",""
 02-03 15:52:19.295 I/use-Rlog/RLOG-AT( 2927): AT(12)> AT+CPIN="3603",""
 02-03 15:52:19.299 I/use-Rlog/RLOG-AT( 2927): AT(12)< +CME ERROR: 4
 02-03 15:52:19.299 I/use-Rlog/RLOG-AT( 2927): --- AT+XPINCNT
 02-03 15:52:19.300 I/use-Rlog/RLOG-AT( 2927): AT(12)> AT+XPINCNT
 02-03 15:52:19.320 I/use-Rlog/RLOG-AT( 2927): AT(12)< +XPINCNT: 3,3,10,10
 02-03 15:52:19.320 I/use-Rlog/RLOG-AT( 2927): AT(12)< OK
 02-03 15:52:19.320 E/RILC    ( 2927): supplyIccPinForAppResponse: amit ret 3
 02-03 15:52:19.321 D/RILJ    ( 3336): ON some errors fakeSimStatusChanged: reg count=1 [SUB0]
 02-03 15:52:19.321 D/RILJ    ( 3336): [3789]< ENTER_SIM_PIN error 2 [SUB0]
 02-03 15:52:19.321 D/RilRequest( 3336): [3789]< ENTER_SIM_PIN error: com.android.internal.telephony.CommandException: GENERIC_FAILURE ret={3}
 02-03 15:52:19.322 D/UiccController( 3336): Received EVENT_ICC_STATUS_CHANGED, calling getIccCardStatus
 02-03 15:52:19.323 D/RILJ    ( 3336): [3790]> GET_SIM_STATUS [SUB0]
 02-03 15:52:19.323 D/UiccCardApplication( 3336): parsePinPukErrorResult: attemptsRemaining=3
 02-03 15:52:19.323 E/use-Rlog/RLOG-RIL( 2927): processRequest: GET_SIM_STATUS
 02-03 15:52:19.323 I/use-Rlog/RLOG-AT( 2927): --- AT+CPIN?
 02-03 15:52:19.323 I/use-Rlog/RLOG-AT( 2927): AT(12)> AT+CPIN?
 02-03 15:52:19.328 I/use-Rlog/RLOG-AT( 2927): AT(12)< +CPIN: SIM PIN
 02-03 15:52:19.328 I/use-Rlog/RLOG-AT( 2927): AT(12)< OK
 02-03 15:52:19.328 D/RILJ    ( 3336): IccCardApplicationStatus 0:{APPTYPE_SIM,APPSTATE_PIN} [SUB0]
 02-03 15:52:19.328 D/RILJ    ( 3336): responseIccCardStatus: from HIDL: IccCardState {CARDSTATE_PRESENT,PINSTATE_UNKNOWN,num_apps=1,gsm_id=0{APPTYPE_SIM,APPSTATE_PIN},cdma_id=-1,ims_id=-1,physical_slot_id=-1,atr=null,iccid=null} [SUB0]
 02-03 15:52:19.329 D/RILJ    ( 3336): [3790]< GET_SIM_STATUS IccCardState {CARDSTATE_PRESENT,PINSTATE_UNKNOWN,num_apps=1,gsm_id=0{APPTYPE_SIM,APPSTATE_PIN},cdma_id=-1,ims_id=-1,physical_slot_id=-1,atr=null,iccid=null} [SUB0]
 02-03 15:52:19.329 D/UiccController( 3336): Received EVENT_GET_ICC_STATUS_DONE
 02-03 15:52:19.330 D/UiccSlot( 3336): cardStatus update: IccCardState {CARDSTATE_PRESENT,PINSTATE_UNKNOWN,num_apps=1,gsm_id=0{APPTYPE_SIM,APPSTATE_PIN},cdma_id=-1,ims_id=-1,physical_slot_id=-1,atr=null,iccid=null}
 02-03 15:52:19.330 E/AnswerToReset( 3336): The input ATR string can not be null
 02-03 15:52:19.330 D/UiccSlot( 3336): update: radioState=RADIO_ON mLastRadioState=RADIO_ON
 02-03 15:52:19.330 D/UiccProfile( 3336): 1 applications
 02-03 15:52:19.330 D/UiccCardApplication( 3336): APPTYPE_SIM update. New {APPTYPE_SIM,APPSTATE_PIN}
 02-03 15:52:19.330 D/UiccProfile( 3336): Before privilege rules: Handler (com.android.internal.telephony.uicc.UiccCarrierPrivilegeRules) {534c2e2} : CARDSTATE_PRESENT
 02-03 15:52:19.331 D/UiccProfile( 3336): setExternalState: !override and newstate unchanged from PIN_REQUIRED
 02-03 15:52:19.331 D/UiccController( 3336): Notifying IccChangedRegistrants
 02-03 15:52:19.331 D/GsmSMSDispatcher( 3336): GsmSMSDispatcher: subId = 1 slotId = 0
 02-03 15:52:19.332 D/SIMRecords( 3336): [SIMRecords] getServiceProviderName: no brandOverride, providerName=null
 02-03 15:52:19.332 D/SST     ( 3336): [0] updateSpnDisplay: radio is on but out of service, set plmn='Nur Notrufe'
 02-03 15:52:19.332 D/SIMRecords( 3336): [SIMRecords] getServiceProviderName: no brandOverride, providerName=null
 02-03 15:52:19.333 D/CAT     ( 3336): CatService: handleMessage[8]
 02-03 15:52:19.333 D/CAT     ( 3336): CatService: MSG_ID_ICC_CHANGED
 02-03 15:52:19.333 D/CAT     ( 3336): CatService: New Card State = CARDSTATE_PRESENT Old Card State = CARDSTATE_PRESENT

CME Error 4: Operation not supported
I can unlock the SIM manually with busybox microcom when sending AT+CPIN="3603"
Why does the RIL uses AT+CPIN="","" when AT+CPIN="" is correct?

  • Is the vendor RIL from Sierra sending this command?
  • So i can’t do anything, except using a different binary?
  • Can i change anything in my android?
  • Do I miss some further settings/properties?

However, if no SIM PIN is set, using the SIM card is possible. I can also set a new PIN in the Android settings.
Also: When using the WP7607 with the QMI vendor RIL, unlocking the SIM was no problem. That’s why i think the vendor RIL from Sierra messes some things up here.

getrprop:

[gsm.network.type]: [Unknown]
[gsm.operator.alpha]: []
[gsm.operator.iso-country]: []  
[gsm.operator.isroaming]: [false]
[gsm.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.state]: [PIN_REQUIRED]
[gsm.version.baseband]: [RHL769x.2.27.183100.201809071813.x7120m_3]
[gsm.version.ril-impl]: [Sierra Ril V9.0.4.0_ARM_64 HL]
[init.svc.ril-daemon-hl]: [running]
[persist.sierra.sim_ready_delay]: [0]
[persist.sys.ril.type]: [HL]
[ro.boottime.ril-daemon-hl]: [7686735125]
[ro.radio.noril]: [no]
[ro.ril.wake_lock_timeout]: [300]
[telephony.lteOnCdmaDevice]: [0]
[telephony.lteOnGsmDevice]: [1]

I also tested with different values for sim_ready_delay, but that changed nothing as expected.
Anyone running the HL7692 or some similar modem successfully in Android?

Thanks in advance!

@sMichi,

The CPIN command has a ,"" on the end, you only use this when trying to set the SIM PIN, not sending the PIN to the SIM to unlock it hence I suspct it is throwing an error.

Regards

Matt

Yep thats ture, the command to change the PIN is used to unlock the SIM which fails. But the RIL states processRequest: ENTER_SIM_PIN, so this is correct. Then why does it use the wrong AT command? :thinking:

@sMichi,

That’s a good question, not one I know the answer to unfortunately, sorry.

Regards

Matt