| 1 | ================================================================ |
|---|
| 2 | BFB protocol |
|---|
| 3 | as used by Siemens Mobile Equipment (e.g. S45/ME45) over a |
|---|
| 4 | serial connection |
|---|
| 5 | ================================================================ |
|---|
| 6 | |
|---|
| 7 | Christian Zuckschwerdt <zany@triq.net> 2002-02-06 |
|---|
| 8 | |
|---|
| 9 | |
|---|
| 10 | 0. Disclaimer |
|---|
| 11 | |
|---|
| 12 | It is possible to harm your mobile phone. |
|---|
| 13 | Use the information in this document at your own risk. |
|---|
| 14 | |
|---|
| 15 | |
|---|
| 16 | 1. Preface |
|---|
| 17 | |
|---|
| 18 | This document is a result of many hours of studying the |
|---|
| 19 | Siemens Mobile Equipment BFB protocol |
|---|
| 20 | by the author, in an attempt to implement a way to access |
|---|
| 21 | Flex.Mem. Like all tools, this document |
|---|
| 22 | was born out of frustration with the lack of documention |
|---|
| 23 | available on the subject. |
|---|
| 24 | |
|---|
| 25 | Though every attempt has been made to ensure the correctness |
|---|
| 26 | of this document, the author cannot make any guarantees as |
|---|
| 27 | to its accuracy. |
|---|
| 28 | |
|---|
| 29 | |
|---|
| 30 | 2. Transport encapsulation: |
|---|
| 31 | |
|---|
| 32 | [ type ][ len ][ chk ][ payload ] |
|---|
| 33 | |
|---|
| 34 | Types are |
|---|
| 35 | 0x02 - single bytes used for connecting |
|---|
| 36 | 0x01 - crc'ed sequence to change interface (speed) |
|---|
| 37 | 0x06 - AT-Command |
|---|
| 38 | 0x16 - crc'ed generic data |
|---|
| 39 | |
|---|
| 40 | Len is from 1 to max 32 for a max MTU of 35 bytes. |
|---|
| 41 | |
|---|
| 42 | Chk equals type xor len. |
|---|
| 43 | |
|---|
| 44 | |
|---|
| 45 | 3. OBEX encapsulation (transport type = 0x16): |
|---|
| 46 | |
|---|
| 47 | [ cmd ][ chk ] for cmd 0x01 |
|---|
| 48 | |
|---|
| 49 | [ cmd ][ chk ][ seq ][ len16 ][ data... ][ crc16 ] for cmd 0x02 and 0x03. |
|---|
| 50 | |
|---|
| 51 | Chk is ~cmd (bitwise not cmd) |
|---|
| 52 | |
|---|
| 53 | Cmd 0x01: "ack" command. If some packet isn't acknowledged it will be resend. |
|---|
| 54 | Cmd 0x02: first transmission in a row. Sequence counter is 0 |
|---|
| 55 | Cmd 0x03: continued transmission. Sequence counter is incremented with each |
|---|
| 56 | subsequent packet |
|---|
| 57 | |
|---|
| 58 | Seq is 1 byte. TA increments, ME replys. |
|---|
| 59 | |
|---|
| 60 | Len is 2 bytes in network byte order. |
|---|
| 61 | |
|---|
| 62 | Data is an OBEX frame. |
|---|
| 63 | |
|---|
| 64 | Crc16 is 2 bytes CCITT-CRC16 in network byte order. Rendered over the the |
|---|
| 65 | whole packet except for cmd and chk. |
|---|
| 66 | |
|---|
| 67 | |
|---|
| 68 | 4. Conclusion |
|---|
| 69 | |
|---|
| 70 | This seems to cover all the bits. |
|---|
| 71 | My test-implementation works great -- YMMV. |
|---|
| 72 | |
|---|
