1

I am making an iOS app where i need to get the my current operator details like LAC,MCC,MNC ,Latitude Longitude Signal strength & neighbouring cell tower information, From CoreTelephony Framework CTCarrier class we get only the LAC,MCC,MNC & operator name.

I google it and some forum told that for that we need to use the Apple Private API.

Can any one give me idea how to get this information ?

cyberlobe
  • 1,783
  • 1
  • 18
  • 30
Abhik Sen Gupta
  • 11
  • 1
  • 2
  • Did you saw this one - http://stackoverflow.com/questions/4567708/getting-cell-tower-information-in-an-ios-application ? – Asaf Mar 19 '15 at 07:54

1 Answers1

2

LAC, CID, MCC, MNC can be retrieved for current serving cell Get CellID, MCC, MNC, LAC, and Network in iOS 5.1

I don't think you can get that kind of information for neighbor cells. CoreTelephony gives you full info only for serving cell. Neighbor cells will give you signal strength, ARFCN and may be some other stuff but not LAC and CID.

Even on a baseband level iPhone doesn't give you that kind of info. I tried to send commands through QMI but it gives the same info. So it's more likely baseband interface limitation. Maybe if we find debugging interface we could get more out of it.

As for latitude and longitude. I don't know of any APIs to retrieve those. iOS does query cell tower location internally from Apple servers but I didn't find any APIs to make you own queries. You better of with public (or not) services that will return you cell tower location - all they need is LAC, CID, MCC, MNC. There are many of those - google, yandex, microsoft, apple. Some are public, others are not.

You can even try to query from iOS cache. iOS caches cell tower locations in a SQLite database. Look for *.db files in /var/root/Library/Caches/locationd

Community
  • 1
  • 1
creker
  • 9,400
  • 1
  • 30
  • 47
  • Hi, i was looking into ways i can send a QMI message to baseband on iOS device, and found your answer, specifically: *I tried to send commands through QMI but it gives the same info* how did manage to do this?, i know that CommCenter on iOS uses QMI, but i couldn't find a way to send one myself. Is done through IOKit? – danylokos Nov 18 '18 at 17:21
  • 1
    @danylokostyshyn, it might have changed since then. You have a couple of USB interfaces that baseband exposes. Some of them are used by CommCenter to send QMI commands. I found which interface it is and was able so send raw QMI commands using IOKit. But it stopped working even back them. On some later iOS version CommCenter started opening theses interfaces differently, so that I couldn't open it myself while it was already in use by CommCenter. One way was to stop CommCenter but that shuts down baseband and you need to implement whole firmware loading mechanism to start baseband yourself. – creker Nov 18 '18 at 17:32
  • 1
    Another way was to hook into CommCenter and inject QMI messages from inside the process. But it proved too difficult for it to be worth it. CommCenter is very big and complex program written completely in C/C++. – creker Nov 18 '18 at 17:34
  • 1
    The original goal of mine was to find debugging interface to get more control over iOS baseband. QMI is not the way to do it. It's already very high-level interface, if you examine which commands it provides. Pretty much everything is already abstracted away so that you have simple API to make calls, send messages, observe incoming calls and messages. Nothing low level. Some qualcom based android devices have debug interface but I couldn't find it on iOS. – creker Nov 18 '18 at 17:42
  • thanks! yes i can see, that all the QMI related functionality is mostly done in C++. I was also thinking about hooking into CommCenter, the end goal of mine is sending APDU commands to the SIM card from iPhone. I wanted to wrap APDU commands inside QMI or AT+CSIM protocol and send them through the baseband to SIM. – danylokos Nov 18 '18 at 17:56
  • hi again, so i decided to try loading baseband firmware myself, i use set of tools bbtool, dloadtool, dbltool by p0sixninja to do so, but i stuck on entering DBL mode, in example provided by p0sixninja, he uses older iPhone with Trek baseband firmware, the oldest iPhone i have is iPhone 5, and it uses Mav5 firmware, and there is no file like ```/usr/local/standalone/firmware/Baseband/Trek/dbl.mbn```, maybe you have some hint what is a corresponding file in newer firmwares? this files are present: ```apps.mbn dsp1.mbn dsp3.mbn sbl1.mbn dsp2.mbn rpm.mbn sbl2.mbn``` thanks! – danylokos Nov 19 '18 at 08:35
  • Probably sbl1 and sbl2. Those are secondary boot loaders but why there're two of them I don't know. – creker Nov 19 '18 at 08:59
  • thanks once again, can i ask you where did you get the info that sbl1,2 are secondary boot loaders, i can't find any info related to this at all :( – danylokos Nov 19 '18 at 13:54