mirrors
/
phrack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
phrack/phrack45/26.txt

333 lines
12 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

==Phrack Magazine==
Volume Five, Issue Forty-Five, File 26 of 28
******************************************************************************
Cellular Debug Mode Commands
**************************************
Motorola test mode programing codes
for most motorola phones
**************************************
01# Restart (re-enter DC power start-up
routine)
02# Display Current Telephone Status
04# Initializes Telephone to Std.
Default Conditions
05# TX Carrier On (key transmitter)
06# TX Carrier Off
07# RX Off (mute receiver audio)
08# RX Audio On (unmute receiver audio)
09# TX Audio Off
10# TX Audio On
11(ch.no.)# Set Transceiver to channel
(RX & TX)
12# Set power level
13# Power Off
14# 10 khz Signalling Tone On
15# 10 khz Signalling Tone Off
16# Setup (Transmits a five word RECC
message)
17# Voice (Transmits a two word REVC
message)
18# C-SCAN
19# Display Software Version Number
(year & week)
25# SAT On
26# SAT Off
27# Transmit Data (TX continuous
control channel data)
32# Clear (clears non-volatile memory)
33# Turn DTMF on
34# Turn DTMF off
35# Display RSSI ("D" series portable
only)
35# Set Audio path
38# Display ESN (displays ESN in four
steps, hit * till back at start)
39# Compander On
41# Enables Diversity
42#,43#,44# Disable Diversity
(different models use different
codez)
45# Display Current RSSI
46# Display Cumulative Call Timer
47# Set Audio level
48# Side Tone On
49# Side Tone Off
55# Display and or program NAM (test
mode programing)
58# Compander On
59# Compander Off
61# ESN Transfer (for series I and Mini
T.A.C's)
62# Turn On Ringer
63# Turn Off Ringer
66# Identity Transfer (series II and
some current portables)
68# Display FLEX and Model info
69# Used with Identity Transfer
***************************************
***************************************
1. Entering test mode on 25 pin
transceivers is as follows:
for F19ATA or F19CTA ground pin 11
and power-up phone,
for DMT/Mini T.A.C series I, II,
III ground pin 21 and power-up
phone.
2. Entering test mode on OEM 32 pin
transceivers is as follows:
ground pin 9 and power-up phone.
3. Entering test mode on portable
phones is as follows:
ground pin 6 and power-up phone.
4. Entering test mode on Micro T.A.C's
phones is as follows:
ground pin 2 and power-up phone.
------------------------------------------------------------------------------
Oki Debug Commands - Good Timing
From Nuts & Volts Dec. 1993
To Enter Debug Mode:
Press 7 & 9 Together
then press MENU, SEND, END, RCL, STO and CLR
then press 1 & 3 together
Commands:
#01 Suspend Performs Initialization
#02 Restart Terminates the test mode
#03 Status Shows the current status of TRU
#04 Reset Resets the timer
#07 Carrier On Turns the carrier on
#08 Carrier Off Turns off the carrier
#09XXXX Load Synth Sets the synthesizer to channel XXXX
#10X Set Attn Sets the RF power attenuation to X
#11 RX Mute Mutes the receive audio
#12 RX Unmute Unmute the receive audio
#13 TX Mute Mutes the transmit audio
#14 TX Unmute Unmutes the transmit audio
#16 ST On Transmits a signalling tone
#17 ST Off Turns off the signalling tone
#18 Setup Transmits a 5 word RCC message
#19 Voice Transmits a 2 word RVC message
#20 Rcv SU Receives a 2 word FCC message
#21 Rcv VC Receives a 1 word FVC message
#22 Send NAM Returns the information contained in the NAM
#23 Version Displays the TRU software version
#24 Send SN Displays the ESN
#25XXXX Mem Displays the resident memory data at XXXX
#28 WSTS Receive 1 word messages on CC until #56/CLR
#29 WSTV Receive 1 word messages on VC until #56/CLR
#32X SAT On Enables the transmission of SAT X
#33 SAT Off Disables the transmission of SAT
#35 Hi TN On Activates the 1150 Hz tone to receive audio line
#36 Hi TN Off Deactivates the 1150 Hz tone
#37 Lo TN On Activates the 770 Hz tone to receive audio line
#38 Lo TN Off Deactivates the 770 Hz tone
#42XX DTMF On Enables the transmission of DTMF frequency XX
#43 DTMF Off Disables the transmission of DTMF
------------------------------------------------------------------------------
Novatel 8325
------------
This article is copyright 1993 by the author. Reproduction is allowed, with the
following restrictions:
1) Any copy, or edited version, of this file must contain this copyright
notice, the author's name, and the information regarding Phrack.
2) No commercial use may be made of it without prior permission of the author.
This permission may be revoked at any time, in which case all reproduction
must cease, and any copies must be destroyed.
3) Use as evidence in a court of law, for the purposes of this agreement,
is considered a commercial use.
4) This agreement can not be changed, or added to in any way. Receipt of this
work through an authorized commercial distributor does not imply permission
given to the commercial consumer to re-distribute it in a commercial manner.
5) Any part of this agreement found invalid by a court of law does not render
the remainder of this agreement void: The rest of the terms of the agreement
must still be adhered to.
The Novatel 8325 is a bag-style portable cellular telephone. It is known as a
'ProClassic' in Novatel MarketSpeak. Two different handsets (control units) are
used with the 8325 transceiver: the 4130 and 5160. My phone has the 5160.
The handsets appear very similar: I doubt there is any functional difference
between them. Earlier transceivers, such as the 8320, contain many of the same
features as the 8325, though the hidden menus are accessed with different
codes. The only other code I know of is #746, which is the code for the 8320
CFG menu.
Terms: Throughout this article, I will refer to things without explaining them
each time. If you get lost, refer to the table below.
NORMAL = the phone is in this mode when it is not locked, or in either of the
hidden menus, or in the 'user' menus accessed by the MENU key. The screen will
display either READY or SCANNING when in normal mode. This is the mode the phone
is in when it is first turned on.
LOCKED = when the phone displays LOCKED, a code must be typed to enter normal
mode. The default code is 1234. The telephone can be locked using [FCN] 1 [SND]
from normal mode. The phone must be locked before entering in any of the codes
to access the hidden menus described below.
TBL = troubleshooting mode = the hidden menu accessed with 546*. This is a
menu supposedly know only to Novatel, not even their dealers are supposed to
know about it. According to Novatel, some of the features in this menu could
destroy the phone if improperly set. Scare tactics? You decide.
CFG = configuration mode = the hidden menu accessed with 510*. This is used by
dealers to set up a subscriber's service. As far as I know, there is nothing
particularly dangerous about this mode, but Novatel is touchy about it
nonetheless. I take no responsibility for any damages.
Troubleshooting Mode - TBL
First, lock phone with [FCN] 1 [SND]
Then, enter 546* on the keypad. The phone
will not make tones for each key pressed.
TBL 8325 /___ This is what shows up on my phone.
REV NA0C \ Yours may be different.
You are now in troubleshooting mode. You may page through the functions
by using the arrow keys, or access the functions by number, by hitting #
(The screen will display DIR PAGE ACCESS) and then the function number,
from the chart below. Note that on initially entering Troubleshooting mode,
you are on function 37. Toggle with the [SND] key, unless otherwise noted.
# Screen Default Toggle/Range Description
-----------------------------------------------------------------------------
11 TRANSMIT OFF ON Turn the transmitter on.
12 TX TEST OFF [CLR]=OFF, 0-7 test data stream, audio levels of
13 CHANNEL 0000 0000-1023 [H/F] = down, [RCL] = up.
14 TX AUDIO OFF ON
15 VOLUME GAIN 6 0-7
16 RX AUDIO OFF ON Turn the receiver on. Set this to ON
and use in conjunction with #13
(CHANNEL) to listen to calls.
17 POWER ATTN 3 0-7
18 SYNTH LOCKED synthesizer locked. if reads
unlocked, the phone has real problems.
19 SAT OFF ?? transmitted SAT
20 RF POWER OFF ON Not an option, but an indicator. When
TRANSMIT is set ON, this displays ON.
21 SPEAKER ON OFF
22 SIDE TONE ON OFF
23 TX DTMF OFF Tone test. [CLR] then 00-25. DTMF means touch-tone
00 = DTMF 1 01 = DTMF 2 02 = DTMF 3 03 = DTMF A?
04 = DTMF 4 05 = DTMF 5 06 = DTMF 6 07 = DTMF B?
08 = DTMF 7 09 = DTMF 8 10 = DTMF 9 11 = DTMF C?
12 = DTMF * 13 = DTMF 0 14 = DTMF # 15 = DTMF D?
16 = 1+2+3 17 = 4+5+6 18 = 7+8+9 19 = *+0+#
20 = 1+4+7+# 21 = 2+5+8+0 22 = 3+6+9+# 23 = A+B+C+D?
24 = ? 25 = Wake-up-tone. The + signs are use to
signify keys simultaneously held on a regular (desk-style)
touch-tone phone. These tones are each half of the dual tones
the comprise touch tones.
24 RX MODE BURST CONT
25 RX TEST OFF ON
26 FRME CNT 000000 Frame count. (of counter)
27 BIT ERR 0000000 Bit Error. every so often is no big
deal. Hit any key to clear.
28 WATCHDOG ON OFF watch-dog periodically checks the
timing of the different clocks
in the system. Hit any key to turn
this off and the Phone re-starts
29 HOOK SW OFF Hook Switch - since a bag phone has
no switch hook, always off.
30 HORN MODE ON OFF Toggles indicator light
31 BELL MODE 0 0-9, [SND]
32 RSST 20x Received Signal Strength Indicator
33 MICROPHN ENABLED DISABLED
34 NVM TEST RM=0 E=1 Non-Volatile Memory Test
35 COMPANDR ON OFF A Compander compresses speech to
confine energy to the given bandwidth.
36 NVM CLR USE SND Non-Volatile Memory [SND]="ACCESS
DENIED"
37 TBL 8325 REV NA0C MENU,MODEL,REVISION (INITAL SCREEN)
------Modulation------- Don't mess with this stuff - it can screw up your phone
N0 means channel bank 0. Banks are 0-4. Tune to a mid-band channel using the
keypad, and tune with [H/F] down and [RCL] for up.
38 MODG CLR Any Key, 0 = YES resets options #39,#40,#41 to default.
39 CHN 0991 N0 AMG16 AMG = SAD Deviation.
40 CHN 0991 N0 DMG16 DMG = Signalling tone.
41 CHN 0991 N0 SMG12 SMG = Transmit audio level.
------Digital Potentiometers-- DANGER! Play with this, and you may have to
send your phone out for repair.
42 DPOT CLR Any Key, 0 = YES resets options #43,#44,#45,#46 to default
43 MICROPHN 14190 OHM
44 EXPANDER 14936 OHM
45 TX LIMIT 12180 OHM
46 SPEAKER 15420 OHM
------Analog Switches-------- Enables/Disables on-board potentiometers.
47 ANALOG SW1 ON High end of transmit audio
48 ANALOG SW2 OFF Low end of transmit audio
-----
49 PWR LVL3 DAC0777 power level, reading from digital-analog converter
50 PL3@0000 14 power level @ channel, received signal strength
Reference in New Issue View Git Blame Copy Permalink