Okay so yet another comment and let’s say I’m gonna shoot my 3 years of frustration and working with these Simcom A7672xx series modems and many others. Let’s go step by step 1. The Simcom modem houses the ASR1603E chip which basically is the heart of the device, it runs the Threadx operating system. Perhaps, our world I can call it as we can run openCPU which allows us to basically code the modem over Simcom’s provided SDK and write our own code. 2. The modem here in this case is itself the main brains, I wonder why they had to use the separate gps module from Quectel as the a767xx series has inbuilt gnss on it, moreover Simcom doesn’t provide their SDK or support unless you are taking over more than 2.5k pieces from them, here it is very clear that they happen to have used their SDK to talk over the uart with the gsm modem. 3. More than the AT commands which I kinda doubt would work, you should check with the hardware datasheet, so pin no, 9 and 10 is TX1 and RX1 respectively, that’s mostly used in 95% of applications where a host mcu is connected with the gsm. Pin 27 and pin 28 is usb DP and DM respectively. Now the usb can be helpful as it would show as com port on a windows machine, on Linux it’s gonna show 4 USB on the tty! Usb0 is mostly what I use to hit the AT, but again long shot if that would work over the custom firmware. 4.I happen to have their update binary’s if you wanna dissect them and see what’s inside, I never got time to do the reverse engineering on that. But I would take a look at it tommrow or even share the files with you. 5. The whole gsm pins except the one which I’ve mentioned as USB works on 1.8V so be careful! 6. It’s gonna be fun for even me to see how you could manage to extract the firmware since they never gave me any Linux support, they only happen to have know how to use alboot on windows and just flash the zip file which is the firmware usually. Idk if I went right on points or I went haywaya, but it’s just the mix of 3 nights of no sleep and continuously working with the same gsm modem just to fix the fricking network attach ! And it fails back and forth! Atleast in India! Idk about global. So yeah, I’d be absolutely happy to share the firmware files, they aren’t public I guess, since I’ve placed the orders for production pieces and have been using around 500pcs so far, they are 5% helpful! Hope this comment helps !

Love the videos, this channel is gonna blow up! I appreciate how you break down your thought process and thinking visually even though I understand like 4% of it all.

The missing cpu is not a surprise. The simcom module almost certainly has an application processor on it. The company did a great thing - they put an MCU down to implement the basic functionality easily, then when they worked out how to use the application processor on the simcom module, they could drop the MCU without needing a pcb re-spin. Thats a sensible approach, I do it myself.

SIMCOM modems (and modems in general) offer an SDK to run cutom code in em. Which is great for simple and cheap applications like this. Last time I checked out the SDK it seemed like a nightmare to learn

Yeah. @ GlobeTracker they use similar GSM/LTE modules in their shipping container trackers. I think the module can be programmed just as a regular micro controller. Then it's just a question of how fast you wish to empty your battery by sending data. There is even a module with integrated MEMS accelerometer. Love what you do. Please keep it up :)

Love your videos man. Just got into hardware analysis, and you’ve helped me a ton.

Some modem modules allow to run custom code. That would explain the lack of an external MCU.

Love the detail in your videos, every time I see a new one it makes me want to tear apart everything I own and see what's inside but I'd be so lost, although I do know soldering and am in IT. Any courses you're aware of for already moderately technical people to dip their toes in the water, or maybe a good device or types of device(s) to learn with? I want like a baby's first reverse engineer

If these are anything like the Chinese 3g GPS trackers I've worked with in the past, you can program the firmware via SMS codes. No need to use their app as you can set your own servers. Not quite a full device takeover though. If memory serves, and fw is similar, you can set your number as admin by texting admin {number texting from} You get a response like Admin ok if successful.

i would bet the GPRS radio has a microcontroller inside it. either that or the GPS module has one.

You should be able to connect to the module via UART pins or USB and then adb to it. Hardware design datasheet will help you locate required pins.

I'm 46 and it made me laugh a little when in 2024 a guy is explaining AT commands.. My dial-up BBS days and Hayes modem AT commands come flooding back. AT OK.

Some cellular modems can operate in bridge mode. I bet if you connect to it, you will be directly communicating with the GPS module

11:31 - There could be a series resistor or level shifter between the GPS and GSM module.

They made some "interesting" design choices on this one. Cutting out the microcontroller is a way to cut cost i guess. Btw this cellular module has an E variant thats widely used with arduino's and raspberry pi's. There are even boards like the crowtail-4g a7670e that are specifically advertised for serial uart data transfer of gps data.

It can work as built. The cell modem does not require AT commands to dial. It can be configured to Auto Answer and NEMA data is connected to the calling party. If you are old enough to have worked with dial up modems, and possibly was a Sysop for a BBS, you wild be familiar with the Auto Answer configuration. On modems , the dip switches could be set for auto answer or not. Without auto answer, the RI Ring Indicator signal would tell the program the modem was ringing. The program would reply with ATA which is the AT command Answer. To proceed, get all the info you can on modem AT commands and hardware configuration.

This 4G module can directly talk to the GPS without any MCU in the middle. there are AT commands to support that see AT Commands for GNSS chapter in A76XX-Series_AT_Command_Manual. I guess this is a cost-optimised version of the GPS tracker.

Great content man. Look forward to more!

Great video Matt! I'm looking forward to the next ones. What watch are you wearing? It looks really nice!

Maybe it does cellular triangulation for location data instead of gps? If then why would they add a GPS module? Btw, i love this series. Keep it coming :)

Exciting, great educational videos!

The gps module is configured to output the coordinates via some protocol like i2c/spi/uart and the cell module can read and relay that data when queried. A server controlled by the app company who is also the cell service provider, queries the cell module, retrieves the raw location data and all the processing is performed by the app server? So the device is essentially just a sensor?

The ESP8566 WIFI MCU started with a modem firmware flashed in factory to use it in conjunction with an mcu or other computer (like the C64 😅). Soon many people found out to flash own firmware and espressif quickly build a hole toolchain around it. Same with this cellular modules.

Far too many chip documents require an NDA before you can see how they work. This was a big part of the problem, then the solution, to Broadcom non disclosure requirements. They just dont work with open source requirements. Fortunately for the raspberry pi, an inside employee was able to convince them to cooperate.

Hey Mat, I am a transitioning service member and I am currently a IT specialist. I have my AS in Information Technology and I wanted to know if electrical engineering is a better degree to peruse for someone’s BS. I wanted to know where you started your journey. Thanks ❤

Some of those sims have data caps, restricted apns, but some have shared network plans. Most are designed so you can't rip a sim out and run for free but you could in theory utilise the sim and direct to your own addresses and use inconspicuous amounts of data A lot of modern iot cell modems expect to get a gps module connected directly, I'd say there's a good routine doc that sends a status message that includes gps data, then whatever inbound server processes to show the user

Can't wait. Love this stuff

Quectel have capability of voice call, sms, gps, and lte, it just need AT commands, so the manufacturer add little controller to just send appropriate at command on based of task they want to execute from Quectel board, Quectel is a big company btw

I’d assume the Simcom module houses the baseband and application processor and is receiving the GPS data over serial connection directly from the GPS module.

if there is no connection between the gps module and the lte modem, I am guessing it uses triangulation rather than true gps.

If you had dialup internet you may have seen or had to mess with AT commands. I have no idea if cellular has more or fewer commands but on dialup you could use them to set the baud rate of the connection and various other things. Back then if you had dialup and had an unreliable connection the AT commands would allow you to try different settings that may work better or worse. I don't know who still uses dialup connections these days but there are probably a few. Dialup of course, worked on land lines and some people still have those for phone service or they might have kept it so they could send faxes.

you'l notice the module spec sheet shows ''AT commands'' and as such are ''A''-''T'' commands but thats really not obvious as its not stated or taught, (electronics)convention is that capitalised abbreviations are spelled out, light emitting diodes being L-E-Dee's and LASERS being lasers, theres always exceptions to every rule.....

Perfect video. Please make more related videos😅🍻👍👍👍❤️👍

can you make video about device related to satellites? it would be interesting like startlink or satellite commutation

I cant wait for next videos

Maybe this device does not gets its location from the GPS chip at all. Maybe it gets its location from the cell network, which is less precise, but is still possible. In the first era of smartphones it was commom for cheaper phones not to have GPS and instead would use the cell network for location tracking, which was very imprecise, but it sort of worked.

code from missing controller will have been flashed into the gsm module. you can do this with the a9g module and build your own tracker as python has been ported for it. or just buy a gf21 tracker for less than $20

Wow that looks a lot like a lora module on the inside... Could the microcontroller be underneath of it?

I am betting this is using sim applets, the code is on the simcard. Reason for the unpopulated ic's is that the board can be populated with a microcontroller if you want a universial board that work with any simcard.

The SIMCOM module is a fully fledged computer runinning a RTOS. Wire up a keyboard, display, speaker and micropone and you can have a fully functioning cellphone. Even running Java!

A lot of IoT cell modems have microchip controllers and processors that run the actual modem. One big company Quectel that does this. Al the binaries and commands that run the actual qualcomm cell modem chip for most of Quectel modems are done separately on the controller and storage built in running a cut back Linux and packages like busy box. One company like Invisagig uses their own firmware with this modems linux and not he onboard controller to have a web face GUI for configuring the modem instead of a separate controller and OS that some cell modem companies do and then just control the modem over the M.2 (or whatever) interface with the modem. I have gained access to some of my quectel modems and it really does have a lot going on in the OS. That’s probably what you have going on this with one since it’s a module. It’s also the same micro controller that runs the AT commands.

Thanks for the video bro

We got an Invoxia tracker that is very small and works well. It comes with either a 1 yr or 2 yr subscription when you buy it so there is no SIM card but it doesn't come apart so I don't know what's inside it.

The SIM card itself is a microcontroller and can run custom applications. I would imagine there is a custom application running on the SIM card to poll the GPS coordinates and shit them out via the 4G LTE network to some shady server.

I guess the GPS outputs NMEA over serial and the cell modem might just relay the serial input to a pre defined receiver

Does the gps module need another mcu to send data to the cell module? Why not use uart or so directly?

Prob the LTE modem runs Linux or something and they use that

This video is such a tease LOL. Please include how you know the sim capabilities and how to know its data cap etc. so it can be use with other projects without getting blacklisted.

Pro I love you video :)

I hope you capture and reverse the communications between the two modules.

Can you test Tapo C200 home security camera

The cell modem has a processor in it.

Hey Matt, the discord invite link in the description is invalid

does the cellular use a triangulation estimation?

@mattbrwn how can I send you material? I have a couple freight trackers that you may be able to compare to this.

They are sending the commands and requests to the GPS module of the cellular connection

Really was expecting an esim.

like a trailer for a detective movie

things you don't understand != sketchy

That thing doesn't actually need a satelite nav ship... The LTE will simply be talking to two or more cell towers and voila.... triangulation is happening... Oh... a null modem schematic... just hook up something to the RX/TX/GND pins and sniff yourself silly... :-)

I hope to make video about extract dts file from boot in router cortex a15 and complie by openwrt and the router not supported by openwrt to make new profile to this device

what have I just watched

shouldnt you put a blur over amazon? mister Ashburn 20149