Small utilities to read and write carrier specific MBN files for Qualcomm modems. These files are what make IMS work (or not) in some modems.
## WARNING ##
If the file is bad you might end up making the ADSP crash!
- Run
make
unpack_mcfg -i [MCFG_SW FILE] -o [DIRECTORY] [-d] [-f]
: Unpack a MCFG_SW file and output it to DIRECTORY. Optionally (-d)ebug and (-f)fix carrier ID to match the interval the Quectel EG25-G modem accepts
pack_mcfg -i [PATH_TO/dump.list] -o [OUTPUT_MCFG_FILE] [-d]
: Pack the contents of a previous dump to OUTPUT_MCFG_FILE. Optionally (-d)ebug
- These tools strip signatures from the MCFG files and they don't handle them at all, they just remove them. If you're using this for a baseband that's enforcing signatures in these files, you won't be able to use the generated profiles
- The packing tool is hardcoded to work in the mdm9x07 series. If you're using a different baseband, you might need to tune the ELF or program headers to match the target memory areas expected by it.
NOTE: The baseband may crash when uploading a profile if it has some incompatible setting. I haven't had a single case where things weren't fixed by a reboot, but you're touching the EFS area. That's where all the important info for your modem is stored, from RF calibration to the IMEI. So handle with care.
After unpacking a mcfg_sw
file, you'll have a directory with a file called dump.list
and the following directory structure inside:
├── dump.list
├── efsitems
│ ├── data
│ │ ├── andsf.xml.bin
│ │ ├── default_andsf.xml.bin
│ │ ├── ds_andsf_config.txt.bin
│ │ ├── ds_dsd_attach_profile.txt.bin
│ │ ├── iwlan_s2b_config.xml.bin
│ │ └── ursp
│ │ └── preconfigured_ursp_policy.xml.bin
│ ├── Data_Profiles
│ │ ├── Profile1.bin
│ │ ├── Profile2.bin
│ │ └── Profile3.bin
│ ├── efsprofiles
│ │ └── overideconfig.bin
│ ├── google
│ │ └── paris_version.bin
│ ├── ims
│ │ └── imshandoverconfig.bin
│ ├── nv
│ │ └── item_files
│ │ ├── data
│ │ │ └── wlan_config
│ │ │ ├── ap_assist_mode_enabled.bin
│ │ │ └── wlan_offload_config.bin
│ │ ├── ims
│ │ │ ├── DANConfiguration.bin
│ │ │ ├── DANPrivateSettings.bin
│ │ │ ├── IMSCodecDynamicConfig.bin
│ │ │ ├── IMSEmerDynamicConfig.bin
│ │ │ ├── IMS_enable.bin
│ │ │ ├── ims_operation_mode.bin
│ │ │ ├── IMSRTPDynamicConfig.bin
│ │ │ ├── ims_sip_config.bin
│ │ │ ├── IMSTestDynamicConfig.bin
│ │ │ ├── ims_user_agent.bin
│ │ │ ├── IMSVideoDynamicConfig.bin
│ │ │ ├── IMSVoiceDynamicConfig.bin
│ │ │ ├── IMSWifiDynamicConfig.bin
│ │ │ ├── qp_ims_cap_discovery_config.bin
│ │ │ ├── qp_ims_common_config.bin
│ │ │ ├── qp_ims_plani_config.bin
│ │ │ ├── qp_ims_qos_precondition.bin
│ │ │ ├── qp_ims_rcs_client_config.bin
│ │ │ ├── qp_ims_reg_config_db.bin
│ │ │ ├── qp_ims_service_enablement_config.bin
│ │ │ ├── qp_ims_ut_config_item.bin
│ │ │ ├── qp_ims_xcap_common_config.bin
│ │ │ ├── qp_ims_xcap_private_config_item.bin
│ │ │ ├── RegistrationConfiguration.bin
│ │ │ ├── SMSConfiguration.bin
│ │ │ └── SMSoIP_UsagePolicy.bin
│ │ ├── modem
│ │ │ ├── data
│ │ │ │ └── 3gpp
│ │ │ │ ├── dsmgr
│ │ │ │ │ └── [...]
│ │ │ │ └── [...]
│ │ │ ├── lte
│ │ │ │ ├── ML1
│ │ │ │ │ └── lte_ml1_l2nr_search_optimization.bin
│ │ │ │ └── rrc
│ │ │ │ ├── cap
│ │ │ │ │ └── diff_fdd_tdd_fgi_enable.bin
│ │ │ │ └── efs
│ │ │ │ ├── embms_feature_ctrl.bin
│ │ │ │ ├── lte_feature_disable.bin
│ │ │ │ └── no_gap_opt.bin
│ │ │ ├── mmode
│ │ │ │ ├── custom_emerg_info.bin
│ │ │ │ ├── cw_ext_config_info.bin
│ │ │ │ ├── get_net_auto_mode.bin
│ │ │ │ ├── lte_emerg_redial.bin
│ │ │ │ ├── mid_call_srvcc_info.bin
│ │ │ │ ├── mode_pref.bin
│ │ │ │ ├── sms_domain_pref.bin
│ │ │ │ ├── sms_mandatory.bin
│ │ │ │ ├── supplement_service_domain_pref.bin
│ │ │ │ ├── ue_based_cw.bin
│ │ │ │ ├── voice_domain_pref.bin
│ │ │ │ └── wifi_config.bin
│ │ │ ├── nas
│ │ │ │ ├── emm_nas_nv_items.bin
│ │ │ │ └── lte_nas_ignore_mt_csfb_during_volte_call.bin
│ │ │ ├── nr5g
│ │ │ │ └── RRC
│ │ │ │ ├── cap_add_bw.bin
│ │ │ │ └── cap_dss_control.bin
│ │ │ └── sms
│ │ │ └── mmgsdi_refresh_vote_ok.bin
│ │ └── wcdma
│ │ ├── l1
│ │ │ └── wl1_nb_rejection_nv.bin
│ │ └── rrc
│ │ └── wcdma_rrc_dormancy_support.bin
│ ├── policyman
│ │ └── carrier_policy.xml.bin
│ └── sd
│ └── rat_acq_order.bin
├── footer
│ ├── footer_complete.bin
│ ├── footer_section_0.bin
│ ├── footer_section_1.bin
│ ├── [...]
│ ├── footer_section_N.bin
├── header.bin
└── nvitems
├── 10_848_Acquisition-Order-Preference.bin
├── 11_849_Network-Selection-Mode-Preference.bin
├── 12_909_GSM-UMTS-SMS-Bearer-Preference.bin
├── 13_1016_GSM-UMTS-Cell-Broadcast-SMS-Carrier-Configuration.bin
├── 14_1017_GSM-UMTS-Cell-Broadcast-SMS-User-Preference.bin
├── [...]
The dump.list
file will be parsed by pack_mcfg
line by line to repack the contents into the target file. First file should always be the header, and last file should always be footer_complete
. Apart from that, you can remove, add or edit files at your discretion, though I'd recommend to always keep #71 Banner
built, as it seems to be used as an internal identifier of some sort.
The contents of dump.list is built as follows:
X:Y:Z:PATH/TO/FILE
Where:
- X: Original ordering in the output file (as it's parsed line by line you can ignore this)
- Y: Item type (NV Item = 1, File = 2)
- Z: Item ID
- File path on disk
The footer is dumped twice by unpack_mcfg
. This is on purpose to allow you to see how that part of the file is structured, but separate sections aren't used anywhere for packing. So if you want to change something in the footer, you'll have to do it in footer_complete
, not in the independent section.
This code uses the SHA256 reference implementation from https://github.com/983/SHA-256