preferred gsm network

Discussion:

(too old to reply)

a***@ulster.ac.uk

2006-09-11 09:34:47 UTC

Dear All,

I'm currently working on an application that uses a GPRS module. When
the device is roaming abroad, I would like to insure that it connects
to one of the preferred networks that is stored on the SIM card.

If I send the following command to the module:

AT+COPS=?

+COPS: (2,"UK VODAFONE","","23415")
+COPS: (3,"UK O2","","23410")

OK

I get the list of networks that my GPRS module is able to pick up. My
home network is Vodafone UK. If I send the following command, I get the
list of my preferred networks, that is stored on my SIM card:

AT+CRSM=176,28464,0,0,103

+CRSM:
144,0,02F80112F41062F22072F21022F20102F25062F81002F4402F81002F61042F08005F53056F51006F22012F60772F62072F81062F01022F61035F01064F00032F81042F5014F92032F21002F81054F40042F82092F30412F90172F42072F43025F53082F620FF

OK

Is it normal that my home network Vodafone UK doesn't appear in this
list? Otherwise if the MNC of a given network is 0, should this come up
as 0 or 00 in the above list?

Thanks in advance for your help,

Regards,

Alan

John Henderson

2006-09-11 22:19:26 UTC

Permalink

Post by a***@ulster.ac.uk
Dear All,
I'm currently working on an application that uses a GPRS
module. When the device is roaming abroad, I would like to
insure that it connects to one of the preferred networks that
is stored on the SIM card.
AT+COPS=?
+COPS: (2,"UK VODAFONE","","23415")
+COPS: (3,"UK O2","","23410")
OK
I get the list of networks that my GPRS module is able to pick
up. My home network is Vodafone UK. If I send the following
command, I get the list of my preferred networks, that is
AT+CRSM=176,28464,0,0,103

144,0,02F80112F41062F22072F21022F20102F25062F81002F4402F81002F61042F08005F53056F51006F22012F60772F62072F81062F01022F61035F01064F00032F81042F5014F92032F21002F81054F40042F82092F30412F90172F42072F43025F53082F620FF

Post by a***@ulster.ac.uk
OK
Is it normal that my home network Vodafone UK doesn't appear
in this list?

I think that's normal. The home PLMN has priority over the
preferred PLMN list, and the home PLMN is embedded within the
IMSI (the first 5 digits of IMSI for a 5-digit PLMN). This is
read from the EF_IMSI file (28423/6F07), rather than from
EF_PLMNsel (28464/6F30).

Post by a***@ulster.ac.uk
Otherwise if the MNC of a given network is 0, should this come
up as 0 or 00 in the above list?

I believe it should be represented as "00". GSM 11.11, clause
10.3.4 clearly specifies that each PLMN in the "+CRSM: " result
has 3 bytes (6 semi-octets).

John

a***@yahoo.co.uk

2006-09-14 11:08:26 UTC

Permalink

Hi John,

Thank you for your post.

I've another question: Is there any command I can send a command to
find out how long the list of preferred networks is? The reason I'm
asking, is that I've noticed that the length of the list is operator
dependent. What is the average list length?

Thanks in advance for your help,

Regards,

Alan

Post by a***@ulster.ac.uk

Post by a***@ulster.ac.uk
OK
Is it normal that my home network Vodafone UK doesn't appear
in this list?

Post by a***@ulster.ac.uk
Otherwise if the MNC of a given network is 0, should this come
up as 0 or 00 in the above list?

I believe it should be represented as "00". GSM 11.11, clause
10.3.4 clearly specifies that each PLMN in the "+CRSM: " result
has 3 bytes (6 semi-octets).
John

John Henderson

2006-09-15 00:19:24 UTC

Permalink

Post by a***@yahoo.co.uk
I've another question: Is there any command I can send a
command to find out how long the list of preferred networks
is?

Not that I've found and been able to get working. But GSM 11.11
says:

"If the length of the response data is not known beforehand,
then its correct length may be obtained by applying the first
command and interpreting the status words. SW1 shall be '9F' and
SW2 shall give the total length of the data."

If I've understood GSM 11.11 correctly, then perhaps:

AT+CRSM=176,28464,0,0,0

or

AT+CRSM=164,28464,0,0,0

should return the length as above.

The only device I've got which supports "AT+CRSM" is a Siemens
S55 handset, and it responds as follows:

AT+CRSM=176,28464,0,0,0
+CRSM: 103,0

OK
AT+CRSM=164,28464,0,0,0
ERROR

note that the returned value of 103 for SW1 means "incorrect
P3".

Post by a***@yahoo.co.uk
The reason I'm asking, is that I've noticed that the length of
the list is operator dependent. What is the average list
length?

The length is SIM dependant, with all unused entries stuffed
with "FFFFFF". The SIM I'm testing now contains 15 entries,
with 6 used.

I find that I can edit the list. I changed the first entry from
my home network (Optus Australia in this case) to your Vodafone
UK as follows:

AT+CRSM=176,28464,0,0,3
+CRSM: 144,0,05F520

OK
AT+CRSM=214,28464,0,0,3,32F451
+CRSM: 144,0

OK
AT+CRSM=176,28464,0,0,3
+CRSM: 144,0,32F451

OK

Interestingly, I also note that I can overwrite any of the 4
forbidden networks in the same manner. To change the 2nd entry
to Vodafone UK for example, the command is:

AT+CRSM=214,28539,0,3,3,32F451

As I understand it, the preferred PLMN list is just that - the
preferred networks in order of preference. Once they've been
tried, the device will roam onto any other network which
accepts it. Networks which are tried and refused get
automatically rotated through the forbidden networks list.

I haven't had a good look at these commands before, and hope I'm
not just telling you things you already know.

John

John Henderson

2006-09-16 10:36:16 UTC

Permalink

Post by John Henderson

Post by a***@yahoo.co.uk
I've another question: Is there any command I can send a
command to find out how long the list of preferred networks
is?

Not that I've found and been able to get working.

I believe I've discovered a way to read the length on my Siemens
phone at least. I'd be interested to see if it works for you.
I've issued a "status" query for the EF_PLMNsel file, and
interpreted the result. This is the command and response:

AT+CRSM=242,28464,0,0,0
+CRSM: 144,0,0000002D6F30040111F0FF01020000

The response is interpreted as per GSM 11.11, clause 9.2.1
(response data for status query on an EF - elementary file).
The first 2 octets ("0000") are RFU (reserved for future use).
The next 2 octets ("002D") are the file length. Then there's 2
octets for file ID ("6F30" hex = 28464 decimal), followed by
other data which doesn't interest us for the moment.

The length 2D hex is 45 decimal, and is the number of octets in
the file. Each PLMN uses 3 octets, so my EF+PLMNsel file has
room for 15 PLMNs. As your SIM appears to hold 150 PLMNs, I'd
expect you to get a result beginning:

+CRSM: 144,0,000001C26F30

John

John Henderson

2006-09-16 10:43:14 UTC

Permalink

As your SIM appears to hold 150 PLMNs, I'd expect you to get a
+CRSM: 144,0,000001C26F30

Sorry, that should read 50 PLMNs and

+CRSM: 144,0,000000966F30

John

a***@yahoo.co.uk

2006-09-18 11:00:40 UTC

Permalink

Good morning,

Thank you once again for your post. I'd noticed the corruption that
you'd mentionned, but I just thought that I'd a 1 digit MNC. I did out
a list of my MCC and MNCs by ensuring that the 3rd character was always
an F:

02F801
12F410
62F220
72F210
22F201
02F250
62F810
02F440
22F80
02F610
42F080
05F530
56F510
06F220
12F607
72F620
72F810
62F010
22F610
35F010
64F000
32F810
42F40
14F920
32F210
02F810
54F400
42F820
92F304
12F901
72F420
72F430
25F530
82F620

Is it not correct to do this? I was then able to look up the
corresponding networks on the internet.

I've also tried to determine the length of the list of preferred
networks, by using the command that you suggested:

AT+CRSM=242,28464,0,0,0
+CRSM: 144,0,000021FE7F10020000FFFF010C91010C0600838A838A

OK

The response doesn't seem to match up to yours.

Thanks in advance for your comments.

Regards,

Alan

Post by John Henderson

As your SIM appears to hold 150 PLMNs, I'd expect you to get a
+CRSM: 144,0,000001C26F30

Sorry, that should read 50 PLMNs and
+CRSM: 144,0,000000966F30
John

John Henderson

2006-09-18 20:25:03 UTC

Permalink

Post by a***@yahoo.co.uk
I've also tried to determine the length of the list of
AT+CRSM=242,28464,0,0,0
+CRSM: 144,0,000021FE7F10020000FFFF010C91010C0600838A838A
OK
The response doesn't seem to match up to yours.

Bad luck. Your device is returning the length (21FE/8702) of
the DF_TELECOM "Dedicated File" 7F10/32528. A DF is a
"functional grouping of files consisting of itself and all
those files which contain this DF in their parental hierarchy"
(GSM 11.11, clause 6.3 through 6.6).

The DF_TELECOM file includes the EF_PLMNsel file (6F30/28464)
and many other elementary files. At this point, I'm not aware
of any other means of teasing out the length of EF_PLMNsel
only.

John

John Henderson

2006-09-18 20:42:40 UTC

Permalink

Post by a***@yahoo.co.uk
Good morning,
Thank you once again for your post. I'd noticed the corruption
that you'd mentionned, but I just thought that I'd a 1 digit
MNC. I did out a list of my MCC and MNCs by ensuring that the
02F801
12F410
62F220
72F210
22F201
02F250
62F810
02F440
22F80
02F610
42F080
05F530
56F510
06F220
12F607
72F620
72F810
62F010
22F610
35F010
64F000
32F810
42F40
14F920
32F210
02F810
54F400
42F820
92F304
12F901
72F420
72F430
25F530
82F620
Is it not correct to do this? I was then able to look up the
corresponding networks on the internet.

It's true that 2-digit MNCs (those outside North America at
present) will always have semi-octet number 3 of 6 set to "F"
in this PLMN list.

What we don't know is which character is missing, let alone what
its value is. Using "x" to represent the missing character, we
don't know whether

22F80
02F610

in your list is actually

22Fx80
02F610

or

22F8x0
02F610

through to

22F800
2xF610

What GSM device are you using? And are you using a serial
(RS232) connection to it to conduct this dialog? This looks
like serial buffer overflow, and we should be able to eliminate
the character loss by tweaking the serial parameters if this is
the case.

If you're losing characters here, you'll likely be losing others
in any dialog involving responses of comparable length.

John

John Henderson

2006-09-18 21:27:24 UTC

Permalink

This post might be inappropriate. Click to display it.

John Henderson

2006-09-18 21:54:54 UTC

Permalink

Post by John Henderson
for (j = 0; j < 9999 && status != 103; j++)

I'm thinking too slowly.

for (j = 0; j < 9999 && status != 103; j += 3)

would work _much_ better, and

for (j = 0; j < 9999 && status == 144; j += 3)

might be even better still :)

John

John Henderson

2006-09-15 00:34:12 UTC

Permalink

This post might be inappropriate. Click to display it.

a***@yahoo.co.uk

2006-09-15 16:38:20 UTC

Permalink

Thank you once again for your helpful post.

Based on the results I got below, would I be correct that the biggest
number I can put at the end of the CRSM is 150? If I put any bigger, I
get an error.

Thanks in advance for your help,

Regards,

Alan

AT+CRSM=176,28464,0,0,103
A+CRSM:
144,0,02F80112F41062F22072F21022F20102F25062F81002F44022F81002F61042F08005F53056F51006F22012F60772F62072F81062F01022F61035F01064F00032F81042F45014F92032F21002F81054F40042F82092F30412F90172F42072F43025F53082F620FF

AT+CRSM=176,28464,0,0,140
+CRSM:
144,0,02F80112F41062F22072F21022F20102F25062F81002F44022F8102F61042F08005F53056F51006F22012F60772F62072F81062F01022F61035F01064F00032F81042F45014F9202F21002F81054F40042F82092F30412F90172F42072F43025F53082F620FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

OK
AT+CRSM=176,28464,0,0,150
+CRSM:
144,0,02F80112F41062F22072F21022F20102F25062F81002F4402F81002F61042F08005F53056F51006F22012F60772F62072F81062F01022F61035F01064F00032F81042F4514F92032F21002F81054F40042F82092F30412F90172F42072F43025F53082F620FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

OK
AT+CRSM=176,28464,0,0,160
+CRSM: 103,0

OK
AT+CRSM=176,28464,0,0,155
+CRSM: 103,0

Post by John Henderson

Post by a***@ulster.ac.uk
Otherwise if the MNC of a given network is 0, should this come
up as 0 or 00 in the above list?

I notice that your "+CRSM: " result contains corruption. Could
this be a RS232 flow control (buffer overflow) problem?
To be most useful, the P3 parameter ("103" in
"AT+CRSM=176,28464,0,0,103") should be a multiple of 3 (3
bytes/octets per PLMN). I wonder if the corruption would
disappear if you used a P3 value of 102 or 105 instead.
John

John Henderson

2006-09-15 20:44:52 UTC

Permalink

Post by a***@yahoo.co.uk
Based on the results I got below, would I be correct that the
biggest number I can put at the end of the CRSM is 150? If I
put any bigger, I get an error.

You could try 153. And then 156 and 159 if that works. But my
guess is that your SIM has 50 (a nice round number) entries in
the EF_PLMNsel file. So P3=150 would be the limit.

The SIM I tried had 15 entries. I can verify that, because the
Siemens S55 phone lets me read the list on the handset itself.
That's how I got absolute confirmation that my

AT+CRSM=214,28464,0,0,3,32F451

command changed the first entry successfully. The handset said
that the first entry was "Vodafone UK" after that.

And I got the SW1=103 error as soon as I exceeded P3=45.

I notice that your result list is still corrupt. You've lost 3
semi-octets over the full 300 semi-octets (150 bytes/octets).
Numbering your entries, we get:

1 02F801
2 12F410
3 62F220
4 72F210
5 22F201
6 02F250
7 62F810
8 02F440
9 2F8100 corruption evident
10 2F6104
11 2F0800
12 5F5305
13 6F5100
14 6F2201
15 2F6077
16 2F6207
17 2F8106
18 2F0102
19 2F6103
20 5F0106
21 4F0003
22 2F8104
23 2F4514
24 F92032 more corruption
25 F21002
26 F81054
27 F40042
28 F82092
29 F30412
30 F90172
31 F42072
32 F43025
33 F53082
34 F620FF
35 FFFFFF
36 FFFFFF
37 FFFFFF
38 FFFFFF
39 FFFFFF
40 FFFFFF
41 FFFFFF
42 FFFFFF
43 FFFFFF
44 FFFFFF
45 FFFFFF
46 FFFFFF
47 FFFFFF
48 FFFFFF
49 FFFFFF
50 FFF

Just to clarify the earlier discussion about the number of
characters appearing in the MNC part of the PLMN, the "+CRSM: "
result always shows 3 characters each for both MCC and MNC.
3-character MNCs are used in North America, and "F" is used as
a filler character for the 2-character MNCs used elsewhere.

So for MCC=543 and MNC=21 we have display values of 543 and F21
respectively. And because the pairs of semi-octets get swapped
around within each octet in the "+CRSM: " result, the PLMN gets
displayed there as "45F312".

John