Nokia 1110 getsms

[Heikki Lindholm]

Hi there,

I've tried to get --getsms working on a Nokia 1110 phone. Connected with 
a CA-45 cable. It speaks only FBUS afaics.

Gnokii does not seem to support the phone. HW/SW version query works, 
but that's about it. Same with gammu.

So, I fired up a serial sniffer to see what mobius does, since it seems 
to get at least something out of the phone. I got getsms working to a 
degree, but can't quote decrypt the messages. An example:

Getting SMS #11...
Message sent: 0x05 / 0x002e
00 05 ce 03 00 02 01 00 00 14 06 00 00 00 00 01 |
00 05 00 01 00 01 00 0b 00 03 01 00 00 14 06 00 |
00 00 00 01 00 05 00 01 00 01 00 0c 00 03       |
[Received Ack of type 05, seq:  1]
[Sending Ack of type 05, seq: 1]
[Sending Ack of type 05, seq: 2]
Message received: 0x05 / 0x00ee
05 00 ce 04 01 02 02 01 00 78 06 22 00 60 00 00 |          x " `
03 00 00 01 00 05 00 01 00 01 00 0b 00 03 00 05 |
00 01 00 5a 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |    Z X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 00 02 01 |  X X X X X X
00 70 06 22 00 57 00 00 03 00 00 01 00 05 00 01 |  p " W
00 01 00 0c 00 03 00 01 00 00 00 51 01 00 3d bc |            Q  =
c5 b5 64 00 0c 00 00 00 00 01 00 00 30 00 00 00 |             0
00 00 00 00 00 00 00 04 00 00 00 00 0c 91 YY YY |
YY YY YY YY YY 00 00 00 07 91 ZZ ZZ ZZ Z9 53 20 |
00 00 00 00 00 00 00 00 00 00 00 00 00 0f 18 10 |
00 00 00 00 00 00 00 01 00 5a 00 0b 05 00       |          Z
Received message type 05
Frame of type 0x05 received!

Here's my initial breakdown of the messages:
Message sent: 0x05 / 0x002e
00
05 (command or mem type: 05=INBOX 07=SENT)
ce (request counter, any increasing number)
03 00
02 (number of subrequests)
# subreq1
01 00
00 14 (subreq length probably)
06 00 00 00 00 01 00 05 00 01 00
01 (folder/memtype/flags 01=inbox 03=sent)
00
0b (item number, odd numbers give the text part of msg)
00 03
# subreq2
01 00
00 14 (subreq length probably)
06 00 00 00 00 01 00 05 00 01 00
01 (folder...)
00
0c (item number, previousreq+1 gives the "metadata" of msg)
00 03

Message received: 0x05 / 0x00ee
05 (cmd or mem type)
00
ce (req counter from req)
04 01
02 (number of subreplies)
# reply to subreq1
02 01 (reply header, seems to be 26 bytes)
00 78 (reply length, 16-bit)
06 22
00 60 (reply payload length, 16-bit)
00 00 03 00 00 01 00 05 00 01 00 01 00
0b (item number)
00 03 00
05 (payload type, 05 or 09 seems to be text)
00 01
00 5a (length of following ucs2 text string)
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |    Z X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 XX |  X X X X X X X X
00 XX 00 XX 00 XX 00 XX 00 XX 00 XX 00 00
# reply to subreq2
02 01 (reply header)
00 70 (reply length, 16-bit)
06 22
00 57 (reply payload length, 16-bit)
00 00 03 00 00 01 00 05 00 01 00 01 00
0c (item number)
00 03 00
01 (payload type, 01 or 06 metadata)
00 00 00 51 01 00
3d bc c5 b5 64 (date in some epoch format)
00 0c 00 00 00 00 01 00 00 30 00 00 00 |             0
00 00 00 00 00 00 00 04 00 00 00 00
0c (length of phone number)
91 (format of phone number)
YY YY YY YY YY YY YY (phone number)
00 00 00
07 (length of phone number)
91 (format of phone number)
ZZ ZZ ZZ Z9 53 20 |
00 00 00 00 00 00 00 00 00 00 00 00 00 0f 18 10 |
00 00 00 00 00 00 00 01 00 5a 00 0b 05 00       |          Z

The date is a question mark to me. I can substract two binary dates and 
it gives the seconds between the dates, so it looks like it's an epoch 
date in seconds. The question is what is the epoch and which bits are 
actually in the date and which are flags or date header or other info. 
The date in question should be:
3d bc c5 b5 64
5.4.2014 16.12.20 (D/M/Y H/M/S)

Also, I can't map the item numbers to the actual inbox or sent message 
numbers in the phone. No idea how would I do that.

Does any of this seem recognizable to more experienced people out there? 
I couldn't find anything resembling these messages in gnokii. Can anyone 
test these messages with another series30/40 phone? I can give out a 
"patch" against gnokii git if required.

Regards,
Heikki Lindholm