This thread is intended to document as much as is known (or can be figured out through reverse engineering) of the Cellular Services Daemon on the N900.

The Cellular Services Daemon is a daemon that handles most of the communication with the N900 Cellular Modem. It interfaces with other parts of the system over dbus and sends ISI messages to the N900 Cellular Modem via a kernel driver.

The following packages are involved in the working of the Cellular Services Daemon:
csd-base (Cellular Services Daemon)
libisi1 (base library for sending ISI messages to the N900 Cellular Modem)
libisi-glib0 (library for allowing libisi to work with glib)
libtelcommon0 (common utility library used for routing ISI packets)
libcsnet0 (Cellular Services Daemon network service plugin, handles network related things like cell tower change, 2g/3g switch, signal strength, connect/disconnect from cell network, change to a different cell network and date/time info sent by the network)
libsim0 (Cellular Services Daemon SIM plugin, handles talking to the SIM and retrieving info including IMSI, SIM-based operator name, home network and sim status)
libcscall2 (library for handling phone call stuff)
csd-call (Cellular Services Daemon call plugin, handles making and receiving phone calls and related activity)
csd-gprs (Cellular Services Daemon GPRS plugin, handles data transfer via 2G/3G networks)
libphinfo0 (library for retrieving phone information)
csd-info (Cellular Services Daemon info plugin, handles phone information like IMEI, serial number, product code, hardware version and cellular modem software version)
libsms0 (library for handling SMS messages)
libsms-utils0 (library for decoding/encoding SMS messages and doing other SMS related utility tasks)
csd-sms (Cellular Services Daemon SMS plugin, handles SMS messages including Cell Broadcast SMS messages)
libss1 (library for handling supplementary services)
csd-ss (Cellular Services Daemon supplementary services plugin, handles things like call diversion and call barring)
libsimpb0 (Cellular Services Daemon sim phone book plugin, handles talking to the phone book on the SIM)

Next post I will make will talk about the dbus interfaces exposed by the cellular services daemon and its plugins and link to all the known details of those interfaces.

The following known dbus interfaces are exposed by the Cellular Services Daemon (others may be exposed but nothing is known about them at this point)
com.nokia.csd.Call:
com.nokia.csd.Call is used to interact with/manage phone calls (dial a call, hang up a call, get call status, get notified about calls etc) The known details of com.nokia.csd.Call can be found in this file this file and this file

com.nokia.phone.net:
com.nokia.phone.net is used for cellular network status (e.g. current cell tower, current operator, 3G vs 2G vs both etc as well as status changes related to the network). The known details of com.nokia.phone.net can be found in this file and this file

com.nokia.csd.GPRS:
com.nokia.csd.GPRS is used for stuff related to cellular internet connectivity (both 2G and 3G) including setting up the connection, disconnecting and being notified of a connection) The known details of com.nokia.csd.GPRS can be found in this file this file and this file

com.nokia.csd.SMS:
com.nokia.csd.SMS is used for stuff related to sending and receiving SMS messages including Cell Broadcast SMS messages. The known details of com.nokia.csd.SMS can be found in this file

com.nokia.csd.SS:
com.nokia.csd.SS is used to interact with "supplementary services" such as call diversion. The known details of com.nokia.csd.SS can be found in this file and this file

com.nokia.phone.SIM:
com.nokia.phone.SIM is used to interact with the SIM card including the SIM phone book. The known details of com.nokia.csd.SIM can be found in this file

com.nokia.csd.Info


com.nokia.csd.Info is used to obtain certain information about the phone such as the version of the modem firmware and various hardware IDs. The known details of com.nokia.csd.Info can be found in this file

The details of these dbus interfaces came from the following sources:
the libcsnet-dev package in the maemo SDK repositories (contains full documentation for com.nokia.phone.net)
the csd-gprs package in the maemo repositories (contains full documentation for com.nokia.csd.GPRS although you cant normally get it because of docpurge and need to manually retrieve the deb file and pull the contents)
dbus introspection on various interfaces
open source code of maemo software (such as bluez)
reverse engineering of maemo software (using dbus-monitor, IDA pro and other things)

Do you think we'll have the chance to tap into the baseband through this? Or maybe preventing certain types of SMS to be received?

as far as i know you can't prevent receiving anything. but you can intercept and block received sms/call, and we have such software.

So no chance of at least creating a routine that will notify upon silent SMS?

if we'll have all daemon interfaces reverse-engineered, then we can rewrite the whole daemon and do anything we want. so… such possibility exists for sure.

What would be the reason for this, finding out if some trojan sends SMS'es to pay-numbers? (do such things exist?)

It exists and is even bundled with N900's software. It's called "cherry" - see e.g. http://wiki.maemo.org/N900_The_Perfect_Setup#Cherry .

Well my reasoning was more to screw silent SMS tracking up. I'm sick of being treated as a criminal and want to fight back. I don't care if this results in people using the N900 to escape government surveillance, but I think we deserve to get off the grid.

That's why I suggested this.

Frankly, no one need to use SMS to track you. It can be done via basic keep-alives TX/RX with cell tower