ATtention commands are a kind of command protocol spoken by telephone modems since the early 1980s. Amazingly, this protocol is still alive in some form today on modern smart phones and other telephony devices.
The world of cellular modems and AT commands is a bit mired in obscurity, but despite that they're quite simple to work with. Even on a modern Android phone, you can still send AT commands directly to the modem.
This post goes over how I managed to do so using a Pixel 4a featuring a Snapdragon X15 LTE modem. I suspect that it's probably possible on nearly any Android phone you can root, as the Android userland will probably need to be able to send AT commands to function properly as a phone, but most of the posts I came across when searching for this are fairly old, often over a decade, so I was curious how things have changed. As it turns out, not a ton.
Rooting
Google smartphones, for all of their faults, are very easy to root. For reference, here is how I rooted my Pixel 4a:
- Enable developer mode by tapping the build number in About Phone 7 times.
- Enable OEM unlocking in Developer Options.
- Unplug USB, reboot into Fastboot mode using Power + Volume Down.
- Run
fastboot flashing unlock
, follow prompt on phone to OEM unlock. (This erases all of your data, so make sure your TOTP keys are all safe, your files and photos are backed up, and you remove your phone as a second factor for app-based authentication in Steam, GitHub, Okta, etc.) - You can now set things up again, you don't need to wipe again for a regular root. Enable developer mode again, then enable USB debugging in Developer Options, connect the phone, and authorize the computer to debug on the phone when prompted.
- Grab a copy of your firmware. Matching the version to whatever you have right now is probably a good idea.
- Extract the zip file, then extract the image zip file within that zip file.
adb push
theboot.img
file over to your phone. You need to copy it somewhere;/sdcard/boot.img
works. - Install Magisk Manager on the phone.
- Select "Install" in the Magisk category, "Patch file" then browse to your
boot.img
. - It will drop a patched
boot.img
in the storage root. Rename it to something reasonable, then useadb pull
to download it back to the computer. - Reboot into fastboot again: disconnect USB, power off, Power + Volume Down.
- Run
fastboot flash boot [patched boot.img]
with your patched image. - You are now root.
Sending AT commands
All you have to do now to send AT commands is find out which device you can use to communicate with. I found that on my Pixel 4a, it was /dev/smd7
. (I guessed here, because I couldn't figure out a better way to find the right device for the version of Android I am on.)
Anyhow, first of all, enter an adb shell
, then run su
. If Magisk is properly installed, your phone will prompt you to grant root access to your shell. Go ahead and do that. Then, you can send an AT command like this:
echo -e "AT \r" > /dev/smd7
At this point, though, you can't see what the modem is replying with. So, start another adb shell
and run su
in it as well, and run:
cat /dev/smd7
Then, you should see your AT commands and the replies they get on this shell.
Refreshingly simple.
Word of warning
Be advised that many warn it is possible to potentially brick your SIM or modem running AT commands. I don't know if it's actually that real of a concern, but you could definitely cause some problems running AT commands. I wouldn't recommend doing it on your main phone line if you can help it :)