Obtaining LTE/5G Logs from my Galaxy S25

As part of my ongoing Mobile Systems course, there was a task requiring viewing 4G/5G network logs. Now, there was already a file given, but it was also mentioned, though not exactly how, that we can do it on our own phones. So, it is my self-determined task to see if I can capture the logs of my new Samsung Galaxy S25 (just the base model, I'm not that rich).

As usual, I set up my own uv virtual env, and then, time to install QCSuper, a wonderful tool which communicates with Qualcomm-based phones and modems, allowing us to capture raw 2G/3G/4G/5G radio frames, among other things. 5G is not yet fully implemented as of writing, but it is workable. The tool also interfaces with Wireshark in a live manner, so that's great even if Wireshark doesn't go as deep as some of the more professional telecom frame analysis tools like QCAT. But that is an expensive piece of software, and I don't have access to it (yet), so QCSuper + Wireshark will do for now.

Getting Started

Make sure libusb is installed (my Mac did NOT have it):

brew install libusb

And then:

sudo uv pip install --upgrade pyserial pyusb crcmod https://github.com/P1sec/pycrate/archive/master.zip

You should see something like this:

Resolved 4 packages in 1.18s
      Built crcmod==1.7
      Built pycrate @ https://github.com/P1sec/pycrate/archive/master.zip
Prepared 4 packages in 3.19s
Installed 4 packages in 25ms
 + crcmod==1.7
 + pycrate==0.7.0 (from https://github.com/P1sec/pycrate/archive/master.zip)
 + pyserial==3.5
 + pyusb==1.3.1

Et voila! It runs:

(qcsuper) ~/qcsuper ❯❯❯ ./qcsuper.py
usage: qcsuper.py [-h] [--cli] [--efs-shell] [-v]
                  (--adb | --adb-wsl2 ADB_WSL2 | --tcp IP_ADDRESS:TCP_PORT |
                   --usb-modem TTY_DEV | --dlf-read DLF_FILE | --json-geo-read JSON_FILE)
                  [--info] [--pcap-dump PCAP_FILE] [--wireshark-live]
                  [--memory-dump OUTPUT_DIR] [--dlf-dump DLF_FILE]
                  [--json-geo-dump JSON_FILE] [--decoded-sibs-dump]
                  [--reassemble-sibs] [--decrypt-nas] [--include-ip-traffic]
                  [--start MEMORY_START] [--stop MEMORY_STOP]
qcsuper.py: error: one of the arguments --adb --adb-wsl2 --tcp --usb-modem
                    --dlf-read --json-geo-read is required

Enabling Diag Mode on S25

Now step 2 is fairly simple. Just enable Diag mode, and this can be done by dialing *#0808* on I think any Samsung phone. For some reason, this didn't work on my default dialer, so I had to use the factory dialer by typing this magic code on the default calculator app: (+30012012732+

Now after connecting my phone via USB to my Mac, it should work finally. If for some reason it gives the following error:

[09:13:26 | ERROR @ main.py:129 ] No Qualcomm Diag interface was found with
the specified criteria. Please be more specific.

Make sure to verify that the USB connection mode is in "USB Modem" mode and not transfer/MIDI/charging.

Capturing Live Network Logs

From the QCSuper README, to capture live logs and pipe them to Wireshark, just run:

./qcsuper.py --usb-modem auto --wireshark-live

You should see output like this:

(qcsuper) ~/qcsuper ❯❯❯ ./qcsuper.py --usb-modem auto --wireshark-live
[12:47:38 | INFO @ _enable_log_mixin.py:141 ] Enabled logging for: 1X (1),
WCDMA (4), GSM (5), UMTS (7), DTV (10), APPS/LTE/WIMAX (11), TDSCDMA (13)

It works! You should get the Wireshark window up and running like I got below:

For now it shows some basic information in the RRC layer like connection requests, paging info, SIBs, etc. Not super detailed, but it's a start. I will explore more and see if I can dig deeper into the logs later, find an exhaustive list of message types that can be captured. In particular, there should be a mode to decrypt NAS messages but I haven't been able to make it work on my setup. For now, this is a good start!