proberts9999 at yahoo.com
Mon Dec 4 18:01:44 CET 2006
--- Florent THIERY <fthiery at gmail.com> wrote:
> Isn't it possible to "sniff" the AT commands sent by
> EZX phoning apps on the
> original motorola firmware? like destroying the
> /dev/tty, creating another
> one piping into our logger, and finally sending it
> back to the BP?
On my E2, selinux locks me out of creating nodes in
/dev (although I can create them in /tmp).
I did a little RE on the libezxtapi.so, and the
user-land tapi client uses a pair of UDP sockets to
communicate with the BP (maybe indirectly?). Am I
correct in assuming that the server software is
running on the AP as well, or could it be connecting
to something on the BP?
It may do some ioctl on three of the /dev/mux
devices. Ioctl is imported and the data segment has
three /dev/mux devices. I haven't found routines
where that's used yet. (Interestingly, there's a
routine related to subsidy lock.)
> I'm getting a phone (normally) this week.
> On 12/3/06, Patrick Roberts <proberts9999 at yahoo.com>
> > This may not have been what you guys were
> > for, but I sent that AT+ command to all the tty
> > mux) devices on my phone and none returned
> > useful. (was done with c open/write/read.)
> > I've started a little RE on the ezxtapi lib.
> > let you know if I find anything.
> > -Pat
> > Cheap talk?
> > Check out Yahoo! Messenger's low PC-to-Phone call
> > http://voice.yahoo.com
Check out Yahoo! Messenger's low PC-to-Phone call rates.
More information about the openezx-devel