Close
0%
0%

Neoway M590 Undocumented Commands/ Features

Underestimated mobile comms module. Runs on 2G celluar network still available many regions. Capable of much so more than just sending SMS

Public Chat
Similar projects worth following
If you're in country where 2G is still supported (or limited support, see ** link just below here) the Neoway M590 is dirt-cheap (around 1 USD or less) and in terms of bang-for-buck you just can't go wrong with it. This project is finding what the M590 is capable of. What's for sure it can do far more than what the manufacturer says it does in their documents. Try out these fun undocumented commands in the FILE downloads section and see for yourself. Any unpublished command(s) you find you're welcome to post them here on this project's discussion.

(** 2G info: https://www.digi.com/blog/post/upcoming-2g-and-3g-global-cellular-network-sunset )

General idea of what ELSE the M590 is capable cf 

Loads of stuff that isn't published...

  • Can do Internet DNS lookup of a domain name, uses the resulting IP address to connect to a FTP server and then sends or downloads files including viewing server directory contents.  
  • It can answer a voice-type call and send and receive DTMF tones through the connection.   It can see the incoming call's number before answering.    
  •  It can go into low-power mode (while still online) to about 2.0 mA and be woken up using the DTR line or incoming call.  That's a LONG time running off a single LiPo cell.
  • Can operate as a dial-up modem over a voice channel (un-researched).
  • It can connect to a server with TCP ,  or in other words establish a live real time connection. 
  • You can send to it a SMS containing configuration changes for your software to process. 
  • And more...

FTP

Can read directories, read write files, change file names, append to files all sorts of things.   

Data connection

TCP/IP connection to any IP4 address, such as a PHP server.  Use it for sending telemetry to a server.   

Undocumented Commands = For Hacking

The M590 responds to many undocumented commands with an "OK", or does something really cool.  Waiting to be discovered.  ~~~A full list of M590 commands (including the undocumented ones) appear in FILES download section~~~ 


Here's some examples

Example1:  Find out status info like battery charge level during a call

AT+CIND? 

+CIND: 5,2,1,0,0,0,1,0,2,0,0,1

(Key to above raw data: :"battchg","signal","service","sounder","message","call","roam","smsful","gprs","callsetup","callheld","cellservices")

Get unsolicited event-driven reports during a call.   Send AT+CMER: 2,0,0,2,0   and you'll get these updates.

Example2:   Get mobile network status

  • AT+CGED?      REALLY COOL

gives response  with detailed diagnostic info  GSM Service Cell,  PLMNs ,  receive and transmit levels, etc.

Example3:  Read Operator names

AT+COPN 

+COPN: "360110","C&W"

+COPN: "42101","SabaFon"

+COPN: "42102","MTN"

+COPN: "22002","ProMonte"

+COPN: "22003","YUMTS, YUG03" ………

Generally speaking when hacking the commands take three main forms indicated by the last few characters.    

  • ?    queries a setting or status   
  • = <setting>   sets something
  • =?   quieries what's possible  

Call 'Pranking' 

Call the M590 number as a regular voice call.  The M590 says "RING" on its TXD port, plus the calling number (if you enabled it).   Send command ATH, call is rejected. Now you have a trigger for a software function without being charged for call. Such as reporting back operating status to the number that just called it.  

HintsAndTipsUsingM590.rtf

Hints and tips for using the Neoway M590

msword - 4.94 kB - 03/28/2020 at 02:35

Download

FunM590Commands.txt

Some fun undocumented M590 commands to try out

plain - 236.00 bytes - 03/10/2020 at 22:15

Download

Data Link Transcript M590.txt

Transcript recorded while sending and receiving data over FTP and TCP

plain - 1.99 kB - 03/10/2020 at 21:45

Download

AT[plus]CGED-data.log

Data from M590 in response to undocumented command AT+CGED

log - 3.38 kB - 03/10/2020 at 20:50

Download

m590fullcommandlist.txt

Full list of commands recognised by M590

plain - 3.57 kB - 03/10/2020 at 20:47

Download

  • 1 × Neoway M590 + PCB (common on Ebay)
  • 1 × USB serial data interface
  • 1 × lithium battery
  • 1 × Computer
  • 1 × SIM card

  • 1
    Get started

    To get started, get some M590 modules. I remcommend getting several modules becuase sometimes a used module is less than perfect and may have poor signal quality or some other problem.    Build up the M590 PCB and connect to it a USB TTL serial data module.  Choose a nice Terminal program. I like to use Terminal v1.9b by Bray. 

    Some tips: 

    The M590 will most likely be trying to communicate with the last-used settings, 115 Kbs etc.  So one of the first things you ought to do is change the default bit rate to something easier to work with 9,600 bps.  

    There's a lot of pages on the Net about getting up and running

  • 2
    Try out the module with a SMS (yawn).

     You might need to try another module if it's not working too well.   Send a SMS (there's plenty of pages on the web about how).   You'll likely get bored quickly with SMS so now let's have some fun 

  • 3
    Try the commands

    Look for the file on this page with the list of undocumented commands.  

    A good one to start with is :

    AT+CGED

    Now call the number of the SIM card.

    You should get something like this: 

    RING
    
    +CGEDService CellMCC:214, MNC:  7, LAC:0dae, CI:3107, BSIC:00,
    
    Equivalent PLMNs:
    
    MCC:214, MNC:  7
    
    Arfcn:00016, RxLevServ:020, RfChannels:000, ArÖ¹}‘•‘é068,
    
    RxLevFull:013, RxLevSub:029, RxQualFull:006, RxQualSub:000, GSM Ciphering:ON, GPRS Ciphering Algorithm: GEA0,
    
    ms_txpwr:005, rx_acc_min:255, cbq:ff, cba:ff, c2_valid:False, cr_offset:255,
    
    tmp_offset:255, penalty_t:ff, c1:-32768, c2:-32768, ch_type:02, ch_mode:0b,
    
    txpwr:006, dtx_used:False, drx_used:True, t3212:00255, acc:ffff, t_adv:004, bs_pa_mfrms:255,
    
    dsc:255, rll:032,
    
    amr_acs:0, amr_cod_ul:0 amr_cod_dl:2 amr_c_i:126,
    
    BEP GMSK: mean_bep_gmsk:255, cv_bep_gmsk:255, BEP 8PSK: mean_bep_8psk:255, cv_bep_8psk:255,
    
    Neighbour Cell 1:
    MCC: -1, MNC:255, LAC:ffff, CI:ffff, BSIC:0b, Arfcn:00014, RxLev:015C1_nc:32768, C2_nc:32768,
    
    

View all 3 instructions

Enjoy this project?

Share

Discussions

Marcrbarker wrote 6 days ago point

Also, don't forget 2G mobile network server satellites in orbit.  I sometimes see an extra 2G signal come and go, I guess there must be one that passes over here. 

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

I can say 2G will be around a long time yet.  Even Stateside I expect there's millions of IoT non-human 2G subscribers out there.  Well speaking for The UK and Spain I reckon another decade at least.  A date of 2039 is estimated for England's electric utililies companies "Smart Meters" that rely on 2G. They won't even have finished completing the roll out of 2g-reliant smartmeters until 2024!!!

  Are you sure? yes | no

Ken Yap wrote 6 days ago point

2G might still be in use in some countries but can consumers get a SIM and service? The utility company might have private deals with the telcos so private experimenters won't be able to use the network.

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

I would imagine the 2G service will continue for some time but its availabilty won't be advertised. What to expect is telcos tech support staff officially stating "it no longer works" and sales saying "not available".   But then this project as its title says is all about finding out what's possible in the face of denial. 

As far as I'm aware) the SIM card itself doesn't define 2G availabilty. Finding 2G is the modem radio hardware's job (the M590 is dualband 900 & 1800), and as I understand the SIM just supplies login creds.  (unless they can somehow block 2G access from the SIM)    

If the SIM itself does block access to 2G (I don't think it does), one possible way round this could be get a SIM registered in a 2G-supported country and use it Roaming in another. If you're connecting with GPRS and only sending small amounts data the cost is surprisingly low and in some cases cheaper than a PAYG SIM bought in the target country.  While roaming receiving a SMS is free and so is receiving a caller's number via the M590's undocumented CLID capabilities.

  Are you sure? yes | no

Ken Yap wrote 6 days ago point

The point is the SIM is tied to the service you get so if they don't offer the service to you when you buy the SIM tough. Anyway it's moot, 2G has been switched off here.

Even 3G is scheduled for turn off here. The norm here is 4G and some carriers are offering 5G.

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

Apparently T-Mobile in northamerica seem to be supporting 2G until end of 2020.  https://www.slashgear.com/t-mobile-takes-a-swing-at-att-says-its-2g-network-will-stay-active-through-2020-14456049/    Also I see Sprint 2G shutdown date December 2021. I think the IoT Community [https://hackaday.io/search?term=IoT&tag=iot] will know much more about 2G availabilty in USA as there's millions of IoT devices in NAmerica still using 2G.  

As for SIM cards I imagine there may be millions of live SIM cards still running that had been obtained some years ago running in hand-me-down used phones.  

Well availability of 2G I don't think will be within the scope of this project, and I wish the best of luck to USA Hackerdayers tracking down 2G for their legacy IoT apps.  

  Are you sure? yes | no

Ken Yap wrote 6 days ago point

That's nice for NA. Let us know if you find a cheap 3G or better still, 4G module. Fortunately I don't have anything that I need to monitor at a distance, just being a stickybeak.

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

Sorry to dissapoint you but you'll not find anything I publish in this project about 3/4G modules because this project is by definition a 2G module while it runs in regions of the world where it's still supported.

  Are you sure? yes | no

Ken Yap wrote 6 days ago point

Nah, I'm not looking to run anything over 2G or 3G/4G for that matter, just being a stickybeak as I said. So I am not disappoint  😉 .The 2G bands were reused here as the spectrum is valuable. Presumably the very few devices still relying on 2G were replaced with 3G versions. That should be good until 2024 when the largest carrier here will discontinue it, followed by the others at some yet to be announced dates.

By then we should be streaming HD onto our phones while hunkering down in our bunkers against pestilence. 🤔

I was quite impressed in 2017 in S Korea observing another bus passenger stream video onto his phone when we were on the highway seemingly in the middle of nowhere.

  Are you sure? yes | no

Starhawk wrote 7 days ago point

As far as I'm aware (per Wikipedia, in fact, so as far as *anyone* is aware) -- 2g is gone forever, *globally* (amateur, temporary just-for-a-hacker-con efforts, if there are any, notwithstanding) -- so unless this model of chip is at least 3g-capable, it's unfortunately essentially worthless and useless to anyone and everyone... :-/

I'd be interested in a cheap 4g job, though... especially super cheap. I stumbled over something on eBay recently that was essentially a universal 4gLTE mobile hotspot for tinkerers like us, minus battery and housing, but the listings all mysteriously disappeared at around the same time (late afternoon/early evening Eastern US time, 14 March), and I don't know why. All the sellers are claiming in broken English (it was import-from-CN/HK/TW *only*) that they're out of stock and I'm not sure I can believe that -- I had written one such seller a mere 7-1/2hrs earlier, and they'd had (reportedly) 30 in stock at that time.

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

Hi  Shame about Stateside.  Well I can say 2G is alive and well here in Europe I can say that definately and I do suspect true much of the world.  One day they will pull the plug here too but hey let's have some fun while we can using a 50 cent module packed with stuff that makes a microcontroller look like a 555!!

  Are you sure? yes | no

Starhawk wrote 6 days ago point

It's only a matter of time -- https://en.wikipedia.org/wiki/2G#Past_2G_networks

There's your timeline.

Any 3g/4g cheap modules, or info on them...?

  Are you sure? yes | no

Marcrbarker wrote 6 days ago point

Everything in life is only a matter of time :-)  

Anyway, this project is about what the Neoway M590 2G module does that isn't published, in regions where 2G is still available. 

Finding the cheapest 3G/4G would be a different project to this one. If there isn't one on Hackaday how about someone create a Finding The Cheapest 3G /4G Module project ??

  Are you sure? yes | no

crun wrote 7 days ago point

Sadly 2G is now long gone here. 

Any ideas on the cheapest 3G module?

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates