Why not a nexus chipset ?

Peter Zotov whitequark at whitequark.org
Mon Oct 1 13:28:35 UTC 2012


Sylvain Munaut писал 01.10.2012 15:50:
> 1) We're not the one that decide which chipset specs are leaked ...
> Also, we had a complete working gsm stack example for that chipset as
> a guide (the specs are not always complete / correct / enough). There
> is nothing even closely like that for any of the newer chips that I
> know of.

Enter Galaxy S II GT-i9100.

> 2) Most modern chipsets have cryptographic securities preventing the
> loading of a custom baseband firmware on them.

For some reason, the baseband does not verify, well, anything. Both AP
and BP have capabilites for checking the signature, but keys are 
zeroed.
You can load whatever you want on the BP, dump RAM, etc. Sammy has 
omitted
the NOR flash for the BP and used a RAM chip instead, hence the BP is
"flashed" at every boot.

> 3) 3G / 4G chipsets are _vastly_ more complicated. As it is for the
> calypso there aren't that many people with the skills to work on the
> firmware, so for more complicated chipset the situation might be even
> worse.

For some reason, the baseband has been compiled with debugging info 
turned
on. Prior to flipping any bit in any register it writes a textual 
description
to the debug port, which is trivially accessible through USB. No 
soldering
required.

> 4) When you're experimenting with stuff that can brick / destroy your
> phone (and I have a couple of dead ones ...), you don't want to do
> that on your brand new 600$ phone.

For some reason, the boot process is guided by the AP. Unless you do
something really evil, you have completely zero chances of bricking
your beloved $600 phone.

>
> Cheers,
>
>     Sylvain

It's also a pretty nice cellphone.

-- 
   WBR, Peter Zotov.




More information about the baseband-devel mailing list