Fabien Sanglard's Website

submited by
Style Pass
2024-11-08 16:00:09

I was reading an article on planetbeing's blog the other day and my curiosity was tipped off when he mentioned that phones don't run only one operating system but two. I decided to learn a bit how all this really works and here are my notes with the source code associated. Hopefully it will help someone investigating the subject. The smart and the phone

Modern smartphones are made of two parts: The "smart" part and the "phone" part. They are very independent from each other, on iPhone for example MacOSX can crash during a call but user will still be able to pursue a conversation. Those two part use separate boards, processors, run different operating system started with different bootloader and of course don't use the same RAM. More interesting is that they are "poorly" coupled and communicate with each other via an UART serial line to pass commands, the same old way a 386 was communicating with a modem plugged on a port COM 14 years ago. The protocol (Hayes Command Set) is 30 years old, human readable and extendable: even relatively new function such as "unlocking" are done over AT-Commands. This architecture is valid for both the Androids and the iPhones: A kernel module exposes the serial line over an UNIX pseudo-terminal in the /dev folder. On Androids there is only one pseudo terminal: /dev/smd0 but on iPhone the UART is divided by a kernel module and several pseudo-terminals are exposed: /dev/mux.h5-baseband.reg, /dev/dlci.h5-baseband.call or /dev/dlci.h5-baseband.sms. The user land process can then open any terminal and perform I/O commands with simple read and write.

Note: That's why the iPhone hackers use two words for their activity: "Jaibreak" which refers to open the "smart" MacOS X access. "Unlock" which refer to allowing the modem to use any SIM card, even is the SIM's MMC/MNC are not matching the operator's MMC/MNC.

Leave a Comment