SEQ	COMMAND	TX_OPCODE	RX_OPCODE	DATA_FIELDS	DATA_DEFAULTS	OPTION_FIELDS	OPTION_DEFAULTS	DATA_WIDTH	DESCRIPTION
1	READ					TIMEOUT READ	2 YES		Read only
2	GENERIC_COMMAND - Send Generic Opcode/Data Hex String			STRING		TIMEOUT READ	10 YES		Enter the opcode and parameter data in the command window.
3	AT_MODE - Sends AT+MODE=1 for serial comm	41542B4D4F44453D310D0A	41542B4D4F44453D310D0A			TIMEOUT READ	2 YES		No data required
4	AUD_CTRL - Control Audio	0003	0003	CONTROL	01	TIMEOUT READ	2 YES		CONTROL (1 byte): 00=Vibrator off 01=Vibrator on
5	AUD_LPB - Audio Loopback	0004	0004	TYPE	00	TIMEOUT READ	2 YES		TYPE (1 byte): 02=13k Vocoder off 03=13k Vocoder on
6	AUD_LVL - Audio Level	0005	0005	LEVEL	80	TIMEOUT READ	2 YES		LEVEL (1 byte): 00 to 0F=Set volume level 8x=Read current volume level
7	AUD_PATH - Set Audio Path	0006	0006	DATA	0000	TIMEOUT READ	2 YES		DATA (variable): Depends
8	AUD_TN_GEN - Enable/Disable Audio Tone	0044	0044	ACTION FREQ1 LEVEL1 FREQ2 LEVEL2 FREQ3 LEVEL3	80 0000 0000 0000 0000 0000 0000	TIMEOUT READ	2 YES		ACTION (1 byte): Bit 7: 0x=Generate tone 8x=Stop generating tone Bits 6:0: Number of frequencies to generate - Valid range=01 to 03 FREQ1 (2 bytes): First phased frequency LEVEL1 (2 bytes): Valid range=0000 to 3FFF FREQ2 (2 bytes): Second phased frequency LEVEL2 (2 bytes): Valid range=0000 to 3FFF FREQ3 (2 bytes): Third phased frequency LEVEL3 (2 bytes): Valid range=0000 to 3FFF
9	AUD_TN_LST - Audio Tone List	0000	0000	ENABLE TONE	80 0000	TIMEOUT READ	2 YES		ENABLE (1 byte): 00=Enable tone 80=Disable tone TONE (2 bytes):
10	AUTOCYCLE_5100	0002	0002	ENABLE	01	TIMEOUT READ	2 YES		ENABLE (1 byte): 01=Enable auto cycle mode
11	AUTOCYCLE_6xxx	0002	0002	RESERVED AMPSCHAN RESERVED CDMACHAN RESERVED PCSCHAN RESERVED AMPSPWR CDMAPWR PCSPWR RESERVED AUDIOGAIN RESERVED RINGERGAIN RESERVED	01000000 0000 0000 0000 0000 0000 0000 00 00 00 00 00 000000 00 0000000000	TIMEOUT READ	2 YES		RESERVED (4 bytes): Default value AMPSCHAN (2 ytes): Amps channel to use RESERVED (2 bytes) CDMACHAN (2 bytes): Cdma channel to use RESERVED (2 bytes) PCSCHAN (2 bytes): pcs channel to use RESERVED (2 bytes) AMPSPWR (1 byte): amps power level CDMAPWR (1 byte): cdma power level PCSPWR (1 byte): pcs power level RESERVED (1 byte) AUDIOGAIN (1 byte) audio gain level RESERVED (3 bytes) RINGERGAIN (1 byte): ringer gain to use RESERVED (5 bytes)
12	BT - Bluetooth Control	0042	0042	DATA		TIMEOUT READ	2 YES		DATA (variable): BT TCI unsolicited message
13	CARRIER - Enable/Disable Transmit Carrier	0007	0007	ENABLE	01	TIMEOUT READ	2 YES		ENABLE (1 byte): 01 = enable 00 = disable
14	CP_MODE - Set Sub-mode	000A	000A	SUBMODE	80	TIMEOUT READ	2 YES		SUBMODE (1 byte): 80=Get 01=CDMA800 02=CDMA1900
15	CW	0D03	0D03	MODE DATA	00	TIMEOUT READ	2 YES		MODE (1 byte): 00=Off 01=On DATA: Not needed for normal command. For BT options: 01=BT Supporting Data: BT Channel (1 byte)
16	DIP_SWITCH	0D00	0D00	ACTION DATA	01	TIMEOUT READ	2 YES		ACTION (1 byte): 01=Get 00=Set 02=Clear Tx Accum 03=Read Tx Acum Data Dip switch value
17	ERS_PANIC - Erase Panic Information In Flash	000C	000C			TIMEOUT READ	2 YES		No data required.
18	FLEX_SWITCH	0D05	0D05	MODE	00	TIMEOUT READ	2 YES		MODE (1 byte): 00=Factory 01=Customer
19	FLIP - Read/Write Flip	0043	0043	STATE	80	TIMEOUT READ	2 YES		STATE (1byte): 80=Read the flip state 40=Write the flip state opened 00=Write the flip state closed
20	FMTX	0D09	0D09	PARAMETER DATA	0000 0000	TIMEOUT READ	2 YES		PARAMETER (2 bytes): 0000=SetFreq 0001=Mute Control 0002=Stereo Control 0003=Tx Control Value (2 bytes): Dependant on parameter
21	FSAC - File System Access	004A	004A	PARAMETER DATA	00000004	TIMEOUT READ	60 YES		PARAMETER (4 bytes): 0x00000000 = Open File 0x00000001 = Read File 0x00000002 = Write File 0x00000003 = Seek File 0x00000004 = Close File 0x00000005 = Delete File 0x00000006 = Clear File 0x00000010 = Format Volume DATA (variable): Open file: Bytes (1-4) 00000000 = Default 00000001 = Read Only 00000002 = Hidden 00000004 = Preload/System Bytes (5 - (n+4)) Filename Read File (4 Bytes): # of bytes to read Write File: Bytes (1-4) # of bytes to write Bytes (5 - (n+4) Data to write Seek File: (Bytes 1-4) Offset to move by (Byte 5) Initial location of pointer Close File: No Data Delete File: Filename to delete Clear File (1 Byte): 00 = All 01 = User Files 02 = Read Only files 03 = Hidden files 04 = Preload/System Files Format Volume Data (1-511) bytes = Volume Name
22	EFSAC - File System Access	0060	0060	PARAMETER DATA	00000004	TIMEOUT READ	60 YES		PARAMETER (4 bytes): 0x00000000 = Open File 0x00000001 = Read File 0x00000002 = Write File 0x00000003 = Seek File 0x00000004 = Close File 0x00000005 = Delete File 0x00000006 = Clear File 0x00000010 = Format Volume DATA (variable): Open file: Bytes (1-4) 00000000 = Default 00000001 = Read Only 00000002 = Hidden 00000004 = Preload/System Bytes (5 - (n+4)) Filename Read File (4 Bytes): # of bytes to read Write File: Bytes (1-4) # of bytes to write Bytes (5 - (n+4) Data to write Seek File: (Bytes 1-4) Offset to move by (Byte 5) Initial location of pointer Close File: No Data Delete File: Filename to delete Clear File (1 Byte): 00 = All 01 = User Files 02 = Read Only files 03 = Hidden files 04 = Preload/System Files Format Volume Data (1-511) bytes = Volume Name
23	GET_ALERT_STATE	0D13	0D13	RESERVED STATE	00 00	TIMEOUT READ	2 YES		RESERVED (1 byte): 00 STATE (1 byte): 00=Incoming call 01=Unread VM count 02=Unread SMS count
24	GET_DISPLAY	0D12	0D12	RESERVED XSCALE YSCALE RESERVED DISPLAYPATH	00 0000 0000 0000	TIMEOUT READ	2 YES		RESERVED (1 byte): 00 XSCALE (2 bytes): Xscale parameter YSCALE (2 bytes): Yscale parameter RESERVED (2 bytes): 0000 Displaypath in hex
25	GET_PANIC - Read Information Out Of Panic Sector	000E	000E	OFFSET SIZE	0000 0000	TIMEOUT READ	2 YES		OFFSET (2 bytes): Offset from beginning of the location where Panic data is stored Size (2 bytes): 0000=read entire 8k data Valid range for number of bytes to read=0001 to 2000
26	GET_RX_AGC	0D0D	0D0D			TIMEOUT READ	2 YES		No data required.
27	GPIO_TEST - Read/Write GPIO Port/Register	0041	0041	ACTION PORT MASK VALUE DIRECTION DATA	00 00 00000000 00000000 00000000	TIMEOUT READ	2 YES		ACTION (1 byte): 00=Read 01=Write 02=Configure PORT (1 byte): 00=MSM0 01=MSM1 02=MSM2 03=MSM3 04=MSM4 10=AP0 11=AP1 12=AP2 12=AP2 13=AP3 MASK (4 bytes): Used when configuring pins with bit 0=pin 0 to bit 32=pin 32. 0=No change 1=To be configured VALUE(4 bytes): Used when writing to pins with bit 0=pin 0 to bit 32=pin 32. DIRECTION (4 byte2): Used when configuring pins enabled in MASK. 0b=Input 1b=Output Data:
28	GPS_CHECK_AGC	0D02	0D02			TIMEOUT READ	2 YES		No data required.
29	GPS_GET_CN	0D0F	0D0F			TIMEOUT READ	2 YES		No data required.
30	HOB	0D07	0D07	PARAMETER	00	TIMEOUT READ	2 YES		PARAMETER (1 byte): 00=Save RF to HOB 01=Restore RF from HOB 02=Validate Barker 03=HOB State 04=Verify Restore
31	HS_USB	0D22	0D22			TIMEOUT READ	2 YES
32	I2C	0D06	0D06	MODE SLAVEADD REGISTER OPTIONS LENGTH DATA	00 00 00 0000 0000	TIMEOUT READ	2 YES		MODE (1 byte): 00=Read 01=Write SLAVEADD (1 byte): Slave address REGISTER (1 byte): Slave register OPTIONS (2 bytes): Options LENGTH (2 bytes): Length of data to read/write DATA depends
33	IMAGE_INFO	0D20	0D20	DATA		TIMEOUT READ	2 YES
34	INVM - Initialize Non-volatile Memory	0012	0012	LEVEL	00	TIMEOUT READ	2 YES		LEVEL (1 byte): 00=Master Reset 01=Master Clear
35	KEYS - Perform Multiple Keypresses	0013	0013	KEY		TIMEOUT READ	2 YES		KEY (variable): Array of Key codes
36	KEY_PRESS - Perform Single Keypress	0045	0045	ACTION KEY	00 00	TIMEOUT READ	2 YES		ACTION (1 byte): 80=Press 00=Release KEY(1 byte): Key code
37	KEY_TEST - Return Last Keypress	003F	003F			TIMEOUT READ	2 YES		No data required.
38	LDO_V_CTRL	0D10	0D10	STATE LDO	00 00	TIMEOUT READ	2 YES		STATE (1 byte): 00=Off 01=On LDO (1 byte): LDO to control
39	LDO_LVL	0D11	0D11	LDO LDOVALUE	00 00	TIMEOUT READ	2 YES		LDO (1 byte): LDO LDOVALUE (1 byte): Value for the selected LDO
40	LEDS - Enable/Disable LEDS	003E	003E	PARAMETER DATA	00	TIMEOUT READ	2 YES		LED (I byte): 00=Keypad backlight LED 01=Main display backlight LED 02=CLI display backlight LED 03=Red LED 04=Green LED 06=LCD Drv 07=GP1 Drv 08=GP2 Drv 0A=Camera Flash 0B=Touchpad 02=Funlights
41	LOAD_SYN - Load Synthesizer	0014	0014	CHANNEL BAND	384 0	TIMEOUT READ	2 YES	2 1	CHANNEL (2 bytes): Valid range: 1 to 799 990-1023 (CDMA AMPS 800 MHz) 25 to 1175 (CDMA 1900 MHz) BAND 00 default
42	LONG_STAT - Return Status Data	0015	0015	COMMAND	00	TIMEOUT READ	2 YES		COMMAND (1 byte): 00=default
43	MASWITCH	0D04	0D04	MODE	0000	TIMEOUT READ	2 YES		MODE (1 byte): 0100=Get 0002=CDMA Mode 0001=GSM Mode
44	MSG_INJ - Send a SUAPI Message	0033	0033	TYPE DEST_LENGTH REP_LENGTH DATA_LENGTH DEST_PORT REP_PORT DATA	00000000 00 00 0000	TIMEOUT READ	2 YES		TYPE (4 bytes): Application ID DEST_LENGTH (1 byte): Length of destination port ID REP_LENGTH (1 byte): Length of reply port ID DATA_LENGTH (2 bytes): Length of SUAPI message data DEST_PORT (variable): ASCII string ID REP_PORT (variable): ASCII string ID DATA (variable): SUAPI mesage data.
45	MSG_RT - Set Routing Of SUAPI Ports	0034	0034	SELECTION PORT_LIST	00 <320 bytes>	TIMEOUT READ	2 YES		SELECTION (1 byte): 00=Changes take effect at next power up. 40=Changes are immediate. 80=Both immediate and at power up. PORT_LIST (320 bytes max.): List of port names to be set to intercept mode.
46	PING - Check the TCI Connection	0FFF	0FFF			TIMEOUT READ	2 YES		No data required.
47	PWR_OFF - Power Off	001E	001E			TIMEOUT READ	2 YES		No data required.
48	RAW_DATA			DATA		TIMEOUT READ BYTE_SWAP	2 YES
49	READ_ADC	0D01	0D01	PARAMETER	00	TIMEOUT READ	2 YES		PARAMETER (1 byte): ADC to read
50	RDELEM - Read Memory Element	0020	0020	ELEMENT_ID REC OFFSET LENGTH	0000 0000 0000 0000	TIMEOUT READ	2 YES		ELEMENT_ID (2 bytes): Specifies the Element ID. RECORD (2 bytes): Specifies the record number of the element. OFFSET (2 bytes): Specifies the offset in bytes into the record. Set to 0 to read the entire record. LENGTH (2 bytes): Length in bytes of the data to be read.
51	RDWR_REG	0D14	0D14	DATA		TIMEOUT READ	2 YES
52	RDWR_SPI - Read/Write SPI Data	0021	0021	LENGTH DEVICE DATA	0000 00	TIMEOUT READ	2 YES		LENGTH (2 bytes): This field specifies the number of bits to write to the SPI device. DEVICE (1 byte): 02=Read from GCAP 03=Write to GCAP DATA (variable): Array of bytes to send on the SPI bus (MSb first). If the number of bits to send (specified in LENGTH) is not an integer number of bytes then the last byte must be padded with 0s.
53	RESTART - Software Restart	0022	0022			TIMEOUT READ	2 YES		No data required.
54	RQ - Request Data	0026	0026	PARAMETER	02	TIMEOUT READ	2 YES		PARAMETER (1 byte): 02=Smart Battery
55	SBSDY_LCK - Set/Check/Change Master Subsidy Lock Code	0035	0035	ACTION CODE	00 <14 bytes>	TIMEOUT READ	2 YES		ACTION (1 byte): 00=MSL status 01=Verify MSL code 02=Change MSL code 04=Verify service password CODE (14 bytes): Code format is detmined by ACTION.
56	SET_BAUD	41542B4950523D3131353230300D0A	41542B4950523D3131353230300D0A			TIMEOUT READ	2 YES
57	SET_PDM	0D0E	0D0E	PARAMETER VALUE	00 0000	TIMEOUT READ	2 YES		PARAMETER (1 byte): 00=TXAGC 01=TRKLO VALUE (2 bytes): Pdm value to set
58	SET_RF_PWR - Set Transmit Power Level	002D	002D	LEVEL	00	TIMEOUT READ	2 YES	1	LEVEL (1 byte): 0 to 7 (CDMA-AMPS) Tx output power in 2's compliment format (CDMA 800 1900).
59	SMARTCARD - Read Write Smartcard	003C	003C	ACTION CARD_ID FILE REC OFFSET LENGTH DATA	00 00 00 00 0000 0000	TIMEOUT READ	2 YES		ACTION (1 byte): 00 = Read form elementary file 01 = Write to elementary file CARD_ID (1 byte): This field specifies the card of the file that is being read/written. FILE (1 byte): This field specifies the name of the file that is being read/written. REC (1 byte): This field specifies which record is being read/written. OFFSET (2 bytes): This field specifies the offset in bytes into the record. Set field to 0 to read/write entire record. LENGTH (2 bytes): The length in bytes to be read/written DATA (variable): A byte array of data to write to the Smart card.
60	STELEM - Store Memory Element	002F	002F	ELEMENT_ID REC OFFSET LENGTH DATA	0000 0000 0000 0000	TIMEOUT READ	2 YES		ELEMENT_ID (2 bytes): Specifies the Element ID. REC (2 bytes): Specifies the record number of the element. OFFSET (2 bytes): Specifies the offset in bytes into the record. Set to 0 to read the entire record. LENGTH (2 bytes): Length in bytes of data to be written. DATA (variable): A byte array of data
61	SUSPEND - Enter Test Mode	0036	0036	MODE	80	TIMEOUT READ	2 YES		MODE (1 byte): 00=Test Mode 01=Normal Mode 02=Handset Test Mode 8x=Read Current Mode
62	TRAC_ACTIVE	0055	0055	MODE	00	TIMEOUT READ	2 YES		MODE (1 byte): 01=Off to ST 02=ST to On 03=Off to On
63	TRAC_ENC_KEY	0D0A	0D0A	MODE DATA	00	TIMEOUT READ	2 YES		MODE (1 byte): 00=Get 01=Set Data: For Set mode only
64	TRAC_RPC	0D0B	0D0B	MODE	00	TIMEOUT READ	2 YES		MODE (1 byte): 00=Test 01=Production
65	TSB	0D21	0D21	DATA		TIMEOUT READ	2 YES
66	TSB_SIGNAL_LEVEL	0D23	0D23	DATA		TIMEOUT READ	2 YES
67	TST_CAMERA - Camera command	0061	0061	PARAMETER DATA	02 00	TIMEOUT READ	10 YES		PARAMETER (1 byte): 0x00 = Start/Stop Viewfinder 0x01 = Cature JPEG 0x02 = Capture MP4 0x03 = Set/Get Attribute 0x11 = View JPEG 0x12 = View MP4 DATA (variable): Start/Stop Viewfinder (2 Bytes): Set/Get (1/2 byte) [D7-D4]: 0x0 = Set 0x01 = Get Action (1/2 byte) [D3-D0]: 0x0 Stop Viewfinder 0x1 = Start Viewfinder 0x2 = Switch to external viewfinder 0x3 = Switch to internal viewfinder Media Type (1/2 byte) [D7-D4]: 0x0 = Still Image 0x1 = Video Still Image Res (1/2 Byte) [D3-D0]: 0x0 = VGA 0x1 = QVGA 0x2 = SQVGA 0x3 = QQVGA 0x4 = QQQVGA 0x5 = CIF 0x6 = QCIF 0x7 = SQCIF Capture JPEG (variable): Action (1 byte): 0x00 = Capture Still Image Filename (Bytes 1-257 variable) Capture MP4 (variable): Action (1 byte): 0x00 = Starts Video Capture 0x01 = Stops Video Capture Filename (Bytes 1-257 variable) Set/Get Attribute (2 Bytes): Set/Get (Byte 1)[D7]: 0b = Set Attribute 1b = Get Attribute Camera Attribute (Byte 1)[D6-D0]: 0000000b = White balance Attribute (Byte 2): 0x00 = Reserved 0x01 = Sunny 0x02 = Cloudy 0x03 = Indoor Home (incandescent) 0x04 = Indoor Office (fluorescent) 0x05 = Automatic
68	TST_DISP - Test Display	0037	0037	PARAMETER DATA	00	TIMEOUT READ	2 YES		PARAMETER (1 byte): 00=Get display configurations 01=Select display 02=Display predefined pattern 09=Write register 0A=Read register DATA(variable): No data required to a variable array of data required. Data format is determined by PARAMETER.
69	TST_MMC	0C1B	0C1B	PARAMETER DATA	0000	TIMEOUT READ	2 YES		PARAMETER (2 bytes): 0000=Read MMC Addr 0001=Read MMC Reg 0002=Read MMC Data 0003=Detect 0004=Read 0005=Write DATA depends
70	VERSION - Read Software Version Numbers	0039	0039	TYPE	FFFF	TIMEOUT READ	2 YES		TYPE (2 bytes): FFFF= Release Label
71	WLAN	0C1F	0C1F	PARAMETER DATA	0000	TIMEOUT READ	2 YES		PARAMETER (2 bytes): 0000=Raw Data Mode 0001=Download Firmware 0002=Reset IC 0003=Read MAC Address 0004=Write MAC Address 0005=Set attributes and tx 0006=Get attributes 0007=Start Rx Packet counter 0008=Query Rx Packet counter 0009=Start RSSI 000A=Query RSSI 000B=Power Down 000C=Scan and Associate 000D=Store phasing param 000E=Set # frames 000F=Adj Cal Offset 0010=MAPI Config 0011=Get Cal Values 0012=Scan All 0013=Set ELP Mode 0014=Write TI register 0015=Query TI register 0016=Write NVS Data 0017=Query NVS Data DATA depends on parameter
72	WR_OTP	0E01	0E01			TIMEOUT READ	2 YES		No data required.
73	WR_PBK	004B	004B	LOCATION FIELDSEP NUMBER FIELDSEP NAME FIELDSEP TYPE FIELDSEP	0000 000D 0000 000D 0000 000D 0000 000D	TIMEOUT READ	2 YES		LOCATION (2 bytes): phonebook location FIELDSEP (2 bytes): Must be 000D NUMBER (2 bytes):number to store FIELDSEP (2 bytes): Must be 000D NAME (2 bytes): name for location FIELDSEP (2 bytes): Must be 000D TYPE (2 bytes): entry type FIELDSEP (2 bytes): Must be 000D
74	XUPID - Get/Set Extended Universal Platform Identifier	0038	0038	ACTION XUPID	00	TIMEOUT READ	2 YES		ACTION (1 byte): 00=Get 80=Set XUPID (4 bytes): Specifies the XUPID (set only).
EOF