FreeCalypso > hg > fc-am-toolkit
annotate doc/C1xx-boot-utils @ 30:2d60f9a3032b default tip
LICENSE: public domain, copied from freecalypso-tools
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sat, 24 Jun 2023 04:24:38 +0000 |
| parents | 58824cef4601 |
| children |
| rev | line source |
|---|---|
|
28
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 The present fc-am-toolkit package is mostly shell scripts, automating the |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 convoluted workflows for running FreeCalypso firmware on alien targets in |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 aftermarket configurations, but it also contains some C programs for working |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 with flash images read out of C1xx phones, particularly the bootloader part |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 which is absolutely critical on these brickable phones. The following 3 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 utilities are provided - all 3 are used by c1xx-analyze-image script, but they |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 may also be useful on their own. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 c139-analyze-boot |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 ================= |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 This program takes a binary file containing either the complete flash dump from |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 a lower-submodel C1xx phone (C139/140 or C11x/12x) or the beginning of one (must |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 be at least 0x2064 bytes) and checks it for presence of lower-submodel-C1xx |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 bootloader code that must be present in the boot sector on these phones. The |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 program prints a single keyword on stdout, indicating its findings, and exits |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 successfully. The following 4 classifications are emitted by this program: |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 fc |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 compal-flash-boot-for-fc.bin bootloader has been identified, the patched |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 bootloader version we put in sector 0 on these Compal phones when we run |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 FC firmware on these phones. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 unlocked |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 Found one of the lock-free bootloader versions (either C11x or C139), |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 or found a lockable bootloader version, but the lock word at 0x2060 is |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 set to 0xDDDDDDDD, meaning unlocked. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 locked |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 Found one of the lockable, but otherwise good bootloader versions |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 (either C11x or C139), and the lock word at 0x2060 contains 0 or some |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 other value than the needed magic. This status indicates that the flash |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 image in its given state is boot-locked (bad), but it can be transformed |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 into a boot-unlocked image with c139-patch-dmagic - see below. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 unknown |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 None of the known-good bootloader versions have been identified. The |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
42 bootloader you got may be one of the later versions that have been |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
43 locked down more heavily, and these flash images are EXTREMELY UNSAFE. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
44 You should NEVER flash any such images back into a phone: our defenses |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
45 against bricking don't work with such maliciously modified bootloader |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
46 versions, and if you try to flash one (even if you are only seeking to |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
47 restore what you originally read out of the flash) and the process gets |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
48 interrupted in any way (meaning the full, long process), your phone may |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
49 be bricked beyond all recovery! |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
50 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
51 If you are able to somehow break into a phone with one of these ultra- |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
52 malicious bootloader versions (and you must have been able to break in |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
53 somehow, if you got a flash image you are analyzing), the generally |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
54 recommended course of action is to make a one-way transition to a |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
55 better, non-malicious official Motorola firmware version. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
56 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
57 c139-patch-dmagic |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
58 ================= |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
59 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
60 This program needs to be run if c139-analyze-boot returned "locked" on your |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
61 flash image. This program opens the given binary file in writable mode and |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
62 patches the unlocking magic word 0xDDDDDDDD at offset 0x2060, thereby turning |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
63 the locked flash image into an unlocked one. If the image you've read out of |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
64 flash is a locked one, as determined by c139-analyze-boot, and you wish to |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
65 reflash that same fw version back into your phone (or into a different phone), |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
66 you MUST unlock the image with c139-patch-dmagic before flashing it with |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
67 fc-loadtool - if you proceed with flashing a locked image, you will have a very |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
68 high chance of bricking your phone (beyond all recovery!), as our regular |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
69 defenses against bricking don't work with locked bootloaders. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
70 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
71 c155-analyze-boot |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
72 ================= |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
73 |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
74 This program is a very simplified logical equivalent of c139-analyze-image for |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
75 C155/156 subfamily. Perhaps it is because these phones are less common, but I |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
76 (Mother Mychaela) have not yet encountered any locked or otherwise modified |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
77 versions of C155/156 bootloader beyond the one known classic version. |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
78 c155-analyze-boot currently checks for this one known bootloader version, and |
|
58824cef4601
doc/C1xx-boot-utils: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
79 prints "ok" if the image matches or "unknown" otherwise. |