Skip to content

Instantly share code, notes, and snippets.

View mrlnc's full-sized avatar

Merlin Chlosta mrlnc

96 followers · 47 following
View GitHub Profile
@mrlnc
mrlnc / adb-5gnr-status.md
Created March 4, 2021 12:49
adb: get 5G-NR connection status

I need to use ADB and check if the phone is currently on 5GNR or not. gsm.network.type doesn't indicate if 5G-NSA bearers are active. No matter if LTE, LTE+ or 5G indicators are shown, the network type remains the same:

OnePlus8:/ # getprop gsm.network.type                                                                                     
LTE,Unknown

Workaround:

logcat /data/com.android.providers.telephony/databases/telephony.db | grep -i update5GIcon
@mrlnc
mrlnc / .md
Created December 14, 2023 16:44
SIMtrace2 Serial Output

SIMtrace2 has a serial debug interface. It requires a serial-over-audio-jack cable that sysmocom sells in their webshop.

The serial output looks like this:

=============================================================================
SIMtrace2 firmware 0.8.1.66-e6e7, BOARD=simtrace, APP=trace
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x28900960 (Ext 0x00000000)
@mrlnc
mrlnc / pysim-suci.md
Last active November 7, 2023 12:55
pysim-suci.md
@mrlnc
mrlnc / ipcc.md
Created April 25, 2022 11:03
iOS IPCC Carrier Configs

Inspect iOS Carrier Profiles (IPCC)

Carrier Profiles configure your smartphone for mobile networks. I'm not sure if Carrier Profiles are just a legacy or are actually required nowadays, since all configuration should be done through the mobile network itself.

You'll find things in there like:

  • enable VoLTE for specific carriers
  • disable some bands (makes sense if your carrier isn't transmitting there)

Download the list of all IPCCs:

@mrlnc
mrlnc / its-g5-sniffer.sh
Created May 9, 2023 19:04
ITS-G5-Sniffer
#!/bin/bash
DRIVER_DIR="/home/merlin/src-for-11p/linux/drivers/net/wireless/ath/"
INTERFACE="wlp2s0"
MONITOR_INTERFACE=$INTERFACE-monitor
FILE="v2x_%F_%H:%M:%S.pcap"
OUTPUT_DIR="/home/merlin/PCAPs/"
echo "Unloading modules. Some errors might occur if the modules are not actually loaded."
@mrlnc
mrlnc / gist:a2a37398b07b43f337a6f7579511c31b
Created July 26, 2022 21:09
plutil extract to JSON

Trying to convert a plist file to JSON but plutil is giving you a hard time?

I want the CellBroadcast as JSON:

plutil -extract CellBroadcast json -o - test.plist

That fails despite it should not:

test.plist: invalid object in plist for destination format
@mrlnc
mrlnc / gist:d7fc7d6fd037b3688fbfa00110a0c377
Created December 25, 2022 11:49
`iw list` for RPI4 on Kali
$ iw phy
Wiphy phy0
wiphy index: 0
max # scan SSIDs: 10
max scan IEs length: 2048 bytes
max # sched scan SSIDs: 16
max # match sets: 16
Retry short limit: 7
Retry long limit: 4
@mrlnc
mrlnc / carrier.xml
Created June 8, 2022 21:57
iOS FR-ALERT Configuration
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CellBroadcast</key>
<dict>
<key>AlertTypes</key>
<dict>
<key>SevereAlerts(Level3)</key>
<dict>
@mrlnc
mrlnc / carrier.plist
Created September 21, 2022 09:48
CountryBundle Germany, iOS 16.1 beta 2
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CellBroadcast</key>
<dict>
<key>AlertConfigurations</key>
<dict>
<key>Configuration_de</key>
<dict>
@mrlnc
mrlnc / EF.CBMIR.md
Last active October 13, 2022 16:45
ets

Vodafone CallYa Germany (26202)

EF.CBMIR:

pySIM-shell (MF/ADF.USIM/EF.CBMIR)> read_binary_decoded 
{"type": "cmd", "cmd": "00a40004026f50", "rsp": "6129"}
{"type": "cmd", "cmd": "00c0000029", "rsp": "62278202412183026f50a50f800171c0010091047f206f509201008a01058b036f06048002001488009000"}
{"type": "cmd", "cmd": "00b0000014", "rsp": "00000001110011021112111b111f1127ffffffff9000"}
[
    [
        {