view doc/Host-tools-overview @ 205:de8f75783b3b

Flash-boot-defect and Flash-boot-modes documentation
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 02 May 2017 03:24:30 +0000
parents 3c446058b5a6
children 7e3e3a958e3f
line wrap: on
line source

FreeCalypso host tools suite features the following tools that are potentially
useful to end users:

fc-loadtool	This is the tool used to read and write the non-volatile flash
		memory of supported GSM devices.  It can be used to reflash
		these devices with new firmware (whether pre-existing or new
		firmwares developed within our project), and to save and restore
		flash backups.  This tool operates on the target device (phone
		or modem) while its regular firmware is shut down.

fc-fsio		This tool connects to GSM devices running one of the supported
		firmware versions while the fw is running (unlike fc-loadtool
		which operates on a device while its regular fw is shut down)
		and allows you to manipulate (read and write) the device's
		flash file system.  It is thus a higher-level tool than
		fc-loadtool.  It is intended primarily for working with our own
		firmwares, but it also works with Pirelli's original fw.

fc-shell	FreeCalypso firmwares have a feature of our own invention (not
		present in any pre-existing ones) to accept AT commands over
		the RVTMUX interface.  It is useful when no second UART is
		available for a dedicated standard AT command interface.
		fc-shell is the tool that allows you to send AT commands to the
		firmware in this manner; it also allows a few other kinds of
		asynchronous commands to be sent.

tfc139		This tool breaks into Mot C1xx phones via shellcode injection,
		a method that works despite any bootloader locks, allowing you
		to reflash locked phones with new firmware with fc-loadtool.
		The name of the utility is historical: previously it was
		specific to TFC139 phones (C139s sold with TracFone branding),
		but the current version is expected to work with all Mot C1xx
		firmware versions.

imei-luhn	A simple utility for computing or verifying the Luhn check
		digit of an IMEI number.

The following host tools are primarily for developers, but may be useful to
end users as well:

rvtdump		This tool produces a human-readable dump of all output emitted
		by a TI-based GSM fw on the RVTMUX binary packet interface.  It
		can also log this dump to a file.

rvinterf	This tool is a superset of rvtdump: it not only dumps and/or
		logs all output from the GSM fw, but also provides a mechanism
		for sending command packets to it.  Rvinterf is the engine
		behind fc-fsio, fc-shell and fc-tmsh.

tiffs,		These tools perform "in vitro" analysis of flash file system
mokoffs,	(FFS) images read out of GSM devices with TI-based firmwares.
pirffs		You can list and extract the FFS content captured as a raw
		flash image, and even perform a few "forensic" operations along
		the lines of reading deleted files and seeing the history of
		FFS modifications.  tiffs is the main program, whereas mokoffs
		and pirffs are convenience wrappers for the common FFS
		configurations from Openmoko and Pirelli.

fc-serterm	This tool is a trivial serial terminal program.  Its special
		feature is that any output coming from the serial port that
		isn't printable ASCII is displayed as by cat -v.  It is useful
		for talking to serially-interfaced devices that mix ASCII with
		binary in their serial talk.

The following tools are really just for developers:

ctracedec	GSM firmwares built in TI's Windows environment (official ones
		as well as our own hacks based on the TCS211 semi-src) have a
		"compressed trace" misfeature whereby many of the ASCII strings
		in debug trace messages get replaced with numeric indices at
		build time, and these numeric indices are all that gets emitted
		on the RVTMUX serial channel.  This numeric trace output can be
		turned back into ASCII strings if you have the str2ind.tab file
		corresponding to the fw version that emitted the output in
		question; this ctracedec utility performs that decoding.

fc-iram,	Reprogramming the non-volatile flash memory is not the only way
fc-xram,	to run your own code on a Calypso GSM device.  If your code is
fc-compalram	small enough to fit entirely into the available RAM on the
		device, and you would like to just run it without flashing it
		permanently, these tools do the job of loading code images into
		different kinds of RAM through different download protocols.

fc-tmsh		TI had a tool called TMSH that stood for "test mode shell".  We
		don't know exactly how it worked, hence we make no claim of our
		own test mode shell being anything like TI's original, but we
		do have a test mode shell of our own.  It sends command packets
		to the ETM (Enhanced Test Mode) component in the GSM firmware
		and displays its responses in a purely asynchronous manner,
		i.e., our tool has no knowledge of any correspondence between
		the commands it sends and the responses they elicit.  (In
		contrast, fc-fsio described above also talks to ETM, but it
		does so synchronously.)

fc-memdump	This tool captures a memory dump from a GSM device whose
		firmware implements one of TI's Test Mode memory read commands,
		either the old TM3 version or the new ETM one.  It works with
		FreeCalypso Citrine, with TCS211-based firmwares including
		FreeCalypso Magnetite, with really old TI firmwares which
		predate ETM, and with Mot C1xx original firmwares.

fc-rgbconv	A simple aid for phone UI development that converts RGB color
		values between human-intuitive 8:8:8 format and the 5:6:5 format
		used by the color LCDs in the phones targeted by FreeCalypso.

The following tools are really just special-purpose hacks:

fc-dspapidump	This utility uses ETM in synchronous mode to read and dump the
		contents of the DSP API RAM in a target Calypso GSM device
		while the firmware is running.

fc-lcdemu	We have TI's TCS211 firmware semi-src that includes TI's
		demo/prototype phone UI targeting the 176x220 pixel LCD on TI's
		D-Sample development kit, but no suitable hardware on which we
		could run this fw with this UI and see it in action.  We built
		a hacked-up version of the fw that emits all raster blits
		intended for the big LCD on the RVTMUX serial interface, and
		this fc-lcdemu utility is a plug-in for rvinterf that actually
		displays these LCD blits in an X11 window.

fc-fr2tch	This hack-utility converts a GSM 06.10 speech sample from the
		de facto standard libgsm format (which can be recorded with
		standard tools like SoX) into an uplink play file that can be
		played with the tch play command in fc-shell; see the
		TCH-bit-access article for more information.

fc-tch2fr	This hack-utility takes a TCH downlink recording produced with
		the tch record command in fc-shell and converts it to a playable
		libgsm file which will most likely contain some garbage by
		disregarding the non-understood DSP status words; see the
		TCH-bit-access article for more information.