Project Blacksphere Intro Hardware Nokia OS FBUS Pkt types (auto) Pkt types (ddi) Pkt types (local) Pkt types (special) Debug tracing Tasks Software Glossary of Terms Todo Credits Forum Guestbook

FBUS

FBUS is the common name I will use for the phone-host (or phone-accesory) communication protocol utilized by Nokia phones. It is used over several protocols throughout phone models; MBUS (single duplex asynchronous serial), FBUS (full duplex asynchronous serial), IRDA (full duplex asynchronous serial infrared), and even BlueTooth.

A good example of a fully working open source *BUS implementation can be found in gammu (GNU All Mobile Management Utilities) .

General packet header format

This excludes checksums and sequence numbers (for packet splicing) that are protocol specific.

ACK packets are different (only 6 bytes long). Normal headers contain the following bytes:

Offset Size Meaning
0x00 1 Frame type
0x01 1 Destination address
0x02 1 Source address
0x03 1 Packet type
0x04 2 Packet size
0x06 1 Destination subsystem
0x07 1 Source subsystem

Frame type

Frame type signifies on which media the packet is sent.

ID Meaning
0x1C FBUS (Cable)
0x1E FBUS (IRDA)
0x1F MBUS

Address

The address identifies a device connected to the *BUS.

These are usually used:

ID Device
0x00 Phone
0x0C PC

The exact address used by the PC doesn't matter, as long as it is valid (<0x80).

Subsystem

Especially those last two bytes (source and destination subsystem) are not widely known. Most *BUS descriptions and utilities incorrectly count them in with the packet payload, instead of the header they belong to.

This usually does not give a problem, as the Nokia OS contains a layer to route packets with Destination Subsystem=0 to the approciate subsystem.

Source subsystem should never be 0, or else the packet is ignored. 0x01 is the safest value AFAIK.

ID Meaning
0x00 Automatic
0x01 LOCAL
0x02 DEV_IO (sent to task but not processed on 331x)
0x06 SIML2 (sent to task but not processed on 331x)
0x08 DDI (SMS and SIM memory functions)
0x0C GUI (sent to task but not processed on 331x)
0xFD Debug (ignored)

Last updated: 2005-02-21 14:19

This site is the result of a great deal of assembly code reading, research, countless (mostly futile) searches for data sheets, cross-referencing and analysing. If you use this information in any way please mention wumpus <blacksphere@goliath.darktech.org> (and others in the credits section) in the credits of your program/document. And tell me :) If you have more information please contribute. If you just copy this, stick your name on it and call it yours I hope you get your genitals bitten off by a three headed monkey. Have a nice day.

No mobile phones were harmed in the production of this site.