FreeCalypso > hg > fc-am-toolkit

annotate doc/C1xx-boot-utils @ 28:58824cef4601

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/C1xx-boot-utils: new article
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 12 Jun 2023 06:00:57 +0000
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
28
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
1 The present fc-am-toolkit package is mostly shell scripts, automating the
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
2 convoluted workflows for running FreeCalypso firmware on alien targets in
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
3 aftermarket configurations, but it also contains some C programs for working
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
4 with flash images read out of C1xx phones, particularly the bootloader part
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
5 which is absolutely critical on these brickable phones. The following 3
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
6 utilities are provided - all 3 are used by c1xx-analyze-image script, but they
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
7 may also be useful on their own.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
8
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
9 c139-analyze-boot
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
10 =================
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
11
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
12 This program takes a binary file containing either the complete flash dump from
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
13 a lower-submodel C1xx phone (C139/140 or C11x/12x) or the beginning of one (must
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
14 be at least 0x2064 bytes) and checks it for presence of lower-submodel-C1xx
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
15 bootloader code that must be present in the boot sector on these phones. The
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
16 program prints a single keyword on stdout, indicating its findings, and exits
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
17 successfully. The following 4 classifications are emitted by this program:
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
18
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
19 fc
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
20
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
21 compal-flash-boot-for-fc.bin bootloader has been identified, the patched
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
22 bootloader version we put in sector 0 on these Compal phones when we run
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
23 FC firmware on these phones.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
24
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
25 unlocked
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
26
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
27 Found one of the lock-free bootloader versions (either C11x or C139),
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
28 or found a lockable bootloader version, but the lock word at 0x2060 is
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
29 set to 0xDDDDDDDD, meaning unlocked.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
30
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
31 locked
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
32
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
33 Found one of the lockable, but otherwise good bootloader versions
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
34 (either C11x or C139), and the lock word at 0x2060 contains 0 or some
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
35 other value than the needed magic. This status indicates that the flash
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
36 image in its given state is boot-locked (bad), but it can be transformed
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
37 into a boot-unlocked image with c139-patch-dmagic - see below.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
38
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
39 unknown
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
40
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
41 None of the known-good bootloader versions have been identified. The
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
42 bootloader you got may be one of the later versions that have been
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
43 locked down more heavily, and these flash images are EXTREMELY UNSAFE.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
44 You should NEVER flash any such images back into a phone: our defenses
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
45 against bricking don't work with such maliciously modified bootloader
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
46 versions, and if you try to flash one (even if you are only seeking to
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
47 restore what you originally read out of the flash) and the process gets
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
48 interrupted in any way (meaning the full, long process), your phone may
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
49 be bricked beyond all recovery!
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
50
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
51 If you are able to somehow break into a phone with one of these ultra-
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
52 malicious bootloader versions (and you must have been able to break in
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
53 somehow, if you got a flash image you are analyzing), the generally
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
54 recommended course of action is to make a one-way transition to a
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
55 better, non-malicious official Motorola firmware version.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
56
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
57 c139-patch-dmagic
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
58 =================
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
59
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
60 This program needs to be run if c139-analyze-boot returned "locked" on your
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
61 flash image. This program opens the given binary file in writable mode and
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
62 patches the unlocking magic word 0xDDDDDDDD at offset 0x2060, thereby turning
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
63 the locked flash image into an unlocked one. If the image you've read out of
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
64 flash is a locked one, as determined by c139-analyze-boot, and you wish to
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
65 reflash that same fw version back into your phone (or into a different phone),
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
66 you MUST unlock the image with c139-patch-dmagic before flashing it with
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
67 fc-loadtool - if you proceed with flashing a locked image, you will have a very
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
68 high chance of bricking your phone (beyond all recovery!), as our regular
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
69 defenses against bricking don't work with locked bootloaders.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
70
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
71 c155-analyze-boot
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
72 =================
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
73
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
74 This program is a very simplified logical equivalent of c139-analyze-image for
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
75 C155/156 subfamily. Perhaps it is because these phones are less common, but I
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
76 (Mother Mychaela) have not yet encountered any locked or otherwise modified
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
77 versions of C155/156 bootloader beyond the one known classic version.
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
78 c155-analyze-boot currently checks for this one known bootloader version, and
58824cef4601 doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
79 prints "ok" if the image matches or "unknown" otherwise.