MC8790 HIP Protocol


#1

Greetings,

I’m new to developing with HIP so I thought I would start with the basics instead of diving right into the SDK. I can only get error responses from /dev/ttyUSB0. Any packet I send that I think should be correct does not get a response, while any packets I send that I have intentionally set some bits incorrectly will get a response.

To start, my firmware is:

Revision: K2_0_7_35AP C:/WS/FW/K2_0_7_35AP/MSM6290/SRC 2010/03/04 17:37:08

I am testing on an ARM system with an Atmel SAM9G45 processor running Linux. I crafted a couple of HIP packets using hexedit and saved them to a file.

loopback.hip:

hexdump -C loopback.hip 
00000000  7e 00 05 03 00 41 42 43  44 45 7e                 |~....ABCDE~|

loopbackWRONG.hip:

hexdump -C loopbackWRONG.hip 
00000000  7e 00 04 03 00 41 42 43  44 45 7e                 |~....ABCDE~|

My problem is when I send loopback.hip to /dev/ttyUSB0 I get no response… this should be the correct packet. loopbackWRONG.hip has an incorrect datalength and yet I do receive a response to this packet.

cat loopbackWRONG.hip > /dev/ttyUSB0:

hexdump -v -C /dev/ttyUSB0
00000000  7e 00 43 01 41 42 43 44  7e 7e 00 43 01 41 42 43  |~.C.ABCD~~.C.ABC|

I have tried other packets as well, and even some CnS packets, and I never get a response on packets that are crafted properly, only packets with errors. Can anyone see what I have done wrong here?

Thanks


#2

Hi Nelson,

Can you share the CNS packets of the ones you have tried?

Regards,
Rex


#3

Hi Rex,

Apologies on the late reply. I was away on business. Thank you for your response.

My CNS packets are as follows:

hexdump -C getFirmwareExt.hip
00000000  7e 00 03 3f 00 00 01 00  03 02 7e                 |~..?......~|

After some testing, I noticed something curious. If I send loopback.hip multiple times, and then send loopbackWRONG.hip once, I will receive all of my replies to loopback.hip. The same happens for getFirmwareExt.hip. The problem still remains, I cannot receive a response until I send a malformed packet.

Example output from “hexdump -C /dev/ttyUSB0”:

00000160  7e 00 05 43 01 41 42 43  44 45 7e 7e 00 05 43 01  |~..C.ABCDE~~..C.|
00000170  41 42 43 44 45 7e 7e 00  05 43 01 41 42 43 44 45  |ABCDE~~..C.ABCDE|
00000180  7e 7e 00 05 43 01 41 42  43 44 45 7e 7e 00 43 01  |~~..C.ABCDE~~.C.|
00000190  41 42 43 44 7e 7e 00 05  43 01 41 42 43 44 45 7e  |ABCD~~..C.ABCDE~|
000001a0  7e 00 05 43 01 41 42 43  44 45 7e 7e 00 43 01 41  |~..C.ABCDE~~.C.A|
000001b0  42 43 44 7e 7e 00 43 01  41 42 43 44 7e 7e 00 43  |BCD~~.C.ABCD~~.C|
000001c0  01 41 42 43 44 7e 7e 00  43 01 41 42 43 44 7e 7e  |.ABCD~~.C.ABCD~~|
000001d0  00 43 01 41 42 43 44 7e  7e 00 43 01 41 42 43 44  |.C.ABCD~~.C.ABCD|
000001e0  7e 7e 00 43 01 41 42 43  44 7e 7e 00 05 43 01 41  |~~.C.ABCD~~..C.A|
000001f0  42 43 44 45 7e 7e 00 43  01 41 42 43 44 7e 7e 00  |BCDE~~.C.ABCD~~.|
00000200  43 01 41 42 43 44 7e 7e  00 05 43 01 41 42 43 44  |C.ABCD~~..C.ABCD|
00000210  45 7e 7e 00 05 43 01 41  42 43 44 45 7e 7e 00 00  |E~~..C.ABCDE~~..|
00000220  02 0f 4d 43 38 37 39 30  00 00 00 00 00 00 00 00  |..MC8790........|
00000230  00 7e 7e 00 43 01 41 42  43 44 7e 7e 00 43 01 41  |.~~.C.ABCD~~.C.A|
00000240  42 43 44 7e 7e 00 00 02  0f 4d 43 38 37 39 30 00  |BCD~~....MC8790.|
00000250  00 00 00 00 00 00 00 00  7e 7e 00 43 01 41 42 43  |........~~.C.ABC|
00000260  44 7e 7e 00 43 01 41 42  43 44 7e 7e 00 43 01 41  |D~~.C.ABCD~~.C.A|

You can see multiple replies to each command in that output, but the replies are sent in bulk and only sent when the modem receives the malformed packet loopbackWRONG.hip.

Any suggestions?


#4

Found an error in my CNS packet construction and fixed it.

CNS packets are as follows:

hexdump -C getFirmwareExt.hip

00000000  7e 00 0a 2b 00 00 01 01  00 00 00 00 00 00 00 7e  |~..+...........~|

Noticed it was replying to my malformed getFirmwareExt.hip with “MC8790”. Further evidence to prove it is only responding to malformed packets? I have tried this new CNS packet many times with no response (even after sending a malformed packet).


#5

I found that adding an extra null frame works on the MC7710. I.e. sending this will give an answer every time:

perl -e 'print pack("C*", map {hex} @ARGV)' 7e 7e 00 0a 2b 00 00 01 01 00 00 00 00 00 00 00 7e >/dev/ttyUSB0

While this will only give an answer every other time:

perl -e 'print pack("C*", map {hex} @ARGV)' 7e 00 0a 2b 00 00 01 01 00 00 00 00 00 00 00 7e >/dev/ttyUSB0

I have no idea why, but it’s an acceptable workaround.

Bjørn


#6

Hi dl5162,

Thanks for the reply. I tried the workaround by adding an extra “7e” at the beginning of my packet. It did not work for the MC8790. Glad it worked for your MC7710.

Troy

**edit:

I still cannot get a response from sending loopback.hip UNTIL i send loopbackWRONG.hip, but I have noticed that putting an extra “7e” at the beggining of my packet makes the modem respond to each of the previous loopback.hip sent. It was only responding to some packets before adding the extra “7e”. Thanks dl5162.

Now I just need a workaround to get it to respond without sending a malformed packet…