After the QCSuper installation, you can connect your rooted phone to the USB and execute the following command to use it with the Qualcomm Diag protocol.
It uses the Qualcomm Diag protocol, also known as QCDM or DM (Diagnostic Monitoring), to communicate with the phoneâs baseband.
If you want to contribute or report on the functioning of your device, or if you desire to join in the research development of the Diag protocol, you can join our IRC (Freenodeâs #qcsuper) or open a Github issue.
QCSuper has been tested and developed on Ubuntu 16.04, 18.04, and Windows 7. It relies on some Python modules.
To use it, your phone must be rooted or expose the diag service port via USB. To check your phoneâs compatibility, look up your phone model on websites like GSMArena and check if it is equipped with a Qualcomm processor.
To open PCAP files generated by QCSuper, for 2G/3G frames, you can use any version of Wireshark 2.x. But for 4G frames, you need at least version 2.5.x of Wireshark (for individual NAS messages decrypted in 4G frames, version 2.6.x and above is required). Ubuntu currently provides its latest version for all releases.
Open the terminal and type in the following:
On Windows, you need to download and install your phoneâs USB drivers based on your phone model. There is no universal method, search on Google for your phone model + âUSB driverâ or âADB driverâ to get relevant instructions.
Then, you need to ensure your device can be accessed via adb. A tutorial on downloading and setting up adb can be found here. The adb shell command must work properly to continue.
Then, follow the links below:
Install Python 3.6 or higher (make sure to include it in the PATH and tick install it for all users and install pip)Install Wireshark 2.6 or higherDownload and extract QCSuper
To install the required Python modules, open the command prompt and type:
Still in the command prompt, use the cd command to navigate to the directory containing QCSuper. Then you can execute the command (the startup command should be qcsuper.py, not /qcsupper.py).
QCSuper supports capturing a handful of mobile wireless protocols. These protocols have a standard header following the GSMTAP Header (which is encapsulated into UDP/IP) to recognize the protocol. GSMTAP messages are placed in PCAP files, which can be analyzed with Wireshark.
2G/3G/4G protocols can be divided into several âlayersâ: layer 1 for digital radio modulation and multiplexing, layer 2 for handling issues like fragmentation and ACKs, layer 3 is for signaling or user data.
QCSuper allows capturing at layer 3, as it is the most practical and valuable when analyzing with Wireshark and is whatâs offered by the Diag protocol itself (here is some interesting information).
2G (GSM): Layer 3 and above (RR/âŠ)
2.5G (GPRS and EDGE): Layer 2 and above (MAC-RLC/âŠ) for data acknowledgment
3G (UMTS): Layer 3 and above (RRC/âŠ)
Additionally, it supports reassembling SIBs (System Information Blocks, which are data broadcasted to all users) in separate GSMTAP frames, since Wireshark cannot currently do this on its own: flag âreassemble-sibs
4G (LTE): Layer 3 and above (RRC/âŠ)
Additionally, it supports placing decrypted NAS messages into other frames: flag âdecrypt-nas
By default, IP traffic sent by your device is not included, and you can only see signaling frames. You can use the âinclude-ip-traffic option to include the IP traffic you generate (in 2G/3G/4G, IP traffic is hardly part of layer 3 of the data traffic, its header may be compressed (ROHC), and might contain a very small PPP header).
The data traffic you send uses a different channel from signaling traffic. This channel is established through signaling traffic; therefore, QCSuper should display all details related to this channel.
Using QCSuper, you need to specify an input (e.g., âadb (Android phone), âusb-modem) and one or more modules (âwireshark-live for opening Wireshark, âpcap-dump for writing traffic to a PCAP file, âinfo for obtaining general information about the deviceâŠ).
Example:
Specify â supports piping data delivery from stdin or stdout (gzip-compressed content may not be detected).
You can use QCSuper with a USB modem using the âusb-modem option to expose the Diag port, among which are names of pseudo serial devices on Linux such as /dev/ttyUSB0, /dev/ttyHS2, and other possible devices, or COM ports on Windows such as COM3.
Note that in most settings, you need to run QCSuper as the root user to use this mode, especially for handling serial port interference issues.
If you are unsure which devices under /dev expose the Diag port, you may need to try them one by one. You can attempt automatic detection by stopping the ModemManager daemon (sudo systemctl stop ModemManager) and using the command: sudo ModemManager âdebug 2>&1 | grep -i âport is QCDM-capableâ then using Ctrl-C.
Note that if your device cannot work with ModemManager, it likely is not fully set up and cannot work with QCSuper either. Some possible issues are:
You have not applied the correct mode switching command for the device.If your purchased device previously had a SIM card from a different carrier, your device might be locked. You may need to use the unlock code from the previous carrier and submit it to the device: sudo mmcli -i 0 âpin=
If by default, Qualcomm-based USB devices do not expose the Diag port, you might need to enter the following command via the AT port to enable the Diag port:
Note that only one client can communicate with the Diag port at a time. This applies to two QCSuper instances or a QCSuper and a ModemManager instance.
If ModemManager is active on your system, QCSuper will attempt to dynamically add udev rules to prevent it from accessing the Diag port and restart its daemon. It will disable this rule upon exit.
QCSuper has been successfully tested on the following devices:
Sony Xperia Z (Phone) â 4G â Works out of the box once adb with root is enabledZTE MF823 (USB Modem) â 4G â May require mode switch to CDC-WDM, set the device to factory mode, then execute the AT command mentioned aboveZTE MF667 (USB Modem) â 3G, 2011 â Should work out of the box (may require mode switching)Option Icon 225 (USB Modem) â 3G, 2008Novatel Ovation MC998D (USB modem)ZTE WCDMA Technologies MSM MF110/MF627/MF636 (USB modem)
However, its target is to be compatible with the widest range of devices based on Qualcomm chipsets for capturing components.
Feel free and do not hesitate to report whether your device runs successfully through our IRC channel or open a Github issue.
Here are some tools using the Diag protocol for different purposes:
ModemManagerSnoopSnitchMobileInsightqcombbdbgOpenPSTSCAT
Summary
The content provides an overview of QCSuper installation and usage for capturing and analyzing mobile wireless protocols via the Qualcomm Diag protocol. QCSuper is compatible with various rooted Qualcomm-based devices and requires Python and Wireshark installation. It supports multiple communications layers, primarily focusing on layer 3 for signal analysis. Users can report issues or contribute through IRC or GitHub. The guide includes setup instructions for different operating systems and highlights tested devices. Furthermore, it offers troubleshooting tips and usage examples for both phones and modems.