FreeCalypso > hg > freecalypso-tools
annotate rvinterf/doc/tfc139.usage @ 1014:961efadd530a default tip
fc-shell TCH DL handler: add support for CSD modes
TCH DL capture mechanism in FC Tourmaline firmware has been extended
to support CSD modes in addition to speech - add the necessary support
on the host tools side.
It needs to be noted that this mechanism in its present state does NOT
provide the debug utility value that was sought: as we learned only
after the code was implemented, TI's DSP has a misfeature in that the
buffer we are reading (a_dd_0[]) is zeroed out when the IDS block
is enabled, i.e., we are reading all zeros and not the real DL bits
we were after. But since the code has already been written, we are
keeping it - perhaps we can do some tests with IDS disabled.
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Tue, 26 Nov 2024 06:27:43 +0000 |
| parents | e7502631a0f9 |
| children |
| rev | line source |
|---|---|
|
0
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 The tfc139 hack-utility (see ../../doc/Compal-unlock) is based on the |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 rvinterf/rvtdump skeleton, and it needs to be invoked as follows: |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 tfc139 [options] /dev/ttyXXX |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 In the well-tested use case of breaking into TFC139 phones with fw version |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 8.8.17, no options are normally needed, but the following options are supported: |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 -a address |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 This option changes the RAM address into which the "shellcode" is to be |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 written; the argument is always interpreted as hex. The default is |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 0x800000, as used by the mot931c.exe closed source tool on whose |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 reverse-engineering our hack-utility is based. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 -B baud |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 This option changes the serial baud rate just like in rvinterf and |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 rvtdump, but the default is 57600 as needed for breaking into TFC139 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 firmware. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 -l logfile |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 Log activity in a file, just like rvinterf and rvtdump. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 -s address |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 Just like mot931c.exe has been observed to do, we start our stack |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 smashing attempts at a certain address, and keep incrementing by 4 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 until we either succeed or crash the fw in some other way that does not |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 help us. This option changes the starting address for these stack |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 smashing attempts; the argument is always interpreted as hex. The |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 default is 0x837C54, as observed from the reverse engineering of |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 mot931c. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 -w number_in_seconds |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 See rvinterf.usage; the option is the same for tfc139 as for rvinterf. |