Communication Mechanism of Android Processes

In our previous article Android, at a glance we have covered how Android has appeared, explained its software structure and what has to be paid attention when developing apps for this platform. In this article, I will go further and discuss about the Binder, the core subsystem of the complex and huge Android platform. I will explain about different components provided in Binder, how application processes communicate with system processes, and how data is shared.
As hardware performance of smartphones, a so-called "PC in my hand," improves, they are taking over the roles of PCs. With the trend, mobile OS has also been enhanced to support multitasking and process a variety of multimedia tasks using multi-core CPUs. Most mobile operating systems are based on PC operating systems. Keeping the architecture of the existing PC OS, the kernel gets partially modified to meet the requirements of the mobile environment, and necessary functions are added for optimization. Window Phone based on MS Windows OS, iOS based on Mac OS X, Google Android based on Linux Kernel, are the most popular in this category.

Smartphone - A PC in My Hand ... PC OS in My Hand!

If you have questions like, "What will be modified if the PC OS is embedded into the smartphone, and how and why?", the open source Android platform can provide your with a pretty good answer. The Android platform is the result of the latest software technology; it provides a lot of information via its developers community and allows users to directly modify its open source code.
Android has inherited powerful base systems from Linux Kernel such as the memory management, multitasking and file management. In addition, it has lowered the entry barrier by providing various development tools used to develop Java applications based on the Dalvik VM. Since the base systems are implemented in C++, they come with highly productive code. Actually, the Android developers say that one of Android's benefits compared to the other embedded systems is C++.
Thus, Android is a platform which embraces numerous technologies like Linux Kernel, C++, Java, Dalvik VM, etc.

Figure 1: Android Platform Structure.

Whatever, it is a Linux Process!

Android provides the process-unit component model. In other words, system services which provide an application or a camera feature created in Java on Eclipse, or system services which are responsible for screen display, all such Android components are eventually expressed as Linux processes.

Figure 2: Process Management of Linux Kernel.

Since Android runs based on Linux memory, process and file management, the system service is also isolated by Linux process for protection. The system process is written in Java code as well as C++ native code, so the services that run in Dalvik VM, such as Wi-Fi, Location and Activity Service, are included here.
To support mobile devices such as smartphones, all of the default system functions of Android are provided as the server process type. In other words, to use the functions such as SurfaceFlinger or AudioFlinger, a request should be made as a separate process that runs on the user mode.

Figure 3: Android System Services and Applications Run by Linux Process.

For example, when an application that I have created calls APIs to get the location information provided by the Android SDK, the application sends a request to the Linux process that provides the Location service internally and gets the response. Also, it interoperates with the camera service when a camera is used.

Figure 4: Application Process Which Calls Location and Camera Services.

As all system services are provided as a server process, a mechanism to send requests and responses to other processes is necessary. In Android it is called the Binder. Android uses functions provided by other processes through Binder.

Figure 5: Binder, Android's Communication Infrastructure between Processes.

Then, why has a new mechanism been developed, rather than using Inter Process Communication (IPC), such as sockets and pipes provided by Linux? It is because of performance. As we have discussed above, all system functions of Android are provided as a server process, so an optimized communication method between processes is required, and Binder is the result of this consideration. Binder refers to a kernel memory which is shared between all processes to minimize the overhead caused by memory copy. In addition, it provides the Remote Procedure Call (RPC) framework written in C++ for high productivity.
The system functions are provided as server processes where requests and responses are received through the Binder mechanism. "What are the benefits of the Android platform structure?" you would ask.

• Easy to expand or remove functions: It is easy to add a new system service or remove an existing function.
• Easy to port: Porting to a new processor requires few changes. A toolchain for porting is provided.
• Easy to test: Tests are limited by the component unit, so it is not necessary to test the entire services, and more strict tests are available.
• Support for distribution system: Process communication is based on the Binder, so it guarantees transparency in location between components.

Such benefits are very similar to those of Microkernel structure OS.
Let's discuss more about the Binder.

Binder that Binds All Functions

The Binder mechanism has started from a simple idea. "Let requests and responses be written in an area where all processes can share and let each process refer to the memory address." So, the kernel space is used for it.

Figure 6: Kernel Space Shared by All Processes.

A Binder Driver is implemented to use the kernel space. The role of the Binder driver is to convert the memory address that each process has mapped with the memory address of the kernel space for reference.

Figure 7: Binder Driver Configuration.

The Binder driver can be used by the ioctl() system function, which is a standard method in Linux. The mechanism is called Binder IPC.

Figure 8: Transfer Structure of User Data between Processes through Binder Driver.

There is a C++ framework that processes the data transferred using the Binder IPC and makes Remote Procedure Call (RPC). It is used to create a system service. Then, a process can use functions provided by other processes as if their own.

Figure 9: C++ Framework that Translates Data Translated to RPC through Binder Driver.

Conclusion

In this short article I have tried to provide only simple information despite the vast technology behind Android. I hope it will be helpful to you in understanding the Android platform.
To wrap up, Binder is the base of the Android platform. We have reviewed three components of Binder: Driver, IPC and RPC. The Binder Driver will be included in the main version of the Linux kernel. The following summarizes the description of Android and Binder.

• Android is a PC OS based on Linux Kernel and is optimized for smartphones.
• Android has a process-unit component model and provides system functions as server processes. For a functional mesh-up of processes, it provides Binder.
• Android Binder uses the kernel memory reference to support communication between processes, optimized for mobile devices.

The Adroid System Overview

Android, at a glance

Android, currently the most popular mobile operating system in the world, continues to further solidify its position as the major mobile platform in the world. In this article I will briefly cover how Android has appeared, and will explain its software structure and what has to be paid attention when developing apps for this platform.

What is Android?

Linux operating system is the main component in Android's software stack. It does not differ much from Microsoft's Windows OS or Apple's Mac OS which we use on the daily basis. Therefore, theoretically you can enjoy Android not only on mobile devices but also on other tablet devices as well just like Windows even to a point where various applications can be downloaded and used. Of course, if you want to make an Android application by yourself, you should also install ADK (Android Development Kit) to your PC and use Java programming language for development. For a lower level program, NDK (Native Development Kit) for C language shall be used.
It seemed that Android had been shunned publicly for not having as sensitive UI as iPhone. However, now it is considered as the most viable blue-chip mobile OS with advantageous openness, free, and Java-based characteristics.
Another interesting aspect is that most users mistakenly think that Android was developed by Google. In fact, it was developed in 2003 by "Android" company based in California. Back then, few people knew about it, even less developed for it. However, everything was changed in 2005 when Google acquired Android company to give birth to Android that we know now.

The History of Google Android

Since its initial release of 1.0 version in September 23^rd, 2008, Android has enjoyed a remarkable growth. All versions until 3.0 (code name Honeycomb) are available under Apache free open source license. According toAndroid official blog, the source code of the Honeycomb series was not released to the public because it was specifically created for tablet computers, and Google did not want external developers to mess up the user interface by putting on smartphones a version of Android intended for tablets.
However, Google later announced that in the next 4.0 version, planned for the second half of this year (code nameIce Cream Sandwitch), Android will combine both the smartphone version (code name Gingerbread) and the tablet version (HoneyComb).
The first version of Android, released back in 2008, had drawbacks in many aspects. Some users voiced their worries about its terrible UI and development tools, saying “who would want to use it”. However with its advantage of using Java as SDK language and its openness Android gradually solidified itself as the most rapidly developing mobile OS, and it seems as if no one dare to challenge the idea that Android will further expand and attract more users than iPhone and be loaded onto more various mobile devices.
The following are the key functions of each Android version

• 2.0, 2.1 (Eclair): Web browser supporting new UI and HTML5. Advanced camera app, new launcher app and weather app. Supports moving background.
• 2.2 (Froyo) : Improved performance by optimizing JIT. Chrome V8 Javascript engine. Support Wi-fi hot spot tethering and Flash.
• 2.3 (Gingerbread) : Optimized UI for minimum battery use. Enhanced soft keyboard, COPY/PASTE function, NFC (Near Field Communication, local network).
• 3.0 (Honeycomb) : Support tablet screen. New UI and multi-core processor.
• 3.2 (Honeycomb) : Compatible mode for zoom-to-fill screen. Read media file directly from SD card. Additional screen API. Controls UI more delicately.
• 4.0 (Ice Cream Sandwich) : Combined version of Gingerbread and Honeycomb.

The Structure of Android

Android basically runs on DVM (Dalvik Virtual Machine) which is Android runtime loaded on Linux kernel. The figure below illustrates all the components. Further I will explain each of them from top to down.

ANDROID STRUCTURE

Applications

This domain is for applications developed with Java. Generally, email client, SMS program, calendar, browser and contacts applications are loaded.

Application Framework

Application framework provides all kinds of APIs needed to develop a full-featured application for Android platform. Using APIs in this domain allows to express buttons and text on the screen or use data of other applications such as images and character strings. Also it is possible to manage application’s lifecycle.

Libraries

This domain provides various C/C++ libraries which can be used on Android. All libraries in this domain can be used by developers via application framework. Standard C system libraries based on BSD (Berkeley Software Distribution) are revised to be suitable for Linux-based devices. Media library based on OpenCore of PacketVideo supports MPEG4, H.264, MP3, AAC, AMR, JPG and PNG files. Surface manager supports 2D and 3D graphics whileWebKit supports browser functions. SQLite is also available as a database engine which can be used by applications.

Android Runtime

Although Android is developed in Java language, DVM (Dalvik Virtual Machine) is used instead of JVM (Java Virtual Machine). Thus, a source code (Java) is compiled to a class file (.class) with Java compiler which is later transformed to Dalvik Executable by DX tools. The reason for this is that Dalvik is optimized to run on small sized devices with limited memory.

Linux Kernel

Android is developed based on Linux kernel 2.6 which provides high security, memory and process management, network stack and various drivers.

Android Project Structure

Android applications are developed in Java. However, unlike the desktop version of Java applications, the class files in Android applications are not loaded directly. Instead Android's development tools combine the resource files and DEX file transformed from class file to make APK. And this APK gets loaded.
Below is the basic directory structure for developing the Android application.

/assets	Data files to be installed to device along with the application.
/bin	Compiled application file.
/gen	Resource reference files automatically created by the Android build system.
/res	Resource files such as character strings and images to be used in the application.
/src	Application source code.
AndroidManifest.xml	Basic set file of application.

You need to make sure that files are stored in the right directory, particularly for resources. Since directories are already reserved, changing at your will would make directories difficult to recognize.

Resource Directory

Resource directory is composed of drawable directory for placing images and layout directory for putting the XML files to the layout. Raw and xml directories are not automatically created in the default project, so should be created manually.

/res/drawable-hdpi	Image to be shown on hdpi.
/res/drawable-ldpi	Image to be shown on ldpi.
/res/drawable-mdpi	Image to be shown on mdpi.
/res/drawable-nodpi	Image to be shown regardless of density.
/res/layout/	XML file defining UI layout.
/res/layout-port/	XML file defining UI layout (vertical mode).
/res/layout-land/	XML file defining UI layout (horizontal mode).
/res/menu/	XML file defining menus.
/res/values/	File defining various values such as character strings.
/res/xml/	Various files saved in the form of XML.
/res/raw/	Other files (mp3, mp4 and so on).

The vertical and horizontal mode differs in size on the phone screen. Therefore, if you need both of them to be shown identically, you need to create screen layout file on /res/layout/ directory. To show differently, create the layout in the layout-port (portrait) and layout-land (landscape) directories. Also, often you may need to create a layout and layout-land only. Then files in layout will be applied to vertical mode layout.

Result Directory

The structure of bin (result) directory is as follows.

bin/classes/	Compiled Java class.
bin/classes.dex	Dalvik class file created with compiled Java class.
bin/resources.ap_	All resource files (zip) of application.
bin/app_name.apk	Android application (zip).

Files that end with “.apk” are the final outcome of Android project, thereby they are ready to be registered in the Android market. The compressed format of this file is zip, which allow us to easily open with compressing programs. However opening this file will not let you decode the meaning since the source files are already compiled.

AndroidManifest.xml

AndroidManifest.xml file is a very important file holding information about the overall structure of the application. Through this file, the Android system finds out component kinds and intent filter and later checks the authority.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.androidside" android:versionCode="1" android:versionName="1.0"> <application android:icon="@drawable/icon" android:label="@string/app_name"> <activity android:name=".HelloWorld" android:label="@string/app_name"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> </application> <uses-sdk android:minSdkVersion="9" /> <!-- android 2.3 --> </manifest>

AndroidManifest.xml can declare the following elements.

<uses-permission />	Authority required by the Application.
<permission />	Authority required by external activity or service.
<instrumentation />	During the occurrence of key events such as activity run, it designates what to call in the application (record, monitoring).
<uses-library />	Designate additional necessary libraries (Google maps).
<uses-sdk />	Android version required for application.
<application />	Application-related information.

Elements and Structure of Android Application

Android has 4 key components:

• Activity
• Service
• Broadcast Receiver
• And Content Provider

These four components can be closely connected using Intent. Below are the key terms and 4 components for Android. Knowing below words will help you understand better Android.

Android Key Terminology

Component	Description
Activity	Component for composing UI.
Service	Component that runs on the background. No visual UI.
Intent	Message element which sends action and data to components.
Intent Filter	Defines component by setting intent for receiving.
Broadcast Receiver	Receives/responds to a certain broadcast such as lack of battery, language setting/changing. No visual UI.
Content Provider	Provides standardized interface for sharing data among applications.
Notification	Notifying a certain event to user.

There are various kinds of components for Android, but development using these elements can be described in MVC structure.

VIEW

View is for screen composition and this domain can be composed by using the class which inherits View class provided by Android.

CONTROL

This domain is for connecting and controlling VIEW and MODEL. Activity, Service and BrodacastReceiver are included.

MODEL

This domain is for storing application’s data. SQLite, an embedded database system in Android, File and Content Provider, which can be used for sharing data among applications, are included.

Conclusion

Java SDK is, perhaps, one of the most important advantages of Android which provides various powerful functions of Java programming language. However, many developers complain about Android's fast development pace that they have difficulties to catch up. But if we think more positively, this fast-paced transformation seems to have materialized Android to consolidate itself as the most popular mobile platform. On top of that this popularity has led to many patent suits with Microsoft, thus pressuring many carrier providers to inevitably pay patent fees who initially used the technology thinking it was free. Also Oracle’s patent suit against Google citing that Java cannot be used on mobile devices just because Android uses Java. For above reasons and more, the future path of Android might not seem as smooth as before, but we can’t say it will be gloomy either. I hope all these issues will be settled down, and Android will continue to prosper.
By Dong Ho Han, Web Platform Development Lab, NHN Corporation.

Set default install location on android device

For some users, rooting is the only way to go. It gives you root access to flash custom ROMs to your device and a number of other cool features. Unfortunately, rooting does void the warranty of your device and the only way to get it back is to restore your phone’s stock software. For those of you who want to try more apps, but aren’t willing to root your phone, there’s an alternative for you. It is possible to install apps on your device’s SD card without rooting your phone.

Requirements

Before you begin, you’ll need to have a few things:

• You need to move all your applications from your SD card to your phone memory, so that your data will not be lost or corrupted in the process.
• Download the Java Development Kit (JDK) onto your computer and install it.
• Download the Android Software Development Kit (SDK) onto your computer and install it.
• Make sure that your device’s PC Suite has been installed on your computer.
• Enable USB Debugging on your device through the path “Settings> Applications > Development > USB Debugging”
• Disable your firewall and antivirus tools on your computer, as they might interrupt the process.

Instructions

Once you’ve got all of these, you may now proceed to installing apps on your SD Card:

1. After installing both the Java SDK and the Android SDK, run a tool called Android SDK Manager. To do that, you need to open a command prompt, switch to the directory where the Android SDK is installed, and issue the command “android” (without the quotes). Android SDK Manager will start.
2. In Android SDK Manager, click the “Tools” tab and check whether both “Android SDK Tools” and “Android SDK Platform-tools” are installed. Both need to be installed.
3. If both items are already installed, close Android SDK Manager.
4. Connect your device to the computer with the USB Cable.
5. On the command prompt, switch to the /platform-tools folder inside the folder where the Android SDK is installed.
6. Issue the “adb devices” command (without the quotes) to check if your phone is properly connected and recognized by your computer. The command will show you the list of attached devices.
7. If your phone has been properly recognized, issue the command “adb shell pm getInstallLocation” (without the quotes) to see the current install location. It will show one of the following three values:
   • 0 [auto]: Let the phone decide the best location for an app
   • 1 [internal]: It installs everything in the internal storage
   • 2 [external]: It installs everything in the memory card
8. By default, the install location is set to 0 [auto]. We will need to change the value from 0 to 2, so that the installation happens on your SD card. On the command prompt, issue the command “adb shell pm setInstallLocation 2″ (without the quotes).
9. If there are no error messages, unplug the phone and restart it. Once it restarts, you’ll be able to easily install applications to your SD card.

Congratulations! You can now install apps to your phone’s SD card even if your phone is not rooted.

Secret codesExtraction GT-I9300

NB:THIS INFO WAS SOURCED FROM XDA-DEVELOPERS FORUM

To find all "Secret Codes", special properties and other hidden phone features
and settings, used in the GT-I9300. The secret codes are not so secret, but
are often used to activate and manipulate many settings, such as debug modes,
network connections, factory test modes etc.

It is an unfortunate choice of
words but we will stick to this definition nonetheless for simplicity, since
it is also used in the source code by Samsung and AOS. Do not confuse secret
codes with VSC (Vertical Service Codes), USSD (Unstructured Supplementary
Service Data) or other MMI (Man Machine Interface) codes.

Although there are many "standard" codes common to many Samsung phones, they
do vary to some extent. This is because their functionality often depend on
the particular hardware, in particular the baseband processor (aka radio, DSP,
BP or CP) and the multiplexer chips that switches the various internal USB
paths, for example between MHL, BP and AP.

This is an informative reference thread on these features. If you have
relevant additional information you'd like to share, please post it here.

Background

From the Samsung Galaxy S2 experience we have gained the following
understanding when it come to the Factory/Service Mode menus and the
PhoneUtils applications. We are still to work out if this is still true for
the SGS3.

But first it is worth to note, that due to the more complicated, but better
organized phone applications in ICS, the way to enter secret codes have
changed from GB versions. Now all secret codes have to be prefixed with
"*#*#", followed by <code> and post fixed with "#*#*". [Note-1] However,
according to the GT-I9300 Service Manual, there are two codes that should work
without post- and pre-fixes. They are *#1234# (version) and *2767*3855#
(Factory reset! It will wipe your phone instantly, NO warnings, no going back,
no way to cancel.) [Note-2]

==================================================
Newbie Practice Box
Go to your phone dialer and "dial" the following string:
*#*#197328640#*#*
This will trigger the Service Menu.
==================================================

This same effect can be accomplished directly on the command line, with a
direct URI broadcast call to the application receiver via:

Code:

am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://1111

Second, it is essential to know that the actual program code (read
assembly/machine code) for the Engineering / Service Mode menu, is actually
located in the baseband processor firmware. What you actually see when you
enter this menu, is just a java based wrapper application, that make direct
function calls through various entry points, in the baseband kernel/firmware.
What does it mean? When you enter a specific "secret code", the wrapper
application (e.g. ServiceMenu.App) deciphers the code to a particular menu
entry in the baseband processor, where it is executed and whose result is
output to the wrapper application.

Third. Apart from hardware differences, because of the baseband firmware
dependance, the set of working secret codes will differ somewhat from your
location, depending on:

• Your Modem firmware
• Your AOS version (ICS 4.0.1, 4.0.4 etc.)
• Your CSC version (Regional codes)

Special Notes

[Note-1] This can be seen in the handleSecretCode() function in the SpecialCh****quenceMgr.java code.
[Note-2] These need testing and confirmation since they clearly contradict [Note-1].
[Note-3] Apparently the Samsung Galaxy S3 will come in at least two versions:

1. The GT-I9300 (FCC-ID: A3LGTI9300 )
2. The SCH-I939 (FCC-ID: A3LSCHI939 ) [Possibly the LTE version]

References

So how do you find new codes?
Well Google it! Then consider getting the following tools:

• Get jd-gui (Often crashes)
• Get jad (doesn't crash, but is cmdline based)
• Get sgs2toext4 (and here)
• Get Disk Internals Linux Reader
• Get a disk image with deodexed Apps (see below)

Then what to do?
The brief version. (For full version, see "References" in OP above.)

1. Download all the tools shown above.
2. Download the deodexed firmware images (see post#3)
3. (If in Windows) Double click the sgs2toext4.
4. Drag and drop the system.img file to the sgs2toext4 "drop window".
5. You will now have a system.img.ext4 file, open this file with the LinuxReader tool.
6. Save entire filesystem (from 5) in a new folder. Close.
7. Go to the folder containing the *.apk(s) of interest.
8. Make sure dex2jar.bat (win) is in your path and run it on your interesting.apk like this, for example:
   
   Code:

   ./path/to/dex2jar.bat Samsungservice.apk

   This produces a new file: Samsungservice_dex2jar.jar
9. Extract (7zip) this file in a new folder.
10. Go to that folder in command line and enter the appropriate "jad" commands. For example, to decompile all class files globbed by Phone*.class and put the decompiled sources in the "src" sub-directory, do:
    
    Code:

    jad -o -r -sjava -dsrc Phone*.class

11. Go to the source directory (../src) you just created.
12. Enjoy your *.java files!

Alternatively you can deodex on your own...but don't ask me how to do it.

A few other Tools

http://www.sable.mcgill.ca/soot/
http://jdec.sourceforge.net/
http://stackoverflow.com/questions/6...whole-jar-file
http://askubuntu.com/questions/12930...mage-files-img

The information for this post was obtained by decompiling the
deodexed system image of the firmware shown below.

I9300XXALE8

Base Firmware: I9300XXALE8 (4.0.4)
Modem: XXLE8
CSC: OJVALE7

The latest GT-I9300 Stock Firmwares can be found here.

Here are the codes as found in:
serviceModeApp.apk: ServiceModeApp.class

Code:

Code                    Description                                             JavaCall        
----------------------------------------------------------------------------------------------------------------------
197328640 || 2684       Start Service Mode / Enter SM Main Menu                 SendData('\001', '\001', '\000', '\000', '\000');

1111                    FTA SW Version                                          SendData('\001', '\001', '\u1002', '\000', '\000'); 
2222                    FTA HW Version                                          SendData('\001', '\001', '\u1003', '\000', '\000');
8888                                                                            SendData('\001', '\001', '\u1003', '\000', '\000');
2886                                                                            SendData('\001', '\001', ' ',    '\000', '\000');
6984125*                                                                        SendData('\001', '\001', ' ',    '\000', '\000');       
2767*2878               ? Factory reset (complete erase & format)               SendData('\001', '\001', '!',    '\000', '\000');


0228                    ADC Reading                                             SendData('\001', '\001', '\005', '\000', '\000');  
0599                                                                            SendData('\001', '\001', '\024', '\000', '\000');
1575                                                                            SendData('\001', '\001', '\025', '\000', '\000');
2263                    RF Band Selection                                       SendData('\001', '\001', '\026', '\000', '\000');
2580                                                                            SendData('\001', '\001', '\007', '\000', '\000');
301279 || 279301                                                                SendData('\001', '\001', '\024', '\000', '\000');
32489                   Ciphering Info                                          SendData('\001', '\001', '\006', '\000', '\000');
4238378                                                                         SendData('\001', '\001', '\027', '\000', '\000');
4387264636                                                                      SendData('\001', '\001', '\037', '\000', '\000');       
7284                    PhoneUtil: USB/UART I2C Mode Control                    SendData('\001', '\001', '\023', '\000', '\000');
738767633                                                                       SendData('\001', '\001', '\034', '\000', '\000');       
73876766                                                                        SendData('\001', '\001', '\033', '\000', '\000');               
7387677763                                                                      SendData('\001', '\001', '\036', '\000', '\000');
7387678378                                                                      SendData('\001', '\001', '\035', '\000', '\000');       
9090                    Diagnostic Configuration                                SendData('\001', '\001', '\023', '\000', '\000');

0011                                                                            SendData('\001', '\004', '\000', '\000', '\000'); 
123456                                                                          SendData('\001', '\004', '\001', '\000', '\000');
<na>                    End Service Mode 1 ()                                   SendData('\002', '\004', '\000', '\000', '\000');
<na>                    End Service Mode 2 ()                                   SendData('\002', '\001', '\000', '\000', '\000');

NOTE: In the table above, I have replaced printed UTF-8 (U+NNNN) characters with '\uNNNN'.

As you can see in the table above, most of the hidden codes are just shortcuts
into various sub-menus (third parameter) of Service Mode application. However,
this does not exclude the use of other hidden codes, that can be used or detected
in other applications.

From a different file we have a some additional codes.
(Not including already covered or overlapping codes.)

serviceModeApp.apk: SecKeystringBroadcastReceiver.class

Code:

0000                            

147852                  TestApnSettings: putExtra("testBed", "Suwon"); 
1478963                 TestApnSettings: putExtra("testBed", "Open_market");
22558463                Reset Total Call Time
232331                  
232332                  
232337                  
3214789650                      
369852                  TestApnSettings: putExtra("testBed", "Gumi");
3698741                 TestApnSettings: putExtra("testBed", "Delete_DB");
-------------------------------------------------------------------------------
03                      NAND Flash S/N (NandFlashHeaderRead)
745                     RIL Dump Menu
746                     Debug Dump Menu
0228                    Battery Status
1111                    IF SalesCode="CTC" THEN: TerminalMode
2222                    IF SalesCode="CTC" THEN: TerminalMode
2263                    
8888                    
9900 || 0514            System Dump
        
279301                  
301279                  
3214789                 GCF Mode Settings
5337632                 NFC Test
22553767                Call Drop Log View      
                                
6335623                 
TESTMODE                

These may not always work, since some of them depend on certain "Sales Codes"
or factory IMSI numbers, through statements like:

Code:

if ((mSalesCode.equals("CHM")) && (str.equals("827828868378")))

But these were only codes found in two files.
So there are probably many more codes to be found!

Other Stuff

Here are some unknown functions from: TerminalMode.class

Code:

DEBUG_SCR       SendData('\001', '\004', '\000', 0, '\000');
EI_DEBUG_SCR    SendData('\001', '\006', '\000', 0, '\000');
DATA_ADV        SendData('\001', '\003', '\003', 0, '\000');
NAMBASIC        SendData('\001', '\003', '\001', 0, '\000');
TESTMODE        SendData('\001', '\001', '\000', 0, '\000');
NAMSIMPLE       SendData('\001', '\003', '\002', 0, '\000');
TEST_CALL       SendData('\004', '\007', c, 0, '\000');

Here is a list of all the OEM Commands used in the Service Mode App.

Code:

-------------------------------------------------------------------------------
private class OemCommands (ServiceModeApp)      value           hex
-------------------------------------------------------------------------------
char OEM_SERVM_FUNCTAG = '\001';

OEM_SM_ACTION                                   = '\000';       00
OEM_SM_DUMMY                                    = '\000';       00
OEM_SM_END_MODE_MESSAGE                         = '\002';       02
OEM_SM_ENTER_MODE_MESSAGE                       = '\001';       01
OEM_SM_GET_DISPLAY_DATA_MESSAGE                 = '\004';       04
OEM_SM_PROCESS_KEY_MESSAGE                      = '\003';       03
OEM_SM_QUERY                                    = '\001';       01
OEM_SM_TYPE_MONITOR                             = '\004';       04
OEM_SM_TYPE_MONITOR_SKT                         = '\001';       01
OEM_SM_TYPE_NAM_EDIT                            = '\003';       03
OEM_SM_TYPE_PHONE_TEST                          = '\005';       05
OEM_SM_TYPE_SUB_ALL_VERSION_ENTER               = '\004';       04
OEM_SM_TYPE_SUB_BAND_SEL_ENTER                  = '\026';       16
OEM_SM_TYPE_SUB_BATTERY_INFO_ENTER              = '\005';       05
OEM_SM_TYPE_SUB_BLUETOOTH_TEST_ENTER            = '\t';         09
OEM_SM_TYPE_SUB_CIPHERING_PROTECTION_ENTER      = '\006';       06
OEM_SM_TYPE_SUB_ENTER                           = '\000';       00
OEM_SM_TYPE_SUB_FACTORY_PRECONFIG_ENTER         = '\016';       0e
OEM_SM_TYPE_SUB_FACTORY_RESET_ENTER             = '\r';         od
OEM_SM_TYPE_SUB_FACTORY_VF_TEST_ENTER           = '\031';       19
OEM_SM_TYPE_SUB_FTA_HW_VERSION_ENTER            = '\003';       03
OEM_SM_TYPE_SUB_FTA_SW_VERSION_ENTER            = '\002';       02
OEM_SM_TYPE_SUB_GCF_TESTMODE_ENTER              = '\027';       17
OEM_SM_TYPE_SUB_GET_SELLOUT_SMS_INFO_ENTER      = '\037';       1f
OEM_SM_TYPE_SUB_GPSONE_SS_TEST_ENTER            = '\025';       15
OEM_SM_TYPE_SUB_GSM_FACTORY_AUDIO_LB_ENTER      = '\030';       18
OEM_SM_TYPE_SUB_IMEI_READ_ENTER                 = '\b';         08
OEM_SM_TYPE_SUB_INTEGRITY_PROTECTION_ENTER      = '\007';       07
OEM_SM_TYPE_SUB_MELODY_TEST_ENTER               = '\013';       0b
OEM_SM_TYPE_SUB_MP3_TEST_ENTER                  = '\f';         oc
OEM_SM_TYPE_SUB_RRC_VERSION_ENTER               = '\024';       14
OEM_SM_TYPE_SUB_RSC_FILE_VERSION_ENTER          = '\021';       11
OEM_SM_TYPE_SUB_SELLOUT_SMS_DISABLE_ENTER       = '\034';       1c
OEM_SM_TYPE_SUB_SELLOUT_SMS_ENABLE_ENTER        = '\033';       1b
OEM_SM_TYPE_SUB_SELLOUT_SMS_PRODUCT_MODE_ON     = '\036';       1e
OEM_SM_TYPE_SUB_SELLOUT_SMS_TEST_MODE_ON        = '\035';       1d
OEM_SM_TYPE_SUB_SW_VERSION_ENTER                = '\001';       01
OEM_SM_TYPE_SUB_TFS4_EXPLORE_ENTER              = '\017';       0f
OEM_SM_TYPE_SUB_TOTAL_CALL_TIME_INFO_ENTER      = '\032';       1a
OEM_SM_TYPE_SUB_TST_AUTO_ANSWER_ENTER           = ' ';          20
OEM_SM_TYPE_SUB_TST_FTA_HW_VERSION_ENTER        = ---->         # UTF-8: U+1003: e1 80 83  MYANMAR LETTER GHA
OEM_SM_TYPE_SUB_TST_FTA_SW_VERSION_ENTER        = ---->         # UTF-8: U+1002: e1 80 82  MYANMAR LETTER GA
OEM_SM_TYPE_SUB_TST_NV_RESET_ENTER              = '!';          21
OEM_SM_TYPE_SUB_USB_DRIVER_ENTER                = '\022';       12
OEM_SM_TYPE_SUB_USB_UART_DIAG_CONTROL_ENTER     = '\023';       13
OEM_SM_TYPE_SUB_VIBRATOR_TEST_ENTER             = '\n';         0a
OEM_SM_TYPE_TEST_AUTO                           = '\002';       02
OEM_SM_TYPE_TEST_MANUAL                         = '\001';       01

-------------------------------------------------------------------------------
private class OemCommands (TerminalMode)
-------------------------------------------------------------------------------
OEM_HIDDEN_FUNCTAG                              = 'Q';
OEM_HM_END_TEST_CALL_MESSAGE                    = '\t';
OEM_HM_TEST_CALL_MESSAGE                        = '\004';
OEM_HM_TYPE_TEST_CALL                           = '\007';
OEM_SERVM_FUNCTAG                               = '\001';

-------------------------------------------------------------------------------
private class OemCommands (SysDump:)
-------------------------------------------------------------------------------
OEM_DBG_STATE_GET =             6;
OEM_DEL_RIL_LOG =               13;
OEM_DPRAM_DUMP =                14;
OEM_DUMPSTATE =                 3;
OEM_DUMPSTATE_ALL =             20;
OEM_ENABLE_LOG =                7;
OEM_GCF_MODE_GET =              15;
OEM_GCF_MODE_SET =              16;
OEM_IPC_DUMP_BIN =              9;
OEM_IPC_DUMP_LOG =              8;
OEM_KERNEL_LOG =                4;
OEM_LOGCAT_CLEAR =              5;
OEM_LOGCAT_MAIN =               1;
OEM_LOGCAT_RADIO =              2;
OEM_MODEM_FORCE_CRASH_EXIT =    23;
OEM_MODEM_LOG =                 18;
OEM_NV_DATA_BACKUP =            17;
OEM_OEM_DUMPSTATE_MODEM_LOG_AUTO_START = 19;
OEM_RAMDUMP_MODE =              10;
OEM_RAMDUMP_STATE_GET =         11;
OEM_START_RIL_LOG =             12;
OEM_SYSDUMP_FUNCTAG =           7;
OEM_TCPDUMP_START =             21;
OEM_TCPDUMP_STOP =              22;
-------------------------------------------------------------------------------

Enjoy!
Next we'll have a look at some interesting (or not?) system "properties".
For now, I'll just list some of those I found more interesting and potentially useful.

Code:

Property                Setting/String                  Source                                  Description
----------------------------------------------------------------------------------------------------------------------
dev.silentlog.on        On                              SysDump:                                
gsm.operator.numeric    45001                           Sec_Ril_Dump:                   [RIL::FD] Samsung Testbed
gsm.default.sidmode                                                                     ? UART
net.tcpdumping          On                              SysDump:                        ?
nfc.trace.mode          On                                                              Enable NFC Trace Mode 

ril.FTM_MODE                                                                            ? "FTM_MODE_KEY"
ril.FS                  true                            PhoneUtils: updateRAFT()        Activates RAFT (???) updates
ril.OTPAuth                                             SysDump:                        OTP Authentication 
ril.cdma.inecmmode      true                                                            Is phone in ECM mode?
ril.unique_number                                                                       The RIL Unique Number (UN)
ril.sms.gcf-mode        On                                                              ? SMS "GCF" mode

persist.log.seclevel    On                                                              Switchable Log level?
persist.sys.country                                                                             
ro.build.type           eng                             SysDump:                                
ro.debuggable           On                                                              Enable Debug / DBG_ENG / Engineering Mode??
----------------------------------------------------------------------------------------------------------------------
Country/Region Specific
----------------------------------------------------------------------------------------------------------------------
ro.board.platform                                       
ro.build.characteristics                                
ro.csc.sales_code       SKT | KIT | LGT                 PhoneFeature: makeFeatureForKor()       
ro.product.name         espressorf | espresso10rf       PhoneFeature: checkDBGLevel()           
                        aegis2vzw                       PhoneFeature: makeFeatureForKor()       
                        jaguars | jaguark | jaguarl     

A particularly fun string is the following, found in the featureForKor() function:

Code:

mFeatureList.put("emergency_for_cyber_terror", boolean2);

I'd really like to know what this does!

Special Files

As we know from other Samsung Galaxy class phones, there are a number
of files that can be created or modified in order to activate certain
functions. Here we list those found to date. Please post if you know
of other ones!

Apparently setting the "SubscriberID" (IMSI) to "999999999999999" also
activates certain test features. A sim with this IMSI is also known as
a "Factory SIM". However, if the SIM IMSI starts with either "45001" or
"00101" it is a "Test SIM".

[See: ServiceModeApp.apk:PhoneUtils.java:isFactoryMode() or
FactoryTest.apk:ModuleCommon.java:isFactorySim()]

Code:

File                            FileContent     Description
-------------------------------------------------------------------------------
/efs/FactoryApp/factorymode     ON              Enable Factory Mode
/efs/FactoryApp/keystr          ON              Blocked (hidden code?) Key String(s)
/efs/imei/mps_code.dat          ?               ?
/efs/root/ERR                   ?               Error Log
/data/.psm.info                 ?               WiFi Power Save Mode    

---------------------------------------
Various Log Files:
---------------------------------------
/data/log/CallDropInfoLog.txt   ?               Dropped Calls Log
/data/log/lucky_ril.log         ?               ?
/data/log/dumpState_*.log       ?               ? System Dump Log
/data/log/main_*.log            ?               ? 
/data/anr/traces.txt            ?               ? 
/data/log/err                   ?               ? Error Log
/data/log/err/AENEAS_TRACE_###.bin              RF Aeneas Trace Log
/data/log/err/MA_TRACE_###.bin                  RF MA Trace Log
/mnt/sdcard/log                 ?               ?

---------------------------------------
System Files 
---------------------------------------
/sys/class/sec/switch/adc                       

(Note: Some of these paths need to be verified, as they may be relative...)

Finally, we have two NVpasswords, that is used for uploading or dumping NVram, AFAIK. They are:
873283
3352225
and they can be found in Sec_Ril_Dump.class.

DISCALIMER:

As I do not have access to a GT-I9300, I have not been able to verify
any of the information in this thread! I apologize if there is any erroneous
information here. Please let me know and post new information here as
it become available. Also make sure you make a complete backup, before
attempting any of the codes or other trickery above!

Reprogramming smartcards (SIM CARDS)

 Here is the link for the time being ...

http://www.jaycar.com.au/productView.asp?ID=KC5361

I remember when Dejan found the binary hack way back in 2006 for BB5 Nokia phones, he posted files on his website on how to clone a simcard. But those times only 16bit chips were used.

Here is the scheme tics for the reader if any one interested.