RSAP with Audi A7 MMI 3G+ firmware K0700

Discussions about running the rSAP app on Sony Xperia phones
admin
Site Admin
Posts:4139
Joined:Wed Mar 23, 2011 4:12 pm
Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by admin » Wed Oct 21, 2015 7:59 pm

I have exactly the same software in my Z3. Every two or three months my VW (new Premium phone) doesn't want to connect to it, then I reboot the phone and everything is fine for the next months.

Simply do a reboot, start HCI logging, connect to the car, wait until the connection fails and stop HCI logging. Don't run a SIM check! The only explanation I currently have is that the first rSAP connection after a reboot messes up something inside the phone.

GaPhi
Posts:21
Joined:Thu Apr 09, 2015 9:26 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by GaPhi » Wed Oct 21, 2015 9:23 pm

I have put all file on Google Drive (same link as yesterday in PM).

Screen captures of SuperSU, RSAP sim check results (OK and KO).

Here are the 4 logs contexts:

Reboot phone
Wait end of boot
Start log 1
Switch car on
Connection without rsap (I use a second sim right now)
Wait end of OBEX
Stop log 1

Remove car smart card
Car still on, car BT off
Reboot phone
Don't wait end of boot, just BT and RSAP icons
Start log 2
Car BT on
Connection with rsap OK for the first time!
Wait end of obex
Stop log 2

Car still on, car BT off
Car BT on
Connection with rsap KO (argh, no log but no reboot too)
Car still on, car BT off

Reboot phone
Don't wait end of boot, just BT and RSAP icons
Start log 3
Car BT on
Connection with rsap OK for the second time!
Don't wait end of obex
Stop log 3
Car still on, car BT off

Reboot phone
Wait end of boot (mail till here)
Start log 4
Car BT on
Connection with rsap KO (timeout)
Car finally goes in sleep mode...
Stop log 4
Car is already off

It seems to be linked to the time between reboot and car connection... But it is not possible to do statistical analysis with only 4 tries...

Hope you will find something in the logs or captures!

Thanks!

GaPhi
Posts:21
Joined:Thu Apr 09, 2015 9:26 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by GaPhi » Wed Oct 21, 2015 9:30 pm

admin wrote:I have exactly the same software in my Z3. Every two or three months my VW (new Premium phone) doesn't want to connect to it, then I reboot the phone and everything is fine for the next months.
We are sharing the same experience but in my case it was more days/weeks than months.
One thing is sure, the defect can be reproduced proving it was already there.
I consider the last scenarios as very interesting as the delay to reproduce it (is it the same problem?) seems to be shortened to an exploitable time for debug! :)

GaPhi
Posts:21
Joined:Thu Apr 09, 2015 9:26 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by GaPhi » Thu Oct 22, 2015 10:34 am

I have done a new tentative this morning (without log) :
  • Reboot the phone
    Go into my car and start the engine to go to work
    The car connected the phone without RSAP (hands-free and PBAP profiles)
    I go to the menu Phone/BT/Paired/Z3 and choose SAP profile
    The car disconnected the HFP and started SAP
    The phone reacts perfectly and it worked !
    Now it is less than 1min I have quit my house...
It is not acceptable to have to reboot the phone and go deeply in car menus enough quickly to have RSAP functional : I take my car about 6 to 8 times a day !

The assumption of a race condition in the phone linked to RSAP seems to be enforced : maybe a missing mutex or a misplaced SIM disconnection/reset when switching from phone to car ?

I think it will be necessary to go deeper in the trace log, don't I ?

admin
Site Admin
Posts:4139
Joined:Wed Mar 23, 2011 4:12 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by admin » Thu Oct 22, 2015 7:55 pm

Log 1: Car doesn't even ask for SIM Access Profile. I guess because of the physical SIM card.

Logs 2&3: Nothing special

Log 4: Here it gets interesting:

Everything looks normal, until the car tries to select application id a0000000871002000000000000000000. This id is not existing in the EF.DIR file, so I guess it is invalid. The SIM card answers with an error, after that there is no more meaningful communication between car and phone for about 90 seconds, then the connection is aborted. I guess this is the point where something gets messed up in the phone and you have to reboot it. I also guess that the car will do this again.

So it looks like a problem in the car's software, which leads back to the first diagnosis: the update wasn't successful.

GaPhi
Posts:21
Joined:Thu Apr 09, 2015 9:26 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by GaPhi » Tue Oct 27, 2015 12:43 am

Hi again,

I had a little time to investigate log 4 too this week end.
The abnormality you mention (at frame 598) is not the first one.
It seems to me that the first one is at frame 538 with a captured malformed packet :
- Source & Destination is not decoded by WireShark
- Differences with the log 1 concerne for 7 bytes
It could look like a transmission (Tx or Rx) error that is not well managed.
I imagine this malformed packet generates an exception/error code internally that is not well handled as a response is sent (frame 539).

Could you double check this ?

Thanks !

NB : I just realized the title is wrong : it is not K0700 but K0900 for my MMI 3GP firmware, but this does not change anything to my problem. ;-)

admin
Site Admin
Posts:4139
Joined:Wed Mar 23, 2011 4:12 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by admin » Tue Oct 27, 2015 8:32 am

There are sometimes malformed packets in WireShark, I don't know where they come from. So far they were no explanations for errors, so I guess they come from "bad measurement" or even bugs inside WireShark. If they really are existing and the source of your problems, you'll have to fix the Bluetooth stack, either in the phone or in the car. Since a change in the car revealed the problems, I'd guess the car's software is flawed.

I'd really like to help you, but everything points to the new software in your car. You say you did the update? It wasn't an a Audi shop? Did you check hard- and software dependencies to other components in your car?

admin
Site Admin
Posts:4139
Joined:Wed Mar 23, 2011 4:12 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by admin » Tue Oct 27, 2015 12:13 pm

What also always confuses me with Audis is that they always seem to use all those fancy TERMINAL PDUs. It looks like the "malformed packet" comes from the WireShark dissector, because it cannot make any sense of the bytes.

I've never seen those TERMINAL PDUs from any other car phone and frankly I don't know what they are good for. Maybe they cause the trouble?

GaPhi
Posts:21
Joined:Thu Apr 09, 2015 9:26 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by GaPhi » Mon Dec 14, 2015 11:25 pm

Hello again,

I did not update the car firmware (still Audi A7 with K0900 firmware) but just redevelopped my own RSAP application since last week and now it works perfectly. 8-)

Sorry, but this confirms the bug is in your software... What I see from BT pcap seems to be a race condition with corrupted memory buffer. :o

The next step now is to know if you want to fix your software or if I need to finalize mine :
- disconnection initiated by smartphone
- manage RILD restarts (even if it should not happen)
- find a way to get the ATR cleanly (hardcoded today : any advice for me :))
- remove traces
- add a permanent notification to avoid application termination
- etc...
It is probably one more week :geek: to finalize it perfectly cleanly with automatized installation too (single executable in my case) that is why I would prefer a fix from yours ! :P

Best regards,

admin
Site Admin
Posts:4139
Joined:Wed Mar 23, 2011 4:12 pm

Re: RSAP with Audi A7 MMI 3G+ firmware K0700

Post by admin » Tue Dec 15, 2015 3:24 pm

If you can give me a further hint where the memory corruption happens, I'll gladly fix it :oops:

Post Reply

Return to “Sony Xperia”