Tech Info - Ericsson 388 External Protocols

Acknowledge = 0x06

Beginning of a frame = 0x02

All the numbers and all the letters are sent with their ASCII code (specially for phone number).

Transmission : 8 data bit, 1 stop bit, no parity, 9600 baud.

In the following all the numbers are hex numbers.

What you are going to find in a frame.

Definitions.

At 9600 baud, the GSM communicates with a PC or a modem thanks to frames. These frames are a succession of bytes. You must acknowledge each frame send by the GSM, i.e. you should send 06 when GSM send you a frame.

Byte 1 : Beginning of a frame = 0x02

Byte 2 : Frame length (bytes) (length means the number of bytes following bytes n°2)

Byte 3 and more: Data.

Examples.

02 ; Beginning of a frame

02 ; 2 more bytes to send. These bytes are data n°1 n°2

07 ; Data n°1 } Command

00 ; Data n°2 } Command

Command definition

Each command is 2 bytes (you can’t send only one byte, the GSM will reply 06 (acknowledge of the command you send) then 02 02 90 10 which seems to mean ‘I don’t understand’. The first byte (Data n°1) seems to be a group of command and the second bytes (Data n°2) seems to be a special command in this group of command. Furthermore, the first byte of the command is often odd. Finally, it is sometime necessary to send parameters with the command, you do this by sending how many bytes you want after the 2 bytes of the command (for example: 02(begin) 04(number of bytes after this one) 21(command) 01(command) 31(parameter1) 32(parameter2) )

The GSM answer

Most of the answers obey the same rules. The syntax is : the first byte is the first byte of the command + 1, the second bytes of the answer is the second bytes of the command, the following bytes are the reply of the command. Of course the reply always start with 02 (beginning of the trame) and xx where is the number of bytes following xx.

Ex: Command: 02 02 05 60

Answer: 02 03 06 (=05 + 1) 60 45 (command result)

Some commands and answers associated.

ATZ.

Vertical : time (from past to future, from top to bottom) .

modem sends GSM replies

02

06

33

01

00

02

06

02

06

ATDT xxxxxxxx; (xxxxxx is the phone number, you need to add ; at the end if you want it works) (this is what happen when you type atdt xxxx ; on a terminal)

02 this command asks for an identification of the GSM

02

07

00

06

02 GSM answers.

20

08

00

45 E

52 R

49 I

43 C

53 S

53 S

4F O

4E N

20

20

31 1

30 0

35 5

30 0

35 5

30 0

31 1

20

20

20

39 9

36 6

30 0

32 2

31 1

39 9

31 1

35 5

34 4

34 4

06

02 ???

02

31

0B

06

02 ??? Strange ATZ

06

33

01

00

00

00

00

06

02 Dial the phone number.

xx

21

01

n°1

n°2

n°3

...

n°xx

3B is the ‘;’

06

ATZ simple

A normal atz needs parameters. These parameters make you enable to choose between different mode :

mode 0 = data

mode 1 = fax class 1 (TIA-578-A) ? ? ?

mode 1.0 = fax class 1 (ITU-T T.31) ? ? ?

mode 2 = fax (manufacturer specific) ? ? ?

mode 2.0 = fax class 2 (ITU-T T.32 and TIA-592) ? ? ?

mode 3...7 = reserved for other fax mode

mode 8 = voice

mode 9...15 = reserved for other voice modes

mode 16 ... 79 = reserved

mode 80 = VoiceView (Radish)

mode 81 ... 255 = reserved

Atz command (33 01) is always followed by 4 parameters :

1^er bytes = 00

2^eme bytes = 02 + mode/2

3^eme bytes = 06

4^eme bytes = 02 + mode

I am not sure at all it will work for all the mode.

To call someone you need to add a ; at the end of the number. You can suppress this ; if you send a atz with mode 8. So you send 02 06 (begin and number of bytes) 33 01 (atz command) 00 06 06 0a (parameters : first 06 = 02 +8/2).

Total ATZ

Sometime the GSM won’t reply to your command, and hence you won’t be able to do anything. You need to do what I call a total ATZ. The GSM won’t reply to your command if you don’t reply to his reply. For example if you send 02 02 07 00, the GSM replies 06 and 02 20 08 .... If you don’t acknowledge this reply, the GSM will send it two more time and then doesn’t work well anymore.

To make it work again, you will have to change the baud rate to 600 baud then to send 0a, the GSM should reply 0a ae 63 and the you will send 3008. Normally the GSM is correctly initialise and hence if you come again to 9600 baud all the command should work. Send the 02 02 0a 0a to be sure.

The GSM answer when you press NO after have been connected.

02 this command means someone hangs up

02

22

31

06

02 This command seems to say all is finished

04

30

00

08

10 if you have been connected, 11 if you say no to ‘answer ?’

06

The GSM answer when someone picks up.

02

02

22

30

06

The GSM answer when someone calls the GSM.

02

06

21

10

00

00

00

02

Read the battery level

02

02

05

60

06

02

03

06

60

xx (=battery level: this value is between 0 and 64 and is ff when you recharge the battery)

What you can do at 600 baud when the GSM doesn’t reply anymore.

Reading the keyboard.

Reading the keyboard is easy. First you must make the GSM doesn’t reply to your command (send a command and don’t answer to the reply (the reply must be different from 06), secondly read the serial port at 600 baud. Each time you press a key, you should receive..

Touch 1 send 0xC1

Touch 2 send 0xC2
Touch 3 send 0xC3
...
Touch 9 send 0xC9
Touch 0 send 0xC0
Touch * send 0xCB
Touch # send 0xCC
Touch YES send 0xF3
Touch NO send 0xF4
Touch CLR send 0xCE
Touches ¬ or ® send nothing

Hence you are able to read the PIN code...

Simulate the keyboard.

The GSM must no reply to your command and send at 600 baud for :

Touch 1 send 0xC1

Touch 2 send 0xC2
Touch 3 send 0xC3
...
Touch 9 send 0xC9
Touch 0 send 0xC0 or 0xCA
Touch * send 0xCB
Touch # send 0xCC
Touch YES send 0xF3
Touch NO send 0xF4
Touch CLR send 0xCE
Touch ¬ send 0x7C

Touch ® send 0x7B

Touch + send 0xCD

Other command you can send at 600 bauds.

Command 0a followed by 30 08 switches from 600 baud to 9600 baud.

Command 7d and 7f wait for another bytes, but I don’t know their meaning.

Commands

This table shows the command you can send to an Ericsson and the reply associated. Most of the command are meaningless for me and their answers too. Don’t forget to add 02 xx before to send the command and the parameters. For example if you want to send the first command shown 02 01, you will have to send 02 02 02 01 at 9600 baud, 8 data bits, 1 stop bit, no parity. The GSM will answer 06 (noted as Ack)

All the numbers are hex numbers in this document.

Most of the command receive 02 02 90 01 as answer, so I think 02 02 90 01 means ‘I (the GSM) don’t understand the command you send me’. Also I have listed in this table all the command where the reply is different from 02 02 90 01.

Type GSM Norm GSM answer

???

02 01 Ack

Reading some parameters ? ? ?

05 01 CPAS LINE STATE ??? Reply 02 02 A1 or A2 or A3 00

A1 when line is busy, or A2 or A3 else

05 20 CSQ Reply 02 03 06 20 xx (with 0C<xx<2e) xx seems to be the reception level

05 60 CBC 02 03 06 60 xx battery level: xx is FF when you recharge the battery, else xx is between 00 and 64

Reading information:

07 00 CGMI 02 20 08 00 ... ... is the brand and more

07 01 CGMM 02 0c 08 01 ... Model ?

07 02 02 0c 08 02 ... Brand ?

07 21 02 04 08 21 01 14

07 22 02 04 08 22 01 05

07 24 02 04 08 24 14 08

07 31 02 04 08 31 01 63

07 32 02 04 08 32 01 0A

07 34 02 04 08 34 14 12

07 F1 02 0C 08 F1 ... Version ?

???

09 00 Ack

? ? ?

0a0a 02 02 0a 0a

???

13 01 02 04 30 00 45 87

13 02 02 04 30 00 45 87

13 11 Ack

or 02 31 0c 06 sometime

13 12 Ack

Dial

21 01 xxxx Dial the number xxxxx. For example if you want to call me J , send 02 07 21 01 30 31 34 39 3b. This will call the number 01 49 (which is not my phone number). Noted that I give the number with their ASCII code and that I finished this number by 3b (which is ; in ASCII) to tell the GSM that this is a voice call.

? ? ?

2630 ? ? ? Does it work ? ? ?

???

30 08 xx xx Ack

???

31 0B CPAS Ack

31 0C Ack

ATZ and its parameters.

33 01 xxxxx Ack or 02 04 30 00 45 88 You absolutely need 4 parameters to get Ack.

Param = 00 02 06 02 -> normal ATZ

Param = 00 06 06 0a -> You can call someone without being obliged to add ; at the end of the phone number.

???

40 31 02 02 40 31

40 32 02 02 40 32

40 3F 02 02 40 xx xx = 31 ou xx = 32 depending on the previous command.

40 41 02 02 40 41

40 42 02 02 40 42

40 4F 02 02 40 42

TOUT

Certainly the most interesting command but I can find what they are for.

41 01 xx 02 06 42 22 0C yy 08 00 yy = xx if 0<= xx <= 5, yy= 05 else.

41 02 xx xx 02 06 42 22 0C 01 08 00

41 03 xx 02 06 42 22 0c yy 08 00 yy = xx+1 if 0<=xx+1<=5, yy = 05 else

41 05 xx xx Ack

41 07 xx xx 02 04 42 26 08 04

41 08 02 05 42 28 40 08 00

or long wait + 02 03 42 27 05 if no parameters

or long wait + 02 03 42 27 yy yy = xx if 0<= xx <= 5, yy= 05 else . xx is the parameter

or 02 05 42 28 xx 08 00 xx is the parameter

or 02 05 42 28 28 08 00

or 02 05 42 28 1d (ou 0f ou 1e ou 0a) 08 00

41 12 xx 02 06 42 22 0c xx 08 00

41 17 xx xx 02 04 42 26 08 00

41 51 02 06 42 51 03 81 21 F3

or 02 0e 42 51 0b 0c 91 00 02 00 18 08 d4 01 00 05

or 02 0e 42 51 0b 76 91 00 02 00 0e 0c f f 0a 00 1d

or 02 08 42 51 05 4c 91 00 01 00

or 02 05 42 51 02 d1 95

or 02 0d 42 51 0a 66 96 00 03 00 24 07 d4 01 20 reading of 0x0a bytes written by the next command

À ¬ 0x0a commands ®

???

42 51 yy xx .. xx 02 03 42 51 yy xx ... xx This command change the result of the previous command. You can send yy paramters, yy is limited to to 0b. The command 41 51 reads the yy parameters written by this command.

???

45 01 02 02 46 02 NOT TESTED

45 03 xx Read the xx-1 phone book

45 11 02 02 46 12

45 12 02 02 46 12

45 21 02 02 46 22

???

61 01 Ack After this command the GSM replies exactly what you send to him.

61 02 Ack Cancel the previous command

61 03 06 + 02 02 36 08 + 11 fe ff ff fe fe ff fe ... ??? What’s that ???

61 11 Ack

61 12 Ack

???

90 01 Ack

Sending a FAX from a GSM.

33 01 00 02 06 02 06

33 01 00 03 06 04 06

07 00 06 .... ERICSSON ....

31 0B 06

33 01 00 03 06 04 06

21 01 phone number 06 + 02 02 36 08

06 11

Data travels

02 04 30 00 08 10

06 02 02 22 31

06 02 04 30 00 08 10

06 + 33 01 00 02 06 02 06

33 01 00 03 06 04 06

----------------------------------------------------- MODEM ----------------------------------------------------------------

Command send by a PCMCIA modem card to an Ericsson

at+fclass=0 02 06 33 01 00 02 06 02 Ack

at+fclass=2 02 06 33 01 00 03 06 04 Ack

ATA 02 02 31 0B Ack

02 02 13 01 Ack if someone calls the GSM

-------------------------------------------------------- GSM ---------------------------------------------------------------

Messages sent by the GSM

hang up 02 02 22 31

Opposite of hang up 02 02 22 30

End 02 04 30 00 08 10 or 11

***********

Don’t understand ??? 02 02 90 01

GSM do nothing ? ? ? 02 04 30 00 45 87

Error in the parameters ??? 02 04 30 00 45 88

no carrier ??? 02 04 30 00 08 39

The GSM call someone 02 04 30 00 45 83 ? ? ? reply to atdt when GSM calls someone or dials