With a bit of reverse engineering and debugging (and a little reverse
engineering help from the Harmattan-i386 package of libsms :), I have
managed to get Cell Broadcast SMS to function on the N900 up to the point
where I can see an incoming cell broadcast message (in this case a cell
tower name as that's the only thing my local cell tower is broadcasting)
Reference http://www.cncmods.net/files/cbsms.zip for the files I mention in
the description below.
The reason Cell Broadcast SMS is broken on the N900 is that there is a bug
in libsms, specifically it is incorrectly dealing with the size field of
the SMS packet being sent from the cell modem firmware. As Nokia are
unlikely to fix the bug (at least in Fremantle libsms, its fixed in
Harmattan libsms), publish source code for libsms or publish the
information required to produce a replacement for libsms that doesn't
require rewriting or replacing half the system, I have found a way to patch
the binary of libsms to fix the bug.
To do it, change byte DD78 from 0xFF to 0x52, (changes a CMP R3, #0xFF
instruction to a CMP R3, #0x52 instruction) then change DD7C from 0x00 to
0x52 and DD7F from 0x03 to 0xC3 (changes a MOVEQ R3, #0 instruction into a
MOVGT R3, #0x52)
After the bug is fixed (whether the right fix is a binary patch to the file
on disk or some sort of in-memory patch to the memory of libsms.so as
loaded into the CSD daemon I don't know, the binary patch is easier for
testing), then you can listen to the IncomingCBS signal via DBUS.
dbuscb.c contains a test program (written using the Fremantle Scratchbox
SDK) which will listen for the signal and dump any incoming cell broadcast
messages to disk (in a file /var/log/cbsms.log)
The output in cbsms.log contains PDU data ready to send straight to a Cell
Broadcast SMS decoder such as the cbs_decode/cbs_decode_text functions in
ofono. cbsms.log contains an example of a dumped cell broadcast message and
sms-test.c is a modified ofono test program and contains code to test the
decoding of cell broadcast messages dumped from dbuscb (when you run it, it
will decode the same cell broadcast message contained in cbsms.log and
should print EastVicPark as the decoded message (its the name of a 2G GSM
cell tower near where I live, presumably the one sending CBSMS messages to
my phone)
What is required to make Cell Broadcast SMS messages fully functional is
for someone to figure out the best way to apply the binary patch and then
for someone to write some kind of UI to do something with the incoming
messages.
BTW, I can confirm that libsms.so and the SMS subsystem is subscribing to
every single cell broadcast SMS message channel (or whatever it is) and
will receive anything the tower is sending.
_______________________________________________
maemo-developers mailing list
maemo-developers@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-developers
