Editing N900 GPS Reverse Engineering

Warning: You are not logged in. Your IP address will be recorded in this page's edit history.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Learn more about Contributing to the wiki.

acquire packets like:
 strace -p $(pidof location-daemon) -e read=6 2>&1|grep '| 000'

== Packet Graph ==

| 00000  00 92 01 00 00 00 00 xx  05 00 00 00 09 03 00 10
          S------------------- T4  DL S-------------------
 | 00010  07 da 07 15 00 xx xx 00  xx xx 00 00 09 02 00 1c
          S------------- TL TS --        S----------------
 | 00020  xx xx xx xx xx xx xx xx  00 00 xx xx 00 00 08 8b
          DL---       DL--- TS     S----       S---- ^eph^
 | 00030  xx 00 xx xx xx xx xx xx  09 04 00 14 62 7e xx xx
             S- DL TS---    DL MS  S---------- track SS---
 | 00040  xx xx 00 xx xx xx 00 xx  00 xx 00 00 09 05 00 74
          DL--- S-    TL    S- DS  S- DS S------------- DL
 | 00050  09 00 00 00 00 02 xx xx  00 xx xx xx xx xx 00 00
          DL S---------- T4--- MS  S- TS--- I  TS MI S----
 | 00060  00 04 xx xx xx xx xx xx  xx xx 00 00 00 xx xx xx
          S- T4 T3 TS S- TL TS MS  TS MD S------- T4 TS---
 | 00070  00 xx xx xx xx xx 00 00  00 xx xx xx 00 03 xx xx
          S- TS--- I  TS MS S-------- T3 MS MS S- DL TS MS
 | 00080  xx xx 00 00 00 xx xx xx  00 xx xx xx xx xx 00 00
          TS MD S------- T3 TS MS  S- TS--- MS TS MI S----
 | 00090  00 xx xx xx 00 03 xx xx  xx xx 00 00 00 xx xx xx
          S- TS------ S- DL TS MD  TS MS S------- TS SS+TS
 | 000a0  00 xx xx xx xx xx 00 00  00 xx xx xx 00 xx xx xx
          S- TL TS MS TS MD S-------- TS------ S- TL TS MI
 | 000b0  xx xx 00 00 00 xx xx xx  00 xx xx xx xx xx 00 00
          TS--- S------- TS--- MS  S- TS--- MI TS MS S----
 | 000c0  09 08 00 0c xx xx xx xx  xx xx xx xx
          DL----------------------------------

=== Key ===
*S = Static, unchanging normally
*MS = Mostly static, varying in value normally slightly
*SS = Sometimes static, completely different values sometimes
*I = Incrementing
*MI = Incrementing, but not every packet
*D = Decrementing
*MD = Decrementing, but not every packet
*TS = Time-sensitive; changes over (short) durations of time
*TL = Time-sensitive, longer duration
*T3 = "
*T4 = ", overnight
*DS = Distance-sensitive; changes over at least 30m distance
*DL = Distance-sensitive, like across the world

== Packet Analysis ==
*??? = mode: The mode of the fix 
*??? = fields: A bitfield representing which items of this tuple contain valid data 
*10,11 = time year
*12 = time month
*13 = time day
*15 = time hour
*16 = time minute
*18,19 = time seconds and milliseconds (in milliseconds)
*??? = ept: Time accuracy 
*20,21,22(,23?) = latitude / 360 * 256*256*256(*256?)
*24,25,26(,27?) = longitude / 360 * 256*256*256(*256?)
*28 =
*2b,2c = 0590-12a9 (hex)
*2e,2f = eph (cm)
*??? = altitude: Fix altitude in meters
*30 =
*(34?,)35 = (double epv: Vertical position accuracy) * 2
*3c,3d = track: Direction of motion in hundredths of a degree
*3e,3f = epd: Track accuracy (in hundredths?)
*42,43 = speed, in centimetres per second
*44,45 = eps: speed accuracy, in centimetres per second
*??? = climb: Current rate of climb in m/s
*??? = epc: Climb accuracy

Please note that all contributions to maemo.org wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see maemo.org wiki:Copyrights for details). Do not submit copyrighted work without permission!

Summary:

Cancel | Editing help (opens in new window)

Retrieved from "https://wiki.maemo.org/N900_GPS_Reverse_Engineering"

Personal tools

Navigation

Views

Editing N900 GPS Reverse Engineering

@@ Line 1: / Line 1: @@
 acquire packets like:
   strace -p $(pidof location-daemon) -e read=6 2>&1|grep '| 000'
-alternatively you can capture them from the network interface, but this will include other modem information:
- tcpdump -i phonet0 -s 0 -w phonet.cap
 == Packet Graph ==
@@ Line 33: / Line 30: @@
   | 000c0  09 08 00 0c xx xx xx xx  xx xx xx xx
            DL----------------------------------
-B9 BE 67 48 2D 08 AC 08 CC AF 0A EC 49 B5 C8 08 A8 0C 49 49 95 75 4C E8 8C 84 6B 8E EC 29 78 10 10 44 00 18 EF 8E EC 48 91 10 04 EA 18 EA 8E 8C A7 11 FE
 === Key ===
@@ Line 53: / Line 48: @@
 == Packet Analysis ==
 *??? = mode: The mode of the fix
 *??? = fields: A bitfield representing which items of this tuple contain valid data
-*00 = ISI sequence ID (seems to be always 0 for GPS)
-*01 = GPS Data Opcode (0x92)
 *10,11 = time year
 *12 = time month
@@ Line 62: / Line 55: @@
 *16 = time minute
 *18,19 = time seconds and milliseconds (in milliseconds)
-*1a,1b = *probably* ept: Time accuracy, but *always* 0, so no way to verify
+*??? = ept: Time accuracy
-*20,21,22,23 = latitude / 360 * 256*256*256*256
+*20,21,22(,23?) = latitude / 360 * 256*256*256(*256?)
-*24,25,26,27 = longitude / 360 * 256*256*256*256
+*24,25,26(,27?) = longitude / 360 * 256*256*256(*256?)
 *28 =
 *2b,2c = 0590-12a9 (hex)
 *2e,2f = eph (cm)
+*??? = altitude: Fix altitude in meters
 *30 =
-*32,33,,36,37 = altitude; ((p32;33) - (p36;37)) / 2 = meters
 *(34?,)35 = (double epv: Vertical position accuracy) * 2
 *3c,3d = track: Direction of motion in hundredths of a degree
@@ Line 75: / Line 68: @@
 *42,43 = speed, in centimetres per second
 *44,45 = eps: speed accuracy, in centimetres per second
-*46,47 = climb: Current rate of climb in cm/s
+*??? = climb: Current rate of climb in m/s
-*48,4a = epc: Climb accuracy, in cm/s
+*??? = epc: Climb accuracy
-== Protocol Details ==
-NOTE: I am counting octets based on zero.
-The actual packets are comprised of "sub-packets".
-The overall packet has a 12 byte header.
-The number of sub-packets is located at octet 8 (and possibly little-endian extended to octet 11).
-Each subpacket has a 4 byte header:
-* Octet 0 is always 9
-* Octet 1 is the subpacket type
-* Octet 2 is always 0
-* Octet 3 is the length of the subpacket (which includes the subpacket header itself)
-Subpacket 2 contains position information:
-* Octets 0-3 are the latitude
-* Octets 4-7 are the longitude
-* Octets 12-15 are "eph" (in centimetres)
-* Octets 18-23 are the altitude (and accuracy information)
-Subpacket 3 contains date and time information:
-* Octets 0-1 are the year
-* Octet 2 is the month
-* Octet 3 is the day of month
-* Octet 5 is the hour
-* Octet 6 is the minute
-* Octets 8-9 are milliseconds (including seconds)
-* Octets 10-11 are the time accuracy
-Subpacket 4 contains information on track, speed, and climb:
-* Octets 0-1 are track (direction of motion) in cm/sec
-* Octets 2-3 are the track accuracy
-* Octets 6-7 are the speed in cm/sec
-* Octets 8-9 are speed accuracy
-* Octets 8-11 are climb in cm/sec
-* Octets 12-13 are climb accuracy
-Subpacket 5 contains satellite information:
-* Octet 0 is the number of sats visible
-* Beginning with octet 8, there are series of 12-octet info for each sat visible:
-** Octet 1 is the PRN
-** Octet 2 is 1 if the sat is being used, and 0 otherwise
-** Octets 3-4 are the signal strength
-** Octets 6-7 are the elevation
-** Octets 8-9 are the azimuth
-Subpacket 7 contains information on the GSM cellular network:
-** Octets 0-1 contain the Mobile Country Code
-** Octets 2-3 contain the Mobile Network Code
-** Octets 4-5 contain the Location Area Code
-** Octets 6-7 contain the Cell ID
-Subpacket 8 contains information on the WCDMA cellular network:
-** Octets 0-1 contain the Mobile Country Code
-** Octets 2-3 contain the Mobile Network Code
-** Octets 4-7 contain the UC ID
-== Wireshark ==
-[[User:sre|Sebastian Reichel]] writes a lowlevel library to access the N900's modem features and a wireshark plugin to analyze the packages. The information from above is currently only included in the Wireshark Plugin:
-* [http://elektranox.org/n900/images/wireshark/04.png Screenshot]
-* [https://git.ring0.de/isi-wireshark-plugin/ Plugin]
-[http://maemo.org/profile/view/luke-jr Luke Dashjr] wrote small program in C which show GPS data from phonet modem stack.
-* [http://luke.dashjr.org/tmp/code/gps2.c gps2.c]
-[[Category:N900 Hardware]]