Welcome to the GSM-Forum forums. |
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact us.
| ||LinkBack||Thread Tools||Display Modes|
|09-02-2011, 08:56||#1 (permalink)|
No Life Poster
Join Date: Jan 2009
Thanked 245 Times in 120 Posts
Motorola GSM Test Card
The Test Card has one single function - to put the phone into test mode. The card is the key that the software needs before it will let you enter the test mode. The test mode is used by Motorola for service and debugging purposes. I guess motorola was taught a lesson from the old AMPS phones that could be put into testmode by shorting two pins or entering combinations from the keypad (read all about this in the Motorola bible by Mike Larsen). To make it a lot harder for kewl phreaks, they designed the special SIM cards (Test and Clone/Transfer Card). From the test mode you can perform diagnostics, display the IMEI (on pre *#06# software), soft & hardware versions and change soft potentiometers.
The Test and Clone/Transfer cards have both been emulated succesfully. A curious detail is that many of the test mode commands are identical (function / number) to the ones used on AMPS phones (have a look in the mot bible). Not all original testcards will work with the GSM-1800 mot phones since phase 1 cards do not have all the files that newer phase 2 units need.
How do the test cards work ? The test card is not any special by itself. All the functions are carried out by the phone software, but the card act as the key that unlocks these functions. The test card is an ordinary SIM with a special entry in the 6FAD file. As soon as the phone discovers that the inserted SIM card has bit seven of the first byte in the 6FAD file set (this means every value from 81-FF), it will allow you to enter test mode by holding down "#" for three seconds. Ordinary SIM cards have the entry "00 FF FF" in this field, but the test SIM has "81 FF FF" - 81 is defined in the GSM TS 11.11 as used for "Type aproval (Test SIM definition is found in GSM TS 11.10 section III.1.6). The Android has sucessfully constructed a SIM emulator that will allow you to specify the content of every file on this virtual SIM card (and thereby emulating the test and clone card). A complete package with test and clone card emulator executionable (DOS) and diagram can be downloaded from the card emulation page.
The PIN for the card can be 01234567 , 00000000 or 11111111 (If you are prompted for one). After the PIN is entered , you will need to hold down # for 3 seconds to enter test mode. The PIN code verification can be removed just as you do with a regular SIM (makes it less annoying and safer to work with) - Be careful ! Just like a normal SIM, the PIN can only be entered three times - then the PUK is needed (The PUK is 12345678, so if you blocked the testcard, you will need to enter **05*12345678*1234*1234# (Thank you Mark Hawkins !)- The new PIN will now be 1234 - I can recommend setting "Require SIM PIN" to OFF). The phone will prompt "Test - Now the commands can be entered - Many of these commands vary with the different phone types.
Test mode syntax:
When the card is present in the phone, it will act as if a normal SIM was inserted in the phone. The phone will not try to register on a network since the test card has MCC=001 and MNC=01 which are the values described in the GSM TS as "test use".
To enter the test mode the "#" key has to be pressed down for 3 seconds. The phone will then enter test mode and display "Test" in the display. Now test mode commands can be entered. The syntax consists of [command number][parameter1][parameter2] etc. and is executed with an terminal "#". The different commands require a different number of parameters. Here are a few examples:
19# : Command 19 will display the software version and does not require any parameters - on a 7500 it could show "CallProc 58.62.15"
591234# : Command 59 normally shows the LOCK code, but when a parameter is used, the LOCK code is changed to the one specified with the parameter - This example will change the LOCK code to "1234"
3405815# : Command 34 will configure the radio to channel 058 and powerlevel 15
The test mode is exited with the command 01#
Here is a list of the commands that I have figured out so far. If you can help me with the ones that are missing, I will be happy to hear from you.
|thread||Thread Starter||Forum||Replies||Last Post|
|Sim card sleep mode problem with 6130||ratzfatz||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||4||05-22-2012 11:13|
|news headlines to gsm phone||mos||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||6||12-18-2011 11:00|
|FREECALLING HACKED SIM CARDS AND PROGRAMMERS SEE FREECELL'S NEW SITE FOR MORE!!!||FREECELLUK||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||0||06-26-1999 22:48|