A Convenient Tool to Send AT Commands

PmgRiPhone of elite team has released a tool (sendmodem) to send command directly to iPhone modem. This is convenient. The tool uses /dev/tty.debug to communicate with modem, so you don’t have to turn off the communication center during the operations.

The command syntax is quite straight forward:

sendmodem “AT command”

Here are some examples:

Querying the baseband version:

Querying the lock state:
sendmodem “AT+XSIMSTATE=1”

Querying the battery capacity:
sendmodem “AT+CBC”

Querying the signal quality:
sendmodem “AT+CSQ”

If you wanna use double quote in an AT command, you have to escape it like in C language (“), eg.:

sendmodem “AT+CLCK=”PN”,2″

For available AT commands, refer to ETS 300 642 documentation.

UPDATE: to check the bootloader version of your iPhone, enter the following command (equivalent to ‘bbupdater -v’):

sendmodem “AT+XGENDATA”

Example output:

Sending command to modem: AT
Sending command to modem: AT+XGENDATA


The source code of sendmodem is here:

#include <stdio>
#include <stdlib>
#include <unistd>
#include <string>
#include <fcntl>
#include <termios>
#include <errno>
#include <time>

#define BUFSIZE (65536+100)
unsigned char readbuf[BUFSIZE];

static struct termios term;
static struct termios gOriginalTTYAttrs;
int InitConn(int speed);

void SendCmd(int fd, void *buf, size_t size)

    if(write(fd, buf, size) == -1) {
        fprintf(stderr, "SendCmd error. %sn", strerror(errno));

void SendStrCmd(int fd, char *buf)
    fprintf(stderr,"Sending command to modem: %sn",buf);
    SendCmd(fd, buf, strlen(buf));

int ReadResp(int fd)
    int len = 0;
    struct timeval timeout;
    int nfds = fd + 1;
    fd_set readfds;
    int select_ret;

    FD_SET(fd, &readfds);

    // Wait a second
    timeout.tv_sec = 1;
    timeout.tv_usec = 500000;

    while (select_ret = select(nfds, &readfds, NULL, NULL, &timeout) > 0)
        len += read(fd, readbuf + len, BUFSIZE - len);
        FD_SET(fd, &readfds);
        timeout.tv_sec = 0;
        timeout.tv_usec = 500000;
    if (len > 0) {
    readbuf[len] = 0;
    return len;

int InitConn(int speed)
    int fd = open("/dev/tty.debug", O_RDWR | O_NOCTTY);

    if(fd == -1) {
        fprintf(stderr, "%i(%s)n", errno, strerror(errno));

    ioctl(fd, TIOCEXCL);
    fcntl(fd, F_SETFL, 0);

    tcgetattr(fd, &term);
    gOriginalTTYAttrs = term;

    cfsetspeed(&term, speed);
    term.c_cflag = CS8 | CLOCAL | CREAD;
    term.c_iflag = 0;
    term.c_oflag = 0;
    term.c_lflag = 0;
    term.c_cc[VMIN] = 0;
    term.c_cc[VTIME] = 0;
    tcsetattr(fd, TCSANOW, &term);

    return fd;
void CloseConn(int fd)
    tcsetattr(fd, TCSANOW, &gOriginalTTYAttrs);

void SendAT(int fd)
    char cmd[5];

    //  SendStrCmd(fd, "ATr");
    SendCmd(fd, cmd, strlen(cmd));

void AT(int fd)
    fprintf(stderr, "Sending command to modem: ATn");
    for (;;) {
        if(ReadResp(fd) != 0) {
            if(strstr((const char *)readbuf,"OK") != NULL)

int main(int argc, char **argv)
    int fd;
    char cmd[1024];
    if(argc < 2)
        fprintf(stderr,"usage: %s <at>n",argv[0]);
        fprintf(stderr,"examples:t%s "AT+XSIMSTATE=1"n",argv[0]);
        fprintf(stderr,"tt%s "AT+XGENDATA"n",argv[0]);
        fprintf(stderr,"tt%s "AT+CLCK=\"SC\",2"n",argv[0]);
    fd = InitConn(115200);

    return 0;

UPDATE: Another proggie (igsm from Marcio’s iPhone Apps) has the similar functions (thanks Ais’ comment) or maybe more powerful, however, the igsm uses /dev/tty.baseband which means you have to turn off the communication center before using it, fortunately, igsm has options to do these jobs so you don’t have to enter the long ‘launchctl …’ lines manually.

The syntax:

usage: igsm [-p pin] [-c command … -c command] [-l] [-L] [-u] [-d] [-v] [-r]

-p pin SIM pin (if needed)
-d dump IMEI IMSI …
-c cmd command to be executed (more than 1 is supported)
-l load commcenter
-L list all jobs loaded into launchd
-u unload commcenter
-r reset baseband
-m string modem init string
-M num max lines on any command
-v verbose mode
-vv verbose mode and hex dump
-h this help
-hh extended help

An example:

# igsm -c AT+CPBS?
Opened: /dev/tty.baseband
> ATE0 – set echo OFF
< OK

> AT
< OK

> AT+CPIN? – SIM requires PIN ?
< OK

< +CPBS: “SM”,34,150
< OK

Marcio’s site also has a native utility iToggle, which can be useful if you frequently switch on/off some of your services. The following is a screenshot of the application’s startup screen:



