Quectel EG25-G Modem Configuration - ofono - Manjaro Plasma
#1
The modem always functions on the base of two services, the one is always eg25-manager which controls the power on/off of the device and the other one is either ofono or ModemManager, which can be controlled up to a point with `ofonoctl` and `mmcli` respectively.

Here we use ofono which is deployed by Manjaro Plasma Mobile, while other distributions like Manjaro Phosh use ModemManager.

Morover everything having to do with communications is controlled by the Telepathy framework in Plasma so here is a useful documentation book

https://telepathy.freedesktop.org/doc/book/index.html

-----------------------------------------------------------
AT Commands
-----------------------------------------------------------
For the moment we leave aside the AT commands except for the case we want to completely power off the modem with the following command

`echo at+qpwd=1 | sudo atinout - /dev/EG25.MODEM -`

`qpwd=1` means normal power down while `qpwd=0` means emergency power down, these commands start with "q" because they are Quectel specific and shouldn`t be working on other manufacturers

-----------------------------------------------------------
Flight Mode
-----------------------------------------------------------

First Method
-------------------
The modem has several operating modes, here we are interested in 3

1) Normal

`echo at+cfun=1,0 | sudo atinout - /dev/EG25.MODEM -`

2) Minimum Functionality

`echo at+cfun=0,0 | sudo atinout - /dev/EG25.MODEM -`

when you return from this mode to "Normal" you should enter the pin again

`qdbus --system org.ofono /quectelqmi_0 org.ofono.SimManager.EnterPin pin your_pin`

3) Airplane Mode

`echo at+cfun=4,0 | sudo atinout - /dev/EG25.MODEM -`


Second Method
------------------------

You can either disconnect the modem by stopping ofono and starting it again when needed or even cut the power completely like with the AT commands

-------------- Disconnect ----------------
`sudo systemctl stop ofono`

-------------- Reconnect --------------
`sudo systemctl start ofono`
`ofonoctl online`
`qdbus --system org.ofono /quectelqmi_0 org.ofono.SimManager.EnterPin pin your_pin`

-------------- Turn off ---------------
`sudo systemctl stop eg25-manager`

-------------- Turn on & Connect --------------
`sudo systemctl stop ofono`
`sudo systemctl start eg25-manager`
`sudo systemctl start ofono`
`ofonoctl online`
`qdbus --system org.ofono /quectelqmi_0 org.ofono.SimManager.EnterPin pin your_pin`

Note that ofono affects the Bluetooth so don`t turn it off if you are using a Bluetooth connection at that moment. Ofono should be restarted so that the modem regains the `/quectelqmi_0` identity else it will be `/quectelqmi_(1,2,3....)` and the phone dialer won`t be able to make calls, you can then only trigger a call from the terminal as shown later.

Some basic operations can be performed with ofonoctl, type

`ofonoctl --help`

------------------------------------------------------------
oFono and D-Bus - Working with qdbus
------------------------------------------------------------
As every application/service ofono registers itself in DBus which can be manipulated by `qdbus`. If it is not installed open Discover and install Qt QDbusViewer.

Here we assume that the modem is not rejected by the network operator based on its IMEI so we should have Call and SMS functionality out-of-the-box for most users and we will try to configure the mobile data and the MMS.

If we command `qdbus --system` we will get a list of all the services registered in DBus, somewhere in the list we will see `org.ofono` so we issue `qdbus --system org.ofono` and we get the 2 lists for the two devices controlled by ofono, i.e. `/bluetooth` and `/quectelqmi_0`

the one thing that interests us is the contexts, you should see at least 1 entry `/quectelqmi_0/context1`

in fact we will need one for the internet and one for the MMS, so we should create one more context

`qdbus --system org.ofono /quectelqmi_0/context1`

will show us all the possible actions that can be performed on the given context, so we will configure it for mobile data

now we inspect the context with the `GetProperties` method which takes no arguments since the parenthesis is empty, so we issue

`qdbus --system org.ofono /quectelqmi_0/context1 org.ofono.ConnectionContext.GetProperties`

here we need to set up the `AccessPointName` and the `AuthenticationMethod` to `none`, the `Name` can be set to anything you like , `Type` should already be `internet` and the `Protocol` should be `ip`. The Access Point Name (APN) is provided by your operator so search the operator`s website, let`s assume it is `internet.apn.com`

`qdbus --system org.ofono /quectelqmi_0/context1 org.ofono.ConnectionContext.SetProperty Name Internet`
`qdbus --system org.ofono /quectelqmi_0/context1 org.ofono.ConnectionContext.SetProperty AccessPointName internet.apn.com`
`qdbus --system org.ofono /quectelqmi_0/context1 org.ofono.ConnectionContext.SetProperty AuthenticationMethod none`

now try to enable and disable the mobile data from drop down menu 2 times and the context should be activated giving you access to the internet, if not, reboot the phone and try again to enable and disable the mobile data 2 times.

If the context is enabled you should see a tick in the `Active` box by going to `Settings > Cellular Networks > Access Points` or else you issue again

`qdbus --system org.ofono /quectelqmi_0/context1 org.ofono.ConnectionContext.GetProperties`

and you will see `Active: true` plus some new entries like `DNS`, `IP address` etc with their respective values, the NetworkManager should automatically configure the `wwan0` interface which represents the Quectel modem.

Another way to inspect the connection is with `ofonoctl wan`, the table should be filled with all the appropriate values and not be empty.


--------------  MMS Configuration - Not Tested --------------

For the MMS you should create a new context of MMS type, and then you have to configure the `MessageCenter` and `MessageProxy` values according to your operator

`qdbus --system org.ofono /quectelqmi_0 org.ofono.ConnectionManager.AddContext mms`
`qdbus --system org.ofono /quectelqmi_0/context2 org.ofono.ConnectionManager.SetProperty MessageCenter operators_Message_Center`
`qdbus --system org.ofono /quectelqmi_0/context2 org.ofono.ConnectionManager.SetProperty MessageProxy operators_Message_Proxy`

you may need to set up other parametres too so follow your operator`s instructions

try again to reboot your phone and check that the context is activated

`qdbus --system org.ofono /quectelqmi_0 org.ofono.ConnectionManager.GetContexts`
`qdbus --system org.ofono /quectelqmi_0/context2 org.ofono.ConnectionContext.GetProperties`

-----------------------------------------------------------
Full Set of Quectel D-Bus commands
-----------------------------------------------------------

The full set of commands that can be sent to the modem by ofono are listed with the following command though here we have formatted the text to be readable, it naturally appears as a dense list.

`qdbus --system org.ofono /quectelqmi_0`

Some interesting command examples are shown

`qdbus --system org.ofono /quectelqmi_0 org.ofono.SimManager.EnterPin pin your_pin`

`qdbus --system org.ofono /quectelqmi_0 org.ofono.Modem.GetProperties`

`qdbus --system org.ofono /quectelqmi_0 org.ofono.NetworkMonitor.GetServingCellInformation`

`qdbus --system org.ofono /quectelqmi_0 org.ofono.RadioSettings.GetProperties`

-------------- Making a call --------------
`qdbus --system org.ofono /quecteqmi_0 org.ofono.VoiceCallManager.Dial call_number "" `

the quotation marks at the end stand for the second argument which is blank, after issuing the command the plasmaphonedialer should automatically pop up calling to the given number


-------------------------------------------------
Introspect
-------------------------------------------------
method QString org.freedesktop.DBus.Introspectable.Introspect()

-------------------------------------------------
Modem
-------------------------------------------------
signal void org.ofono.Modem.PropertyChanged(QString name, QDBusVariant value)
method QVariantMap org.ofono.Modem.GetProperties()
method void org.ofono.Modem.SetProperty(QString property, QDBusVariant value)

-------------------------------------------------
Voice Call Manager
-------------------------------------------------
signal void org.ofono.VoiceCallManager.BarringActive(QString type)
signal void org.ofono.VoiceCallManager.CallAdded(QDBusObjectPath path, QVariantMap properties)
signal void org.ofono.VoiceCallManager.CallRemoved(QDBusObjectPath path)
signal void org.ofono.VoiceCallManager.Forwarded(QString type)
signal void org.ofono.VoiceCallManager.PropertyChanged(QString name, QDBusVariant value)
method QList<QDBusObjectPath> org.ofono.VoiceCallManager.CreateMultiparty()
method QDBusObjectPath org.ofono.VoiceCallManager.Dial(QString number, QString hide_callerid)
method void org.ofono.VoiceCallManager.DialLast()
method void org.ofono.VoiceCallManager.DialMemory(uint memory_location)
method {D-Bus type "a(oa{sv})"} org.ofono.VoiceCallManager.GetCalls()
method QVariantMap org.ofono.VoiceCallManager.GetProperties()
method void org.ofono.VoiceCallManager.HangupAll()
method void org.ofono.VoiceCallManager.HangupMultiparty()
method void org.ofono.VoiceCallManager.HoldAndAnswer()
method QList<QDBusObjectPath> org.ofono.VoiceCallManager.PrivateChat(QDBusObjectPath call)
method void org.ofono.VoiceCallManager.ReleaseAndAnswer()
method void org.ofono.VoiceCallManager.ReleaseAndSwap()
method void org.ofono.VoiceCallManager.SendTones(QString SendTones)
method void org.ofono.VoiceCallManager.SwapCalls()
method void org.ofono.VoiceCallManager.Transfer()

-------------------------------------------------
Sim Manager
-------------------------------------------------
signal void org.ofono.SimManager.PropertyChanged(QString name, QDBusVariant value)
method void org.ofono.SimManager.ChangePin(QString type, QString oldpin, QString newpin)
method void org.ofono.SimManager.EnterPin(QString type, QString pin)
method QByteArray org.ofono.SimManager.GetIcon(uchar id)
method QVariantMap org.ofono.SimManager.GetProperties()
method void org.ofono.SimManager.LockPin(QString type, QString pin)
method void org.ofono.SimManager.ResetPin(QString type, QString puk, QString newpin)
method void org.ofono.SimManager.SetProperty(QString property, QDBusVariant value)
method void org.ofono.SimManager.UnlockPin(QString type, QString pin)

-------------------------------------------------
Allowed APNs
-------------------------------------------------
method QStringList org.ofono.AllowedAccessPoints.GetAllowedAccessPoints()

-------------------------------------------------
Message Waiting
-------------------------------------------------
signal void org.ofono.MessageWaiting.PropertyChanged(QString name, QDBusVariant value)
method QVariantMap org.ofono.MessageWaiting.GetProperties()
method void org.ofono.MessageWaiting.SetProperty(QString property, QDBusVariant value)

-------------------------------------------------
Supplementary Services
-------------------------------------------------
signal void org.ofono.SupplementaryServices.NotificationReceived(QString message)
signal void org.ofono.SupplementaryServices.PropertyChanged(QString name, QDBusVariant value)
signal void org.ofono.SupplementaryServices.RequestReceived(QString message)
method void org.ofono.SupplementaryServices.Cancel()
method QVariantMap org.ofono.SupplementaryServices.GetProperties()
method QString org.ofono.SupplementaryServices.Initiate(QString command, QDBusVariant& value)
method QString org.ofono.SupplementaryServices.Respond(QString reply)

-------------------------------------------------
Network Monitor
-------------------------------------------------
method {D-Bus type "a(a{sv})"} org.ofono.NetworkMonitor.GetNeighbouringCellInformation()
method QVariantMap org.ofono.NetworkMonitor.GetServingCellInformation()
method void org.ofono.NetworkMonitor.RegisterAgent(QDBusObjectPath path, uint period)
method void org.ofono.NetworkMonitor.UnregisterAgent(QDBusObjectPath agent)

-------------------------------------------------
Connection Manager
-------------------------------------------------
signal void org.ofono.ConnectionManager.ContextAdded(QDBusObjectPath path, QVariantMap properties)
signal void org.ofono.ConnectionManager.ContextRemoved(QDBusObjectPath path)
signal void org.ofono.ConnectionManager.PropertyChanged(QString name, QDBusVariant value)
method QDBusObjectPath org.ofono.ConnectionManager.AddContext(QString type)
method void org.ofono.ConnectionManager.DeactivateAll()
method {D-Bus type "a(oa{sv})"} org.ofono.ConnectionManager.GetContexts()
method QVariantMap org.ofono.ConnectionManager.GetProperties()
method void org.ofono.ConnectionManager.RemoveContext(QDBusObjectPath path)
method void org.ofono.ConnectionManager.ResetContexts()
method void org.ofono.ConnectionManager.SetProperty(QString property, QDBusVariant value)

-------------------------------------------------
Radio Settings
-------------------------------------------------
signal void org.ofono.RadioSettings.PropertyChanged(QString name, QDBusVariant value)
method QVariantMap org.ofono.RadioSettings.GetProperties()
method void org.ofono.RadioSettings.SetProperty(QString property, QDBusVariant value)

-------------------------------------------------
Network Registration
-------------------------------------------------
signal void org.ofono.NetworkRegistration.PropertyChanged(QString name, QDBusVariant value)
method {D-Bus type "a(oa{sv})"} org.ofono.NetworkRegistration.GetOperators()
method QVariantMap org.ofono.NetworkRegistration.GetProperties()
method void org.ofono.NetworkRegistration.Register()
method {D-Bus type "a(oa{sv})"} org.ofono.NetworkRegistration.Scan()

-------------------------------------------------
Message Manager
-------------------------------------------------
signal void org.ofono.MessageManager.ImmediateMessage(QString message, QVariantMap info)
signal void org.ofono.MessageManager.IncomingMessage(QString message, QVariantMap info)
signal void org.ofono.MessageManager.MessageAdded(QDBusObjectPath path, QVariantMap properties)
signal void org.ofono.MessageManager.MessageRemoved(QDBusObjectPath path)
signal void org.ofono.MessageManager.PropertyChanged(QString name, QDBusVariant value)
method {D-Bus type "a(oa{sv})"} org.ofono.MessageManager.GetMessages()
method QVariantMap org.ofono.MessageManager.GetProperties()
method QDBusObjectPath org.ofono.MessageManager.SendMessage(QString to, QString text)
method void org.ofono.MessageManager.SetProperty(QString property, QDBusVariant value)

-------------------------------------------------
Push Notification
-------------------------------------------------
method void org.ofono.PushNotification.RegisterAgent(QDBusObjectPath path)
method void org.ofono.PushNotification.UnregisterAgent(QDBusObjectPath path)

-------------------------------------------------
Smart Messaging
-------------------------------------------------
method void org.ofono.SmartMessaging.RegisterAgent(QDBusObjectPath path)
method QDBusObjectPath org.ofono.SmartMessaging.SendAppointment(QString to, QByteArray appointment)
method QDBusObjectPath org.ofono.SmartMessaging.SendBusinessCard(QString to, QByteArray card)
method void org.ofono.SmartMessaging.UnregisterAgent(QDBusObjectPath path)

-------------------------------------------------
Long Term Evolution (LTE)
-------------------------------------------------
signal void org.ofono.LongTermEvolution.PropertyChanged(QString name, QDBusVariant value)
method QVariantMap org.ofono.LongTermEvolution.GetProperties()
method void org.ofono.LongTermEvolution.SetProperty(QString property, QDBusVariant value)
  Reply
#2
Wink 
@mouffa Dear friend, please tell, what do you think of this "EG25-G GB - official SDK and many helpful files" issue?

Just got a notification on Github and came here to share this - github [dot] com/Biktorgj/pinephone_modem_sdk/issues/8

Here's a copy:

Dear friend, thank you so much for your benevolent work!
Robert Smith has shared a link to "gn0m3dio" repo to me, and the best thing I can do
is to share them with you to help your Pinephone-related research.
  • git [dot] teknik [dot] io/gn0m3dio/EG25-G_GB
  • This >3GB repository is hard to git clone, so here is an archive of it:
    mega [dot] nz/file/pxQ1XKrL#xSOkIKbdftOAj0w79lIkSijF9tXzX3mngWe9yfAt4wg

    SHA256: ae1b8efdfe65f2e6105b8f559e780fbce9dd12ccd01abe1a92519b2a60b6735a EG25-G_GB.tar.gz
  Reply
#3
I had read here that the modem can be hacked and that the SDK is under development

https://wiki.pine64.org/wiki/PineModems

I have done a similar work on a ZTE ADSL router but this seems to be able to go beyond, and what I mean is that it may be possible to experiment with the radio hardware for hacking the cellular network, for example the command which gives information about the cells around you is disabled and answers that "Implementation is not provided"

`qdbus --system org.ofono /quectelqmi_0 org.ofono.NetworkMonitor.GetNeighbouringCellInformation`

I tested the `at+egmr` command and indeed responds, give the following command to read the number, don't try to change it because you may run into "problems"

`echo  at+egmr=0,7 | sudo atinout - /dev/EG25.MODEM - `

it's one of the hundreds of undocumented commands, so I searched it and I found this interesting and extensive manual

https://docs.ai-thinker.com/_media/b_and...ual9.0.pdf

I will keep following the project because the modem is a second computer that can do many special things with its radio and should be as much open source as possible.

Another target now is the GPS and even if you don't use it, it is interesting to know the technology behind it as implemented in the modem.
  Reply
#4
(05-29-2021, 04:57 AM)mouffa Wrote: I had read here that the modem can be hacked
Yes, this is true
(05-29-2021, 04:57 AM)mouffa Wrote: and that the SDK is under development - https://wiki.pine64.org/wiki/PineModems
It's the unofficial SDK which is under development, and these gn0m3dio / mega nz links which I have provided above - are for the official SDK. Tongue   For the further breakthrough, it may be useful to take a look on the interesting files at these links.
(05-29-2021, 04:57 AM)mouffa Wrote: I have done a similar work on a ZTE ADSL router but this seems to be able to go beyond, and what I mean is that it may be possible to experiment with the radio hardware for hacking the cellular network, for example the command which gives information about the cells around you is disabled and answers that "Implementation is not provided" --- `qdbus --system org.ofono /quectelqmi_0 org.ofono.NetworkMonitor.GetNeighbouringCellInformation`
Maybe "GetNeighbouringCellInformation" is supported by hardware and not implemented in (or just not compiled into) the firmware, but theoretically such a feature is possible?
(05-29-2021, 04:57 AM)mouffa Wrote: I tested the `at+egmr` command and indeed responds, give the following command to read the number, don't try to change it because you may run into "problems" - `echo  at+egmr=0,7 | sudo atinout - /dev/EG25.MODEM - `
Even if in your country it's not "allowed" to change the IMEI, you can still do this wisely. Cool   In example: change it to IMEI of some old broken phone which you also own - this way (unless the manufacturer was re-using the IMEIs) it's almost guaranteed that in a cellular network there won't be two devices with the same IMEIs simultaneously (situation which might cause them both to get banned).
(05-29-2021, 04:57 AM)mouffa Wrote: it's one of the hundreds of undocumented commands, so I searched it and I found this interesting and extensive manual - https://docs.ai-thinker.com/_media/b_and...ual9.0.pdf

Great find! Are you sure that all these commands apply to this Pinephone's modem, and how it is related to rda8908a RDA electronics that this manual is about?

At the links I have shared above, there are some fresh AT Commands documents for this modem, but maybe they don't include the undocumented commands - such as "change IMEI".
(05-29-2021, 04:57 AM)mouffa Wrote: I will keep following the project because the modem is a second computer that can do many special things with its radio and should be as much open source as possible.Another target now is the GPS and even if you don't use it, it is interesting to know the technology behind it as implemented in the modem.

By "another target", you mean there's a co-processor inside modem which provides this GPS function?
  Reply
#5
I didn't need the mega link, in fact I tried it once and it crashed in the end and I lost everything, then I just cloned the repository with `wget`, it went full speed without problems.

The modem is designed to be able to read all the bands and implement the appropriate multiplexing of the bands according to the protocols, the firmware mostly dictates the "legal" way to do it, for example not to give out to the user the info about other cells around you, the modem has to know it and connect to the right one.

https://opencellid.org

This is a good idea with the old phone though from the early 2000s I mostly wanted to spoof the SIM and make calls as another person just once to prove the concept.

The Quectel design is one and it is used in the RDA too and this is the reason why it accepts the at+q* commands which are Quectel specific, many commands may not be valid, for example the wi-fi commands, what I noticed is a difference in the parametres, for example the +egmr command accepts 0 to read and 1 to write but in the RDA is 1 and 2 respectively though you can list the valid parametres with `at+egmr=?`.

There are many interesting things about the global navigation that go beyond the modem, for now we focus on the modem since it covers many national systems too, in the end we will do a reverse engineering with electron microscopy like EA did back in the 90s with the SEGA cartridges and broke the IP core, these cartridges with the yellow tag, then SEGA succumbed and accepted a contract.

Correction, I just tried the +qwifi command and the modem seems to have a wi-fi, at least the wi-fi command manual in the master says that it applies for EG25!!!!

The funny thing is that when I bought the phone I was sure it was using the modem's wi-fi and then I realised it uses another chip so I reckoned there is no wi-fi on the modem, the Realtek uses some closed firmware so why don't we use the modem to reduce the number of ICs, the power consumption and the complexity ? I will give it a try.
  Reply
#6
According to the manual the wi-fi is implemented by the FC20 core and its function is to create Access Points for sharing the 4G cellular data, it doesn't seem to be able to connect as a client to other Access Points at least according to the document, unofficially it should be able to do it.

The interesting thing is that according to the manual it even covers 5G frequencies 5.180GHz~5.825GHz. Many secrets inside that second computer.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ubuntu Touch vs. Manjaro on Braveheart [Accessibility] jazzhands 0 79 09-22-2021, 11:52 AM
Last Post: jazzhands
  CVE-2021-31698 - Quectel Eg25-g AT Command Injection jtn0514 1 257 09-21-2021, 05:18 AM
Last Post: wibble
  Regarding USB Power and Modem Initialization vidual 2 364 08-26-2021, 11:48 PM
Last Post: vidual
  Quectel T-Mobile Certification and MMS manuals mouffa 2 561 08-08-2021, 04:28 AM
Last Post: mouffa
  Modem SMS issue(s) Helium75 3 1,614 08-03-2021, 06:30 PM
Last Post: bcnaz
  Modem always disconnects after phone being dropped kqlnut 4 563 07-17-2021, 05:36 AM
Last Post: kqlnut
  Quectel EG25-G H/W interface - Operating Modes - eg25-manager mouffa 0 527 06-23-2021, 06:57 AM
Last Post: mouffa
  LTE Modem activity and CPU freezing by few seconds waves jrobin28260 5 1,508 06-19-2021, 09:38 AM
Last Post: jrobin28260
  Quectel EG25-G GNSS Configuration and location tracking mouffa 2 1,057 06-07-2021, 04:24 AM
Last Post: mouffa
  modem no carrier message Rainer 15 2,620 05-27-2021, 06:02 AM
Last Post: mouffa

Forum Jump:


Users browsing this thread: 1 Guest(s)