Ericsson A1018S AT Protocol for sending SMS

MicroGuard Mark 1 - Project (c) P.Sandstrom

Below are parts of the Ericsson A1018S AT protocol that I reverse engineered to be able to send SMS:s in the "MicroGuard Mark 1" -project. It's in no way complete and is not claimed to be correct commented either, it merely shows the least amount of measures that has to be taken in order to get a SMS out. If you're able to verify the operation of the protocol below on any other of the Ericsson models please e-mail me about it.

List of phones the protocol has been reported to work on:

 

 

 

 

 

Transmit to GSM

Receive from GSM

 

HEX

ASCII

HEX

ASCII

Comment

Set transmit line low for 200 ms

 

 

Set transmit line high for 200 ms

 

 

041H

A

 

 

The ATZ Resets the phone's modem and restores the default configuration

054H

T

 

 

 

05AH

Z

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

 

 

 

 

041H

A

  Phone responds with OK to the ATZ, modem is now resetted

 

 

054H

T

 

 

 

05AH

Z

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

 

 

04FH

O

 

 

 

04BH

K

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

041H

A

 

 

Put phone into "binary mode" by sending AT*BINARY

054H

T

 

 

 

02AH

*

 

 

 

042H

B

 

 

 

049H

I

 

 

 

04EH

N

 

 

 

041H

A

 

 

 

052H

R

 

 

 

059H

Y

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

 

 

 

 

 

 

 

Wait for about one second

 

 

 

 

 

 

 

 

 

041H

A

Phone confirms binary mode by replying AT*BINARY CONNECT

 

 

054H

T

 

 

 

02AH

*

 

 

 

042H

B

 

 

 

049H

I

 

 

 

04EH

N

 

 

 

041H

A

 

 

 

052H

R

 

 

 

059H

Y

 

 

 

00DH

<CR>

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

 

 

043H

C

 

 

 

04FH

O

 

 

 

04EH

N

 

 

 

04EH

N

 

 

 

045H

E

 

 

 

043H

C

 

 

 

054H

T

 

 

 

00DH

<CR>

 

 

 

00AH

<LF>

 

 

 

002H

<STX>

 

 

 

002H

<STX>

 

 

 

031H

1

 

 

 

00CH

<FF>

 

 

 

002H

<STX>

 

 

 

002H

<STX>

 

 

 

031H

1

 

 

 

00CH

<FF>

 

006H

<ACK>

 

 

Send an ACK to this

 

 

002H

<STX>

  Response from phone on the ACK

 

 

002H

<STX>

 

 

 

001H

<SOH>

 

 

 

001H

<SOH>

 

006H

<ACK>

 

 

Byte one of message header (this value is always the same)

002H

<STX>

 

 

  Byte two of message header (this value is always the same)

032H

 

 

 

Number of bytes to follow

041H

 

 

 

  Byte one of PDU Header (this value is always the same)

007H

 

 

 

  Byte two of PDU Header (this value is always the same)

003H

 

 

 

  Byte three of PDU Header (this value is always the same)

002H

 

 

 

  Byte four of PDU Header (this value is always the same)

000H

 

 

 

Lenth of SMS Central information. 000H = use SMSC number in phone

011H

 

 

 

SMS-Submit PDU msg (config. for SMS)

000H

 

 

 

TP Message reference (ref.no for the msg). 000H = phone assigns

00AH

 

 

 

Length of receivers number (2 number per byte, odd number is padded with F)

081H

 

 

 

Type of addresse. Indicates the format of the phone number. 081H=unknown

050H

 

 

 

Receivers number 0500760000 + padding if needed

000H