This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Rusty Dekema rdekema at gmail.comOn Sun, Apr 6, 2014 at 5:30 PM, Michael Spacefalcon <msokolov at ivan.harhan.org> wrote: > Rusty Dekema <rdekema at gmail.com> wrote: > >> Although I would still like to eventually get a C139 working (mainly >> for its 850 MHz support), > > Given your interest in the 850 MHz band, I gather that you must be > somewhere in North America. Anywhere near Southern California > perchance? > >> I obtained a C118 yesterday and it works >> with osmocom-bb like a charm, right out of the box. (It also has at >> least some support for the PCS1900 band, which was a pleasant >> surprise.) > > Is it "official" PCS1900 support, or are you seeing some of the > received RF energy in the PCS band (in a very strong signal area, > presumably) seep through the imperfect 1800 MHz SAW filter with the > antenna switch set to DCS? > >> Now, back to the C139. If anyone has any further suggestions, please >> let me know. > > If all else fails, I reason that one should be able to disassemble the > phone, desolder the flash chip, reprogram it with a known good boot- > loader using a standalone device programmer, then solder it back onto > the board. But I'm guessing that flash chip is probably a micro-BGA > (IIRC it's a flash+pSRAM MCP), so it wouldn't be a home soldering job, > but rather something to be sent to a professional lab. If you fancy > going down that road, I would suggest talking to Technotronix in > Anaheim, California - ask for Gopal, and tell him you were referred by > Michael S. from Harhan. > >> The phone never sends a PROMPT1 for reasons discovered later and >> described above. > > Yup, a definite indicator that the bootloader our tools need to talk > to has been removed in the firmware version in your phone, just like > in Tracfone's version. > >> Yes, it's definitely 1.9.24 both on the sticker and the #02# screen. > > Thanks for the info about the #02# screen, I didn't know about that > one before. > >> When I run the mot931c program, follow the directions, and click >> Unlock, I get the output: "Error 2" followed by "Phone not found". Of >> note, if I unplug the phone from the computer and do the same, I get >> only the "Phone not found" message. Then again, the title of the >> mot931c application is "Tracfone mobile unlock 1.0 by Lawer," > > After I made my previous post, I did run that mot931c program under > wine with the Tracfone connected, and it did reflash that phone with a > bootloader that is compatible with osmocom-bb/DMTool/fc-loadtool etc. > Unfortunately I failed to capture the bytes exchanged between the > Weendoze program and the phone - trying to run wine under strace was a > little too much for me. > > So now I need to get another Tracfone C139 from ebay, and be more > careful this time.. I'm thinking about hacking the Linux kernel > driver for the USB-serial chip in my cable (the PL-something) and > making it log the Rx/Tx activity into a RAM buffer which I would then > read out - an incredibly ugly hack, but one that would be more within > the range of my skills, as compared to instrumenting wine... > >> and mine is not a Tracfone. > > Would you mind telling us which branding it is? It seems that Cingular > units have bootloaders that work out of box, for Tracfones there is > another method that has been proven to work, so what other brandings > are out there? > >> > It should be noted that the new bootloader is very limited (no charging, no >> > loading of the regular phone os). > > It appears that what this tool does (at least on Tracfones with V8.8.17 > firmware) is it erases and rewrites the first 64 KiB sector of the > flash. The new bits written into this sector appear to be contained > as a 65536-byte payload within the mot931c.exe binary; and it looks > like whoever wrote this tool replaced the first 8192 bytes with a > "good" C139/140 bootloader, while leaving the remaining 56 KiB > unchanged from V8.8.17 firmware. So the phone ought to retain its > firmware unchanged, but gain the ability to break into the bootloader > like we are used to doing. But apparently the firmware checksums > itself, as doing a normal boot (w/o serial download) results in a > message on the LCD (with the backlight off, so hard to read) about > the firmware being corrupted or something to that effect. > >> The DLTool/"DM Tool" software in this package does not seem to be able >> to "see" or communicate with the phone. > > Which is not surprising at all, as this tool (appears to be Compal's > official flasher) connects to the phone in the same manner as > osmocon -m c140xor, so one doesn't work, neither will the other. > >> Perhaps this is not surprising, since the >> mot931c tool was not able to "unlock" whatever it was supposed to >> unlock on this phone. > > See above - that mot931c tool doesn't really "unlock" anything, it > simply rewrites sector 0 of the flash with a "good" bootloader. > > VLR, > SF >