Metadata-Version: 2.4
Name: qcsuper
Version: 2.1.1
Summary: Capture raw 2G/3G/4G frames using Qualcomm-based phones and modems
License: GNU GENERAL PUBLIC LICENSE
                                Version 3, 29 June 2007
         
          Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
          Everyone is permitted to copy and distribute verbatim copies
          of this license document, but changing it is not allowed.
         
                                     Preamble
         
           The GNU General Public License is a free, copyleft license for
         software and other kinds of works.
         
           The licenses for most software and other practical works are designed
         to take away your freedom to share and change the works.  By contrast,
         the GNU General Public License is intended to guarantee your freedom to
         share and change all versions of a program--to make sure it remains free
         software for all its users.  We, the Free Software Foundation, use the
         GNU General Public License for most of our software; it applies also to
         any other work released this way by its authors.  You can apply it to
         your programs, too.
         
           When we speak of free software, we are referring to freedom, not
         price.  Our General Public Licenses are designed to make sure that you
         have the freedom to distribute copies of free software (and charge for
         them if you wish), that you receive source code or can get it if you
         want it, that you can change the software or use pieces of it in new
         free programs, and that you know you can do these things.
         
           To protect your rights, we need to prevent others from denying you
         these rights or asking you to surrender the rights.  Therefore, you have
         certain responsibilities if you distribute copies of the software, or if
         you modify it: responsibilities to respect the freedom of others.
         
           For example, if you distribute copies of such a program, whether
         gratis or for a fee, you must pass on to the recipients the same
         freedoms that you received.  You must make sure that they, too, receive
         or can get the source code.  And you must show them these terms so they
         know their rights.
         
           Developers that use the GNU GPL protect your rights with two steps:
         (1) assert copyright on the software, and (2) offer you this License
         giving you legal permission to copy, distribute and/or modify it.
         
           For the developers' and authors' protection, the GPL clearly explains
         that there is no warranty for this free software.  For both users' and
         authors' sake, the GPL requires that modified versions be marked as
         changed, so that their problems will not be attributed erroneously to
         authors of previous versions.
         
           Some devices are designed to deny users access to install or run
         modified versions of the software inside them, although the manufacturer
         can do so.  This is fundamentally incompatible with the aim of
         protecting users' freedom to change the software.  The systematic
         pattern of such abuse occurs in the area of products for individuals to
         use, which is precisely where it is most unacceptable.  Therefore, we
         have designed this version of the GPL to prohibit the practice for those
         products.  If such problems arise substantially in other domains, we
         stand ready to extend this provision to those domains in future versions
         of the GPL, as needed to protect the freedom of users.
         
           Finally, every program is threatened constantly by software patents.
         States should not allow patents to restrict development and use of
         software on general-purpose computers, but in those that do, we wish to
         avoid the special danger that patents applied to a free program could
         make it effectively proprietary.  To prevent this, the GPL assures that
         patents cannot be used to render the program non-free.
         
           The precise terms and conditions for copying, distribution and
         modification follow.
         
                                TERMS AND CONDITIONS
         
           0. Definitions.
         
           "This License" refers to version 3 of the GNU General Public License.
         
           "Copyright" also means copyright-like laws that apply to other kinds of
         works, such as semiconductor masks.
         
           "The Program" refers to any copyrightable work licensed under this
         License.  Each licensee is addressed as "you".  "Licensees" and
         "recipients" may be individuals or organizations.
         
           To "modify" a work means to copy from or adapt all or part of the work
         in a fashion requiring copyright permission, other than the making of an
         exact copy.  The resulting work is called a "modified version" of the
         earlier work or a work "based on" the earlier work.
         
           A "covered work" means either the unmodified Program or a work based
         on the Program.
         
           To "propagate" a work means to do anything with it that, without
         permission, would make you directly or secondarily liable for
         infringement under applicable copyright law, except executing it on a
         computer or modifying a private copy.  Propagation includes copying,
         distribution (with or without modification), making available to the
         public, and in some countries other activities as well.
         
           To "convey" a work means any kind of propagation that enables other
         parties to make or receive copies.  Mere interaction with a user through
         a computer network, with no transfer of a copy, is not conveying.
         
           An interactive user interface displays "Appropriate Legal Notices"
         to the extent that it includes a convenient and prominently visible
         feature that (1) displays an appropriate copyright notice, and (2)
         tells the user that there is no warranty for the work (except to the
         extent that warranties are provided), that licensees may convey the
         work under this License, and how to view a copy of this License.  If
         the interface presents a list of user commands or options, such as a
         menu, a prominent item in the list meets this criterion.
         
           1. Source Code.
         
           The "source code" for a work means the preferred form of the work
         for making modifications to it.  "Object code" means any non-source
         form of a work.
         
           A "Standard Interface" means an interface that either is an official
         standard defined by a recognized standards body, or, in the case of
         interfaces specified for a particular programming language, one that
         is widely used among developers working in that language.
         
           The "System Libraries" of an executable work include anything, other
         than the work as a whole, that (a) is included in the normal form of
         packaging a Major Component, but which is not part of that Major
         Component, and (b) serves only to enable use of the work with that
         Major Component, or to implement a Standard Interface for which an
         implementation is available to the public in source code form.  A
         "Major Component", in this context, means a major essential component
         (kernel, window system, and so on) of the specific operating system
         (if any) on which the executable work runs, or a compiler used to
         produce the work, or an object code interpreter used to run it.
         
           The "Corresponding Source" for a work in object code form means all
         the source code needed to generate, install, and (for an executable
         work) run the object code and to modify the work, including scripts to
         control those activities.  However, it does not include the work's
         System Libraries, or general-purpose tools or generally available free
         programs which are used unmodified in performing those activities but
         which are not part of the work.  For example, Corresponding Source
         includes interface definition files associated with source files for
         the work, and the source code for shared libraries and dynamically
         linked subprograms that the work is specifically designed to require,
         such as by intimate data communication or control flow between those
         subprograms and other parts of the work.
         
           The Corresponding Source need not include anything that users
         can regenerate automatically from other parts of the Corresponding
         Source.
         
           The Corresponding Source for a work in source code form is that
         same work.
         
           2. Basic Permissions.
         
           All rights granted under this License are granted for the term of
         copyright on the Program, and are irrevocable provided the stated
         conditions are met.  This License explicitly affirms your unlimited
         permission to run the unmodified Program.  The output from running a
         covered work is covered by this License only if the output, given its
         content, constitutes a covered work.  This License acknowledges your
         rights of fair use or other equivalent, as provided by copyright law.
         
           You may make, run and propagate covered works that you do not
         convey, without conditions so long as your license otherwise remains
         in force.  You may convey covered works to others for the sole purpose
         of having them make modifications exclusively for you, or provide you
         with facilities for running those works, provided that you comply with
         the terms of this License in conveying all material for which you do
         not control copyright.  Those thus making or running the covered works
         for you must do so exclusively on your behalf, under your direction
         and control, on terms that prohibit them from making any copies of
         your copyrighted material outside their relationship with you.
         
           Conveying under any other circumstances is permitted solely under
         the conditions stated below.  Sublicensing is not allowed; section 10
         makes it unnecessary.
         
           3. Protecting Users' Legal Rights From Anti-Circumvention Law.
         
           No covered work shall be deemed part of an effective technological
         measure under any applicable law fulfilling obligations under article
         11 of the WIPO copyright treaty adopted on 20 December 1996, or
         similar laws prohibiting or restricting circumvention of such
         measures.
         
           When you convey a covered work, you waive any legal power to forbid
         circumvention of technological measures to the extent such circumvention
         is effected by exercising rights under this License with respect to
         the covered work, and you disclaim any intention to limit operation or
         modification of the work as a means of enforcing, against the work's
         users, your or third parties' legal rights to forbid circumvention of
         technological measures.
         
           4. Conveying Verbatim Copies.
         
           You may convey verbatim copies of the Program's source code as you
         receive it, in any medium, provided that you conspicuously and
         appropriately publish on each copy an appropriate copyright notice;
         keep intact all notices stating that this License and any
         non-permissive terms added in accord with section 7 apply to the code;
         keep intact all notices of the absence of any warranty; and give all
         recipients a copy of this License along with the Program.
         
           You may charge any price or no price for each copy that you convey,
         and you may offer support or warranty protection for a fee.
         
           5. Conveying Modified Source Versions.
         
           You may convey a work based on the Program, or the modifications to
         produce it from the Program, in the form of source code under the
         terms of section 4, provided that you also meet all of these conditions:
         
             a) The work must carry prominent notices stating that you modified
             it, and giving a relevant date.
         
             b) The work must carry prominent notices stating that it is
             released under this License and any conditions added under section
             7.  This requirement modifies the requirement in section 4 to
             "keep intact all notices".
         
             c) You must license the entire work, as a whole, under this
             License to anyone who comes into possession of a copy.  This
             License will therefore apply, along with any applicable section 7
             additional terms, to the whole of the work, and all its parts,
             regardless of how they are packaged.  This License gives no
             permission to license the work in any other way, but it does not
             invalidate such permission if you have separately received it.
         
             d) If the work has interactive user interfaces, each must display
             Appropriate Legal Notices; however, if the Program has interactive
             interfaces that do not display Appropriate Legal Notices, your
             work need not make them do so.
         
           A compilation of a covered work with other separate and independent
         works, which are not by their nature extensions of the covered work,
         and which are not combined with it such as to form a larger program,
         in or on a volume of a storage or distribution medium, is called an
         "aggregate" if the compilation and its resulting copyright are not
         used to limit the access or legal rights of the compilation's users
         beyond what the individual works permit.  Inclusion of a covered work
         in an aggregate does not cause this License to apply to the other
         parts of the aggregate.
         
           6. Conveying Non-Source Forms.
         
           You may convey a covered work in object code form under the terms
         of sections 4 and 5, provided that you also convey the
         machine-readable Corresponding Source under the terms of this License,
         in one of these ways:
         
             a) Convey the object code in, or embodied in, a physical product
             (including a physical distribution medium), accompanied by the
             Corresponding Source fixed on a durable physical medium
             customarily used for software interchange.
         
             b) Convey the object code in, or embodied in, a physical product
             (including a physical distribution medium), accompanied by a
             written offer, valid for at least three years and valid for as
             long as you offer spare parts or customer support for that product
             model, to give anyone who possesses the object code either (1) a
             copy of the Corresponding Source for all the software in the
             product that is covered by this License, on a durable physical
             medium customarily used for software interchange, for a price no
             more than your reasonable cost of physically performing this
             conveying of source, or (2) access to copy the
             Corresponding Source from a network server at no charge.
         
             c) Convey individual copies of the object code with a copy of the
             written offer to provide the Corresponding Source.  This
             alternative is allowed only occasionally and noncommercially, and
             only if you received the object code with such an offer, in accord
             with subsection 6b.
         
             d) Convey the object code by offering access from a designated
             place (gratis or for a charge), and offer equivalent access to the
             Corresponding Source in the same way through the same place at no
             further charge.  You need not require recipients to copy the
             Corresponding Source along with the object code.  If the place to
             copy the object code is a network server, the Corresponding Source
             may be on a different server (operated by you or a third party)
             that supports equivalent copying facilities, provided you maintain
             clear directions next to the object code saying where to find the
             Corresponding Source.  Regardless of what server hosts the
             Corresponding Source, you remain obligated to ensure that it is
             available for as long as needed to satisfy these requirements.
         
             e) Convey the object code using peer-to-peer transmission, provided
             you inform other peers where the object code and Corresponding
             Source of the work are being offered to the general public at no
             charge under subsection 6d.
         
           A separable portion of the object code, whose source code is excluded
         from the Corresponding Source as a System Library, need not be
         included in conveying the object code work.
         
           A "User Product" is either (1) a "consumer product", which means any
         tangible personal property which is normally used for personal, family,
         or household purposes, or (2) anything designed or sold for incorporation
         into a dwelling.  In determining whether a product is a consumer product,
         doubtful cases shall be resolved in favor of coverage.  For a particular
         product received by a particular user, "normally used" refers to a
         typical or common use of that class of product, regardless of the status
         of the particular user or of the way in which the particular user
         actually uses, or expects or is expected to use, the product.  A product
         is a consumer product regardless of whether the product has substantial
         commercial, industrial or non-consumer uses, unless such uses represent
         the only significant mode of use of the product.
         
           "Installation Information" for a User Product means any methods,
         procedures, authorization keys, or other information required to install
         and execute modified versions of a covered work in that User Product from
         a modified version of its Corresponding Source.  The information must
         suffice to ensure that the continued functioning of the modified object
         code is in no case prevented or interfered with solely because
         modification has been made.
         
           If you convey an object code work under this section in, or with, or
         specifically for use in, a User Product, and the conveying occurs as
         part of a transaction in which the right of possession and use of the
         User Product is transferred to the recipient in perpetuity or for a
         fixed term (regardless of how the transaction is characterized), the
         Corresponding Source conveyed under this section must be accompanied
         by the Installation Information.  But this requirement does not apply
         if neither you nor any third party retains the ability to install
         modified object code on the User Product (for example, the work has
         been installed in ROM).
         
           The requirement to provide Installation Information does not include a
         requirement to continue to provide support service, warranty, or updates
         for a work that has been modified or installed by the recipient, or for
         the User Product in which it has been modified or installed.  Access to a
         network may be denied when the modification itself materially and
         adversely affects the operation of the network or violates the rules and
         protocols for communication across the network.
         
           Corresponding Source conveyed, and Installation Information provided,
         in accord with this section must be in a format that is publicly
         documented (and with an implementation available to the public in
         source code form), and must require no special password or key for
         unpacking, reading or copying.
         
           7. Additional Terms.
         
           "Additional permissions" are terms that supplement the terms of this
         License by making exceptions from one or more of its conditions.
         Additional permissions that are applicable to the entire Program shall
         be treated as though they were included in this License, to the extent
         that they are valid under applicable law.  If additional permissions
         apply only to part of the Program, that part may be used separately
         under those permissions, but the entire Program remains governed by
         this License without regard to the additional permissions.
         
           When you convey a copy of a covered work, you may at your option
         remove any additional permissions from that copy, or from any part of
         it.  (Additional permissions may be written to require their own
         removal in certain cases when you modify the work.)  You may place
         additional permissions on material, added by you to a covered work,
         for which you have or can give appropriate copyright permission.
         
           Notwithstanding any other provision of this License, for material you
         add to a covered work, you may (if authorized by the copyright holders of
         that material) supplement the terms of this License with terms:
         
             a) Disclaiming warranty or limiting liability differently from the
             terms of sections 15 and 16 of this License; or
         
             b) Requiring preservation of specified reasonable legal notices or
             author attributions in that material or in the Appropriate Legal
             Notices displayed by works containing it; or
         
             c) Prohibiting misrepresentation of the origin of that material, or
             requiring that modified versions of such material be marked in
             reasonable ways as different from the original version; or
         
             d) Limiting the use for publicity purposes of names of licensors or
             authors of the material; or
         
             e) Declining to grant rights under trademark law for use of some
             trade names, trademarks, or service marks; or
         
             f) Requiring indemnification of licensors and authors of that
             material by anyone who conveys the material (or modified versions of
             it) with contractual assumptions of liability to the recipient, for
             any liability that these contractual assumptions directly impose on
             those licensors and authors.
         
           All other non-permissive additional terms are considered "further
         restrictions" within the meaning of section 10.  If the Program as you
         received it, or any part of it, contains a notice stating that it is
         governed by this License along with a term that is a further
         restriction, you may remove that term.  If a license document contains
         a further restriction but permits relicensing or conveying under this
         License, you may add to a covered work material governed by the terms
         of that license document, provided that the further restriction does
         not survive such relicensing or conveying.
         
           If you add terms to a covered work in accord with this section, you
         must place, in the relevant source files, a statement of the
         additional terms that apply to those files, or a notice indicating
         where to find the applicable terms.
         
           Additional terms, permissive or non-permissive, may be stated in the
         form of a separately written license, or stated as exceptions;
         the above requirements apply either way.
         
           8. Termination.
         
           You may not propagate or modify a covered work except as expressly
         provided under this License.  Any attempt otherwise to propagate or
         modify it is void, and will automatically terminate your rights under
         this License (including any patent licenses granted under the third
         paragraph of section 11).
         
           However, if you cease all violation of this License, then your
         license from a particular copyright holder is reinstated (a)
         provisionally, unless and until the copyright holder explicitly and
         finally terminates your license, and (b) permanently, if the copyright
         holder fails to notify you of the violation by some reasonable means
         prior to 60 days after the cessation.
         
           Moreover, your license from a particular copyright holder is
         reinstated permanently if the copyright holder notifies you of the
         violation by some reasonable means, this is the first time you have
         received notice of violation of this License (for any work) from that
         copyright holder, and you cure the violation prior to 30 days after
         your receipt of the notice.
         
           Termination of your rights under this section does not terminate the
         licenses of parties who have received copies or rights from you under
         this License.  If your rights have been terminated and not permanently
         reinstated, you do not qualify to receive new licenses for the same
         material under section 10.
         
           9. Acceptance Not Required for Having Copies.
         
           You are not required to accept this License in order to receive or
         run a copy of the Program.  Ancillary propagation of a covered work
         occurring solely as a consequence of using peer-to-peer transmission
         to receive a copy likewise does not require acceptance.  However,
         nothing other than this License grants you permission to propagate or
         modify any covered work.  These actions infringe copyright if you do
         not accept this License.  Therefore, by modifying or propagating a
         covered work, you indicate your acceptance of this License to do so.
         
           10. Automatic Licensing of Downstream Recipients.
         
           Each time you convey a covered work, the recipient automatically
         receives a license from the original licensors, to run, modify and
         propagate that work, subject to this License.  You are not responsible
         for enforcing compliance by third parties with this License.
         
           An "entity transaction" is a transaction transferring control of an
         organization, or substantially all assets of one, or subdividing an
         organization, or merging organizations.  If propagation of a covered
         work results from an entity transaction, each party to that
         transaction who receives a copy of the work also receives whatever
         licenses to the work the party's predecessor in interest had or could
         give under the previous paragraph, plus a right to possession of the
         Corresponding Source of the work from the predecessor in interest, if
         the predecessor has it or can get it with reasonable efforts.
         
           You may not impose any further restrictions on the exercise of the
         rights granted or affirmed under this License.  For example, you may
         not impose a license fee, royalty, or other charge for exercise of
         rights granted under this License, and you may not initiate litigation
         (including a cross-claim or counterclaim in a lawsuit) alleging that
         any patent claim is infringed by making, using, selling, offering for
         sale, or importing the Program or any portion of it.
         
           11. Patents.
         
           A "contributor" is a copyright holder who authorizes use under this
         License of the Program or a work on which the Program is based.  The
         work thus licensed is called the contributor's "contributor version".
         
           A contributor's "essential patent claims" are all patent claims
         owned or controlled by the contributor, whether already acquired or
         hereafter acquired, that would be infringed by some manner, permitted
         by this License, of making, using, or selling its contributor version,
         but do not include claims that would be infringed only as a
         consequence of further modification of the contributor version.  For
         purposes of this definition, "control" includes the right to grant
         patent sublicenses in a manner consistent with the requirements of
         this License.
         
           Each contributor grants you a non-exclusive, worldwide, royalty-free
         patent license under the contributor's essential patent claims, to
         make, use, sell, offer for sale, import and otherwise run, modify and
         propagate the contents of its contributor version.
         
           In the following three paragraphs, a "patent license" is any express
         agreement or commitment, however denominated, not to enforce a patent
         (such as an express permission to practice a patent or covenant not to
         sue for patent infringement).  To "grant" such a patent license to a
         party means to make such an agreement or commitment not to enforce a
         patent against the party.
         
           If you convey a covered work, knowingly relying on a patent license,
         and the Corresponding Source of the work is not available for anyone
         to copy, free of charge and under the terms of this License, through a
         publicly available network server or other readily accessible means,
         then you must either (1) cause the Corresponding Source to be so
         available, or (2) arrange to deprive yourself of the benefit of the
         patent license for this particular work, or (3) arrange, in a manner
         consistent with the requirements of this License, to extend the patent
         license to downstream recipients.  "Knowingly relying" means you have
         actual knowledge that, but for the patent license, your conveying the
         covered work in a country, or your recipient's use of the covered work
         in a country, would infringe one or more identifiable patents in that
         country that you have reason to believe are valid.
         
           If, pursuant to or in connection with a single transaction or
         arrangement, you convey, or propagate by procuring conveyance of, a
         covered work, and grant a patent license to some of the parties
         receiving the covered work authorizing them to use, propagate, modify
         or convey a specific copy of the covered work, then the patent license
         you grant is automatically extended to all recipients of the covered
         work and works based on it.
         
           A patent license is "discriminatory" if it does not include within
         the scope of its coverage, prohibits the exercise of, or is
         conditioned on the non-exercise of one or more of the rights that are
         specifically granted under this License.  You may not convey a covered
         work if you are a party to an arrangement with a third party that is
         in the business of distributing software, under which you make payment
         to the third party based on the extent of your activity of conveying
         the work, and under which the third party grants, to any of the
         parties who would receive the covered work from you, a discriminatory
         patent license (a) in connection with copies of the covered work
         conveyed by you (or copies made from those copies), or (b) primarily
         for and in connection with specific products or compilations that
         contain the covered work, unless you entered into that arrangement,
         or that patent license was granted, prior to 28 March 2007.
         
           Nothing in this License shall be construed as excluding or limiting
         any implied license or other defenses to infringement that may
         otherwise be available to you under applicable patent law.
         
           12. No Surrender of Others' Freedom.
         
           If conditions are imposed on you (whether by court order, agreement or
         otherwise) that contradict the conditions of this License, they do not
         excuse you from the conditions of this License.  If you cannot convey a
         covered work so as to satisfy simultaneously your obligations under this
         License and any other pertinent obligations, then as a consequence you may
         not convey it at all.  For example, if you agree to terms that obligate you
         to collect a royalty for further conveying from those to whom you convey
         the Program, the only way you could satisfy both those terms and this
         License would be to refrain entirely from conveying the Program.
         
           13. Use with the GNU Affero General Public License.
         
           Notwithstanding any other provision of this License, you have
         permission to link or combine any covered work with a work licensed
         under version 3 of the GNU Affero General Public License into a single
         combined work, and to convey the resulting work.  The terms of this
         License will continue to apply to the part which is the covered work,
         but the special requirements of the GNU Affero General Public License,
         section 13, concerning interaction through a network will apply to the
         combination as such.
         
           14. Revised Versions of this License.
         
           The Free Software Foundation may publish revised and/or new versions of
         the GNU General Public License from time to time.  Such new versions will
         be similar in spirit to the present version, but may differ in detail to
         address new problems or concerns.
         
           Each version is given a distinguishing version number.  If the
         Program specifies that a certain numbered version of the GNU General
         Public License "or any later version" applies to it, you have the
         option of following the terms and conditions either of that numbered
         version or of any later version published by the Free Software
         Foundation.  If the Program does not specify a version number of the
         GNU General Public License, you may choose any version ever published
         by the Free Software Foundation.
         
           If the Program specifies that a proxy can decide which future
         versions of the GNU General Public License can be used, that proxy's
         public statement of acceptance of a version permanently authorizes you
         to choose that version for the Program.
         
           Later license versions may give you additional or different
         permissions.  However, no additional obligations are imposed on any
         author or copyright holder as a result of your choosing to follow a
         later version.
         
           15. Disclaimer of Warranty.
         
           THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
         APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
         HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
         OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
         THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
         PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
         IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
         ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
         
           16. Limitation of Liability.
         
           IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
         WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
         THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
         GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
         USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
         DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
         PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
         EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
         SUCH DAMAGES.
         
           17. Interpretation of Sections 15 and 16.
         
           If the disclaimer of warranty and limitation of liability provided
         above cannot be given local legal effect according to their terms,
         reviewing courts shall apply local law that most closely approximates
         an absolute waiver of all civil liability in connection with the
         Program, unless a warranty or assumption of liability accompanies a
         copy of the Program in return for a fee.
         
                              END OF TERMS AND CONDITIONS
         
                     How to Apply These Terms to Your New Programs
         
           If you develop a new program, and you want it to be of the greatest
         possible use to the public, the best way to achieve this is to make it
         free software which everyone can redistribute and change under these terms.
         
           To do so, attach the following notices to the program.  It is safest
         to attach them to the start of each source file to most effectively
         state the exclusion of warranty; and each file should have at least
         the "copyright" line and a pointer to where the full notice is found.
         
             <one line to give the program's name and a brief idea of what it does.>
             Copyright (C) <year>  <name of author>
         
             This program is free software: you can redistribute it and/or modify
             it under the terms of the GNU General Public License as published by
             the Free Software Foundation, either version 3 of the License, or
             (at your option) any later version.
         
             This program is distributed in the hope that it will be useful,
             but WITHOUT ANY WARRANTY; without even the implied warranty of
             MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             GNU General Public License for more details.
         
             You should have received a copy of the GNU General Public License
             along with this program.  If not, see <http://www.gnu.org/licenses/>.
         
         Also add information on how to contact you by electronic and paper mail.
         
           If the program does terminal interaction, make it output a short
         notice like this when it starts in an interactive mode:
         
             <program>  Copyright (C) <year>  <name of author>
             This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
             This is free software, and you are welcome to redistribute it
             under certain conditions; type `show c' for details.
         
         The hypothetical commands `show w' and `show c' should show the appropriate
         parts of the General Public License.  Of course, your program's commands
         might be different; for a GUI interface, you would use an "about box".
         
           You should also get your employer (if you work as a programmer) or school,
         if any, to sign a "copyright disclaimer" for the program, if necessary.
         For more information on this, and how to apply and follow the GNU GPL, see
         <http://www.gnu.org/licenses/>.
         
           The GNU General Public License does not permit incorporating your program
         into proprietary programs.  If your program is a subroutine library, you
         may consider it more useful to permit linking proprietary applications with
         the library.  If this is what you want to do, use the GNU Lesser General
         Public License instead of this License.  But first, please read
         <http://www.gnu.org/philosophy/why-not-lgpl.html>.
License-File: LICENSE
Keywords: pcap,wireshark,radio,qcsuper,capture analysis
Author: P1 Security - Marin Moulinier
Maintainer: P1 Security - Marin Moulinier
Requires-Python: >=3.7
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Telecommunications Industry
Classifier: Intended Audience :: Science/Research
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: System :: Networking
Classifier: Topic :: Communications :: Telephony
Classifier: Topic :: Security
Classifier: Environment :: Console
Requires-Dist: crcmod (>=1.7)
Requires-Dist: pycrate (>=0.7.0)
Requires-Dist: pyserial (>=3.5)
Requires-Dist: pyusb (>=1.2.1)
Project-URL: Homepage, https://github.com/P1sec/QCSuper
Project-URL: Issues, https://github.com/P1sec/QCSuper/issues
Project-URL: Repository, https://github.com/P1sec/QCSuper
Description-Content-Type: text/markdown

# QCSuper

**QCSuper** is a tool communicating with Qualcomm-based phones and modems, allowing to **capture raw 2G/3G/4G** (and for certain models 5G) radio frames, among other things.

It will allow you to **generate PCAP** captures of it using either a rooted Android phone, an USB dongle or an existing capture in another format.

![Screenshot of using QCSuper along with Wireshark](https://raw.githubusercontent.com/P1sec/QCSuper/master/docs/sample_pcaps/Wireshark%20screenshot.png?raw=true)

After having [installed](#installation) it, you can plug your rooted phone in USB and using it, with a compatible device, is as simple as:

```bash
qcsuper --adb --wireshark-live
```

Or, if you have manually enabled exposing a Diag port over your phone (the corresponding procedure may vary depending on your phone modem and manufacturer, see below for more explanations), or if you have plugged a mobile broadband dongle:

```bash
qcsuper --usb-modem auto --wireshark-live
```

It uses the Qualcomm Diag protocol, also called QCDM or DM (Diagnostic Monitor) in order to communicate with your phone's baseband.

**You are willing to report that your device works or does not work? You can open a [Github issue](https://github.com/P1sec/QCSuper/issues/new).**

## Table of contents

* **[Installation](#installation)**
  * [Linux installation (PIP)](#linux-installation-pip)
  * [Linux installation (UV)](#linux-installation-uv)
  * [Windows installation](#ubuntu-and-debian-installation)
* [Supported protocols](#supported-protocols)
* **[Usage notice](#usage-notice)**

**Annexes:**

* [Using QCSuper with an USB modem](#using-qcsuper-with-an-usb-modem)
* [Supported devices](#supported-devices)
* [Related tools using the Diag protocol](#related-tools-using-the-diag-protocol)

**Blog post/demo:** [Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones](https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/)

**More documentation:**

* [The Diag protocol](https://github.com/P1sec/QCSuper/blob/master/docs/The%20Diag%20protocol.md)
* [QCSuper architecture](https://github.com/P1sec/QCSuper/blob/master/docs/QCSuper%20architecture.md)

## Installation

QCSuper was lately tested and developed on **Ubuntu LTS 22.04+** and also has been used over Windows 11. It depends on a few Python modules. It is advised to use Linux for better compatibility.

To use it, **your phone must be rooted** or expose a diag service port over USB. In order to check for compatibility with your phone, look up the phone's model on a site like [GSMArena](https://www.gsmarena.com/) and check whether it has a Qualcomm processor.

In order to open PCAP files produced by QCSuper, you can use any Wireshark 2.x - 4.x for 2G/3G frames, but you need at least Wireshark 2.5.x for 4G frames (and 2.6.x for individual NAS messages decrypted out of 4G frames). Ubuntu currently provides a recent enough build for all versions.

Decoding 5G frames was tested under **Wireshark 3.6.x and above** and will be done through automatically installing a Wireshark Lua plug-in (in `%APPDATA%\Wireshark\plugins` under Windows or in `~/.local/lib/wireshark/plugins` under Linux and macOS), which can be avoided through setting the `DONT_INSTALL_WIRESHARK_PLUGIN=1` environment variable if you are willing to avoid this.

### Linux installation (PIP)

In order to install the stable version of QCSuper system-wide from PyPI, you can run these commands:

```bash
# Install dependencies
sudo apt install python3-pip wireshark

# Install stable QCSuper system-wide
sudo pip3 install --upgrade qcsuper --break-system-packages
```

Then, you can just type `qcsuper` in your terminal to run QCSuper.

In order to install the development version in a specific folder, open a terminal and type the following:

```bash
# Download QCSuper
git clone https://github.com/P1sec/qcsuper
cd qcsuper

# Install dependencies
sudo apt install python3-pip wireshark
sudo pip3 install --upgrade . --break-system-packages
```

Then, run QCSuper from the `qcsuper/` directory, using the `./qcsuper.py` command in the terminal.

### Linux installation (UV)

On Linux, you can to install QCSuper using the [`uv`](https://docs.astral.sh/uv/) package manager which is a modern alternative to PIP.

First, run one of these commands in your terminal in order to install `uv`:

```bash
sudo snap install --classic astral-uv # On Ubuntu
sudo dnf install -y uv # On Fedora
sudo pacman -S uv # On Archlinux, Manjaro
curl -LsSf https://astral.sh/uv/install.sh | sh # On Debian and others
```

Then, run this to install the latest stable version:

```bash
uv tool install qcsuper
```

Alternatively, you can install the latest development version using this command:

```bash
uv tool install git+https://github.com/P1sec/qcsuper
```

You can then just type this into your terminal:

```bash
qcsuper
```

However, if you need to run `qcsuper` as `root`, for example because you are reading data from a modem device, `qcsuper` may not be in `$PATH` when using `uv` with `sudo` so this may require to do something such as:

```bash
sudo env "PATH=$PATH" qcsuper
```

If you wish to participate to the development of the tool, you can use these commands in order to download the source, then create symbolic links to QCSuper into `~/.local/bin` towards the source directory:

```bash
git clone https://github.com/P1sec/qcsuper
cd qcsuper
uv sync # Create .venv in the current directory
uv tool install -e . # Create symlinks into ~/.local/bin
```

### Windows installation

QCSuper can run on Windows, but you should beforehand ensure that Google's ADB prompt correctly runs on your machine with your device, and you should as well manually create `libusb-win32` filters (through the utility accessible in the Start Menu after installing it) in the case where your device directly needs to connect to the Diag port over pseudo-serial USB.

(Please note that if you mode-switch your device, the associated USB PID/VID may change and it may require to redo driver associations in the `libusb-win32` filter creation utility - and/or in the Windows peripherial devices manager depending on the case)

On Windows, you may need (in addition to Google's ADB kernel drivers) to download and install your phone's USB drivers from your phone model (this may include generic Qualcomm USB drivers). Please search for your phone's model + "USB driver" or "ADB driver" on Google for instructions.

Then, you need to ensure that you can reach your device using `adb`. You can find a tutorial on how to download and setup `adb` [here](https://www.xda-developers.com/install-adb-windows-macos-linux/). The `adb.exe shell` (or whatever executable path you use, a copy of the ADB executable is present in the `qcsuper/inputs/external/adb` folder of QCSuper) command must display a prompt to continue.

Then, follow these links (the tool has been tested lately on Windows 11 - it is not guaranteed to work on Windows 7) in order to:

* [Install Python 3.12](https://www.python.org/ftp/python/3.12.1/python-3.12.1-amd64.exe) (Windows 7 version: [Python 3.7](https://www.python.org/ftp/python/3.7.9/python-3.7.9.exe)) or more recent (be sure to check options to include it into PATH, install it for all users and install pip)
* [Install Wireshark 4.2](https://2.na.dl.wireshark.org/win64/Wireshark-4.2.2-x64.exe) (Windows 7 version: [Install Wireshark 3.6](https://2.na.dl.wireshark.org/win64/all-versions/Wireshark-win64-3.6.19.exe)) or more recent
* [Install libusb-win32 1.2.7.3](https://github.com/mcuee/libusb-win32/releases/download/snapshot_1.2.7.3/libusb-win32-devel-filter-1.2.7.3.exe) (Windows 7 version: [libusb-win32 1.2.3.7](https://github.com/mcuee/libusb-win32/releases/download/snapshot_1.2.7.3/libusb-win32-devel-filter-1.2.7.3.exe)) or more recent
* Restart your command prompt/terminal in order to ensure that the `%PATH%` system variable has been updated.
* [Download and extract QCSuper](https://github.com/P1sec/QCSuper/archive/master.zip)

To install the required Python modules, open your command prompt and type:

```bash
pip3 install --upgrade pyserial pyusb crcmod pycrate https://github.com/pyocd/libusb-package/archive/master.zip
```

Still in your command prompt, move to the directory containing QCSuper using the `cd` command. You can then execute commands (which should start with `py qcsuper.py` or `py3 qcsuper.py` if you installed Python 3 from the online installer, or `python3.exe .\qcsuper.py` if you installed it from the Windows Store).

As noted above, it is possible that you have to add a `libusb-win32` filter through the utility available in the Start Menu in order to ensure that the interface corresponding to the Diag port is visible by QCSuper on the mode-switched device (a first failed attempt to run the tool using the `--adb` flag should trigger a mode-switch if the ADB driver is working and the device is correctly rooted).

<p align="center">
<img src="https://raw.githubusercontent.com/P1sec/QCSuper/master/docs/Adding%20libusb-win32%20filter.png?raw=true" alt="Screenshot of adding a libusb-win32 filter for the Diag port of a Mi phone">
</p>

## Supported protocols

QCSuper supports capturing a handful of mobile radio protocols. These protocols are put after a [GSMTAP header](http://osmocom.org/projects/baseband/wiki/GSMTAP), a standard header (encapsulated into UDP/IP) permitting to identify the protocol, and GSMTAP packets are put into a [PCAP file](https://wiki.wireshark.org/Development/LibpcapFileFormat) that is fully analyzable using Wireshark.

2G/3G/4G protocols can be broken into a few "layers": layer 1 is about the digital radio modulation and multiplexing, layer 2 handles stuff like fragmentation and acknowledgement, layer 3 is the proper signalling or user data.

QCSuper allows you most often to capture on layer 3, as it is the most pratical to analyze using Wireshark, and is what the Diag protocol provides natively (and some interesting information is here).

* 2G (GSM): Layer 3 and upwards (RR/...)
* 2.5G (GPRS and EDGE): Layer 2 and upwards (MAC-RLC/...) for data acknowledgements
* 3G (UMTS): Layer 3 and upwards (RRC/...)
  * Additionally, it supports reassembling SIBs (System Information Blocks, the data broadcast to all users) in separate GSMTAP frames, as Wireshark currently can't do it itself: flag `--reassemble-sibs`
* 4G (LTE): Layer 3 and upwards (RRC/...)
  * Additionally, it supports putting decrypted NAS message, which are embedded encrypted embedded into RRC packet, in additional frames: flag `--decrypt-nas`

By default, the IP traffic sent by your device is not included, you see only the signalling frames. You can include the IP traffic you generate using the `--include-ip-traffic` option (IP being barely the layer 3 for your data traffic in 2G/3G/4G, at the detail that its headers may be compressed (ROHC) and a tiny PPP header may be included).

The data traffic you send uses a channel different from the signalling traffic, this channed is setup through the signalling traffic; QCSuper should thus show you all details relevant to how this channel is initiated.

## Usage notice

In order to use QCSuper, you specify one input (e.g: `--adb` (Android phone), `--usb-modem`) and one or more modules (`--wireshark-live` for opening Wireshark, `--pcap-dump` for writing traffic to a PCAP file, `--info` for generic information about the device...).

A few commands you can type are:

```bash
# Open Wireshark directly, using a rooted Android phone as an input,
# for compatible phones:
$ qcsuper --adb --wireshark-live

# Same, but dump to a PCAP file instead of opening Wireshark directly
$ qcsuper --adb --pcap-dump /tmp/my_pcap.pcap
```

Or, if it is not simple enough to work:

```bash
# Same, but using an USB modem/phone exposing a Diag serial port
# directly over USB, in the case where the "--adb" mode does not
# work directly:

# - With a compatible Android phone where the Diag port over USB has
#   been manually enabled by the user (see the "How to manually enable
#   the diagnostic ports on my phone" section below for a summary of
#   how this may be possible with most Qualcomm-based models)
#
#   In this case, you may try:
$ qcsuper --usb-modem auto --wireshark-live
#   Or, if selecting manually the USB device corresponding to the 
#   Diag-enabled phone turns to be requried:
$ lsusb
(..)
Bus 001 Device 076: ID 05c6:9091 Qualcomm, Inc. Intex Aqua Fish & Jolla C Diagnostic Mode
$ qcsuper --usb-modem 1d6b:0003 --wireshark-live # With vendor ID:product ID...
$ qcsuper --usb-modem 002:001 --wireshark-live # ...or with bus ID:device ID
# Or, if selecting the configuration number and interface number (referred as "bConfigurationValue" and "bInterfaceNumber" in the USB desciprtors) turn to be required:
$ lsusb -v
(..)
$ qcsuper --usb-modem 1d6b:0003:1:0 --wireshark-live # With vendor ID:product ID:configuration:interface...
$ qcsuper --usb-modem 002:001:1:0 --wireshark-live # ...or with bus ID:device ID:configuration:interface

# - With a generic serial-over-USB device where the "usbserial" module has
#   loaded a /dev/ttyUSB{0-9} device corresponding to the diagnostic port:
$ qcsuper --usb-modem /dev/ttyUSB2 --wireshark-live

# - With an Option device where the "hsoserial" module has loaded a
#   /dev/ttyHS{0-9} device corresponding to the diagnostic port:
$ qcsuper --usb-modem /dev/ttyHS2 --wireshark-live
```

Here is the current usage notice for QCSuper:

```
usage: qcsuper [-h] [--cli] [--efs-shell] [--efs-shell2] [-v] (--adb | --adb-wsl2 ADB_WSL2 | --tcp IP_ADDRESS:TCP_PORT | --usb-modem TTY_DEV | --dlf-read DLF_FILE |
               --json-geo-read JSON_FILE) [--info] [--pcap-dump PCAP_FILE] [--wireshark-live] [--memory-dump OUTPUT_DIR] [--dlf-dump DLF_FILE] [--json-geo-dump JSON_FILE]
               [--decoded-sibs-dump] [--reassemble-sibs] [--decrypt-nas] [--include-ip-traffic] [--start MEMORY_START] [--stop MEMORY_STOP]

A tool for communicating with the Qualcomm DIAG protocol (also called QCDM or DM).

options:
  -h, --help            show this help message and exit
  --cli                 Use a command prompt, allowing for interactive completion of commands.
  --efs-shell           Spawn an interactive shell to navigate within the embedded filesystem (EFS) of the baseband device.
  --efs-shell2          Spawn an interactive shell to navigate within the embedded filesystem (EFS) of the baseband device. Use the secondary filesystem known as "alternate".
  -v, --verbose         Add output for each received or sent Diag packet.

Input mode:
  Choose an one least input mode for DIAG data.

  --adb                 Use a rooted Android phone with USB debugging enabled as input (requires adb).
  --adb-wsl2 ADB_WSL2   Unix path to the Windows adb executable. Equivalent of --adb command but with WSL2/Windows interoperability.
  --tcp IP_ADDRESS:TCP_PORT
                        Connect to remote TCP service exposing DIAG interface.
  --usb-modem TTY_DEV   Use an USB modem exposing a DIAG pseudo-serial port through USB.
                        Possible syntaxes:
                          - "auto": Use the first device interface in the system found where the
                            following criteria is matched, by order of preference:
                            - bInterfaceClass=255/bInterfaceSubClass=255/bInterfaceProtocol=48/bNumEndpoints=2
                            - bInterfaceClass=255/bInterfaceSubClass=255/bInterfaceProtocol=255/bNumEndpoints=2
                          - usbserial or hso device name (Linux/macOS): "/dev/tty{USB,HS,other}{0-9}"
                          - COM port identifier (Windows): "COM{0-9}"
                          - "vid:pid[:cfg:intf]" (vendor ID/product ID/optional bConfigurationValue/optional
                            bInterfaceNumber) format in hexa: e.g. "05c6:9091" or "05c6:9091:1:0 (vid and pid
                            are four zero-padded hex digits, cfg and intf are canonical values from the USB
                            descriptor, or guessed using the criteria specified for "auto" above if not specified)
                          - "bus:addr[:cfg:intf]" (USB bus/device address/optional bConfigurationValue/optional
                            bInterfaceNumber) format in decimal: e.g "001:003" or "001:003:0:3" (bus and addr are
                            three zero-padded digits, cfg and intf are canonical values from the USB descriptor)
  --dlf-read DLF_FILE   Read a DLF file generated by QCSuper or QXDM, enabling interoperability with vendor software.
  --json-geo-read JSON_FILE
                        Read a JSON file generated using --json-geo-dump.

Modules:
  Modules writing to a file will append when it already exists, and consider it Gzipped if their name contains ".gz".

  --info                Read generic information about the baseband device.
  --pcap-dump PCAP_FILE
                        Generate a PCAP file containing GSMTAP frames for 2G/3G/4G, to be loaded using Wireshark.
  --wireshark-live      Same as --pcap-dump, but directly spawn a Wireshark instance.
  --memory-dump OUTPUT_DIR
                        Dump the memory of the device (may not or partially work with recent devices).
  --dlf-dump DLF_FILE   Generate a DLF file to be loaded using QCSuper or QXDM, with network protocols logging.
  --json-geo-dump JSON_FILE
                        Generate a JSON file containing both raw log frames and GPS coordinates, for further reprocessing. To be used in combination with --adb.
  --decoded-sibs-dump   Print decoded SIBs to stdout (experimental, requires pycrate).

PCAP generation options:
  To be used along with --pcap-dump or --wireshark-live.

  --reassemble-sibs     Include reassembled UMTS SIBs as supplementary frames, also embedded fragmented in RRC frames.
  --decrypt-nas         Include unencrypted LTE NAS as supplementary frames, also embedded ciphered in RRC frames.
  --include-ip-traffic  Include unframed IP traffic from the UE.

Memory dumping options:
  To be used along with --memory-dump.

  --start MEMORY_START  Offset at which to start to dump memory (hex number), by default 00000000.
  --stop MEMORY_STOP    Offset at which to stop to dump memory (hex number), by default ffffffff.
```

Specifying `-` to pipe data from stdin or towards stdout is supported (gzipped content may not be detected).

### How to root my phone?

This README file is not a guide over how to root your phone (getting your phone to enable you to run commands such as "`su`").

In most of the recent Android devices, you must first use the "OEM/bootloader unlock" option prevent in the developer settings of the telephone in order to unlock the bootloader, then you may use a tool such as [Magisk](https://topjohnwu.github.io/Magisk/install.html) that will enable you to obtain a patched image for your phone's bootloader, that you will then be able to load onto your phone in [`fastboot` mode](https://en.wikipedia.org/wiki/Fastboot).

QCSuper will have more chance to work easily on your Qualcomm-based device when your phone is rooted, but there often are ways to enable the Qualcomm Diag USB mode (also known as "DM", Diag Monitor) on your phone without having your phone rooted. This [depends on](https://band.radio/diag) your phone vendor and goes through, for example, typing a magic combination of digits onto your phone's dialer keypad. Please see the "*How to manually enable the diagnostic ports on my phone?*" section below for more details.

Before rooting your phone, remember that you may also want to use load an alternate recovery image such as TWRP onto your OEM-unlocked phone in order to perform partition backup using a tool such as [TWRP](https://twrp.me/) (it may be as simple as loading the image through Fastboot, enabling the ADB link in the settings of TWRP, and using `adb pull` onto selected partitions in the `/dev/block/by-name` folder`).

For specific inscriptions on rooting or enabling the Diag mode on your phone model, you may search the information over the XDA-developers forum with appropriate keywords.

### How to manually enable the diagnostic ports on my phone?

On Qualcomm/MSM Android-based devices **bearing Linux kernel 4.9 or earlier** (this includes roughly part of devices up to Android 12 and all devices before Android 10), Qualcomm-based Android devices normally **contain a system device called `/dev/diag`** which allows to communicate data to the diagnostics port of the baseband.

On Qualcomm/MSM Android-based devices **bearing Linux kernel 4.14 or later** (this includes roughly part of devices from Android 10 and all devices from Android 13), **`/dev/diag` disappeared**, as the corresponding `diagchar` module is disabled by default recent AOSP/Linux kernels.

On the devices **bearing a Linux 4.9 or earlier MSM kernel**, when using the `--adb` flag, QCSuper will **try to connect through ADB automatically**, will then attempt to transfer an executable utility connecting to the `/dev/diag` device, in order to launch it as root using a command such as `su -c /data/local/tmp/adb_bridge`, and subsequently **transmit the diagnostics data with the device over TCP** (also forwarding the corresponing TCP port through ADB).

On the devices **bearing a Linux 4.14 or later MSM kernel**, when using the `--adb` flag, QCSuper will try to connect through ADB automatically, will then attempt to **mode-switch the USB port** of the phone using a command such as `su -c 'setprop sys.usb.config diag,adb'`, and then execute the **equivalent of the `--usb-modem auto` flag** (see below).

The `--usb-modem <value>` flag allows QCSuper to **connect to the Qualcomm diagnostics port over a pseudo-serial port over USB**, independently from ADB, which is the most common way to connect to the Qualcomm diag protocol of an Android-based phone using an external device.

In order to use `--usb-modem <value>` flag, the Qualcomm diagnostic port must be enabled on the corresponding phone, otherwise said **the phone should have been USB mode-switched** beforehand.

The most common way to USB mode-switch your device is to execute a command such as `setprop sys.usb.config diag,adb` as root, but there may be other ways (with certain phone vendors) to enable the Qualcomm diagnostics-over-USB mode, see for example [this page](https://band.radio/diag) for possible ways, for certain devices, to enable Diag without root - it often imples to type a magic combination of digits over the phone's dialer keypad.

In other devices, it may also be possible to use an APK file signed by the phone vendor and with System-related permissions in order to enable the Diag mode without rooting (search about the `com.longcheertel.midtest` APK for Xiaomi-based devices for example).

Once your device has been correctly most-switched, running the `getprop sys.usb.config` command over ADB should display a text string containing `diag`.

On the side of your computer, then, running `lsusb` (on Linux) should display a line referring your device, for example:

```
Bus 001 Device 076: ID 05c6:9091 Qualcomm, Inc. Intex Aqua Fish & Jolla C Diagnostic Mode
```

Note the `001:076` (bus index/device index identifier), and the `05c6:9091` (vendor ID/product ID) information present in this output.

Once you have this information available, **you may try to use a flag such as `--usb-modem 05c6:9091` or `--usb-modem 001:076`** with QCSuper (please respect the digit padding).

If this isn't conclusive, you may use the `lsusb -v -d 05c6:9091` command, which should produce detailed output, including the USB configurations, interfaces and endpoints for the corresponding USB device:

```
Bus 001 Device 027: ID 05c6:9091 Qualcomm, Inc. Intex Aqua Fish & Jolla C Diagnostic Mode
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.01
  bDeviceClass            0 
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x05c6 Qualcomm, Inc.
  idProduct          0x9091 Intex Aqua Fish & Jolla C Diagnostic Mode
  bcdDevice            5.04
  iManufacturer           1 Xiaomi
  iProduct                2 Mi 11
  iSerial                 3 d94f4341
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0086
    bNumInterfaces          4
    bConfigurationValue     1
    iConfiguration          4 Default composition
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol     48 
      iInterface              0 
[...]
```

QCSuper allows you to manually select the identifiers of the configuration and the interface you are wishing to attempt to connect to on the concerned device (designated as `bConfigurationValue` and `bInterfaceNumber` in the raw USB descriptor), in the case where it isn't detected correctly. For example, the `--usb-modem 05c6:9091:1:0` flag will select respectively configuration 1 and the interface 0 on the concerned device.  `--usb-modem 05c6:9091:1:4` will select the interface 4 over the configuration 1.

If the configuration and interface indexes detail isn't specified, it will select the first interface descriptor on the system USB bus which is found to match the following criteria, by order of preference:
* `bInterfaceClass=255/bInterfaceSubClass=255/bInterfaceProtocol=48/bNumEndpoints=2`
* `bInterfaceClass=255/bInterfaceSubClass=255/bInterfaceProtocol=255/bNumEndpoints=2`

When using the `--usb-modem auto` flag, the first device exposing an USB interface compilant with this criteria is picked, and if needed on Linux the underlying `/dev/ttyUSB*` (`usbserial` module) or `/dev/ttyHS*` (`hso` module) character device is selected, in the case where the device has been detected and mounted by a kernel module (see the "Using QCSuper with an USB modem" section below).

*Alternately*, on Linux, it may also be possible to manually create `/dev/ttyUSB*` endpoints corresponding to the interfaces of a given USB device, that you will able to can connect using QCSuper with a flag such as `--usb-modem /dev/ttyUSB0` (this may require running QCSuper with root rights), using the `usbserial` module. For this, you can use a command such as:

```
sudo rmmod usbserial
sudo modprobe usbserial vendor=0x05c6 product=0x9091
```


## Using QCSuper with an USB modem

You can use QCSuper with an USB modem exposing a Diag port using the `--usb-modem <device>` option, where `<device>` is the name of the pseudo-serial device on Linux (such as `/dev/ttyUSB0`, `/dev/ttyHS2` and other possibilites) or of the COM port on Windows (such as `COM2`, `COM3`).

Please note that in most setups, you will need to run QCSuper as root in order to be able to use this mode, notably for handling serial port interference.

If you don't know which devices under `/dev` expose the Diag port, you may have to try multiple of these. You can try to auto-detect it by stopping the ModemManager daemon (`sudo systemctl stop ModemManager`), and using the following command: `sudo ModemManager --debug 2>&1 | grep -i 'port is QCDM-capable'` then Ctrl-C.

Please note that if you're not able to use your device with for example ModemManager in the first place, it is likely that it is not totally setup and that it will not work neither with QCSuper. A few possible gotchas are:

  * You didn't apply the proper [mode switching](https://wiki.archlinux.org/index.php/USB_3G_Modem#Mode_switching) command for your device.
  
  * If you bought a device that previously had a SIM from a different operator, your device may be sim-locked. You may have to use the unlock code from the former operator and submit it to the device, as if it was a PIN code: `sudo mmcli -i 0 --pin=<your_unlock_code>`

If your Qualcomm-based USB device doesn't expose a Diag port by default, you may need to type the following through the AT port in order to enable the Diag port:

```
AT$QCDMG
```

Please note that only one client may communicate with the Diag port at the same time. This applies to two QCSuper instances, or QCSuper and ModemManager instances.

If ModemManager is active on your system, QCSuper will attempt to dynamically add an udev rule to prevent it to access the Diag port and restart its daemon, as it's currently the best way to achieve this. It will suppress this rule when closed.


## Supported devices

QCSuper was successfully tested with:

* Sony Xperia Z (Phone) - 4G - works out of the box after rooting an enabling adb
* Nexus 6P (Phone) - 4G - works out of the box after rooting an enabling adb
* ZTE MF823 (USB Modem) - 4G - may require to [mode-switch the device to CDC-WDM](https://wiki.archlinux.org/index.php/ZTE_MF_823_%28Megafon_M100-3%29_4G_Modem#Device_Identification), set the device to [factory mode](https://wiki.archlinux.org/index.php/ZTE_MF_823_%28Megafon_M100-3%29_4G_Modem#Commands), then execute the AT command mentioned above
* ZTE MF667 (USB Modem) - 3G, 2011 - should work out of the box (may require mode switching)
* Option Icon 225 (USB Modem) - 3G, 2008
* Novatel Ovation MC998D (USB Modem)
* ZTE WCDMA Technologies MSM MF110/MF627/MF636 (USB Modem)
* ZTE 403zt (USB Modem) - 4G
* OnePlus One and 3 (Phones)
* Andromax A16C3H (Phone)
* Samsung Galaxy S4 GT-I9505 (Phone)
* Virtual Access GW1150 - using TCP connection
* Westermo Merlin 4600 - using TCP connection
* Fairphone 5 - [see **full guide**](https://github.com/Doct2O/fairphone5/tree/main/radio/cellular/qualcomm-diagnostic-mode)

Is it however aiming to be compatible with the widest possible range of devices based on a Qualcomm chipset, for the capture part.

Other working devices are listed at: [https://github.com/P1sec/QCSuper/issues?q=label:"confirmed+working"](https://github.com/P1sec/QCSuper/issues?q=label:%22confirmed+working%22)

Do no hesitate to report whether your device is successfully working or not through opening a [Github issue](https://github.com/P1sec/QCSuper/issues/new).

## Related tools using the Diag protocol

There are a few other open tools implementing bits of the Diag protocol, serving various purposes:

* [ModemManager](https://github.com/endlessm/ModemManager): the principal daemon enabling to use USB modems on Linux, implements bits of the Diag protocol (labelled as QCDM) in order to retrieve basic information about USB modem devices.
* [SnoopSnitch](https://opensource.srlabs.de/projects/snoopsnitch) (specifically [gsm-parser](https://github.com/E3V3A/gsm-parser)): chiefly an Android application whose purpose is to detect potential attacks on the radio layer (IMSI catcher, fake BTS...). It also have a secondary feature to capture some signalling traffic to PCAP, which does not provide exactly the same thing as QCSuper (LTE traffic isn't encapsulated in GSMTAP for example, device support may be different).
  * [diag-parser](https://github.com/moiji-mobile/diag-parser): A Linux tool that derivates from the PCAP generation feature from SnoopSnitch, somewhat improved, designed to work with USB modems.
* [MobileInsight](http://www.mobileinsight.net/): this Android application intends to parse all kinds of logs output by Qualcomm and Mediatek devices (not only those containing signalling information, but also proprietary debugging structures), and dumping these to a specific XML representation format. Does not provide user-facing PCAPs (but formerly used Wireshark as a backend for converting certain protocol information to XML).
* [qcombbdbg](https://code.google.com/archive/p/qcombbdbg/): A debugger for the Qualcomm baseband setting up itself by hooking a Diag command, through using the Diag command that allows to write to memory, for the Option Icon 225 USB modem.
* [OpenPST](https://github.com/openpst/openpst): A set of tools related to Qualcomm devices, including a GUI utility allowing, for example, to read data on the tiny embedded filesystem accessible through Diag (EFS).
* [SCAT](https://github.com/fgsect/scat): A tool with similar GSMTAP generation abilities, taking as input a serial port, also supporting Samsung Exynos.

