From xdae3v3a at gmail.com Tue May 6 19:55:56 2014 From: xdae3v3a at gmail.com (E:V:A) Date: Tue, 6 May 2014 10:55:56 -0700 (PDT) Subject: Useful article on patching Nokia DCT4+ firmware In-Reply-To: References: Message-ID: <1399398956552-4026444.post@n3.nabble.com> Andrew Tipton wrote > Hi folks, > > Came across this article in the latest PoC||GTFO journal describing (part > of) the process for patching firmware on Nokia DCT4+ phones. The good > stuff is pages 22-29 of this file: > > http://openwall.info/wiki/_media/people/solar/pocorgtfo03.pdf > > Alas, this does not appear to permit patching the first 1MB of firmware, > so > may not be helpful for OsmocomBB. But perhaps someone with more time on > their hands can take this and run with it... > > > Cheers, > -Andrew That was indeed a very nice and entertaining find. Also the many links within that document should let you find both useful code and contacts. Furthermore, what is interesting is that it also provides a historical perspective of the xgold modems, which should be useful in paving the way to deeper studies in the more modern versions. -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Useful-article-on-patching-Nokia-DCT4-firmware-tp4026377p4026444.html Sent from the baseband-devel mailing list archive at Nabble.com. From ravisharan at iith.ac.in Thu May 8 07:58:47 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Thu, 8 May 2014 11:28:47 +0530 Subject: Error loading firmware onto Motorola C115. Message-ID: Hi, I am trying out osmocom-bb with the Motorla C115. I have compiled libosmocore as a shared library and osmocom successfully. Also, I have compiled a "arm-none'eabi" cross toolchain from scratch. I get the following error: $ osmocon -p /dev/ttyUSB0 -m c123 ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 00 00 .. got 4 bytes from modem, data looks like: 1b f6 02 00 .... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): file_size=25184, hdr_len=4, dnload_len=25191 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/25191) handle_write(): 4096 bytes (8192/25191) handle_write(): 4096 bytes (12288/25191) handle_write(): 4096 bytes (16384/25191) handle_write(): 4096 bytes (20480/25191) handle_write(): 4096 bytes (24576/25191) handle_write(): 615 bytes (25191/25191) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 45 E got 1 bytes from modem, data looks like: 53 S got 1 bytes from modem, data looks like: 16 . Received DOWNLOAD NACK from phone, something went wrong :( got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 Can the error be because of the toolchain ? Or can it be that my device is refusing connection with osmocon ? Thanks in advance. Ravi Sharan -------------- next part -------------- An HTML attachment was scrubbed... URL: From Daniel.Lehne at abv.bg Thu May 8 08:25:02 2014 From: Daniel.Lehne at abv.bg (Daniel Lehne) Date: Thu, 08 May 2014 09:25:02 +0300 Subject: Error loading firmware onto Motorola C115. In-Reply-To: References: Message-ID: <536B233E.7060004@abv.bg> On 8.5.2014 ?. 08:58 ?., Ravi Sharan wrote: > Hi, > I am trying out osmocom-bb with the Motorla C115. I have compiled > libosmocore as a shared library and osmocom successfully. Also, I have > compiled a "arm-none'eabi" cross toolchain from scratch. I get the > following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > > got 1 bytes from modem, data looks like: 00 . > got 2 bytes from modem, data looks like: 00 00 .. > got 4 bytes from modem, data looks like: 1b f6 02 00 .... > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 01 . > got 1 bytes from modem, data looks like: 40 @ > Received PROMPT1 from phone, responding with CMD > read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): > file_size=25184, hdr_len=4, dnload_len=25191 > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 43 C > Received PROMPT2 from phone, starting download > handle_write(): 4096 bytes (4096/25191) > handle_write(): 4096 bytes (8192/25191) > handle_write(): 4096 bytes (12288/25191) > handle_write(): 4096 bytes (16384/25191) > handle_write(): 4096 bytes (20480/25191) > handle_write(): 4096 bytes (24576/25191) > handle_write(): 615 bytes (25191/25191) > handle_write(): finished > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( > got 1 bytes from modem, data looks like: 66 f > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6d m > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6c l > Received FTMTOOL from phone, ramloader has aborted > got 1 bytes from modem, data looks like: 65 e > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 > > > Can the error be because of the toolchain ? Or can it be that my > device is refusing connection with osmocon ? > > Thanks in advance. > > Ravi Sharan Hello, what is the USB port type USB 1.00 may not working, try it on a faster USB port, if possible. Otherwise there is a patch available, optimizing the loader in relation of file reload. The problem is that this patch isn't compatible to actual mainline. This failure is already discussed on the mail-list, you will find it. Best regards! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ravisharan at iith.ac.in Thu May 8 10:31:29 2014 From: ravisharan at iith.ac.in (Ravi Sharan) Date: Thu, 8 May 2014 14:01:29 +0530 Subject: Error loading firmware onto Motorola C115. In-Reply-To: <536B233E.7060004@abv.bg> References: <536B233E.7060004@abv.bg> Message-ID: Hi, The cable is currently hooked onto USB 2.0 port. Will look into the patch and post updates. Thanks. Ravi Sharan On Thu, May 8, 2014 at 11:55 AM, Daniel Lehne wrote: > On 8.5.2014 ?. 08:58 ?., Ravi Sharan wrote: > > Hi, > I am trying out osmocom-bb with the Motorla C115. I have compiled > libosmocore as a shared library and osmocom successfully. Also, I have > compiled a "arm-none'eabi" cross toolchain from scratch. I get the > following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > got 1 bytes from modem, data looks like: 00 . > got 2 bytes from modem, data looks like: 00 00 .. > got 4 bytes from modem, data looks like: 1b f6 02 00 .... > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 01 . > got 1 bytes from modem, data looks like: 40 @ > Received PROMPT1 from phone, responding with CMD > read_file(/home/ravi/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin): > file_size=25184, hdr_len=4, dnload_len=25191 > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 41 A > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 43 C > Received PROMPT2 from phone, starting download > handle_write(): 4096 bytes (4096/25191) > handle_write(): 4096 bytes (8192/25191) > handle_write(): 4096 bytes (12288/25191) > handle_write(): 4096 bytes (16384/25191) > handle_write(): 4096 bytes (20480/25191) > handle_write(): 4096 bytes (24576/25191) > handle_write(): 615 bytes (25191/25191) > handle_write(): finished > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( > got 1 bytes from modem, data looks like: 66 f > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6d m > got 1 bytes from modem, data looks like: 74 t > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 6c l > Received FTMTOOL from phone, ramloader has aborted > got 1 bytes from modem, data looks like: 65 e > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 6f o > got 1 bytes from modem, data looks like: 72 r > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 00 > > > Can the error be because of the toolchain ? Or can it be that my device is > refusing connection with osmocon ? > > Thanks in advance. > > Ravi Sharan > > Hello, > > what is the USB port type USB 1.00 may not working, try it on a faster USB > port, if possible. > Otherwise there is a patch available, optimizing the loader in relation of > file reload. The problem is that this patch isn't compatible to actual > mainline. > This failure is already discussed on the mail-list, you will find it. > > Best regards! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From msokolov at ivan.Harhan.ORG Thu May 8 19:51:05 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Thu, 8 May 2014 17:51:05 GMT Subject: Error loading firmware onto Motorola C115. Message-ID: <1405081751.AA09924@ivan.Harhan.ORG> Ravi Sharan wrote: > I am trying out osmocom-bb with the Motorla C115. [...] < I get the following error: > > $ osmocon -p /dev/ttyUSB0 -m c123 > ~/osmocom-bb/src/target/firmware/board/compal_e88/hello_world.compalram.bin > [snipped the part where everything goes as it should] > got 1 bytes from modem, data looks like: 1b . > got 1 bytes from modem, data looks like: f6 . > got 1 bytes from modem, data looks like: 02 . > got 1 bytes from modem, data looks like: 00 . > got 1 bytes from modem, data looks like: 45 E > got 1 bytes from modem, data looks like: 53 S > got 1 bytes from modem, data looks like: 16 . > Received DOWNLOAD NACK from phone, something went wrong :( Try -m c123xor instead of -m c123. HTH, SF From msokolov at ivan.Harhan.ORG Thu May 8 22:54:45 2014 From: msokolov at ivan.Harhan.ORG (Michael Spacefalcon) Date: Thu, 8 May 2014 20:54:45 GMT Subject: Useful article on patching Nokia DCT4+ firmware Message-ID: <1405082054.AA10256@ivan.Harhan.ORG> "E:V:A" wrote: > That was indeed a very nice and entertaining find. Also the many links > within that document should let you find both useful code and > contacts. Furthermore, what is interesting is that it also provides > a historical perspective of the xgold modems, which should be useful in > paving the way to deeper studies in the more modern versions. Entertaining as it is, keep in mind that the fellow who did that hack and wrote the article about it got *paid* to make those Kosher phones for the religious customers in question. In the absence of such a paid arrangement, I don't really understand why someone would willingly waste her time trying to hack a "modern" phone, dealing with chips sans docs, tivoized bootloaders and firmware that only exists as binaries without source or even semi-src. The big question is: WHY would anyone willingly choose to suffer through that mess, when instead one can choose to use a phone based on the good old Calypso chipset, with full docs, full schematics for some models, and a published semi-src for TI's reference firmware version? Yes, Calypso is old. Ancient, to be more precise. But so what? It still works! If it ain't broke, don't fix it. Dismissing a perfectly working and usable solution merely because of its mature age is irrational. Yes, Calypso-based phones are no longer made, and every existing model that is still obtainable on ebay etc is crippled in one way or another. But so what? We can solve this problem by building our own Calypso- based "dumbphone", and making it exactly the way we like. Yes, Calypso chips themselves aren't made any more either. But what is the total number of people in the world who would want a "dumbphone" running their own free firmware? Is it greater or less than 100? If the number of people desiring such a phone is <= 100, I already have enough Calypso+etc chipsets for all 100 of us sitting in my desk drawer. If the number of interested persons is > 100, there should be more chips still available in the vast nation of China. Yes, the available surplus of Calypso/Iota/Rita chips won't last forever. But if there really are so many of us to exhaust that supply, then surely we could pay some Chinese chip fab to reverse-eng that old silicon and fab new verbatim clones in whatever quantity we need. I just posted an update to the other mailing list, showing where the free & usable Calypso dumbphone project currently stands and how it is progressing: http://lists.openmoko.org/pipermail/community/2014-May/069469.html VLR, SF