view doc/Compal-FFS @ 885:16e259bff02b

fc-pwt-comp: explicitly reject empty input
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 03 Apr 2022 03:55:02 +0000
parents bed7981ac8ca
children
line wrap: on
line source

FFS usage on Compal phones
==========================

All Compal phones (Motorola C1xx and Sony Ericsson J100) use a flash file system
(FFS) structure for user data.  On all currently known models with the single
exception of Mot C155/156, this FFS is in our familiar TIFFS format - see the
TIFFS-Overview article.  Mot C155/156 uses a different FFS implementation with
a completely different and incompatible on-flash format; it appears that the
name of this C155/156 FFS implementation is FMGR, as evidenced by the strings
found in the firmware image.

The location of FFS within the flash on various known models is as follows:

* On Mot C11x/12x phones with 2 MiB flash, the FFS is at 0x1F0000, using 6
  sectors of 8 KiB each;

* On Mot C11x/12x phones with 4 MiB flash, the FFS is at 0x370000, using 3
  sectors of 64 KiB each;

* On Mot C139/140 and SE J100 phones (4 MiB flash), the FFS is at 0x370000,
  using 5 sectors of 64 KiB each;

* On Mot C155/156 phones (8 MiB flash), the FFS is at 0x700000, using 13
  sectors of 64 KiB each - but the format is FMGR, not TIFFS!

In *all* of the listed cases, this FFS (be it TIFFS or FMGR) is used *only* for
user data, and not for anything essential.  On all of these phones you can get
in with fc-loadtool (our raw flash manipulation tool), erase the flash sectors
belonging to the FFS, exit fc-loadtool and boot the phone's regular fw with
totally blank FFS sectors - the fw with do a fresh FFS format (it even displays
a message on the LCD as it does so), and then the phone will function completely
normally, but be "brand new", without any previous user data.  Compal's
firmwares also do the same thing (automatically reformat the FFS on the first
boot, blowing away any old one) if you reflash from one fw version to a
different one, even if you don't erase the FFS sectors explicitly - Compal's
FFS stores the fw version that created it, and when their fw boots and sees
that the FFS is from a different version, they automatically do a full reformat.

The fact that the FFS on these Compal phones is strictly non-essential and can
be trivially blown away and recreated implies that it does NOT store any vital
data: no IMEI, no RF calibration values.  Instead the IMEI is programmed into
the flash chip's protection register (OTP cells), whereas RF calibration values
and a bunch of other records which we are not able to understand are stored in
a completely different flash data structure of Compal's own invention: see our
Compal-calibration article.

Language reset
==============

There is, however, one additional issue which you need to be aware of if you
are going to erase the FFS and have the firmware reformat a new one: when the
firmware formats and writes a new FFS, the UI language is set to the firmware's
default, and in some fw versions it is not English.  (Both Motorola and Sony
Ericsson firmwares have "language pack" and "flex" parts in addition to the
main fw body proper.)  Sometimes one can get lucky and the default fw language
is English, other times the default language is non-English but still
intelligible enough to navigate through the menus to change it to English, but
I got one C118 on which the default fw language is Chinese, and I had no luck
in navigating through the menus to change it to English.  On that phone I had
to flash back the original FFS which had the English UI language setting.