Click here to Skip to main content
15,867,704 members
Articles / All Topics

OBEX Protocol for Samsung GSM Devices Specification

,
Rate me:
Please Sign up or sign in to vote.
4.93/5 (14 votes)
23 Sep 2009CPOL5 min read 23.8K   16  
This article describes the protocol of data exchange that is the modification of the well-known OBEX protocol used in the GSM Samsung phones from the SHP family

Table of Contents

Introduction

This article describes the protocol of data exchange that is the modification of the well-known OBEX protocol used in the GSM Samsung phones from the SHP family. The described modification of this protocol lets you write data to the phone and also get and save them.

Samsung Corporation made the new line of phones from SHP family and implemented the support of OBEX protocol in them that had not been used in the phones of this company before. They tried to use the common OBEX protocol but did not succeed. This problem was solved by means of sniffing the Samsung PC Studio 3.0 utility. The obtained results are given in the main part of the article.

This article will be useful for those who develop utilities for writing/reading information from the phones. The described protocol modification will solve the problem of communicating with the device.

First we consider three main types of the protocol commands. Then we pay our attention to the sequence of the commands sent to connect with the device, read data and finish the session. Then I will give some examples for the main commands. At the end of the article, some summary will be given.

Main Protocol Commands Format

All protocol commands can be divided into 2 types:

  1. AKN-packages. They are packages to confirm the data receiving and request the next part of the extended package.
  2. Data packages. They are initialization, acquiring, closing etc. There can be Request and Answer packages.

AKN package is one block with 3 bytes length: 0x83 0x00 0x03.

Request package has the following structure:


Size (bytes)

Meaning

Description

1

Package ID

0x80

Select the answering device, obtain the properties and establish connection

0x81

Finish the connection session

0x82

Write an object

0x83

Read an object

0x84

Reserved

0?85

Select the default directory on the receiving side

0?FF

Cancel current operation

2

Package size

The size of the whole package (from the zero byte and to the end)

Data blocks

Some number of data blocks that depends on the context of the command containing them.
Format:


Size (bytes)

Meaning

Description

1

Type

Set the type of the data in the block

2

Size

The size of the whole data block (from the zero byte and to the end)

N-3

Data

Some data depending on the type specified by the first byte

The description of the Answer packages is given in the table below.


Size (bytes)

Value

Description

1

Package ID

0x90

Successful but not completed (received package is a part of the extended package)

0xA0

Successful and completed

0xC3

Access denied

0xC4

Not found

0xC9

Conflict

2

Package size

The size of the whole package (from the zero byte and to the end)

Data blocks

Some number of data blocks that depends on the context of the command containing them.
Format:

Size
(bytes)

Meaning

Description

1

Type

Set the type of the data in the block

2

Size

The size of the whole data block (from the zero byte and to the end)

N-3

Data

Some data depending on the type specified by the first byte

The Sequence of Commands

As any standard communication protocol modified OBEX consists of the sequence of requests and answers. In general, the communication session can be divided into 3 phases:

  1. Initialization
  2. Acquiring data
  3. Closing the session

Table with the session description is given below:


Request

41 54 2B 53 59 4E 43 4D 4C 3D 4D 4F 42 45 58 53
54 41 52 54 0D 0A

AT+SYNCML=MOBEXS

Answer

41 54 2B 53 59 4E 43 4D 4C 3D 4D 4F 42 45 58 53
54 41 52 54 0D 4F 4B 0D 0A

AT+SYNCML=MOBEXS
TART.OK..

Request

80 00 0F 11 00 FF FF 46 00 08 4D 4F 42 45 58

?.... F..MOBEX

Answer

A0 00 14 12 00 05 78 CB 00 00 00 01 4A 00 08 4D
4F 42 45 58

?.....x-....J..M
OBEX

Request

A series of requests and answers for acquiring data
Note: if the first byte of the package is equal to 0x90 then it is so-called extended package and then the sending of AKN-package (0x83 0x00 0x03) is required, after it the device will give us the other parts of the package.

Answer

Request

81 00 08 CB 00 00 00 01

?..-....

Answer

A0 00 03

?..

Initialization phase

Acquiring phase

Closing phase

Commands Examples

Let’s consider some examples of the data acquisition. They will be the examples of working with the file system.

Obtaining the list of subfolders of the folder(m-obex/fs/folder_listing)

Request

83 00 29  CB 00 00 00 01  42 00 1C 6D 2D 6F 62 65    ?.)E....B..m-obe
78 2F 66  73 2F 66 6F 6C 64 65 72 5F 6C  69 73 74    x/fs/folder_list
69 6E 67 00 01 00 05 2F 00                           ing..../.

Size (byte)

Value

Description

1

0x83

Reading

2

0x00 0x29

Package size

1

0xCB

Data block type

4

0x00 0x00 0x00 0x01

Reserved

1

0x42

Data block type (text)

2

0x00 0x1C

Block size

N-3

m-obex/fs/folder_listing

Block data (command name)

1

0x01

Block type (list)

2

0x00 0x05

Block size

N-3

0x2F 0x00

Block data
Note: “/” for the root, “/<directory name>” for the other folders

Answer

A0 00 FC 42 00 1B 6D 2D 6F 62 65 78 2F 66 73 2F   .uB..m-obex/fs/
66 6F 6C 64 65 72 5F 6C 69 73 74 69 6E 67 C3 00   folder_listingA.
00 00 D6 49 00 D9 41 75 64 69 6F 2C 30 2C 31 31   ..OI.UAudio,0,11
31 30 30 31 30 31 30 2C 32 30 30 34 3A 30 33 3A   1001010,2004:03:
30 31 20 30 31 3A 30 33 3A 30 30 5C 72 5C 6E 47   01 01:03:00\r\nG
72 61 70 68 69 63 73 2C 30 2C 31 31 31 30 30 31   raphics,0,111001
30 31 30 2C 32 30 30 34 3A 30 33 3A 30 31 20 30   010,2004:03:01 0
31 3A 30 33 3A 30 30 5C 72 5C 6E 56 69 64 65 6F   1:03:00\r\nVideo
2C 30 2C 31 31 31 30 30 31 30 31 30 2C 32 30 30   ,0,111001010,200
34 3A 30 33 3A 30 31 20 30 31 3A 30 33 3A 30 30   4:03:01 01:03:00
5C 72 5C 6E 4D 75 73 69 63 2C 30 2C 31 31 31 30   \r\nMusic,0,1110
30 31 30 31 30 2C 32 30 30 34 3A 30 33 3A 30 31   01010,2004:03:01
20 30 31 3A 30 33 3A 30 30 5C 72 5C 6E 4F 74 68    01:03:00\r\nOth
65 72 20 46 69 6C 65 73 2C 30 2C 31               er Files,0,1
31 31 30 30 31 30 31 30 2C 32 30 30 34 3A 30 33   11001010,2004:03
3A 30 31 20 30 31 3A 30 33 3A 30 30 5C 72 5C 6E   :01 01:03:00\r\n

Size

Value

Description

1

0xA0

Successful operation

2

0x00 0x0F

Package size

1

0x42

Block type

2

0x00 0x1C

Block size

N-3

m-obex/fs/folder_listing(0x00)

Block data

1

0xCB

Block type

4

0x00 0x00 0x00 0xD6

Reserved

1

0x49

Block type

2

0x00 0xD9

Block size

N-3

<DATA>

Block data
Note: the list items are separated with the pair of symbols “\r\n”

Each element of the list is the folder description: [Name][Size(always 0)][Attributes][Modified][Created].

So in the example of these two commands, you can see the general structure of the package in the modified OBEX protocol.

In conclusion, I want to mention that the records in the phone book as well as the calendar are represented in VCard as it was in the previous versions of the OBEX protocols.

References

More Apriorit programming experience can be learned from the articles at the official Apriorit site.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Chief Technology Officer Apriorit Inc.
United States United States
ApriorIT is a software research and development company specializing in cybersecurity and data management technology engineering. We work for a broad range of clients from Fortune 500 technology leaders to small innovative startups building unique solutions.

As Apriorit offers integrated research&development services for the software projects in such areas as endpoint security, network security, data security, embedded Systems, and virtualization, we have strong kernel and driver development skills, huge system programming expertise, and are reals fans of research projects.

Our specialty is reverse engineering, we apply it for security testing and security-related projects.

A separate department of Apriorit works on large-scale business SaaS solutions, handling tasks from business analysis, data architecture design, and web development to performance optimization and DevOps.

Official site: https://www.apriorit.com
Clutch profile: https://clutch.co/profile/apriorit
This is a Organisation

33 members

Written By
Ukraine Ukraine
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
-- There are no messages in this forum --