VTS AT command only works once (sends dtmf tone only once) on sony ericson xperia Neo V

Question

I have a rooted Xperia Neo V (running quite old Android - 2.3.4). Im trying to run AT commands on /dev/smd0. Most of the things work fine except I'm able to send DTMF tone only once, after that VTS command does not have any effect, even the simple AT command or other commands cease to work i.e. do not give any response after that unless I reboot the phone.

Sequence of events: 1. Test AT command is working:

echo -e "AT\r" > /dev/smd0;cat /dev/smd0

AT OK

2. Make/receive a call either through UI or ATD/ATA.
3. Test AT Command is working:

   echo -e "AT\r" > /dev/smd0;cat /dev/smd0

AT OK

4. Send DTMF: (I can hear the tone on the other end)

   echo -e "AT_VTS=3\r" > /dev/smd0;cat /dev/smd0

5. At this point all commands (AT+VTS=4, AT, ATI, etc etc) stop working till I reboot the phone. Im not able to hear any further DTMF tones with VTS command.

Observations: 1. I even tried doing a terminal Mitm using mulliner's code (http://mulliner.org/security/sms/feed/android_injector_v1.tgz) to understand how Android is sending DTMF tones correctly. However, the mitm does not work (no output in injector.log). Please note that it works when I send AT commands manually through the shell i.e. logs everything perfectly.

2. Even if /dev/smd0 is renamed, the ril/Android works fine. My assumption is that it is using some other Qualcomm dev file in case /dev/smd0 fails.

Info: 1. Phone: Sony Ericson Xperia Neo V [ro.build.description]: [MT11i-user 2.3.4 4.0.2.A.0.62 2. dev file: $ adb shell getprop | grep -i rild.libargs [rild.libargs]: [-d /dev/smd0]

3. Baseband:

   echo -e "ATI\r" > /dev/smd0;cat /dev/smd0

ATI Manufacturer: QUALCOMM INCORPORATED Model: 196 Revision: M7630A-ABBQMAZM-2.0.3028DT 1 [Sep 14 2011 11:00:00] IMEI: XXXXXXXXXXXXXXXXXX +GCAP: +CGSM,+FCLASS,+DS

Answer 1

Since your Sony Ericsson phone is based on Qualcomm's and not ST-Ericsson's platform I do not know any specific implementation details, but since I implemented the AT+VTS command for ST-Ericsson in 2008, I'll give it a shot.

First of, your command example is saying AT_VTS while the command is AT+VTS. I assume that is just a typo while writing this question?

Regarding deleting /dev/smd0 I think this is just rather that the RIL daemon is holding the file open, and thus deleting it in the file system has no effect on processes that have the file opened (until they close it) in the normal unix filesystem behaviour.

I do not know how opening + closing and reopening the device file repeatedly (which is done when running multiple command in sequence like that) will affect things on this phone, but in best case it does not matter and in worst case there might be some trouble related, so I suggest that you use my atinout for sending AT commands and receiving responses. With that you would instead of the echo + cat commands run

echo "AT" | atinout - /dev/smd0 -
echo "AT+VTS=3" | atinout - /dev/smd0 -
echo "ATI" | atinout - /dev/smd0 -

which will open the device once, write the command line once, and read the response(s) back before closing the device when exiting. And it is nicer to use since you do not have to mess with carriage return.

Running three commands like above will open and close the device three times. It would be very interesting to try to run all of them in one operation, e.g

echo "AT; +VTS=3; I" | atinout - /dev/smd0 -

and/or

cat > commands.txt <EOF
AT
AT+VTS=3
ATI
EOF
atinout commands.txt /dev/smd0 -

to see if any of those makes any difference. Will ATI print anything?

Unfortunately I have no experience in compiling atinout on android, so I have no help to offer there.