5

diagport toolkit

Last Update 5 bulan yang lalu

1. Introduction 2. Quick Guide 3. Licensing and Upgrade 4. Features and Functionality 5. Support

4. Features and Functionality

infostam Pte. Ltd.

Last Update 5 bulan yang lalu

The popular Android smartphone devices in the global market come in two variants – one with Qualcomm and the other with MediaTek chips. Both variants offer excellent features and performance, but what sets Qualcomm devices apart from the rest is their ability to open a diagnostic port. With this port, users can access a range of diagnostic tools to troubleshoot their device effectively.

4.1 What is a Diag Port?

A Diag Port is a special diagnostic port used to test and troubleshoot electronic equipment. This port is typically found on computers and other electronic devices. It allows technicians to connect special diagnostic equipment to the device to test its functionality. It is used for various purposes, including system troubleshooting, debugging, and performance analysis.


Diag Port on smartphones is used to repair the IMEI number of Qualcomm Snapdragon-powered smartphones. However, it’s worth mentioning that the MediaTek processor-powered smartphones do not require opening the Diag Port for IMEI repair.

4.2 Open the Diag Port on smartphones

Samsung, OnePlus, Realme, OPPO and other Android based smartphones all have a feature called “Diag Port”, if it is based on Qualcomm chipset. This feature lets you access diagnostic information about your phone’s hardware and software. This information can be helpful if you’re having problems with your phone or trying to diagnose a problem or restore something like IMEI.


There are three ways you can open the Diag Port on your smartphone:

  • Using Secret Dialer Code; or
  • Using ADB; or
  • Using Terminal APK.
The Diag Port of the device must be enabled for capturing to expose it over USB.
4.3 Supported Protocols

The diagport toolkit application supports capturing a handful of mobile radio protocols. These protocols are put after a GSMTAP header, a standard header (encapsulated into UDP/IP) permitting to identify the protocol, and GSMTAP packets are put into a PCAP file that is fully analyzable using Wireshark.


The 2G/3G/4G/5G protocols can be broken into a few "layers": layer 1 is about the digital radio modulation and multiplexing, layer 2 handles stuff like fragmentation and acknowledgement, layer 3 is the proper signaling (RRC) or user data.


The 3GPP 5G gNB and UE Protocol Stack tightly coupled to the underlying radio protocol stack and utilize proprietary vendor specific communication mechanism (instead GSMTAP). This requires additional decoding the proprietary interface (e.g. the Qualcomm header part).


The diagport toolkit application allows us to capture on layer 3, as it is the most practical to analyze using Wireshark and is what the Diag protocol provides natively.

4.4 Installation

The diagport toolkit application runs on Windows, but beforehand ensure that the device is correctly recognized in Device Manager (Figure 8) since the application directly needs to connect to the Diag Port over pseudo-serial USB. This means the smartphone's USB driver or a generic Qualcomm USB driver installation is required.


The diagport toolkit application has been tested on Windows 11 only.


Download the toolkit from the provided location and store it in any folder on the computer. No specific installation is required. It shall contain the following file and folder(s):

  • libs folder: this folder contains necessary libraries to run the executable files
  • CHANGELOG.md file: this file contains a curated, chronologically ordered list of notable changes
  • dtk.exe file: this is the main executable file
  • dtk.ini file: this file contains basic settings such as appearance mode
  • LICENSE file: this file contains the license terms and conditions
  • README.md file: this file contains basic information in markdown (md) format
After the first execution, the application will automatically create captures and logs folders and the dtk.ini file.


Deleting any of the files under the libs folder will result abnormal behavior and the application won’t work correctly.

Figure 10: Device Manager in Windows OS

4.5 File Converter Usage

In order to use the File Converter tool, click on the Open button, select a PCAP file with proprietary 5G frames to convert, and click on the Convert button.

Figure 11: File Converter

Once the conversion completed, a new PCAPNG file is generated with the same name as the source file with an additional _decoded string, stored in the same folder as the source file, contains the decoded 5G frames along with other packets, and a popup message is shown. The number of successfully decoded packets is also mentioned.

Figure 12: File Converter popup message

In case the source file is a PCAP file and it has the 5G frames on a different UDP port (not the default 49999 used by the application), add that port to the input field before conversion to identify the proprietary packets.


The result file includes decoded 5G frames and all other packets which can be 2G/3G/4G packets and UE payload, as shown below.

Figure 13: Decoded Frames Example

The following source file types are supported:

  • Packet capture: .pcap, .pcapng
  • Qtrun NSG Android application log file: .log, .log.gz
  • Qtrun AirScreen PC application exported text file: .txt

  • Rohde & Schwarz QualiPoc Android application file: .sqz, .mf

4.6 UE Capture Usage

In order to use the UE Capture tool, select a device and a module from the drop-down lists, add an output capture filename if pcap module was selected and include IP traffic if required.


Note, the filename should include file extension too such as output.pcap, and it will be saved under the captures folder.

Figure 14: UE Capture

The device dropdown list contains all the COM ports related to the device which are also visible in Device Manager (Figure 10). This list has all the name of the pseudo-serial device as the COM port on Windows (such as COM2, COM3), allows the tool to connect to the Qualcomm diagnostics port over a pseudo-serial port over USB, independently from ADB, which is the most common way to connect to the Qualcomm Diag protocol of an Android-based phone using an external device. The Qualcomm diagnostic port must be enabled on the device.


The module dropdown list contains 3 options:

  • pcap is for writing packets to a PCAP file automatically.
  • wireshark-live is for opening Wireshark and see frames in real-time.
  • info is for generic information about the device which is printed under Execution Output.
By default, the IP traffic sent by the device is not included, only the signaling frames captured. The IP traffic generated by the device can be captured with selecting IP traffic included from the drop-down list. Note, IP being barely the layer 3 for the data traffic in 2G/3G/4G/5G, at the detail that its headers may be compressed (ROHC) and a tiny PPP header may be included.


The data traffic the device sends uses a channel different from the signaling traffic, this channel is setup through the signaling traffic; the tool should thus show all details relevant to how this channel is initiated.


Note, only one application can communicate with the device’s Diag port at the same time.


The following example shows the generic information about a Samsung Galaxy S22 Ultra mobile. To enable the Diag Port on a Samsung device dial *#0808# USSD code and select “DM+MODEM+ADB”.

Figure 15: An example of generic information about a device

Execution Output
----------------


### Execution STARTED ###


Serial Port opened
Request timeout is 5 seconds
Collect UE Info started
Device: COM8


[+] Compilation date: Dec 26 2023 09:25:49
[+] Release date: Dec 22 2023 03:00:00
[+] Version directory: waipio.g


[+] Common air interface information:
[+]   Station classmark: 58
[+]   Common air interface revision: 6
[+]   Mobile model: 255
[+]   Mobile firmware revision: 1286
[+]   Slot cycle index: 48
[+]   Hardware revision: 0x187 (1.135)


[+] Mobile model ID: 0x14e
[+] Chip version: 3
[+] Firmware build ID: MPSS.DE.2.0-00822.3-WAIPIO_GEN_PACK-1.43425.52.55482.2

[+] Diag version: 8


[+] Serial number: 2160466985


Serial Port closed


### Execution COMPLETED ###

Figure 16: An example of capturing to a pcap file

When capturing to pcap file is selected, provide an output filename and click on Start UE Capture button to start the capture. Then, click on Stop UE Capture button when the trace should be stopped. In case of wireshark-live, the Wireshark application will automatically open.


The Save Output button saves the Execution Output content into a text file under the logs folder.

Figure 17: Save Output popup message

The Copy Output button copies the Execution Output content to the clipboard.

Figure 18: Copy Output popup message

The Clear Output button clears and resets the Execution Output after a confirmation warning.


If the device does not respond on the selected COM port, the application will have a 5 seconds request timeout.

Figure 19: Request Timeout

4.7 Keyboard Shortcuts

The Dialog popup windows have keyboard shortcut control as well:

  • Esc: Close the window.
  • Enter: Close the window.
  • First letter of a button: Activate the button.

The main window has keyboard shortcut control as well:

  • Alt-Shift-H: Select Home.
  • Alt-Shift-F: Select File Converter.
  • Alt-Shift-U: Select UE Capture.
  • Alt-Shift-L: Select License.

Was this article helpful?

0 out of 0 liked this article

Related Articles

People also read

3. Licensing and Upgrade

People also read

5. Support